Programming Hardware Tables John Fastabend (Intel) Netdev0.1

Similar documents
A 10 years journey in Linux firewalling Pass the Salt, summer 2018 Lille, France Pablo Neira Ayuso

Hardware accelerating Linux network functions Roopa Prabhu, Wilson Kok

vswitch Acceleration with Hardware Offloading CHEN ZHIHUI JUNE 2018

For further information, please contact. DKT A/S Fanoevej 6 DK-4060 Kirke Saaby

Subjects, overview. DKT A/S Fanoevej 6 DK-4060 Kirke Saaby

PVPP: A Programmable Vector Packet Processor. Sean Choi, Xiang Long, Muhammad Shahbaz, Skip Booth, Andy Keep, John Marshall, Changhoon Kim

Cisco Virtual Networking Solution for OpenStack

Configuring Firewall Filters (J-Web Procedure)

Using SR-IOV offloads with Open-vSwitch and similar applications

Aruba 8320 Configuring ACLs and Classifier Policies Guide for ArubaOS- CX 10.00

Virtual switching technologies and Linux bridge

Accelerate Service Function Chaining Vertical Solution with DPDK

Layer 2 Access Control Lists on EVCs

OPENFLOW & SOFTWARE DEFINED NETWORKING. Greg Ferro EtherealMind.com and PacketPushers.net

ERSPAN in Linux. A short history and review. Presenters: William Tu and Greg Rose

Overview of the Cisco OpenFlow Agent

OpenFlow Ronald van der Pol

Quality of Service. Understanding Quality of Service

Network Adapter Flow Steering

SRstackware ATCA Build 8

Hardware offload BOF

Configuring NetFlow. About NetFlow. This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.

Configuring the Catena Solution

Multimedia Communication. Project 6: Intelligent DiffServ

Ethernet Services over IPoIB

Configuring NetFlow. NetFlow Overview

Monitoring Ports. Port State

L2 / L3 Switches. Access Control Lists (ACL) Configuration Guide

Configuring NetFlow. NetFlow Overview

I Commands. iping, page 2 iping6, page 4 itraceroute, page 5 itraceroute6 vrf, page 6. itraceroute vrf encap vxlan, page 12

P4-based VNF and Micro-VNF chaining for servers with SmartNICs

Dual Port Fiber 100 Gigabit Ethernet PCI Express Content Director Bypass Server Adapter Intel FM10420 Based

Using SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall

Rocker: switchdev prototyping vehicle

IP Fabric Reference Architecture

100 GBE AND BEYOND. Diagram courtesy of the CFP MSA Brocade Communications Systems, Inc. v /11/21

Centec V350 Product Introduction. Centec Networks (Suzhou) Co. Ltd R

NSP Network Services Platform Network Functions Manager - Packet (NFM-P) Multi-Vendor Policy Guide. 3HE AAAB-TQZZA Issue 2 September 2017

These slides contain significant content contributions by

Fix VxLAN Issue in SFC Integration by Using Eth+NSH and VxLAN-gpe+NSH Hybrid Mode Yi Yang, Intel

Configuring Tap Aggregation and MPLS Stripping

SDN Workshop. Contact: WSDN01_v0.1

An Introduction to Open vswitch

Rtnetlink dump filtering in the kernel Roopa Prabhu

Software Datapath Acceleration for Stateless Packet Processing

Configuring Network Security with ACLs

CSC 4900 Computer Networks: Network Layer

Configuring Classification

Configuring SPAN. About SPAN. SPAN Sources

Open vswitch DPDK Acceleration Using HW Classification

Production OpenFlow Switches Now Available -Building CORD Using OpenFlow Switches CORD Build

Programmable Overlays with VPP

Network Virtualization Based on Flows

HPE FlexFabric 5940 Switch Series

Configuring an IP ACL

Lesson 9 OpenFlow. Objectives :

OVS Acceleration using Network Flow Processors

Cisco Nexus 3000 Series Switch NX-OS Verified Scalability Guide, Release 7.x

Configuring Local SPAN and ERSPAN

Huawei CloudEngine Series. VXLAN Technology White Paper. Issue 06 Date HUAWEI TECHNOLOGIES CO., LTD.

SDN Workshop. Contact: TSDN01_v0.1. [xx] Revision:

Hands on SDN and BRO

Implementing the ERSPAN Analytics Feature on Cisco Nexus 6000 Series and 5600 Platform Switches

Cloud Networking (VITMMA02) Network Virtualization: Overlay Networks OpenStack Neutron Networking

Configuring NetFlow. Information About NetFlow. What is a Flow. This chapter contains the following sections:

NetFPGA Hardware Architecture

Configuring Flow Aware QoS

AlliedView -EMS QoS MANAGER USER S GUIDE

DetNet. Flow Definition and Identification, Features and Mapping to/from TSN. DetNet TSN joint workshop IETF / IEEE 802, Bangkok

Netfilter updates since last NetDev. NetDev 2.2, Seoul, Korea (Nov 2017) Pablo Neira Ayuso

HPE FlexFabric 7900 Switch Series

Linux. Sirindhorn International Institute of Technology Thammasat University. Linux. Firewalls with iptables. Concepts. Examples

Programmable Software Switches. Lecture 11, Computer Networks (198:552)

PE310G4DBi9 Quad port Fiber 10 Gigabit Ethernet PCI Express Content Director Server Adapter Intel based

COMP211 Chapter 4 Network Layer: The Data Plane

This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.

Suricata IDPS and Nftables: The Mixed Mode

Configuring OpenFlow 1

RoCE Update. Liran Liss, Mellanox Technologies March,

Mirror Service Command Reference

Kernel Korner. Analysis of the HTB Queuing Discipline. Yaron Benita. Abstract

Cisco ME 3400 Ethernet Access Switch Show Platform Commands

Netfilter updates since last NetDev. NetDev 2.2, Seoul, Korea (Nov 2017) Pablo Neira Ayuso

Scaling bridge forwarding database. Roopa Prabhu, Nikolay Aleksandrov

PE340G2DBIR Dual Port Fiber 40 Gigabit Ethernet PCI Express Content Director Bypass Server Adapter Intel FM10420 Based

Benchmarking Test Suite

Toward an ebpf-based clone of iptables

SmartNIC Programming Models

A Brief Guide to Virtual Switching Franck Baudin (Red Hat) Billy O Mahony (Intel)

SDN AND NFV SECURITY DR. SANDRA SCOTT-HAYWARD, QUEEN S UNIVERSITY BELFAST COINS SUMMER SCHOOL, 23 JULY 2018

Topics Quick review of network fundamentals The ISO OSI 7-layer model (and why it matters) Network and host part of an IP address Function of the

CSC 401 Data and Computer Communications Networks

ACL Rule Configuration on the WAP371

What is an L3 Master Device?

Chapter 5 Network Layer: The Control Plane

Configuring OpenFlow. Information About OpenFlow. This chapter contains the following sections:

Lecture 2: Basic routing, ARP, and basic IP

Implementing VXLAN in DataCenter

BRIDGE COMPONENTS. Panagiotis Saltsidis

Configuring Flexible NetFlow

Transcription:

Programming Hardware Tables John Fastabend (Intel) Netdev0.1

Agenda Status Quo (quick level set) Flow API Device Independence code Future Work

applications Control Plane SDK ethtool af_packet tc nftable bridge Virtual switch kernel packet L2 Network/Switch Driver Qdisc nftable Linux bridge Open vswitch hardware MGMT

An Abstraction 6. Packet de-queued 3.Packet sent through hardware pipeline 5. QOS 4.Packet en-queued in Port Policers 2.Packet de-queued 1.Packet en-queued

socket Bridge Handler 2. Sent bridge handler or Socket handlers Ingress qdisc Egress qdisc 1. Processed by driver sent to ingress_qdisc Network/Switch Driver 4. Sent to network driver Network/Switch Driver

socket VM, container, etc Bridge Bridge Handler Handler 2. 2. Sent Sent bridge bridge handler handler or or Socket Socket handlers handlers Ingress Ingress qdisc qdisc Egress Egress qdisc qdisc 1. Processed by driver sent to ingress_qdisc Network/Switch Driver 4. Sent to network driver Network/Switch Driver VF VF

Flow API must be flexible enough to support many different hardware pipelines incorporate new packet types and actions easily. Preferably at run time policy and optimization are user space driven vendor neutral extensible

Flow API Netlink Application flowtl Netlink API Flow Table ndo_ops Network/Switch Driver

NetConf Flow API UAPI (netlink) get_headers, get_headers_graph get_actions get_tables FlowAPI UAPI (netlink) set_rule, del_rule, get_rule Nftable (netlink) set_rule, del_rule: nftable chains

NetConf Flow API (ndo_ops) get_headers, get_headers_graph get_actions get_tables FlowAPI (ndo_ops) set_rule, del_rule, get_rule

NetConf Flow API (core) Packing/Unpacking Netlink Provides standard structures for drivers Publish structures for In-kernel consumers minimal ndo_op set Validation get_rules() Does Not Provide mapping strategies between device models Pipeline optimizations

Flow API: Creating a device model netlink: net_flow_cmd_get_headers #./flow -i eth0 get_headers ethernet { src_mac:48 dst_mac:48 ethertype:16 } vlan { pcp:3 cfi:1 vid:12 ethertype:16 } [...] vxlan { vxlan_header:32 vni:24 reserved:8 }

Flow API: Creating a device model netlink: net_flow_cmd_get_headers./flow -i eth0 -g get_header_graph

Flow API: Actions netlink: net_flow_cmd_get_actions./flow -i eth0 get_actions 6: dec_ttl (void) 7: set_dst_mac (u48 mac) 8: push_vlan (u16 vlan) 9: drop(void)./flow -i eth1 get_actions_primitives route* set_field (DMAC_FIELD, DMAC) push_header(vlan_header, VLAN) dec_field(ipv4_ttl)

Flow API: Tables netlink: net_flow_cmd_get_tables./flow -i eth0 get_tables tcam: 1 src 1 apply 1 size 4096 matches: field: ethernet [dst_mac (mask) src_mac (mask) ethertype (mask)] field: vlan [pcp (mask) cfi (mask) vid (mask) ethertype (mask)] field: ipv4 [dscp (mask) ecn (mask) ttl (mask) protocol (mask) dst_ip (lpm) src_ip (lpm)] field: tcp [src-port (mask) dst-port (mask)] field: udp [src-port (mask) dst-port (mask)] actions: 1: set_egress_port (u32 egress_port) 3: set_dst_mac (u48 mac_address) 4: set_src_mac (u48 mac_address) 5: trap()

Flow API: Table Graph netlink: net_flow_cmd_get_table_graph./flow -i eth0 get_graph

Flow API: Table Graph

Flow API: set_flow netlink: net_flow_cmd_set_rule./flow -i eth0 set_rule #flow -i eth1 set_flow prio 1 handle 4 table 3 \ match ethernet.ethertype 0x0800 0xffff \ match in_lport.in_lport 1 0xffffffff \ match vlan.vid 10 0xffff \ action copy_to_cpu table : 3 uid : 4 prio : 1 ethernet.ethertype = 0800 (ffff) metadata_t.in_lport = 00000001 (ffffffff) vlan.vid = 000a (ffff) 2: copy_to_cpu ( )

Flow API: set_flow./nft list table hw_table <- table container for hardware chains table hw_table { chain acl { ip protocol icmp ip daddr 1.2.3.4 counter packets 5 bytes 420 drop [...] } chain next { [...] }./nft add rule hw_table acl {statement}

Current Work header/header_graph/actions: normalize, intersection, disjoint map routines between pipelines example applications handlers for standard protocols L3 (speculative) generate test code (pcap/tcpreplay)

Questions https://github.com/jrfastab/iprotue2-flow-tool https://github.com/jrfastab/rocker-net-next http://jrfastab.github.io/jekyll/update/2014/12/21/flow-api.html

Flow API Netlink Application flowtl Netlink API Flow Table TC, route, etc. ndo_ops Network/Switch Driver VF

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback