PISCES: A Programmable, Protocol-Independent Software Switch Muhammad Shahbaz, Sean Choi, Ben Pfaff, Changhoon Kim, Nick Feamster, Nick McKeown, and Jennifer Rexford
Fixed Set of Protocols Fixed-Function Switch Chip TCP IPv4 IPv6 Ethernet UDP HTTP BGP TLS
Ease of Adding new protocols Ease of Removing unused protocols Gain greater Visibility into the network Fold network functions into the switch
Custom Protocols Programmable Switching Chip TCP IPv4 IPv6 Ethernet CUSTOM_P HTTP BGP TLS
VM VM Hypervisor Switch 3 Virtual Ports 1 Physical Port
60 Approx. Number of Physical Ports vs. Virtual Ports [1] 40 20 0 2010 2011 2012 2013 2014 2015 Phyical Ports Virtual Ports [1] Martin Casado, VMWorld 2013
It should be EASY to program software switches! Not really
Software Switch Kernel DPDK Fast Packet Forwarding
Software Switch Requires domain expertise in: - Network protocol design - Kernel development Packet Match-Action Processing Logic Pipeline Kernel DPDK Slow to release changes Specialized APIs
Software Switch Adding TCP Flag in Open vswitch required changes in Match-Action Pipeline Kernel DPDK 20 Files and 370 Lines of Code! [1] Weeks of Development and Test [1] https://github.com/openvswitch/ovs/commit/dc235f7fbcff
We can do this in 4 lines and within minutes with PISCES! header_type tcpv2_t { fields { srcport : 16; dstport : 16; seqno : 32; ackno : 32; dataoffset : 4; res : 4; tcp_flags : 12; window : 16; checksum : 16; urgentptr : 16; } } parser tcpv2 { extract(tcpv2); set_metadata(flow.tcp_flags, tcpv2.tcp_flags); return ingress; } header_type flow_t { fields {... tcp_flags_pad : 4; tcp_flags : 12;... } }
Software Switch Match-Action Pipeline Kernel DPDK
Domain-Specific Language (DSL) Software Switch Match-Action Pipeline Compile Match-Action Pipeline Kernel DPDK TCP Header header_type tcp_t { fields { srcport : 16; dstport : 16; seqno : 32; ackno : 32; dataoffset : 4; res : 4; window : 16; checksum : 16; urgentptr : 16; } } parser tcp { extract(tcp); return ingress; }...
Domain-Specific Language Domain-Specific Language 2 Match-Action Pipeline Match-Action Pipeline Compile PISCES is an implementation with a Specific Domain-Specific Language Software Switch Switch 2 Match-Action Pipeline Match-Action Pipeline Kernel Kernel DPDK DPDK Specific Software Switch Target
P4 [1] Match-Action Pipeline P4 is an open-source language. [1] OVS Compile Match-Action Pipeline Kernel DPDK Easy to express different aspects of a packet processor: - Packet headers and fields - - Actions - Match-Action Tables [1] http://p4.org
P4 Match-Action Pipeline 341 lines of code OVS Compile Match-Action Pipeline Kernel DPDK Native OVS Packet Processing Logic 14,535 lines of code
P4 Compiler parse match action OVS OVS Executable header_type tcp_t { fields header_type { tcpv2_t { srcport fields {: 16; dstport srcport : 16; : 16; seqno dstport : 32; : 16; ackno seqno : 32; : 32; dataoffset ackno : 32; : 4; res dataoffset : 4; : 4; window res :: 4; 16; checksum tcp_flags : 16; : 8; urgentptr window :: 16; 16; } checksum : 16; } urgentptr : 16; parser } tcp { extract(tcp); } return parser ingress; tcpv2 { }... }... extract(tcpv2); set_metadata(flow.tcp_flags, tcpv2.tcp_flags); return ingress;
P4 Match-Action Pipeline Compile Performance Overhead? OVS Match-Action Pipeline Kernel DPDK
Throughput (Gbps) Throughput on L2L3-ACL benchmark application 50 45 40 35 30 25 20 15 10 5 0 64 128 192 256 Packet Size (Bytes) PISCES v0.1 OVS Performance overhead of ~40%
Causes for the Cost on Performance Match-Action Tables Cache Misses Ingress Packet Checksum Verify Match-Action Cache Checksum Update Packet Deparser Egress CPU Cycles per Packet
Factors affecting CPU Cycles per Packet a. Fully-specified Checksum b. Parsing unused header fields and more
Checksum Verify ( version, ihl, diffserv, totallen, identification, flags, fragoffset, ttl, protocol, hdrchecksum, srcaddr, dstaddr) Checksum Update ( version, ihl, diffserv, totallen, identification, flags, fragoffset, ttl, protocol, hdrchecksum, srcaddr, dstaddr) Ingress Packet Checksum Verify Match-Action Pipeline Checksum Update Egress
Checksum Verify ( version, ihl, diffserv, totallen, identification, flags, fragoffset, ttl, protocol, hdrchecksum, srcaddr, dstaddr) Incremental Checksum Update (ttl) Ingress Packet Checksum Verify Decrement(ttl) Checksum Update Egress
Selective Parsing L3 L2 L4 L2 Ingress Packet Match-Action Pipeline Packet Deparser Egress
Throughput (Gbps) Throughput on L2L3-ACL benchmark application 16 14 12 10 8 6 PISCES v0.1 incremental Checksum Header Memory Locality Selective Parsing PISCES v1.0 Native OVS 4 2 0 64 Packet Size (Bytes) Performance overhead of < 2%
Summary P4 PISCES vswitch - Quickly develop and deploy new packet header format. - With hardly any performance cost! OVS
Questions? Learn more and Try PISCES here: http://pisces.cs.princeton.edu