Hashing on broken assumptions

Similar documents
Packet Header Formats

TCP /IP Fundamentals Mr. Cantu

EE 610 Part 2: Encapsulation and network utilities

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

Introduction to TCP/IP networking

Designing a Resource Pooling Transport Protocol

IPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local

Network Protocols. Internet Protocol (IP) TDC375 Autumn 2010/11 John Kristoff - DePaul University 1

Introduction to Internet. Ass. Prof. J.Y. Tigli University of Nice Sophia Antipolis

Ref: A. Leon Garcia and I. Widjaja, Communication Networks, 2 nd Ed. McGraw Hill, 2006 Latest update of this lecture was on

MPTCP: Design and Deployment. Day 11

TCP so far Computer Networking Outline. How Was TCP Able to Evolve

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Principles. IP QoS DiffServ. Agenda. Principles. L74 - IP QoS Differentiated Services Model. L74 - IP QoS Differentiated Services Model

ECE 435 Network Engineering Lecture 15

Need For Protocol Architecture

Need For Protocol Architecture

A hacker in a hoodie with leather gloves tapping a glowing blue lock icon on a transparent touchscreen with ones and zeroes raining down in green

User Datagram Protocol

tcp6 v1.2 manual pages

Aruba 8320 Configuring ACLs and Classifier Policies Guide for ArubaOS- CX 10.00

IPv6 is Internet protocol version 6. Following are its distinctive features as compared to IPv4. Header format simplification Expanded routing and

CHAPTER 18 INTERNET PROTOCOLS ANSWERS TO QUESTIONS

UDP and TCP. Introduction. So far we have studied some data link layer protocols such as PPP which are responsible for getting data

This Lecture. BUS Computer Facilities Network Management. Internetworking. Internetworking

EE 122: Differentiated Services

CSCI-GA Operating Systems. Networking. Hubertus Franke

University of Toronto Faculty of Applied Science and Engineering. Final Exam, December ECE 461: Internetworking Examiner: J.

TCP/IP Protocol Suite

Congestion / Flow Control in TCP

Lecture 2: Basic routing, ARP, and basic IP

Transport Layer TCP / UDP

QUIZ: Longest Matching Prefix

Packetization Layer Path Maximum Transmission Unit Discovery (PLPMTU) For IPsec Tunnels

On the State of ECN and TCP Options on the Internet

K2289: Using advanced tcpdump filters

CS155 Firewalls. Why Firewalls? Why Firewalls? Bugs, Bugs, Bugs

EE 122: Transport Protocols. Kevin Lai October 16, 2002

Wireless Challenges : Computer Networking. Overview. Routing to Mobile Nodes. Lecture 25: Wireless Networking

Data & Computer Communication

6.1 Internet Transport Layer Architecture 6.2 UDP (User Datagram Protocol) 6.3 TCP (Transmission Control Protocol) 6. Transport Layer 6-1

Internet Networking recitation #2 IP Checksum, Fragmentation

ECE 358 Project 3 Encapsulation and Network Utilities

CCNA 1 Chapter 7 v5.0 Exam Answers 2013

Network and Security: Introduction

Chapter 5 Network Layer

Chapter 5 OSI Network Layer

Your Name: Your student ID number:

Transport Layer Marcos Vieira

Networks. an overview. dr. C. P. J. Koymans. Informatics Institute University of Amsterdam. February 4, 2008

Transport Layer. Application / Transport Interface. Transport Layer Services. Transport Layer Connections

TCP modifications for Congestion Exposure

Internet Protocol and Transmission Control Protocol

Quality of Service Monitoring and Delivery Part 01. ICT Technical Update Module

App. App. Master Informatique 1 st year 1 st term. ARes/ComNet Applications (7 points) Anonymous ID: stick number HERE

Presentation Outline. Evolution of QoS Architectures. Quality of Service Monitoring and Delivery Part 01. ICT Technical Update Module

OSI Network Layer. Network Fundamentals Chapter 5. Version Cisco Systems, Inc. All rights reserved. Cisco Public 1

CS 455: INTRODUCTION TO DISTRIBUTED SYSTEMS [NETWORKING] Frequently asked questions from the previous class surveys

Simulation of TCP Layer

CSE/EE 461 Lecture 13 Connections and Fragmentation. TCP Connection Management

DetNet. Flow Definition and Identification, Features and Mapping to/from TSN. DetNet TSN joint workshop IETF / IEEE 802, Bangkok

Software Defined Networking

TCP modifications for Congestion Exposure

CSC 4900 Computer Networks: Network Layer

ECE4110 Internetwork Programming. Introduction and Overview

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

Two approaches to Flow Control. Cranking up to speed. Sliding windows in action

Basic NAT Example Security Recitation. Network Address Translation. NAT with Port Translation. Basic NAT. NAT with Port Translation

Flow-Based per Port-Channel Load Balancing

Computer Networks. Transmission Control Protocol. Jianping Pan Spring /3/17 CSC361 1

Lecture 9: Internetworking

Real-Time Applications. Delay-adaptive: applications that can adjust their playback point (delay or advance over time).

Recap. TCP connection setup/teardown Sliding window, flow control Retransmission timeouts Fairness, max-min fairness AIMD achieves max-min fairness

Transmission Control Protocol. ITS 413 Internet Technologies and Applications

IP - The Internet Protocol

RMIT University. Data Communication and Net-Centric Computing COSC 1111/2061. Lecture 2. Internetworking IPv4, IPv6

SEN366 (SEN374) (Introduction to) Computer Networks

Module 28 Mobile IP: Discovery, Registration and Tunneling

IPv6: An Introduction

Application Note 126. QoS Priority Support KS8993M / KS8995MA / XA. Introduction. Egress Port Priority Mechanism. Strict Priority Queuing

TSIN02 - Internetworking

Mohammad Hossein Manshaei 1393


STEVEN R. BAGLEY PACKETS

Lesson 3. IPv4 and IPv6 Protocols. Chapter-4 L03: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education

Introduction to Information Science and Technology 2017 Networking II. Sören Schwertfeger 师泽仁

ETSF05/ETSF10 Internet Protocols Transport Layer Protocols

Lecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015

Configuring ACLs. ACL overview. ACL categories. ACL numbering and naming

Internetwork Protocols

Transport: How Applications Communicate

Lecture 11: Middleboxes and NAT (Duct tape for IPv4)

Mobile Communications Chapter 8: Network Protocols/Mobile IP

Introduction to Networks and the Internet

ITS323: Introduction to Data Communications

CSE 4215/5431: Mobile Communications Winter Suprakash Datta

Fixed Internetworking Protocols and Networks. IP mobility. Rune Hylsberg Jacobsen Aarhus School of Engineering

Register Bit Name Description Default Global Ctrl Reg 2 SGCR2. Table 1. Registers are used for Common and Egress Port Setting

This tutorial will help you in understanding IPv4 and its associated terminologies along with appropriate references and examples.

CPSC 441 COMPUTER COMMUNICATIONS MIDTERM EXAM SOLUTION

Transcription:

Hashing on broken assumptions Lorenzo Saino (@lorenzosaino) Fastly Name of Presentation

Problem: Spreading traffic across multiple links, paths, hosts Solutions: Link Aggregation Equal Cost Multipath (ECMP)

Link aggregation Combine multiple physical links between network devices into one logical link physical links logical link switch switch

Equal Cost Multipath (ECMP) Balance traffic across paths Balance traffic across hosts switch switch switch switch switch host host host

Requirements Load balance Traffic must be uniformly spread across next- hops Stateless- but- sticky path pinning All packets of a flow must take the same path

Load imbalance Load imbalance reduces system capacity

Load imbalance Load imbalance reduces system capacity Perfect load balance

Load imbalance Load imbalance reduces system capacity All resources fully utilized

Load imbalance Load imbalance reduces system capacity Load imbalance

Load imbalance Load imbalance reduces system capacity Unused capacity Cannot take any additional load

Quantifying impact of load imbalance L max load of most loaded resource L avg average load U max 2 (0, 1] max attainable utilization Load imbalance: Max attainable utilization: L max L avg =[1, +1) U max = Lmax 1 = L avg L avg L max

Quantifying impact of load imbalance 1.2 1.0 0.8 Umax 0.6 0.4 0.2 0.0 1.0 1.5 2.0 2.5 3.0 L max /L avg

Quantifying impact of load imbalance 1.2 1.0 0.8 Umax 0.6 0.4 Perfect balance Full utilization 0.2 0.0 1.0 1.5 2.0 2.5 3.0 L max /L avg

Quantifying impact of load imbalance 1.2 1.0 0.8 Umax 0.6 X 0.4 0.2 0.0 Most loaded resource 1.5x average 33.3% reduction of capacity 1.0 1.5 2.0 2.5 3.0 L max /L avg

What happens without path pinning? Same endpoints, different paths: Out- of- order packets Frequent drops of TCP congestion window (CWND) Poor throughput performance Different endpoints: TCP resets

TCP resets SYN host host router SYN/ACK ACK RST host

Requirements: Load balance Path pinning Solution: Flow- level hashing

Flow-level hashing read five tuple hash function packet src IP addr dst IP addr protocol src port dst port next-hop

Assumptions Load balance Hashing uniformly spread traffic across next- hops Path pinning Hashing pins packets of a flow to the same path

Do these assumptions hold?

Assumptions Load balance Hashing uniformly spread traffic across next- hops Path pinning Hashing pins packets of a flow to the same path

Hashing quality Two switch models: Switch A Switch B 2^16 five- tuple combinations switch... 256 nexthops

Switch A 2.0 1.5 Perfect hashing Measured L/Lavg 1.0 0.5 0.0 0 50 100 150 200 250 Nexthop rank

Switch B 2.0 Measured 1.5 Perfect hashing L/Lavg 1.0 1.5x 0.5 6x 0.0 0 50 100 150 200 250 Nexthop index

Switch B Vendor claims supporting an arbitrary number of next- hops [1, 256] 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 49 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128

Switch B Only a subset of next- hops are actually supported 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 18 20 22 24 26 28 30 32 34 36 38 40 44 48 52 56 60 64 72 80 88 96 104 112 120 128

Switch B Only a subset of next- hops are actually supported 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 18 20 22 24 26 28 30 32 34 36 38 40 44 48 52 56 60 64 72 80 88 96 104 112 120 126 128

Switch B Only a subset of next- hops are actually supported 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 18 20 22 24 26 28 30 32 34 36 38 40 44 48 52 56 60 64 72 80 88 96 104 112 120 X X X X X X 128 6 next-hops don t get any traffic

Assumptions Load balance Hashing uniformly spread traffic across next- hops Path pinning Hashing pins packets of a flow to the same path

Hashing on IPv4 TOS field 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Version IHL Type of Service Total Length Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source Address Destination Address Options Padding

Hashing on IPv4 TOS field 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Version IHL Type of Service Total Length Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source Address Destination Address Options Padding

Hashing on IPv4 TOS field 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Version IHL Type of Service Total Length Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source Address Destination Address Options Padding

Hashing on IPv4 TOS field RFC 1812 - Requirements for IP Version 4 Routers explicitly permits to involve the second- to- last bit of the TOS/DS octet in routing decisions RFC 2474 - Definition of the Differentiated Services Field deprecates the IPv4 Type of Service field redefines it as the Differentiated Services field RFC 3168 - The Addition of Explicit Congestion Notification (ECN) to IP reserves the last two bits of the DS octet for ECN

Hashing on IPv4 TOS field host router host TCP handshake: Hosts negotiate ECN support ECN- capable bits unset host Flow data: ECN- capable bits set Scenario Hosts are ECN capable Router uses IPv4 TOS for hash computation (RFC 1812) TCP handshake flow data

IPv6 flow label rewrite host x, x!= 0 y x, x!= 0 middlebox if flow_label!= 0: flow_label = rand() z switch uses IPv6 flow label for hash computation y z host host forbidden by RFC 6437 allowed by RFC 6437

SYN proxies SYN proxy switch host host switch host Switches: use ingress interface for hash computation, or use different hash function seeds TCP handshake flow data

Conclusions Load balancing There are devices that do not hash traffic uniformly Path pinning Hashing on fields other than five tuples breaks ECMP Ingress port IPv4 TOS IPv6 flow label

Recommendations Operators: Ensure that your network devices hash flows uniformly or that could cost you money Disable additional inputs if you do not need extra entropy Vendors: Disable hashing inputs other than five- tuple by default Make hash input fields configurable Make hash seed configurable

FIN

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback