Running ANTS on the ABONE

Andrew Whitaker

This document contains a brief overview of how to run ANTS on the ABone. It also more or less describes how to setup a standalone ANTS node (that is, not on the ABone).

Overview

ANTS can be used as a stand-alone program or on top of anetd--the active networks daemon used on the ABone. The primary difference is that anetd requires capsules to be read over standard input, whereas standalone ANTS uses UDP ports for both sending and receiving capsules.

The Abone distinguishes between core nodes and edge nodes. Core nodes are permanent members of the ABone, whereas edge nodes can be transient. For example, an edge node may persist only for the duration of an ABone experiment. The Dynamic Active Network Topology Extension (DANTE) mechanism allows an edge node (or nodes) to create a temporary tunnel to a core node. The current release of ANTS (2.0) provides a baseline implementation of the DANTE specification. Each node can be a core node or an edge node (but not both). An edge node can request an address from an arbitrary core node, and a dynamic tunnel will be created between these node.

The current dynamic tunnel mechanism differs from the DANTE specification in the following respects. First, an edge node can only connect to a single core node, and an edge node cannot request a block of addresses. These simplifications trivially enforce the property that an edge network not provide an alternate path for core routes. In addition, ANTS ignores the refresh timer and the error code fields in the DANTE header. Finally, ANTS does not use the type/length/value format for virtual link layer addresses. Rather, it uses the string representation used by other protocols in ANTS.

ANTS distributes dynamic addresses in the following way. On start-up, a core node is given a static block of addresses which it is free to distribute. Upon receiving a JOIN request contained in a DynamicAddressCapsule, the core node creates a RESPONSE capsule containing a dynamically allocated address. If no address is available, then the core node responds with an ERROR message. The new address is marked as allocated by the core node, but a dynamic tunnel is not created at this stage.

If the edge node does not receive a RESPONSE capsule, it sends another request after a suitable timeout period. Currently, an edge node will send up to five requests, and it waits three seconds between requests. Upon receiving a RESPONSE capsule, the edge node sets its address and forms a dynamic tunnel to the core node. The edge node immediately sends a keep-alive capsule across this tunnel. When the core node receives the keep-alive, it forms the reverse tunnel to the edge node.

The core node maintains a timer to detect when dynamically allocated addresses can be reclaimed. Each allocated address contains a use bit, which is cleared after a pre-set time limit (currently five minutes). If an address has a false use bit, then it is reclaimed, and its corresponding tunnel is destroyed. The use bits are refreshed by the keep-alive capsules, which are sent every 30 seconds by default. Thus, 10 keep-alives would have to be lost before a tunnel is accidently destroyed.

There is currently no mechanism by which an edge node can explicitly return its address (i.e., the DANTE LEAVE message). An edge node that wishes to leave the network simply shuts off, and the timeout mechanism on the core node will eventually cancel the address.

Dynamic tunnel information is propagated using a RIP-like routing protocol that is packaged with ANTS. This has implications for speed-of-convergence. This is discussed in the known issues section.

Configuration

This section describes how to start an ABone node.

An ABone node can be configured to run as a core node or an edge node (but not both). The mode of an ANTS node is dictated by arguments in an ANTS configuration file. This file is passed on startup to the ANTS configuration manager.

Core Node Configuration

The configuration file for a core node should resemble the following:

# Core Node 1
node 12.12.12.0 -routes core.routes -updateRoutes true 
channel 12.12.12.0 stdin -proxyaddr foo.bar.edu:3322
application 12.12.12.0 ants.dante.DanteServer -start 12.12.12.1 -end
12.12.12.244 -principal DanteUser

# Other core nodes... Node 2, Node 3, ...

## Core node connection graph
connect 12.12.12.0 12.12.12.1
connect 12.12.12.1 12.12.12.2
# ...

Each node must have an address that is unique across the ABone. Note that this address need not have any relation to the local host's IP address. This address is the first argument to the configuration commands (node, channel, application, etc.).

The node command defines node-wide parameters, in this case it points to the initial routing table (-routes core.routes), and turns on the dynamic routing application (-updateRoutes true). Note that dynamic routing is required to make DANTE-created routes useful.

The channel command creates an input channel over which Capsules are read. The first argument describes how capsules are read into ANTS; this argument should be 'stdin' on the ABONE. In standalone mode, this argument is of the form host:port. The '-proxyaddr' flag indicates a local proxy that receives capsules on behalf of ants; typically, this will be an anetd server.

The application command creates a DanteServer that hands out addresses between 12.12.12.1 and 12.12.12.244. The '-principal' flag indicates that the server should run as the DanteUser principal for the purpose of access control checks.

In addition to a configuration file, core nodes require a routes file in order to establish permanent tunnels. A routes file can be established by running the makeroutes utility, which is included in the ANTS distribution in the scripts directory. The makeroutes file looks for "connect" command in the configuration file of the form connect A B, where A and B are dotted addresses of ANTS nodes. A tunnel is formed between A and B. A routing table (assuming equal weight tunnels) is created using shortest paths. The syntax of the makeroutes utility is:

makeroute -route < configFile > routesFile

Note that makeroute is written in TCL and requires tclsh.

Edge Node Configuration

Edge nodes use a configuration file with different arguments. ANTS requires that a node choose a temporary address in the configuration file, even though it will obtain a different address from its core node. The temporary address need only be unique for a single configuration file. The address can be arbitrary, except that anetd blocks the use of address 0.0.0.0. In addition, edge nodes may start applications with the application configuration parameter. A portion of a sample edge configuration file is shown below:

# Edge Node 1; 0.0.0.1 is a temporary address

node 0.0.0.1 -updateRoutes -routes edge.routes
channel 0.0.0.1 nitrogen.cs.washington.edu:3325
application 0.0.0.1 apps.ping.PingApplication -port 45
application 0.0.0.1 ants.dante.DanteClient -node 12.12.12.0 -physical
"*:8004:alpha.darpa.gov" -protocol if/ipv4/udp -principal DanteUser

# Node 2, Node 3, ...

The arguments to the node command are:

-updateRoutes: Turns on the routing protocol. This is necessary to distribute information about dynamic tunnels.
-routes edge.routes: Whatever static routing information this edge node has about its local neighbors.

The channel command is used in the fashion as described for server nodes.

ABONE edge nodes must invoke a DanteClient application to acquire an ABONE address. The application should run as the DanteUser principal to provide sufficient access control. The '-node' flag indicates the address of the core node on the ABONE. The '-physical' flag indicates the physical address of the core node in the following format: srcAddr:destPort:destAddr:srcPort. Setting the destination port and destination address is sufficient. Finally, the 'protocol' flag indicates the "link-layer" protocol used to communicate with the core node; currently, only if/ipv4/udp is supported. Additional application commands can be added to execute user programs. The second argument must be the fully-qualified name of a class that extends ants.core.Application. If no principal argument is given, then the application is assigned to the LocalUsers group. The '-port' flag indicates a port over which the application receives capsules.

Starting ANTS

In stand-alone mode, ANTS is started by invoking java ants.core.ConfigurationManager configFile address , where configFile is a configuration file (as described above), and address is the active network address of the node to be started. The ants.core.NodeConfigure class can also be used to instantiate simple sessions; see the sample scripts in the ants distribution.

In ABone mode, anetd is used to indirectly instantiate ANTS. The anetd SC command loads an ANTS execution environment on a running anetd daemon. Typically, this process is automated by a set of scripts. There are some sample scripts in the ants distribution. See the Anetd documentation for more details.

Tunable parameters

By default, an edge node will send up to 5 JOIN requests to its designated core node, and these requests are spaced by 3 seconds. These parameters are defined at the top of the Node.java file. The tunnel timeout period and the frequency of keep-alive capsules are controlled by parameters in DynamicAddressManager.java.

The frequency of routing updates is controlled by parameters in RouteTable.java (see below).

Known issues

Ants uses a RIP-like routing protocol to distribute information about dynamic tunnels. By default, ANTS delays triggered updates. As a result, dynamic tunnel information is not fully propagated for several seconds. This delay can be reduced by changing the TRIGGERINTERVAL and TRIGGERSPREAD variables in /ants/src/ants/route/DynamicRouteEvents.java.
The ANTS routing infrastructure allows temporary loops to form in the routing tables if an edge node drops out of the network, and then immediately re-applies for a new address. Packets addressed to the old address will oscillate between the core node and the edge node until the TTL has expired. The loop is broken once the original routing entry expires.
In practice, this rarely happens accidently because it requires sending to an invalid address. Also, this address must correspond to a host (and UDP port) that were restarted before the original routing entry expired.
Currently, the dynamic tunneling mechanism is not terribly sophisticated. For example, there is no way to create an arbitrary topology of edge nodes. Also, there is no way for an edge node to recover if its core node crashes. It turns out that building a more sophisticated infrastructure is a non-trivial problem. For example, does the edge node continue to use its old address after the core node crashes? If no, then the fail-over mechanism isn't really transparent. If yes, then the core node must account for the fact that its addresses may already be allocated on startup.
I would be happy to entertain suggestions for how to change this. Send suggestions along to the address at the bottom of this page.

Last updated: 1/22/2001

Andrew Whitaker