Stochastic Pre-Classification for SDN Data Plane Matching

Similar documents
Flow Caching for High Entropy Packet Fields

Programmable Software Switches. Lecture 11, Computer Networks (198:552)

Scalable Enterprise Networks with Inexpensive Switches

SCALING SOFTWARE DEFINED NETWORKS. Chengyu Fan (edited by Lorenzo De Carli)

CS 5114 Network Programming Languages Data Plane. Nate Foster Cornell University Spring 2013

Decision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA

Check Point DDoS Protector Simple and Easy Mitigation

15-744: Computer Networking. Routers

Deep Packet Inspection of Next Generation Network Devices

EECS 122: Introduction to Computer Networks Switch and Router Architectures. Today s Lecture

Master Course Computer Networks IN2097

ECE697AA Lecture 21. Packet Classification

Scalable Name-Based Packet Forwarding: From Millions to Billions. Tian Song, Beijing Institute of Technology

Towards Effective Packet Classification. J. Li, Y. Qi, and B. Xu Network Security Lab RIIT, Tsinghua University Dec, 2005

Check Point DDoS Protector Introduction

Generic Architecture. EECS 122: Introduction to Computer Networks Switch and Router Architectures. Shared Memory (1 st Generation) Today s Lecture

Dynamic Pipelining: Making IP- Lookup Truly Scalable

Master Course Computer Networks IN2097

FPX Architecture for a Dynamically Extensible Router

Hash Table Design and Optimization for Software Virtual Switches

Scaling Hardware Accelerated Network Monitoring to Concurrent and Dynamic Queries with *Flow

ClassBench: A Packet Classification Benchmark. By: Mehdi Sabzevari

Multi-core Implementation of Decomposition-based Packet Classification Algorithms 1

Concept: Traffic Flow. Prof. Anja Feldmann, Ph.D. Dr. Steve Uhlig

Switch and Router Design. Packet Processing Examples. Packet Processing Examples. Packet Processing Rate 12/14/2011

An Optically Turbocharged Internet Router

Episode 5. Scheduling and Traffic Management

Overview. Implementing Gigabit Routers with NetFPGA. Basic Architectural Components of an IP Router. Per-packet processing in an IP Router

Dixit Verma Characterization and Implications of Flash Crowds and DoS attacks on websites

DevoFlow: Scaling Flow Management for High Performance Networks

Tools for Social Networking Infrastructures

Summary Cache based Co-operative Proxies

Reliably Scalable Name Prefix Lookup! Haowei Yuan and Patrick Crowley! Washington University in St. Louis!! ANCS 2015! 5/8/2015!

High Performance Packet Processing with FlexNIC

Basic Concepts in Intrusion Detection

Bloom Filters. References:

PageVault: Securing Off-Chip Memory Using Page-Based Authen?ca?on. Blaise-Pascal Tine Sudhakar Yalamanchili

Detecting Distributed Denial-of. of-service Attacks by analyzing TCP SYN packets statistically. Yuichi Ohsita Osaka University

Stream Mode Algorithms and. Analysis

Accelerating OpenFlow SDN Switches with Per-Port Cache

High-Performance Packet Classification on GPU

Homework 1 Solutions:

CS 268: Route Lookup and Packet Classification

CellSDN: Software-Defined Cellular Core networks

Rule based Forwarding (RBF): improving the Internet s flexibility and security. Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs

Forwarding and Routers : Computer Networking. Original IP Route Lookup. Outline

Revisiting router architectures with Zipf

Lecture 24: Scheduling and QoS

Towards High-performance Flow-level level Packet Processing on Multi-core Network Processors

ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS

IPv4 ACLs, identified by ACL numbers, fall into four categories, as shown in Table 1. Table 1 IPv4 ACL categories

68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery.

Herbivore: An Anonymous Information Sharing System

Interconnection Networks: Topology. Prof. Natalie Enright Jerger

Overview Computer Networking What is QoS? Queuing discipline and scheduling. Traffic Enforcement. Integrated services

Packet Classification Using Dynamically Generated Decision Trees

CS434/534: Topics in Networked (Networking) Systems

ECE 5730 Memory Systems

Packet Classification Using Standard Access Control List

Outline. Motivation. Our System. Conclusion

EXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS

TUPLE PRUNING USING BLOOM FILTERS FOR PACKET CLASSIFICATION

Router Design: Table Lookups and Packet Scheduling EECS 122: Lecture 13

WALL: A Writeback-Aware LLC Management for PCM-based Main Memory Systems

Learning with Purpose

Topic 4a Router Operation and Scheduling. Ch4: Network Layer: The Data Plane. Computer Networking: A Top Down Approach

Problem Statement. Algorithm MinDPQ (contd.) Algorithm MinDPQ. Summary of Algorithm MinDPQ. Algorithm MinDPQ: Experimental Results.

Programmable Server Adapters: Key Ingredients for Success

An Improved Cache Mechanism for a Cache-based Network Processor

Selective Fill Data Cache

Technology for Adaptive Hard. Rui Santos, UA

Estimating Persistent Spread in High-speed Networks Qingjun Xiao, Yan Qiao, Zhen Mo, Shigang Chen

Slicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)

Master Course Computer Networks IN2097

Latency on a Switched Ethernet Network

NDN-NIC: Name-based Filtering on Network Interface Card

Clustering Analysis for Malicious Network Traffic

FPGA based Network Traffic Analysis using Traffic Dispersion Graphs

Intrusion Detection by Combining and Clustering Diverse Monitor Data

Differential Congestion Notification: Taming the Elephants

SpecPaxos. James Connolly && Harrison Davis

A Study of Cache-Based IP Flow Switching

Practical Network-wide Packet Behavior Identification by AP Classifier

Enhanced Ethernet Switching Technology. Time Applications. Rui Santos 17 / 04 / 2009

Toward a Reliable Data Transport Architecture for Optical Burst-Switched Networks

Extreme Storage Performance with exflash DIMM and AMPS

Power of Slicing in Internet Flow Measurement. Ramana Rao Kompella Cristian Estan

Multi-Layer Packet Classification with Graphics Processing Units

Performance Analysis of Darwin: Transient State

New Directions in Traffic Measurement and Accounting. Need for traffic measurement. Relation to stream databases. Internet backbone monitoring

Extensible Network Security Services on Software Programmable Router OS. David Yau, Prem Gopalan, Seung Chul Han, Feng Liang

Forwarding Architecture

OpenState demo. Hands-on activity. NetSoft 15 - April 13, 2015 A.Capone & C. Cascone: OpenState Live Demo 1

HIGH-PERFORMANCE PACKET PROCESSING ENGINES USING SET-ASSOCIATIVE MEMORY ARCHITECTURES

Balancing DRAM Locality and Parallelism in Shared Memory CMP Systems

Master Course Computer Networks IN2097

Cisco ASR 1000 Series Aggregation Services Routers: QoS Architecture and Solutions

The Controlled Delay (CoDel) AQM Approach to fighting bufferbloat

KUPF: 2-Phase Selection Model of Classification Records

Router Architectures

Transcription:

Stochastic Pre-Classification for SDN Data Plane Matching Luke McHale, C. Jasson Casey, Paul V. Gratz, Alex Sprintson Presenter: Luke McHale Ph.D. Student, Texas A&M University Contact: luke.mchale@tamu.edu

Motivation Switch Open SDN Data Plane Packet Arrival SDNs increase stress on Packet Classification Higher complexity compared to traditional networks Generalizing increases timing variability Denial of Service (DoS) attacks on SDN switches are a potential issue Wastes resources, crowding out legitimate s Inherent problem: traffic must be classified before it can be determined malicious 2

Motivation: Packet Classification Switch Packet Arrival eth.src eth.dst eth.type eth.vlan_id eth.vlan_p ipv4.tos proto.field... Classifier key & mask = value value mask policy policy policy policy key policy next stage Exact Matching Hash s Prefix Match Tries Arbitrary TCAM (limited in size/availability) 3

Motivation: Locality 35% of the flows contain 95% of the s The active-flow window is constantly changing 3 Cumulative Distribution of Unique s 25 Million Packets 2 5 5. 2.k 4.k 6.k 8.k.M.2M.4M # (sorted) CAIDA Trace: equinix-sanjose.dira229-2593 4

Outline. Motivation a. Packet Classification b. Locality 2. Taking Advantage of Locality a. Caching b. Pre-Classification 3. Evaluation a. Experimental Setup b. Firewall 4. Results 5. Conclusions 5

Caching Cache Locality -> Caching becomes fast-path Keeps high-throughput flows Lookup: exact-match using key (i.e. 5-tuple) Cache: action set Hits: bypass and selection Similar techniques: [I.L. Chvets et al., 22], [K. Li et al., 23] 6

Pre-Classification Known s Bloom Filter Priority Scheduler Hi Lo Unknown s Attacks aim to stress slow-path (classification) When stressed, prioritize established traffic Lookup: exact-match using key (i.e. 5-tuple) Cache: seen before Hits: higher classification priority 7

Bloom Filter Hit: flow likely seen within epoch Miss: flow definitely not seen within epoch O[] Lookups O[] Inserts False positive rate is proportional to fill level eth.src eth.dst eth.type eth.vlan_id eth.vlan_p ipv4.tos key key key seed Hash seed Hash seed 2 2 n idx idx Bloom Filter 2 Lookup Lookup 2 n member 2 n member member next stage Tradeoffs in design proto.field... Hash n idx n Lookup key 8

Bloom Filter: XOR Hash Function Bit-level XOR helps preserve entropy Avoid mixing heavily correlated bits 4-bit 5-tuple () XOR XOR XOR XOR XOR XOR XOR 6-bit Hash 9

Experimental Setup Cycle accurate simulator Frequency determined by array sizes using CACTI Data Plane Frequency Data Plane Queue Depth Bloom Filter Size Bloom Filter Clearing Interval Cache Size Cache Organization 2 GHz 2 high, 2 low 32Kb (5 arrays, each 64Kb) 6K insertions 69Kb (52 38-bit entries) 2-way set associative, LRU 8, entries PCAP Trace Time-Scaled Interface Classification Simulator Packet Collection & Statistics Gbps {,, 4, Gbps}

Firewall Simulated Firewall Access Control List (ACL) Protocol IP source/destination Port source/dest. ranges Test ACL Generation 95%: nominal network conditions 6%: network with significant malicious traffic 2%: network under attack Coverage (%) 9 8 7 6 5 4 3 2 95% Accept 6% Accept 2% Accept 2 3 4 5 6 7 8 Rule No.

Results: Throughput.9.8 Baseline - 6% Baseline - 2% Stressed > Gbps Normalized Throughput.7.6.5.4.3.2. 4 2

Results: Throughput Cache Normalized Throughput.9.8.7.6.5.4.3 Baseline - 6% Baseline - 2% Caching - 95% Caching - 6% Caching - 2% Stressed > Gbps Throughput proportional to unauthorized traffic.2. 4 3

Results: Throughput Known s Priority Scheduler Bloom Filter Hi Lo Unknown s Normalized Throughput.9.8.7.6.5.4.3 Baseline - 6% Baseline - 2% Caching - 95% Caching - 6% Caching - 2% Partition - 95% Partition - 6% Partition - 2% Stressed > Gbps Throughput proportional to unauthorized traffic Unauthorized traffic has less impact on throughput.2. 4 4

Results: Throughput Known s Priority Scheduler Bloom Filter Hi Lo Cache Unknown s Normalized Throughput.9.8.7.6.5.4.3 Baseline - 6% Baseline - 2% Caching - 95% Caching - 6% Caching - 2% Partition - 95% Partition - 6% Partition - 2% Partition+Caching - 95% Partition+Caching - 6% Partition+Caching - 2% u Stressed > Gbps Throughput proportional to unauthorized traffic Unauthorized traffic has less impact on throughput More consistent throughput.2. 4 5

Results: Latency Baseline - 6% Baseline - 2% 9 8 Queue saturation causes high latency > Gbps 7 Mean Latency (µs) 6 5 4 3 2 4 6

Results: Latency Cache 9 8 7 Baseline - 6% Baseline - 2% Caching - 95% Caching - 6% Caching - 2% Queue saturation causes high latency > Gbps Hits improve average latency Mean Latency (µs) 6 5 4 3 2 4 7

Results: Latency Bloom Filter Known s Priority Scheduler Hi Lo Unknown s Mean Latency (µs) 9 8 7 6 5 4 3 Baseline - 6% Baseline - 2% Caching - 95% Caching - 6% Caching - 2% Partition - 95% Partition - 6% Partition - 2% Queue saturation causes high latency > Gbps Hits improve average latency Authorized traffic not yet seen incurs higher latency Once flow is learned, latency consistent with Baseline 2 4 8

Results: Latency Bloom Filter Known s Priority Scheduler Hi Lo Cache Unknown s Mean Latency (µs) 9 8 7 6 5 4 3 2 Baseline - 6% Baseline - 2% Caching - 95% Caching - 6% Caching - 2% Partition - 95% Partition - 6% Partition - 2% Partition+Caching - 95% Partition+Caching - 6% Partition+Caching - 2% 4 u Queue saturation causes high latency > Gbps Hits improve average latency Authorized traffic not yet seen incurs higher latency Once flow is learned, latency consistent with Cache Higher latency at start of flow u Latency is constant with cache thereafter 9

Results: Jitter Baseline - 6% Baseline - 2% 9 Peaks at saturation point 8 7 6 Jitter (µs) 5 4 3 2 4 2

Results: Jitter Cache Baseline - 6% Baseline - 2% Caching - 95% Caching - 6% Caching - 2% 9 Peaks at saturation point 8 7 6 Difference in fast vs. slow path increases variance Jitter (µs) 5 4 3 2 4 2

Results: Jitter Known s Priority Scheduler Bloom Filter Hi Lo Unknown s Baseline - 6% Baseline - 2% Caching - 95% Caching - 6% Caching - 2% Partition - 95% Partition - 6% Partition - 2% 35 Peaks at saturation point 3 25 Difference in fast vs. slow path increases variance Jitter (µs) 2 5 Learning path incurs higher latency -> jitter 5 Once flow is learned, jitter consistent with Caching 4 22

Results: Jitter Known s Priority Scheduler Bloom Filter Hi Lo Cache Unknown s Baseline - 6% Baseline - 2% Caching - 95% Caching - 6% Caching - 2% Partition - 95% Partition - 6% Partition - 2% Partition+Caching - 95% Partition+Caching - 6% Partition+Caching - 2% 35 Peaks at saturation point 3 25 Difference in fast vs. slow path increases variance Jitter (µs) 2 5 Learning path incurs higher latency -> jitter 5 4 u Once flow is learned, jitter consistent with Caching Improves jitter incurred by priority mechanism 23

Conclusions Known s Priority Scheduler Bloom Filter Hi Lo Cache Unknown s SDN complexity increases stress on Classification Cache minimizes the effect of repeatedly classifying high-throughput flows Increases effective throughput Pre-Classification prioritizes known traffic Reduces effect of malicious traffic Combined arcecture provides orthogonal benefit Helps decouple legitimate and malicious traffic 24

Results: Throughput Bloom Filter Known s Priority Scheduler Hi Lo Cache Unknown s Baseline - 6% Baseline - 2% Caching - 95% Caching - 6% Caching - 2% Partition - 95% Partition - 6% Partition - 2% Partition+Caching - 95% Partition+Caching - 6% Partition+Caching - 2%.9.8 Normalized Throughput.7.6.5.4.3.2. 4 25

Results: Latency Bloom Filter Known s Priority Scheduler Hi Lo Cache Unknown s Baseline - 6% Baseline - 2% Caching - 95% Caching - 6% Caching - 2% Partition - 95% Partition - 6% Partition - 2% Partition+Caching - 95% Partition+Caching - 6% Partition+Caching - 2% 9 8 7 Mean Latency (µs) 6 5 4 3 2 4 26

Results: Jitter Bloom Filter Known s Priority Scheduler Hi Lo Cache Unknown s Baseline - 6% Baseline - 2% Caching - 95% Caching - 6% Caching - 2% Partition - 95% Partition - 6% Partition - 2% Partition+Caching - 95% Partition+Caching - 6% Partition+Caching - 2% 35 3 25 Jitter (µs) 2 5 5 4 27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback