ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution

Similar documents
Decision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA

ClassBench: A Packet Classification Benchmark. By: Mehdi Sabzevari

Rule Caching in Software- Define Networkings. Supervisor: Prof Weifa Liang Student: Zhenge Jia, u Date of presentation: 24 th May 2016

Scalable Packet Classification on FPGA

SDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich

OpenFlow Ronald van der Pol

Communication Networks

Lesson 9 OpenFlow. Objectives :

OpenFlow Performance Testing

Flow Caching for High Entropy Packet Fields

Hands on SDN and BRO

Software-Defined Networking (Continued)

CS 5114 Network Programming Languages Data Plane. Nate Foster Cornell University Spring 2013

CSC 4900 Computer Networks: Network Layer

FPGA Implementation of Lookup Algorithms

OpenFlow: What s it Good for?

Hashing Round-down Prefixes for Rapid Packet Classification

PC-DUOS: Fast TCAM Lookup and Update for Packet Classifiers

These slides contain significant content contributions by

Grid of Segment Trees for Packet Classification

V6Gene: A Scalable IPv6 Prefix Generator for Route Lookup Algorithm

100 GBE AND BEYOND. Diagram courtesy of the CFP MSA Brocade Communications Systems, Inc. v /11/21

IPv4 ACLs, identified by ACL numbers, fall into four categories, as shown in Table 1. Table 1 IPv4 ACL categories

Hardware Acceleration in Computer Networks. Jan Kořenek Conference IT4Innovations, Ostrava

Chapter 5 Network Layer: The Control Plane

Application of SDN: Load Balancing & Traffic Engineering

Software Defined Networking

Chapter 4 Network Layer: The Data Plane

COMP211 Chapter 4 Network Layer: The Data Plane

Packet Classification Using Dynamically Generated Decision Trees

Disruptive Innovation in ethernet switching

Configuring NetFlow. Understanding NetFlow CHAPTER

Programmable Software Switches. Lecture 11, Computer Networks (198:552)

Packet Classification using Rule Caching

Chapter 3 Configuring Enhanced Quality of Service

Configuring ACLs. ACL overview. ACL categories. ACL numbering and naming

Configuring Firewall Filters (J-Web Procedure)

Slicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)

PNPL: Simplifying Programming for Protocol-Oblivious SDN Networks

Informatica Universiteit van Amsterdam. Distributed Load-Balancing of Network Flows using Multi-Path Routing. Kevin Ouwehand. September 20, 2015

Decision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA


Policy-based Routing in OVN. Mary Manohar Sragdhara D Chaudhuri Nutanix

Computer Networks 56 (2012) Contents lists available at SciVerse ScienceDirect. Computer Networks

Chapter 12 Digital Search Structures

Technical Notes. QoS Features on the Business Ethernet Switch 50 (BES50)

Efficient Conflict Detection in Flow-Based Virtualized Networks

Three Different Designs for Packet Classification

H3C S9500 QoS Technology White Paper

PUSHING THE LIMITS, A PERSPECTIVE ON ROUTER ARCHITECTURE CHALLENGES

Multi-core Implementation of Decomposition-based Packet Classification Algorithms 1

Open vswitch in Neutron

lecture 18: network virtualization platform (NVP) 5590: software defined networking anduo wang, Temple University TTLMAN 401B, R 17:30-20:00

Master Course Computer Networks IN2097

Software Systems for Surveying Spoofing Susceptibility

PACKET classification is an enabling function for a variety

Configuring QoS CHAPTER

QoS Provisioning Using IPv6 Flow Label In the Internet

Configuring QoS. Understanding QoS CHAPTER

NDNBench: A Benchmark for Named Data Networking Lookup

ACL Configuration FSOS

Data Structures for Packet Classification

Survey on Multi Field Packet Classification Techniques

KUPF: 2-Phase Selection Model of Classification Records

Implementing the ERSPAN Analytics Feature on Cisco Nexus 6000 Series and 5600 Platform Switches

Multi-Field Range Encoding for Packet Classification in TCAM

Configuring QoS CHAPTER

Mapping of Address and Port using Translation (MAP-T) E. Jordan Gottlieb Network Engineering and Architecture

Software Systems for Surveying Spoofing Susceptibility

Implementation of Boundary Cutting Algorithm Using Packet Classification

OVN: An SDN System for Virtual Networking. Ben Pfaff Justin Pettit

Configuring Network Security with ACLs

Configuring QoS CHAPTER

Master Course Computer Networks IN2097

Memory-Efficient IPv4/v6 Lookup on FPGAs Using Distance-Bounded Path Compression

OPENFLOW & SOFTWARE DEFINED NETWORKING. Greg Ferro EtherealMind.com and PacketPushers.net

