Activating Networks J. M. Smith, K. Calvert, S. Murphy, H. Orman and L. L. Peterson November 13, 1998 Abstract Research in active networking has resulted in a variety of working systems and experimental results obtained from these systems. More importantly, the active network research community has been identifying abstractions and principles with which first-generation results can evolve into large scale active networks serving many disparate applications. These abstractions are captured in architectures for execution environments, security and a node operating system, all of which we describe in this paper. 1 Introduction Active networks are networks which are programmable or customizable to application require- ments. Thus, systems such as web proxy caches and firewalls can be seen as simplistic active networking technologies, and infrastructures with control plane programmability such as "open signalling" as increasingly flexible and sophisticated approaches to customizing network infras- tructures. Research in active networks, however, has taken perhaps the most ambitious stance, that of allowing “on-the-fly” modification of packet-switching infrastructures by packets, either in a switch-like model where active packets are intermixed with other packets, or in the "capsule" model, where all packets are regarded as programs[TSS 97]. The research has now produced a variety of results, including working infrastructures such as ANTS[WGT98], PLAN[HKM ], and Alien[ASNS97], and applications of these infrastructures to problems ranging from reliable multicast[wLGT98] and auctions[LWG98] to more traditional networking tasks such as error control[FMS 98], congestion control and bridging[ASNS97]. It has become clear that a general architecture for active network elements can be defined using a separation of concerns. Applications for the switch model, the capsule model, or both will require an "execution environment" (EE) in which the programmable services are made available. The University of Pennsylvania. Work at Penn was supported by DARPA under Contract #N66001-96-C-852 University of Kentucky Trusted Information Systems University of Arizona and DARPA Princeton University 1