15-544: Network Design and
Evaluation
Project Descriptions
The goal of this course is to learn about network
design, implementation, and evaluation in a hands-on fashion. Teams of students will design, implement,
and evaluate a network protocol or a router feature. The network infrastructure
consists of Intel Development platform for the IXP 1200 packet processor.
Each team of students will develop three interacting network components. A first component is a data plane component, i.e. a network element that is involved in processing packets that are forwarded by the router. This component will be implemented on the packet processor. Examples include a packet scheduler that supports quality of service, or packet filtering for a security firewall. The second component is a control plane component that manages and controls the function that is implemented on the packet processor. Examples could be a signaling protocol that sets up the QoS packet scheduler, or a management interface for a firewall. A third component will consist of one or more applications that stress the new network feature. For example, a video streaming application that uses a connection with a bandwidth guarantee, or an application that tries to break into a network protected by a firewall. Teams will typically consist of two to four.
In the first two weeks of the semester, teams have
to complete a project proposal that identifies the team members and high-level
goals of the proposed project. The proposal will be followed by a detailed
project design. The design must describe the specific function that the team
will implement, any existing software that the team will use, a project plan
including the responsibilities of the team members and milestones, and an
evaluation plan. The middle of this semester will be devoted to implementation.
During this stage, we will have regular project design reviews. The last three
weeks of the semester will be devoted to testing, evaluation, and writing of
the final report.
Here are three examples projects. Note that these are just high-level
descriptions of the functionality. The
detailed design is, of course, left up to you.
These projects are just examples. Feel free to propose a project in a
different area – a number of possible areas are listed at the end of this page.
Implement
a filter-based firewall and possibly an application gateway. In the data plane, the primary task is to
implement a set of filters that only let through packets that meet certain
rules. The second part could be an
application gateway for a small number of applications (e.g. the web, telnet,
ftp). The two combined should provide fairly complete firewall functionality.
Control
software for the filter-based gateway (set policies, report break ins, …):
allows the management of the rules in the filter-based gateway and additional
support such as logging of packets that violate rules, and statistical
sampling, looking for patterns. You
could try to use one of the languages for specifying security policies.
The
firewall should be able to deal with any application, without
modification. One possibility is to ask
your friends to see whether they can break through your firewall.
One
particular approach to network quality of service is called “Differentiated
Services”. In the DiffServ model,
routers at the edge of the network classify packets into one of a small number
of classes (technically called forwarding behaviors). Routers in the core of the network then only have to
differentiate between packets in different classes, so there they do not need
per-flow or per-user state. One
interesting project is to implement a simple DiffServ network.
Edge
and core router functionality in the data plane. Implement the edge and core router functionality. Core routers “only” require fairly simple
class-based scheduling. Edge routers
require a packet classifier, marger, and possibly a shaper or dropper.
Control
software for DiffServ-style QoS. We
need mechanisms to control the rules used by the edge router components and
also control over the core router scheduler.
A signaling protocol makes sure that all the routers on a path will
treat a new flow consistently. Another
possible component is support for policy control, possibly using COPS and
directory services.
Implement
a simple end-to-end service based on your network infrastructure (e.g.
gold/silver/bronze, dedicated point-point pipe, ..). Then have a range of applications use the service (regular Web
browsing, IP telephony, video streaming, …) and measure the effect the service
has on performance.
The
idea is to redirect packets based on the contents of the packet (as opposed the
destination IP address in the packet header). For example, redirect HTTP get
requests based on the URL in the request.
You need a fairly sophisticated piece of microcode to this. Part of the task is to deal with the fact
that the URL is not in the first packet of the connection set up of an HTTP
connection. Also, redirection has to be
consistent for all packets in the connection.
In practice, this functionality is often combined with network address
translation.
The
control plane component consists of an interface to manage the
redirection. This could either be done
directly by a manager using a GUI, or, more interesting, it could be based on a
simple protocol in which servers provide feedback to the router that can be
used to make load balancing decisions.
Application
is a web server, or whatever application redirection is done for.
An
alternative is to do simple load balancing based on feedback from a set of
servers without worrying about contents.
Another variant is to do redirection based on the source IP address,
i.e. try to direct requests to the server that is the closest to the client.
Projects
can target many other areas:
Please
talk to the instructor if you need help exploring any of these topics.