Presentation is loading. Please wait.

Presentation is loading. Please wait.

Washington WASHINGTON UNIVERSITY IN ST LOUIS Packet Classification in the SPC arl/projects/msr/work/msrcfy.ppt.

Published byBuck Boyd Modified over 8 years ago

Similar presentations

Presentation on theme: "Washington WASHINGTON UNIVERSITY IN ST LOUIS Packet Classification in the SPC arl/projects/msr/work/msrcfy.ppt."— Presentation transcript:

1 Washington WASHINGTON UNIVERSITY IN ST LOUIS fredk@arl.wustl.edu http://www.arl.wustl.edu/~fredk Packet Classification in the SPC arl/projects/msr/work/msrcfy.ppt Fred Kuhns Washington University Applied Research Laboratory

2 2 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 Dynamically Extensible, Multi-Service, Extreme Router PP DQ plugin PP PE FP PP Configure MM CP flexroutd Routing RA OSPF Logical Interfaces framework Routing and Signaling OSPFflexsig OSPF ++ NOC Net Manager App and GUI classify/lookup DRR classify/lookup DRR NMA Resource WUGS MSR MSR control PE classify DQ classify CP - Control Processor MM – MSR Manager RA - Route Agents NMA - Network Management Agent DQ – Distributed Queuing DRR – Deficit Round Robin PP - Port Processor (SPC/FPX) PE – Processing Environment (SPC) FP – Forwarding Path (PX/SPC) ATM/Switch Lib (I/O and control) IP ATM The ARL DEMSER logical diagram

3 3 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 SW Classifier: Top-Level View Classifier PI 0 PI 1 PI 2 PI n Plugin Control Unit General Match Exact Match Route lookup classify packet... forward packet: get output queue from pkt type, outVIN and reservation. perform necessary IP processing... input port or get route in shim shim IP trailer padding output port LFS Module IP preprocessing... input port: 4 input VCs, 50-53, from phop/hosts output port: 8 input VCS, 40-47, from the 8 input ports. Packet Scheduler drop packet, return buffer to pool. cmd processor command messages to/from CP Queues 64 Dgram 256 Reserve input port: output queue from port number in outVIN. output port: output queue either one of 64 datagram queues or reserved queue. The outVIN’s subport value determines the VC a packet is sent on. Note, each queue in the packet scheduler may send a packet on any of the 4 output VCs. command messages to/from CP Plugin Instances monitor only plugin instances may modify packets cmd processor add/update EM filter and reservation process/update option report and status status to CP LFS option or protocol Input Link/MAC Processing

4 4 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 input port: 4 input VCs, 50-53, from phop/hosts output port: 8 input VCS, 40-47, from the 8 input ports. SW Classifier: Top-Level View Queues 64 Dgram 256 Reserve Classifier PI 0 PI 1 PI 2 PI n Plugin Control Unit General Match Exact Match Route lookup classify packet command messages to/from CP... Plugin Instances drop packet, return buffer to pool. monitor only plugin instances may modify packets forward packet: get output queue from pkt type, outVIN and reservation. perform necessary IP processing... input port or get route in shim shim IP trailer padding output port input port: output queue from port number in outVIN. output port: output queue either one of 64 datagram queues or reserved queue. The outVIN’s subport value determines the VC a packet is sent on. Note, each queue in the packet scheduler may send a packet on any of the 4 output VCs. LFS Module IP preprocessing add/update EM filter and reservation process/update option report and status status to CP... Packet Scheduler command messages to/from CP cmd processor LFS option or protocol Input Link/MAC Processing

5 5 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 Classifier Abstractions The SW Classifier has three lookup engines and tables: 1.exclusive and non-exclusive general match filters, each with a settable priority and sharing a common table. 2.exact match filters, with global priority. 3.destination prefix lookup (fipl and simple) with global priority Each table contains a set of rules and a lookup strategy –Strategy includes order relation, matching/selection criteria and bindings. –Rule is composed of a predicate, action and data. Predicate: set of one or more header fields and matching criteria. Depending on field, possible criteria include prefix match (value/length), all match (wildcard), range (i.e. port range), or exact value. Actions: Explicit {Deny – drop packet, Active – send to R/W plugin, Reserve – reserved flow with BW reservation, Monitor – send to RO monitoring plugin} Implicit {Permit – absence of Deny action} Data examples: plugin reference, priority, reservation

6 6 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 General Match Filters General Match engine: compare packet fields (5-tuple), interface (input/output port) and priority. Specifying the packet fields, i.e. the 5-tuple: –IP prefix/address, source and destination: Prefix/width network prefix: 192.168.200.0/24; exact host: 192.168.204.2/32; any address: 0/0 –Ports, source and destination: exact, range or any exact value: 22; range: 1,1024; any port: 0 –Protocol: exact or any exact value: 6; any protocol: 0 Interface specification: port implicit, direction explicit: –Direction: input or output Priority: value between 1 and 255, inclusive. 0 is invalid – indicates that the default value should be used.

7 7 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 General Match Behavior Two filter types: Exclusive and Non-exclusive –Exclusive filters are intended to be used with plugins that must modify, delay, replace, add or drop traffic. Actions: may be Deny/Permit and Active. Expected use: fire wall functions or active processing –Non-exclusive filters are used when either a net packet count or “read-only” (aka monitoring) plugins are needed. Actions: Implicit Permit and Monitor. Expected use: packet counts and passive traffic monitoring The classifier will select the highest priority matching filter (only one) from each type. Each GM filter has a type, packet count, priority and plugin binding(s).

8 8 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 Exact Match Classifier Exact match of the IP 5-tuple, global priority for all filters Actions: Deny/Permit, Reserve and Active. Expected use: Identify reserved flows, used by LFS Current 12 bit hash, MSB == Byte 0, protocol not used: hash =((destination address:low order 2 bits of Byte 2)<< 10)| (source address:low order 3 bits of Byte 2)<< 7)| (source port:low order bit from Byte 1)<< 6)| (destination port:low order 6 bits from Byte 1)) Fragment offset VersionH-lengthTOSTotal length IdentificationFlags TTLProtocolHeader checksum Source Address Destination Address IP data (transport header and transport data) AAL5 padding (0 - 40 bytes) CPCS-UU (0) Length (IP packet + LLC/SNAP) CRC (APIC calculates and sets) 8 Bytes Source Port Destination Port hash of ip header Hash Field widths and offsets are configurable: msr/msr_classify.h Hash Table hash Exact Match Classifier: Flow Table FTE: qid pkt_cnt/ref_cnt reservation fwdkey (route) handler

9 9 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 Classifying a Packet 1.general match lookup –highest priority exclusive and non-exclusive filter matching packet 2.exact match lookup – reserved flow entry hash (index) Hash Table *head *fte *hlist filter EM Filters *hlist... *filter flags (EM,...) qid (Unique id) reservation route, *handler refcnt, pktcnt Flow Table *filter flags (~EM,...) ~qid ~reservation ~route, *handler refcnt, pktcnt priority (P i ) filter flags (Exclusive,...) *fte *handlers[5] (N/A) pkt_cnt GM Table priority (P j ) filter flags (Non-Excl,...) *fte (Null) *handlers[5] pkt_cnt Highest priority, matching exclusive filter Highest priority, matching non-exclusive filter Matching Exact Match filter

10 10 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 Classifying a Packet (2) Why use the fte for both exact match and exclusive general match? –reuse the new plugin interface codee –permits extended semantics for exclusive GM filters: useful for tests and demos –limit the number of data structures in kernel How does it work? –After classification a packet my have one or more of the following: Exact match FTE Exclusive GM entry (GME), pointer to FTE Non-Exclusive GME, Route: Input port: longest prefix route Output port: route from SHIM I will discuss the queue ID and reservations separately

11 11 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 Classifying a Packet Basic processing steps (bufhdr references matching entries): // check for monitoring plugins/packet counters if (Non-exclusive) increment its pkt_cnt and add its actions // set packet’s buff hdr to the correct fte and actions if (Exclusive and Exact Match) { // then set fte, prio and add action from the higher priority entry if (exclusive entry priority > global exact match priority) use the exclusive GM entry/fte else the exact match entry } else // use the valid entry fte = exclusive ? exclusive fte : exact match fte entry // set buf hdr’s fwdkey (route) if output port then get route from packet shim else {if (~fte || prio route) route = ip_prefix_lookup(pkt) else route = fte->route}

12 12 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 Determining the QID There are currently 64 Datagram queues defined and 256 reserved queues. qids between 0 and 255 are for reserved flows. Datagram qids fall between 256 and 319 Reserved queue Ids are simply the corresponding FTE’s offset within the global Flow Table which has 256 entries. Datagram Queue Ids are calculated form the packet header’s hash value: datagram qid = hash(pkt) % 64 Since the last 6 bits of the hash value are simply the low order six bits of the destination point is – the dgram queue id is equal to the this value. All values may be set in msr_classify.h

13 13 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 Assigning the Queue ID If an exact match entry is used then the queue ID is the corresponding fte offset ( reserved). If there is no valid exact match entry and no exclusive match then the datagram value is used: hash % 64 + 256 If the exclusive entry is used currently the qid is the fte’s offset – BUT Thas May Change: Options: –use the datagram queue is calculated for each matching packet –the offset qid –let the administrator specify correct behavior

14 14 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 Classifier/PS Data Structures *fte *hlist filter EM Filters *hlist... priority (P i ) filter flags (Exclusive,...) *fte *handlers[5] (N/A) pkt_cnt GM Table priority (P j ) filter flags (Non-Excl,...) *fte (Null) *handlers[5] pkt_cnt IP Packet buffer *qlist *pkt *gid *fte qid rxcid, txcid flags, fwdkey plen, atmlen Buffer Header Flow Table *filter flags (EM,...) qid (Unique id) reservation route, *handler refcnt, pktcnt *filter flags (~EM,...) ~qid ~reservation ~route, *handler refcnt, pktcnt IP Packet buffer *qlist *pkt... Buffer Header qlist used by packet scheduler to implement packet queues hash (index) Hash Table *head Hash Table qid (index) Hash Table *head PS Queue Table

15 15 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 Communicating with the Classifier cfy [global params] cmd [cmd options] Global Parameters: (-h, -v, -w, -p) -q qid : queue ID or Filter ID, 0-255 -c ctype : classifier type, gm em; default is gm -x prio : set gem/gnm filter priority to prio Actions and Flags: -d : Drop packets matching this rule, must be a GM, Exclusive filter -o : applies to an output port, default is input port/filter -n : Non-exclusive general match filter, default is Exclusive General Match Valid Commands: null : Null or no-op command. Can be used to verify connetivity addfltr : Add filter to classifier -sa ipaddr[/width]: Source Address or Net with prefix width -sp start[,end]: Source Port number or range -da ipaddr[/width]: Destination Address or Net with prefix width -dp start[,end]: Destination Port number or range -pr n|string: Protocol, can use numeric value or string -rt [sid/]port[/sub]: Statically set the forwarding key remfltr : Remove filter: requires global parameters {ctype, prio, qid} flist : List all installed filters: {ctype|prio|qid} i.e. ctype<<24 info fid: return status and parameters for filter id fid

16 16 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 Current Default Filter Priorities See $SYS/msr/msr_policy.h Filter Priorities (1 <= prio <= 255), default values: –IP Longest Prefix Match: 32 –Non-Exclusive Match: 62 –Exclusive General Match: 62 –Exact Match: 126

17 17 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 Example Filters At output port 4, Drop all X-Windows traffic originating in subnet 192.168.204.0 (priority 60) cfy -p 4 -x 60 -q 0 -o -d addfltr -sa 192.168.204/24 –dp 6000,7000 -pr tcp At input port 5, count all packets sent to net 192.168.0.0/16 cfy -p 5 -n -q 1 addfltr -sa 192.168.0.0/16 At input port 6, add exact match filter that will be bound to a plugin, accept default route (it will be pinned) cfy -p 6 -c em addfltr -sa 192.168.224.2/32 -sp 3245 -da 192.168.208.2/32 -dp 1020 -pr tcp Same as above but send packet to port 7, sub-port 2 cfy -p 6 -c em addfltr -sa 192.168.224.2/32 -sp 3245 -da 192.168.208.2/32 -dp 1020 -pr tcp -rt 7/2

18 18 Washington WASHINGTON UNIVERSITY IN ST LOUIS Fred Kuhns - 1/9/01 More examples – extended functions At input port 4, send all traffic from source network 192.168.216.0/24 to output port 7/0, set priority to 127 cfy -p 4 -x 127 -q 0 addfltr -sa 192.168.216.0/24 -rt 7/0 At input port 4, permit all SSH traffic, drop all other TCP traffic cfy -p 4 -q 0 -x 130 addfltr -dp 22 -pr tcp cfy -p 4 -q 1 -x 100 -d addfltr -pr tcp

Download ppt "Washington WASHINGTON UNIVERSITY IN ST LOUIS Packet Classification in the SPC arl/projects/msr/work/msrcfy.ppt."

Similar presentations

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
IP Forwarding Relates to Lab 3.

IP Forwarding Relates to Lab 3.
Discussion Monday (11-3-2014). ver length 32 bits data (variable length, typically a TCP or UDP segment) 16-bit identifier header checksum time to live.

Discussion Monday ( ). ver length 32 bits data (variable length, typically a TCP or UDP segment) 16-bit identifier header checksum time to live.
RIP V1 W.lilakiatsakun.

RIP V1 W.lilakiatsakun.
Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.

OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
Basic IP Traffic Management with Access Lists

Basic IP Traffic Management with Access Lists
WXES2106 Network Technology Semester 1 2004/2005 Chapter 10 Access Control Lists CCNA2: Module 11.

WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
CSCI 4550/8556 Computer Networks Comer, Chapter 20: IP Datagrams and Datagram Forwarding.

CSCI 4550/8556 Computer Networks Comer, Chapter 20: IP Datagrams and Datagram Forwarding.
Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.

Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
IP-UDP-RTP Computer Networking (In Chap 3, 4, 7) 건국대학교 인터넷미디어공학부 임 창 훈.

IP-UDP-RTP Computer Networking (In Chap 3, 4, 7) 건국대학교 인터넷미디어공학부 임 창 훈.
Washington WASHINGTON UNIVERSITY IN ST LOUIS Design of the MultiService Router (MSR): A Platform for Networking Research Fred Kuhns.

Washington WASHINGTON UNIVERSITY IN ST LOUIS Design of the MultiService Router (MSR): A Platform for Networking Research Fred Kuhns.
Module 10. Internet Protocol (IP) is the routed protocol of the Internet. IP addressing enables packets to be routed from source to destination using.

Module 10. Internet Protocol (IP) is the routed protocol of the Internet. IP addressing enables packets to be routed from source to destination using.
Washington WASHINGTON UNIVERSITY IN ST LOUIS January 7,8 2002 MSR Tutorial John DeHart Washington University, Applied Research Lab

Washington WASHINGTON UNIVERSITY IN ST LOUIS January 7, MSR Tutorial John DeHart Washington University, Applied Research Lab
Washington WASHINGTON UNIVERSITY IN ST LOUIS How to Implement the WaveVideo Plugin in an MSR Router.

Washington WASHINGTON UNIVERSITY IN ST LOUIS How to Implement the WaveVideo Plugin in an MSR Router.

Similar presentations

Ads by Google