SDN Applications and Use Cases. Copyright 2015 ITRI

Overview of the Cisco OpenFlow Agent

Configuring Local SPAN and ERSPAN

SDN AND NFV SECURITY DR. SANDRA SCOTT-HAYWARD, QUEEN S UNIVERSITY BELFAST COINS SUMMER SCHOOL, 23 JULY 2018

AN EFFICIENT HYBRID ALGORITHM FOR MULTIDIMENSIONAL PACKET CLASSIFICATION

Configuring Tap Aggregation and MPLS Stripping

Packet Classification. George Varghese

ENTERPRISE MPLS. Kireeti Kompella

Aruba 8320 Configuring ACLs and Classifier Policies Guide for ArubaOS- CX 10.00

CSC358 Week 6. Adapted from slides by J.F. Kurose and K. W. Ross. All material copyright J.F Kurose and K.W. Ross, All Rights Reserved

Switch and Router Design. Packet Processing Examples. Packet Processing Examples. Packet Processing Rate 12/14/2011

Software-Defined Networking (SDN) Now for Operational Technology (OT) Networks SEL 2017

Layer 2 Access Control Lists on EVCs

Toward Predictable Performance in Decision Tree based Packet Classification Algorithms

EVC Quality of Service

Chapter 4 Network Layer: The Data Plane

Priority Area-based Quad-Tree Packet Classification Algorithm and Its Mathematical Framework

OpenFlow. Finding Feature Information. Prerequisites for OpenFlow

Table of Contents. Table of Contents

Managing and Securing Computer Networks. Guy Leduc. Chapter 2: Software-Defined Networks (SDN) Chapter 2. Chapter goals:

Configuring QoS. Finding Feature Information. Prerequisites for QoS

Generic Architecture. EECS 122: Introduction to Computer Networks Switch and Router Architectures. Shared Memory (1 st Generation) Today s Lecture

Centec V350 Product Introduction. Centec Networks (Suzhou) Co. Ltd R

OpenFlow. Finding Feature Information. Prerequisites for OpenFlow

Transcription:

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution Jiří Matoušek 1, Gianni Antichi 2, Adam Lučanský 3 Andrew W. Moore 2, Jan Kořenek 1 1 Brno University of Technology 2 University of Cambridge 3 CESNET

Agenda Motivation Analysis of Real Rule Sets IP Prefixes OpenFlow ClassBench-ng ClassBench-ng Evaluation IP Prefixes Generation OpenFlow Rules Generation Summary ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 2 /34

Packet Classification Packet Classification Matching header fields of incoming packets against a set of rules and performing the corresponding action. the basic operation of each networking device examples of use packet forwarding application of security policies application-specific processing application of quality-of-service guarantees the most common classification considers an IPv4 5-tuple ip src source IPv4 prefix ip dst destination IPv4 prefix l4 src source port l4 dst destination port ip proto protocol a lot of existing research on packet classification ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 3 /34

Internet Evolution many trends that influence packet classification increasing transfer rates = faster classification increasing number of classification rules = larger data structures growing deployment of IPv6 = longer IP prefixes adoption of SDN with OpenFlow protocol = more header fields Internet evolution stimulates development of new packet classification algorithms new algorithms need to be benchmarked ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 4 /34

Packet Classification Benchmarking lack of real and publicly available benchmarking data benchmarking using synthetically generated rule sets ClassBench 1 IPv4 5-tuples input parameters from real rule sets more precise output (w. r. t. parameters) FRuG 2 IPv4 5-tuples, OF rules user-defined input parameters more flexible in the long term a precise and flexible benchmarking tool must be able to perform the analysis of real rule sets 1 D. E. Taylor and J. S. Turner. ClassBench: A Packet Classification Benchmark. Transactions on Networking, 15(3):499 511, June 2007. 2 T. Ganedegara, W. Jiang, and V. Prasanna. FRuG: A benchmark for packet forwarding in future networks. In IPCCC, pp. 231 238. IEEE, December 2010. ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 5 /34

Recasting ClassBench today s Internet is no more the one of a decade ago questions with respect to ClassBench Are the ideas behind ClassBench still valid after the decade of Internet evolution? What are the characteristics of current real rule sets based on IPv4/IPv6 5-tuples and OpenFlow-specific fields? What parameters should be extracted from different types of real rule sets? How to extend ClassBench with respect to IPv6 and OpenFlow? ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 6 /34

Agenda Motivation Analysis of Real Rule Sets IP Prefixes OpenFlow ClassBench-ng ClassBench-ng Evaluation IP Prefixes Generation OpenFlow Rules Generation Summary ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 7 /34

Analyzed Real Rule Sets Prefixes Name or rules Source Date IPv4 prefix sets eqix 2015 550 511 2015-07-02 Route Views eqix 2005 164 455 2005-07-02 rrc00 2015 571 351 2015-07-02 RIPE RIS rrc00 2005 168 525 2005-07-02 IPv6 prefix sets eqix 2015 23 866 2015-07-02 eqix 2013 13 444 Route Views 2013-07-02 eqix 2005 658 2005-07-02 rrc00 2015 24 162 2015-07-02 rrc00 2013 14 374 RIPE RIS 2013-07-02 rrc00 2005 499 2005-07-02 OpenFlow rule sets of1 16 889 2015-05-29 OpenFlow switch in a datacenter of2 20 250 2015-05-29 desired properties of a rule set representation anonymity completeness scalability ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 8 /34

IP Prefix Set Representation representation of a prefix set using a trie (binary prefix tree) the same trie description as in ClassBench prefix length distribution branching probability distributions (1-child, 2-children) average skew distribution prefix nesting threshold skew = 1 weight(lighter) weight(heavier) ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 9 /34

IPv4 Prefix Sets (2005-2015) 3 times more prefixes after 10 years of evolution Prefix Length Distribution eqix_2015 eqix_2005 100 % Distribution 80 % 60 % 40 % 20 % 0 % 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 Prefix Length ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 10 /34

IPv4 Prefix Sets (2005-2015) 3 times more prefixes after 10 years of evolution 2-children Probability Distribution eqix_2015 eqix_2005 100 % Distribution 80 % 60 % 40 % 20 % 0 % 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 Trie Depth ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 11 /34

IPv4 Prefix Sets (2005-2015) 3 times more prefixes after 10 years of evolution Average Skew Distribution eqix_2015 eqix_2005 1 Average Skew 0.8 0.6 0.4 0.2 0 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 Trie Depth ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 12 /34

IPv6 Prefix Sets 2005-2015 36 times more prefixes after 10 years of evolution the most common prefix length shifted from 32 (RIRs/ISPs) to 48 (end users/organizations) branching probability and average skew distributions also changed significantly 2013-2015 2 times more prefixes after 2 years of evolution only minor changes in prefix length distribution branching probability and average skew distributions follow similar trends ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 13 /34

OpenFlow 1.0 Rules OpenFlow 1.0 extends the IPv4 5-tuple with 7 header fields in port ingress port mac src source MAC address mac dst destination MAC address eth type EtherType vlan id VLAN ID vlan prio VLAN priority ip tos DSCP (former IP ToS) ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 14 /34

OpenFlow Header Field Values header fields specification in rules from the of1+of2 rule set only 2 OF-specific fields specified in more than 20 % of rules specified wildcarded Distribution 100 % 80 % 60 % 40 % 20 % 0 % in_port mac_src mac_dst eth_type vlan_id vlan_prio ip_tos ip_proto ip_src ip_dst l4_src l4_dst Header Fields ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 15 /34

OpenFlow Rule Types OpenFlow Rule Type Describes which header fields are wildcarded/specified in rules of this type. a rule type can be represented as a 12-bit binary number theoretically 4096 different rule types practically only 18 utilized rule types in the of1+of2 rule set Distribution 35 % 30 % 25 % 20 % 15 % 10 % 5 % 0 % 0 4 7 8 Rule Type Number 512 516 519 524 527 788 789 796 1024 1032 1304 1305 1551 2048 ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 16 /34

Agenda Motivation Analysis of Real Rule Sets IP Prefixes OpenFlow ClassBench-ng ClassBench-ng Evaluation IP Prefixes Generation OpenFlow Rules Generation Summary ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 17 /34

ClassBench Generation Accuracy comparison of 10 runs against original values from the acl4 seed 2-children Probability Distribution seed generated 100 % Distribution 80 % 60 % 40 % 20 % 0 % 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 Trie Depth ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 18 /34

ClassBench Generation Accuracy comparison of 10 runs against original values from the acl4 seed Average Skew Distribution seed generated 1 Average Skew 0.8 0.6 0.4 0.2 0 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 Trie Depth ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 19 /34

ClassBench-ng built upon original ClassBench improves IPv4 prefixes generation accuracy supports IPv6 prefixes generation supports OpenFlow analysis and generation ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 20 /34

Improved ClassBench IPv4 prefixes generation is improved using a trie pruning algorithm starts from 100 times bigger prefix set removes individual prefixes to adjust prefix set parameters to the given values 3 steps of the trie pruning algorithm 1 branching probabilities adjustment ( ) 2 average skew distribution adjustment ( ) 3 prefixes length distribution adjustment ( ) steps 1 and 2 try to remove as less prefixes as possible each step aims to not alter the already ajusted characteristics ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 21 /34

OpenFlow Analysis generates an OpenFlow seed from an OpenFlow rule set (in the ovs-ofctl format) 3 parts of the OpenFlow seed rule type distribution 5-tuple seed (compatible with ClassBench) OpenFlow-specific seed 4 types of representation within the OpenFlow-specific seed values (in port, eth type) parts (mac src, mac dst) size (vlan id) null (vlan prio, ip tos) ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 22 /34

OpenFlow Generation consists of 3 steps 1 uses Improved ClassBench to generate the given number of IPv4 5-tuples 2 removes IPv4 5-tuple fields that are not part of the given OpenFlow rule type 3 adds OpenFlow-specific header fields that are part of the given OpenFlow rule type does not allow to generate inconsistent rules (e. g., a rule specifying VLAN ID and EtherType 0x0800) ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 23 /34

Agenda Motivation Analysis of Real Rule Sets IP Prefixes OpenFlow ClassBench-ng ClassBench-ng Evaluation IP Prefixes Generation OpenFlow Rules Generation Summary ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 24 /34

ClassBench-ng Evaluation comparison on IPv4 prefixes generation with ClassBench FRuG comparison on IPv6 prefixes generation with Non-random Generator 3 comparison on OpenFlow rules generation with FRuG tools are compared using RMSE RMSE = 1 n (ȳ y i ) n 2 i=1 tool-specific seeds extracted from a common original rule set 10 individual runs of each tool (n = 10) comparison of generated values (y i ) against the target value from the seed (ȳ) 3 M. Wang, S. Deering, T. Hain, and L. Dunn. Non-random Generator for IPv6 Tables. In HOTI. IEEE, 2004. ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 25 /34

IPv4 Prefixes Generation the original rule set generated by ClassBench using the acl4 seed 2-children Probability Distribution ClassBench-ng ClassBench FRuG RMSE 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 Trie Depth ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 26 /34

IPv4 Prefixes Generation the original rule set generated by ClassBench using the acl4 seed Average Skew Distribution ClassBench-ng ClassBench FRuG RMSE 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 Trie Depth ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 27 /34

IPv4 Prefixes Generation the original rule set generated by ClassBench using the acl4 seed Prefix Length Distribution ClassBench-ng ClassBench FRuG RMSE 0.09 0.08 0.07 0.06 0.05 0.04 0.03 0.02 0.01 0 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 Prefix Length ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 28 /34

IPv6 Prefixes Generation two original rule sets from the rrc00 2015 source not entirely fair comparison because of different inputs an IPv6 prefix set for ClassBench-ng an IPv4 prefix set for Non-random Generator prefix length distribution comparable results branching probability distribution ClassBench-ng is more precise average skew distribution Non-random Generator is more precise ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 29 /34

OpenFlow Rules Generation the original rule set is of1 OpenFlow Rule Types ClassBench-ng FRuG RMSE 0.016 0.014 0.012 0.01 0.008 0.006 0.004 0.002 0 4 7 8 512 516 519 524 527 788 Rule Type 789 796 1024 1032 1304 1305 1551 2048 ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 30 /34

OpenFlow Rules Generation the original rule set is of1 OpenFlow-Specific Header Fields RMSE avg field = 1 N N i=1 RMSE i field ClassBench-ng FRuG Average RMSE 0.01 0.009 0.008 0.007 0.006 0.005 0.004 0.003 0.002 0.001 0 in_port mac_src mac_dst eth_type OpenFlow Header Fields ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 31 /34

Agenda Motivation Analysis of Real Rule Sets IP Prefixes OpenFlow ClassBench-ng ClassBench-ng Evaluation IP Prefixes Generation OpenFlow Rules Generation Summary ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 32 /34

Summary the detailed analysis of real classification rule sets IPv4/IPv6 prefixes from core routers OpenFlow 1.0 rules from a datacenter ClassBench-ng tool that is able to accurately generate IPv4/IPv6 5-tuples analyze real OpenFlow rule sets accurately generate OpenFlow rules ClassBench-ng page at https://classbench-ng.github.io link to to the ClassBench-ng repository links to related tools/papers ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 33 /34

Thank you for your attention

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback