Flow Caching for High Entropy Packet Fields

Similar documents
Open vswitch is the most widely used virtual switch in cloud environments.

Programmable Software Switches. Lecture 11, Computer Networks (198:552)

Slicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)

Network Virtualization in Multi-tenant Datacenters

Router Design: Table Lookups and Packet Scheduling EECS 122: Lecture 13

lecture 18: network virtualization platform (NVP) 5590: software defined networking anduo wang, Temple University TTLMAN 401B, R 17:30-20:00

IP Forwarding. CSU CS557, Spring 2018 Instructor: Lorenzo De Carli

Stochastic Pre-Classification for SDN Data Plane Matching

CS 4226: Internet Architecture

Hash Table Design and Optimization for Software Virtual Switches

Rule Caching in Software- Define Networkings. Supervisor: Prof Weifa Liang Student: Zhenge Jia, u Date of presentation: 24 th May 2016

EECS 122: Introduction to Computer Networks Switch and Router Architectures. Today s Lecture

Decision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA

Switch and Router Design. Packet Processing Examples. Packet Processing Examples. Packet Processing Rate 12/14/2011

Software Defined Networks

Scalable Enterprise Networks with Inexpensive Switches

Generic Architecture. EECS 122: Introduction to Computer Networks Switch and Router Architectures. Shared Memory (1 st Generation) Today s Lecture

Experiences with Programmable Dataplanes

Problem Statement. Algorithm MinDPQ (contd.) Algorithm MinDPQ. Summary of Algorithm MinDPQ. Algorithm MinDPQ: Experimental Results.

CS 268: Route Lookup and Packet Classification

4. Miscellaneous: network virtualization

Software-Defined Networking (Continued)

ECE697AA Lecture 21. Packet Classification

Network Processors. Nevin Heintze Agere Systems

Chapter 5 Network Layer: The Control Plane

IPv4 ACLs, identified by ACL numbers, fall into four categories, as shown in Table 1. Table 1 IPv4 ACL categories

Networking in virtual environments

TOC: Switching & Forwarding

Introduction to Software-Defined Networking UG3 Computer Communications & Networks (COMN)

Multi-gigabit Switching and Routing

Homework 1 Solutions:

CSC 401 Data and Computer Communications Networks

ITTC High-Performance Networking The University of Kansas EECS 881 Packet Switch I/O Processing

CS 5114 Network Programming Languages Data Plane. Nate Foster Cornell University Spring 2013

Software Defined Networking

OpenFlow Ronald van der Pol

Server virtualization

Topics for Today. Network Layer. Readings. Introduction Addressing Address Resolution. Sections 5.1,

T4P4S: When P4 meets DPDK. Sandor Laki DPDK Summit Userspace - Dublin- 2017

IP Address Lookup and Packet Classification Algorithms

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution

Routers Technologies & Evolution for High-Speed Networks

TOC: Switching & Forwarding

Lecture 12: Aggregation. CSE 123: Computer Networks Alex C. Snoeren

Hardware Assisted Recursive Packet Classification Module for IPv6 etworks ABSTRACT

Packet Classification. George Varghese

1 Connectionless Routing

OPENFLOW & SOFTWARE DEFINED NETWORKING. Greg Ferro EtherealMind.com and PacketPushers.net

Concise Encoding of Flow Attributes in SDN Switches

Communication Networks

Agilio OVS Software Architecture

Master Course Computer Networks IN2097

Where we are in the Course

DevoFlow: Scaling Flow Management for High Performance Networks

Software Defined Networking

Implementation of Boundary Cutting Algorithm Using Packet Classification

Lecture 12: Addressing. CSE 123: Computer Networks Alex C. Snoeren

Master Course Computer Networks IN2097

Fix VxLAN Issue in SFC Integration by Using Eth+NSH and VxLAN-gpe+NSH Hybrid Mode Yi Yang, Intel

Internet Protocol Addressing and Routing. Redes TCP/IP

15-744: Computer Networking. Routers

Network Myths and Mysteries. Radia Perlman Intel Labs

Professor Yashar Ganjali Department of Computer Science University of Toronto.

Data Structures for Packet Classification

Network Virtualization Based on Flows

Chapter 8: Subnetting IP networks. Introduction to Networks v5.1

Router Architectures

So#ware Defined Networking

HEADER SPACE ANALYSIS

Configuring ACLs. ACL overview. ACL categories. ACL numbering and naming

CSC 4900 Computer Networks: Network Layer

ROUTING INTRODUCTION TO IP, IP ROUTING PROTOCOLS AND PROXY ARP

Open vswitch Extensions with BPF

Antonio Cianfrani. Access Control List (ACL) Part I

BLINC: Multilevel Traffic Classification in the Dark

Decision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA

SDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich

Programmable Forwarding Planes at Terabit/s Speeds

Addressing and Routing

The Internet Protocol. IP Addresses Address Resolution Protocol: IP datagram format and forwarding: IP fragmentation and reassembly

High-Performance Packet Classification on GPU

Application of SDN: Load Balancing & Traffic Engineering

A Novel vcpe Framework for Enabling Virtual Network Functions with Multiple Flow Tables Architecture in SDN Switches

The IP Data Plane: Packets and Routers

Open vswitch: A Whirlwind Tour. Jus8n Pe:t March 3, 2011

Introduction. Introduction. Router Architectures. Introduction. Recent advances in routing architecture including

Hands on SDN and BRO

Service Function Chaining (SFC)

Be Fast, Cheap and in Control with SwitchKV. Xiaozhou Li

BESS: A Virtual Switch Tailored for NFV

ITTC Science of Communication Networks The University of Kansas EECS 784 Identifiers, Names, and Addressing

Network layer (addendum) Slides adapted from material by Nick McKeown and Kevin Lai

Towards High-performance Flow-level level Packet Processing on Multi-core Network Processors

Introduction. Router Architectures. Introduction. Introduction. Recent advances in routing architecture including

Scalable Packet Classification using Distributed Crossproducting of Field Labels

CS244a: An Introduction to Computer Networks

High-Speed Network Processors. EZchip Presentation - 1

Concise Encoding of Flow Attributes in SDN Switches

Configuring Web Cache Services By Using WCCP

Languages for SDN (Frenetic)

Transcription:

Flow Caching for High Entropy Packet Fields Nick Shelly Nick McKeown! Ethan Jackson Teemu Koponen Jarno Rajahalme

Outline Current flow classification in OVS Problems with high entropy packets Proposed ideas Benchmarking Why it works

Definitions Flow classification Header space and wildcard bits: for the rule with match 10xx, packets 1011 and 1010 have the same action. High vs low entropy fields: Packet 1 L2 L3 L4 Port MAC src MAC dst IP src IP dst TP src TP dst 2 00:11:22:33:44:55 00:11:22:33:44:55 69.171.248.18 96.30.52.192 52345 80 Low entropy fields High entropy field Packet 2 L2 L3 L4 Port MAC src MAC dst IP src IP dst TP src TP dst 2 00:11:22:33:44:55 00:11:22:33:44:55 69.171.248.18 96.30.52.192 52125 80

Flow classification in OVS Slow path OpenFlow Pipeline! src=10.0.0.1,dst=12.0.0.2,tp_src=39245,tp_dst=80 L2 L3 ACL L3 L2 src=12.0.0.2,dst=10.0.0.1,tp_src=80,tp_dst=39245 src=10.0.0.1,dst=13.52.7.62,tp_src=2351,tp_dst=8080 src=10.0.0.1,dst=12.0.0.2,tp_src=40356,tp_dst=80 Fast path Exact Match Cache! src=10.0.0.1,dst=12.0.0.2,tp_src=39245,tp_dst=80 output:1 src=12.0.0.2,dst=10.0.0.1,tp_src=80,tp_dst=39245 output:2 src=10.0.0.1,dst=13.52.7.62,tp_src=2351,tp_dst=8080 drop src=10.0.0.1,dst=12.0.0.2,tp_src=40356,tp_dst=80 output:1

Megaflow Cache Slow path OpenFlow Pipeline! L2 L3 ACL L3 L2 src=10.0.0.1,dst=12.0.0.2,tp_src=39245,tp_dst=80 src=12.0.0.2,dst=10.0.0.1,tp_src=80,tp_dst=39245 L3 Table src=10.0.0.1,dst=12.0.0.2,tp_src=40356,tp_dst=80 src=10.0.0.1,dst=13.52.7.62,tp_src=2351,tp_dst=8080 MATCH ACTIONS nw_src == 10.0.0.0/8, nw_dst == 12.0.0.0/8 output:1 nw_src == 12.0.0.0/8, nw_dst == 10.0.0.0/8 output:2 Fast path Megaflow Cache! src=10.0.0.0/8,dst=12.0.0.0/8,tp_src=*,tp_dst=* src=12.0.0.0/8,dst=10.0.0.0/8,tp_src=*,tp_dst=* src=10.0.0.0/8,dst=13.0.0.0/8,tp_src=*,tp_dst=* output:1 output:2 drop

Megaflow Cache OpenFlow Pipeline! Slow path L2 L3 ACL L3 L2 L3 Table MATCH nw_src == 10.0.0.0/8, nw_dst == 12.0.0.0/8 nw_src == 12.0.0.0/8, nw_dst == 10.0.0.0/8 ACTIONS output:1 output:2 Fast path Megaflow Cache! src=10.0.0.0/8,dst=12.0.0.0/8,tp_src=*,tp_dst=* src=12.0.0.0/8,dst=10.0.0.0/8,tp_src=*,tp_dst=* src=*,dst=13.0.0.0/8,tp_src=*,tp_dst=* drop output:1 output:2

OVS slow path Relies on OpenFlow table pipeline Must handle highly complicated lookups arbitrary packet metadata, recursion Computationally expensive Lots of repeat lookup sequences for packets that only differ by 1 or 2 bits

Ideal fast path! Constant time lookup Easy to compute entries (translate from OpenFlow tables) Flexible for any number of OpenFlow fields Reasonable memory (we cannot cache every single packet) Easy to implement and maintain (in software)

Proposal 1. Pro-active processing Table 1 Table 2 RULE PRIORITY MATCH ACTIONS 1 10 tp_dst == 80 drop RULE PRIORITY MATCH ACTIONS 1 1000 reg4 == 1 output:2 2 5 tp_dst == 443 drop 3 5 tp_dst == xx reg4 <= 1, resubmit: table 2 Cross-product Table MATCH ACTIONS tp_dst == 80 drop Table 1, Rule 1 tp_dst == 443 drop Table 1, Rule 2 Header space notation: tp_dst == xx - {80 U 443 } tp_dst == 0-79, 81-442, 443-65535 reg4 <= 1, output: 2 Table 1, Rule 3 then Table 2, Rule 1

Proposal 1. Pro-active processing But, how do we translate a header space, with a union, to wildcarded rules? RULE PRIORITY MATCH ACTIONS A 10 tp_dst == 0101 drop B 5 tp_dst == 0110 drop hc = C A B = C (A B) = C (A B) C 5 tp_dst == xxxx output: 2 Union minimization is an NP problem, so good heuristics is key

Proposal 2. Re-active processing Goal: For each new packet, install one wildcarded flow in the cache to match as many packets as possible RULE PRIORITY MATCH ACTIONS A 10 tp_dst == 0101 drop B 5 tp_dst == 0110 drop C 5 tp_dst == xxxx output: 2 New packet, p: p = 1010 New cached flow: MATCH ACTIONS tp_dst = 1xxxx output: 2 Doesn t cover the entire header space, hc, but a good heuristic (with 100 ACLs, ~80% of true header space)

Proposal 2. Re-active processing Problem: Too many flow masks for most rule sets (easier to hash just on a few masks) Fast path cache FLOW MASK 1000 0000 1xxx xxxx 0xxx xxxx RULES 1100 0000 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Use decision tree to un-wildcard flows in order, maximum of N masks (for N-bit high entropy field)

Comparison in performance COMMON MATCH DECISION TREE ACLS FLOWS MASKS % OPT FLOWS MASKS % OPT 10 93 76 94% 126 14 16% 100 552 435 80% 913 13 13% 1000 3860 2669 57% 6141 9-10000 22333 3563-30947 6 -

Comparison in cache size Can handle up to 1000 higher priority rules (ACLs) with only 5K entries 35000 10000 Common Match Classifier LPM Classifier # of cache entries 30000 25000 20000 15000 10000 5000 Common Match Megaflows LPM Megaflows 0 10 100 1000 10000 # of masks 1000 100 10 1 10 100 1000 10000 # of ACLs # of ACLs Longest prefix (decision tree) is better with the number of masks

Future work! How does the number of hash masks affect run time? What is the effect of even more high entropy fields on the number of cache entries and coverage (optimal flow)? Can we adapt the classifier to different rule sets, exploiting traffic localities? Map one packet to more than one flow in the cache?

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback