Presentation is loading. Please wait.

Presentation is loading. Please wait.

UC Berkeley CLayer Packet classification with explicit coordination Mosharaf Chowdhury with Sameer Agarwal, Dilip Joseph, and Ion Stoica.

Similar presentations


Presentation on theme: "UC Berkeley CLayer Packet classification with explicit coordination Mosharaf Chowdhury with Sameer Agarwal, Dilip Joseph, and Ion Stoica."— Presentation transcript:

1 UC Berkeley CLayer Packet classification with explicit coordination Mosharaf Chowdhury with Sameer Agarwal, Dilip Joseph, and Ion Stoica

2 Packet classification is everywhere Motivation INTERNET Link (2.5)Switching, MPLS NetworkForwarding TransportFiltering, IntServ, DiffServ ApplicationLoad balancing, Intrusion detection 2 January 22, 2010Google GRAD CS Mountainview

3 Existing approaches are point solutions for specific layer/service Packet classification is expensive »Computation and memory requirements »Power hungry Configuration complexity »Lack of coordination between entities involved Semantic gap Problems January 22, 2010Google GRAD CS Mountainview

4 CLayer is a cross-layer classification primitive »Generic mechanism to configure and implement capability- driven classification offloading »Explicit coordination between classifiers and helpers Label-based per-flow classification »Labels are verifiable, confidential, and non-transferable “Classify once, verify thereafter” Solution 4 January 22, 2010Google GRAD CS Mountainview

5 Outline CLayer classification model Fate-carrying labels (FCLs) Implementation Results 5 January 22, 2010Google GRAD CS Mountainview

6 Classification model 6 January 22, 2010Google GRAD CS Mountainview

7 Control plane Web server 1 Web server 2 Load balancer QoS enabled router CapabilityTCPFLow, WebSess ClassReq QoS:q1 ClassReqQoS:q1, WebSess:1ClassRspQoS:q1, WebSess:1 End host A 2a b 7 January 22, 2010Google GRAD CS Mountainview

8 Data plane Web server 1 Web server 2 Load balancer QoS enabled router End host A QoS:q1, WebSess:1PayloadQoS:q1, WebSess:1Payload 4a 4b 8 January 22, 2010Google GRAD CS Mountainview

9 Fate-carrying labels 9 January 22, 2010Google GRAD CS Mountainview

10 FCL basics A label in CLayer is an opaque bag of bits »Issued by a classifier for a particular flow »Meaningful only to the issuer » ‹label → action› lookup A fate-carrying label carries the action itself » No ‹label → action› lookup »No states in classifiers 10 January 22, 2010Google GRAD CS Mountainview

11 Authenticity and Integrity »Verifiable and non-transferable »Unforgeable and single-use only Confidentiality »Impossible to infer Performance »Not better off without CLayer HMAC Checksum HMAC Checksum Requirements 11 Obfuscation Periodic Invalidation Obfuscation Periodic Invalidation Line-speed hashing Low overhead Line-speed hashing Low overhead January 22, 2010Google GRAD CS Mountainview

12 Placement Application Layer Transport Layer Network Layer CLayer FCL 4 Bits32 Bits HANDLE MSG 8 Bits RESIG N INFO 0 … INFO (N – 1) LEN 4 Bits32 Bits ID HMAC (5-tuple, ACTION, SECRET) CHECKSUM 16 Bits TYPE ACTION CLayer Header 12 January 22, 2010Google GRAD CS Mountainview

13 Implementation 13 January 22, 2010Google GRAD CS Mountainview

14 Implementation stats C++ Implementation using user level Click software router Core components: » CLayer socket library and daemon (4025 lines) » Layer 4 firewall (308 lines) » Layer 4 load balancer (190 lines) Ported applications: » lighttpd, httperf, wget, nuttcp, elinks (< 50 lines) 14 January 22, 2010Google GRAD CS Mountainview

15 Results 15 January 22, 2010Google GRAD CS Mountainview

16 Overheads CLayer overheads at helpers: » State: ~10 bytes per connection » Processing: less than 1 μs At classifiers: » No state overheads » Processing: varies in s/w and h/w implementations Per-packet overheads: » Proportional to the number of labels » Potential bottleneck 16 January 22, 2010Google GRAD CS Mountainview

17 Performance attractiveness threshold attractiveness threshold 17 January 22, 2010Google GRAD CS Mountainview

18 Multiple classifiers hash overhead hash overhead 18 software implementation overhead software implementation overhead (Each with 7500 rules) January 22, 2010Google GRAD CS Mountainview

19 Summary Packet classification requires a dedicated layer CLayer provides significant performance gain » 2-4 times increase in classifier throughput » Additional ~100% increase in throughput in trusted domains or with line-speed h/w hashing CLayer adoption requires minimal change »Most suitable for controlled environments like data center and enterprise networks 19 January 22, 2010Google GRAD CS Mountainview

20 Questions ? ? ? 20 January 22, 2010Google GRAD CS Mountainview

21 Backup 21 January 22, 2010Google GRAD CS Mountainview

22 CLayer handshaking End host A Router E Capability: [A,TCPFlow,Label] CL_SYN 1 2 Capability: [A,TCPFlow,Label] CL_SYN ClassReq: [E, A, TCPFlow,Label:q 1 ] 3 Capability: [B,TCPFlow,Label] CL_SYNACK EchoReq: [E, A, TCPFlow,Label:q 1 ] 4 Capability: [B,TCPFlow,Label] CL_SYNACK EchoReq: [E, A, TCPFlow,Label:q 1 ] ClassReq: [E, B, TCPFlow,Label:q 2 ] 5 CL_ACK1 EchoReq: [E, B, TCPFlow,Label:q 2 ] Results: [E, TCPFlow,Label:q 1 ] 6 CL_ACK1 EchoReq: [E, B, TCPFlow,Label:q 2 ] Results: [E, TCPFlow,Label:q 1 ] Data Plane End host B DATA Results: [E, TCPFlow,Label:q 1 ] DATA Results: [E, TCPFlow,Label:q 2 ] 7 CL_ACK2 Results: [E, TCPFlow,Label:q 2 ] 8 CL_ACK2 Results: [E, TCPFlow,Label:q 2 ] Control Plane 22 January 22, 2010Google GRAD CS Mountainview


Download ppt "UC Berkeley CLayer Packet classification with explicit coordination Mosharaf Chowdhury with Sameer Agarwal, Dilip Joseph, and Ion Stoica."

Similar presentations


Ads by Google