KUPF: 2-Phase Selection Model of Classification Records

Similar documents
Network Processors. Nevin Heintze Agere Systems

Multimedia Networking. Network Support for Multimedia Applications

4. The transport layer

CS 268: Route Lookup and Packet Classification

MPLS MULTI PROTOCOL LABEL SWITCHING OVERVIEW OF MPLS, A TECHNOLOGY THAT COMBINES LAYER 3 ROUTING WITH LAYER 2 SWITCHING FOR OPTIMIZED NETWORK USAGE

Network Management & Monitoring

Grandstream Networks, Inc. GWN7000 QoS - VoIP Traffic Management

H3C S9500 QoS Technology White Paper

Lecture 13. Quality of Service II CM0256

while the LAN interface is in the DMZ. You can control access to the WAN port using either ACLs on the upstream router, or the built-in netfilter

Quality of Service (QoS): Managing Bandwidth More Effectively

Label Distribution Protocol and Basic MPLS Configuration. APNIC Technical Workshop October 23 to 25, Selangor, Malaysia Hosted by:

MPLS Intro. Cosmin Dumitru March 14, University of Amsterdam System and Network Engineering Research Group ...

2D1490 p MPLS, RSVP, etc. Olof Hagsand KTHNOC/NADA

Generic Architecture. EECS 122: Introduction to Computer Networks Switch and Router Architectures. Shared Memory (1 st Generation) Today s Lecture

6 MPLS Model User Guide

Lesson 9 OpenFlow. Objectives :

NSP Network Services Platform Network Functions Manager - Packet (NFM-P) Multi-Vendor Policy Guide. 3HE AAAB-TQZZA Issue 2 September 2017

Lecture 8. Network Layer (cont d) Network Layer 1-1

Configuring ACLs. ACL overview. ACL categories. ACL numbering and naming

Multi Protocol Label Switching (an introduction) Karst Koymans. Thursday, March 12, 2015

ip rsvp reservation-host

Lecture 16: Network Layer Overview, Internet Protocol

Telematics Chapter 7: MPLS

OSI Network Layer. Network Fundamentals Chapter 5. Version Cisco Systems, Inc. All rights reserved. Cisco Public 1

EECS 122: Introduction to Computer Networks Switch and Router Architectures. Today s Lecture

Metadata Configuration Guide Cisco IOS Release 15M&T

Da t e: August 2 0 th a t 9: :00 SOLUTIONS

Fundamental Issues. System Models and Networking Chapter 2,3. System Models. Architectural Model. Middleware. Bina Ramamurthy

Lecture 24: Scheduling and QoS

CS 5114 Network Programming Languages Data Plane. Nate Foster Cornell University Spring 2013

Quality of Service. Understanding Quality of Service

Quality of Service II

NAT Support for Multiple Pools Using Route Maps

A Proposal to add Explicit Congestion Notification (ECN) to IPv6 and to TCP

Flexible NetFlow - Top N Talkers Support

Committed Access Rate

Configuring Flow Aware QoS

Point-to-Point Network Switching. Computer Networks Term B10

Medianet Metadata. Finding Feature Information. Restrictions for Medianet Metadata

Hardware Assisted Recursive Packet Classification Module for IPv6 etworks ABSTRACT

Table of Contents Chapter 1 MPLS Basics Configuration

Introduction to Internet. Ass. Prof. J.Y. Tigli University of Nice Sophia Antipolis

Outline. Circuit Switching. Circuit Switching : Introduction to Telecommunication Networks Lectures 13: Virtual Things

Quality of Service Mechanism for MANET using Linux Semra Gulder, Mathieu Déziel

Quality of Service Monitoring and Delivery Part 01. ICT Technical Update Module

سوي يچينگ و مسيريابي در شبكه

IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance

Quality of Service Setup Guide (NB14 Series)

Covert channel detection using flow-data

Presentation Outline. Evolution of QoS Architectures. Quality of Service Monitoring and Delivery Part 01. ICT Technical Update Module

SJTU 2018 Fall Computer Networking. Wireless Communication

Basics (cont.) Characteristics of data communication technologies OSI-Model

On Network Dimensioning Approach for the Internet

ACL Rule Configuration on the WAP371

Operation Manual MPLS. Table of Contents

Robust Firewalls with OpenBSD and PF

internet technologies and standards

ITP 140 Mobile Applications Technologies. Networks

Configuring RSVP Support for Frame Relay

cs144 Midterm Review Fall 2010

Week 7: Traffic Models and QoS

Protocols. End-to-end connectivity (host-to-host) Process-to-Process connectivity Reliable communication

Firewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.

Internet Protocol version 6

Table of Contents. Cisco MPLS FAQ For Beginners

Progress Report No. 3. A Case Study on Simulation Scenario

Juniper Netscreen Security Device. How to Enable IPv6 Page-51

Internet Quality of Service: an Overview

MultiProtocol Label Switching - MPLS ( RFC 3031 )

Just enough TCP/IP. Protocol Overview. Connection Types in TCP/IP. Control Mechanisms. Borrowed from my ITS475/575 class the ITL

International Workshop NGNT 31. DiffServ and MPLS. Tímea Dreilinger

Chapter 4 Network Layer: The Data Plane

Mapping of Address and Port using Translation (MAP-T) E. Jordan Gottlieb Network Engineering and Architecture

Lecture 3. The Network Layer (cont d) Network Layer 1-1

Chapter 4 Network Layer: The Data Plane. Part A. Computer Networking: A Top Down Approach

Scalability of Routing Protocols

Quality of Service (QoS)

Queuing Mechanisms. Overview. Objectives

Using NAT in Overlapping Networks

Real-Time Protocol (RTP)

Tag Switching. Background. Tag-Switching Architecture. Forwarding Component CHAPTER

Configuring Cisco IOS IP SLAs Operations

CMPE 80N: Introduction to Networking and the Internet

Need For Protocol Architecture

History Page. Barracuda NextGen Firewall F

Firewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense

Lecture 2: Basic routing, ARP, and basic IP

Master Course Computer Networks IN2097

Using Flexible NetFlow Top N Talkers to Analyze Network Traffic

Last time. Wireless link-layer. Introduction. Characteristics of wireless links wireless LANs networking. Cellular Internet access

Configuring Policy-Based Routing

IPv4 ACLs, identified by ACL numbers, fall into four categories, as shown in Table 1. Table 1 IPv4 ACL categories

CSE 461 Midterm Winter 2018

Software Defined Networking

CS 465 Networks. Disassembling Datagram Headers

Introduction to Netflow

COMP211 Chapter 4 Network Layer: The Data Plane

Principles. IP QoS DiffServ. Agenda. Principles. L74 - IP QoS Differentiated Services Model. L74 - IP QoS Differentiated Services Model

CSC 4900 Computer Networks: Network Layer

Transcription:

KUPF: 2-Phase Selection Model of Classification Records KAKIUCHI Masatoshi Nara Institute of Science and Technology

Background Many Internet services classify the data to be handled according to rules which control the service.» Firewall classifies incoming/outgoing packets.» QoS mechanism classifies data flow. Internet services contain many control rules. Classification mechanism is important.» Every data is classified by its parameter, and controlled by rule. 2 2

How to Decide the Action How does a router decide the action?» classify data and decide the action corresponding with its data» examples: router: decision on next hop by destination address firewall: filter rules with parameters on a packet Conventional system:» Each vender has each implementation.» Routing, diff-serv, firewall mechanisms on same node individually proceed classification. 3 3

Goal Generalization of packet classification mechanism Parameter Filter» Build a model» Develop a framework Represent filter rule using common style» Save time of network administrator Integration of procedures of parameter filter» Efficient development of a system 4 4

Model (1/2) 5 Conventional view of parameter filter:» classify input data by filter rules dst addr port proto. 10.2.0.1 input packet 80 TCP 10.2/16 TCP 10.5/16 filter rules TCP 5 80 pass 10/8 80 pass action apply 111 UDP drop

Model (2/2) Our view of parameter filter:» classify filter rules by input data classification schema dst addr port proto. 10.2.0.1 80 TCP record parameters action 10.2/16 80 80 classification 10.5/16 TCP records TCP pass 10/8 111 UDP drop filter rules result record 10.2/16 80 TCP pass 6 input packet apply 10.2.0.1 80 TCP pass 6

Conflict of Rules Some rules compete with other. example:» HTTP requests should pass through proxy server.» User B uses dedicated line. HTTP proxy 7 user A user B dst port = 80 src addr = B dst port = 80 src addr = B src addr * B router control parameters dst port 80 * action to HTTP proxy to dedicated line router? need additional policy router default line dedicated line Internet 7 *: wild card

2-Phase Selection Model (1/2) Stage 1:» Selecting records with filter rule which satisfy target from classification records» Stage 1 selection is: independent of services dependent only on parameter matching Stage 2:» Selecting records with action which applies to target from satisfied records» Stage 2 selection is: dependent on services and policy 8 8

2-Phase Selection Model (2/2) 2-phase selection model divides parameter filter into two parts:» independent of services» dependent on services We take only Stage 2 into consideration, even in following cases:» investigating and solving conflicts of record selection» investigating and solving inconsistency between multiple routers» implementing schema and policy for a new service 9 9

Implementation of KUPF KUMA* s Universal Parameter Filter (KUPF)» framework of parameter filter based on 2-phase selection model» NetBSD» C language» Running on both kernel land and user land record parameters record parameters record parameters Stage 1 matching record parameters record parameters Stage 2 selecting record parameters classification records parameters result record 10 *KUMA Project: http://www.kuma-project.net/ 10

Parameter Implemented 4 fundamental types» integer port number, protocol number» bit stream IPv4 / IPv6 address» byte stream character string» special: any any matches with to any parameter by all method 11 11

Comparison Method Compare with parameter» match port number, protocol number» mask match TOS (Type of Service)» prefix match IPv4 / IPv6 address Users can add other method. 12 12

Stage 1 Stage 1 compares whole classification records with target parameter and output matched classification records. Classification table is managed by linear list. classification schema src addr dst port prefix matchexact match classification records * 80 B * HTTP proxy dedicated line prefix match exact match match x A 80 13 target parameter 13

Stage 2 Stage 2 heavily depends on the service. We provide a sample implementation. 14 14

Example of Implementation Replace parameter filter of ALTQ (queueing and shaping mechanism) with KUPF ALTQ applies a single action for each incoming packet. We implemented a Stage 2 based on best match policy. 15 15

Classification Schema for IPv6 and Record Parameter (extract) attribute fundamental type (length) record parameter (length) compare protocol unsigned integer unsigned integer match traffic class bit stream (8 bits) bit stream (8 bits) bit stream (8 bits) mask match dst address bit stream (128 bits) variable length bit stream prefix match src address bit stream (128 bits) variable length bit stream prefix match dst port unsigned integer unsigned integer match src port unsigned integer unsigned integer match 16 16

Experimentation (1/2) We provided 273 users with IPv4 / IPv6 network Users demanded network resource. Reservation parameters» ATM / Satellite» Bandwidth, time» src & dst addresses» protocol» src & dst port numbers with reservation LSR Core ATM 1.5Mbps LSR Core LSR Edge Internet LSR Edge small delay large delay without reservation Router Router LSR Edge Satellite 0.5/1.5Mbps 17 User User User User 17

Experimentation (2/2) KUPF and ALTQ was used on Label Switching Router (LSR). KUPF decided label and queueing parameter based on rules. KUPF provided users with stable network. 18 18

Performance Evaluation (1/2) 19 NetBSD 1.6, Pentium III 1GHz 1,000 filters (received interface, protocol, destination address, destination port number) median of 10 averages of 1,000 times filter IPv4 host IPv4 net IPv6 host IPv6 net interface fxp0 fxp0 fxp0 fxp0 protocol UDP UDP UDP UDP dst addr 192.168.4.0,.., 192.168.4.9 192.168.4.0/28,.., 192.168.4.144/28 fec0:0:0:4::0,.., fec0:0:0:4::9 fec0:0:0:4000::/64,.., fec0:0:0:4009::/64 dst port 10,000,.., 10,099 10,000,.., 10,099 10,000,.., 10,099 10,000,.., 10,099 19

Performance Evaluation (2/2) filter ALTQ KUPF (0% hit) KUPF (50% hit) IPv4 host 0.002 ms 0.65 ms 0.34 ms IPv4 net 0.021 ms 0.63 ms 0.34 ms IPv6 host 0.25 ms 0.63 ms 0.33 ms IPv6 net 0.25 ms 0.50 ms 0.26 ms KUPF is slower than ALTQ. Difference of IPv6 is smaller than IPv4 The reason is that:» KUPF uses liner search.» KUPF is implemented based on abstracted model.» Procedure for KUPF is separated into two stages. 20 20

Future Works Performance improvement» Searching records is difficult. multi-parameters, prefix match, wild card» Two stages cooperation may be effective. Other examples» Inspection for conflict of rules Development of expression for filter representation 21 21

Conclusion We proposed 2-phase selection model of classification records. We implemented KUPF as a framework of the parameter filter.» adaptable to complicated rules» flexible filter rules» expansible filter rules, independent of service In future works, we need performance improvement and other applied example. 22 22

More Information KUMA Project» http://www.kuma-project.net/ 23 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback