Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 ECE 526 – Network Processing Systems Design System Implementation Principles I Varghese Chapter 3.

Published byBeryl Lucas Modified over 8 years ago

Similar presentations

Presentation on theme: "1 ECE 526 – Network Processing Systems Design System Implementation Principles I Varghese Chapter 3."— Presentation transcript:

1 1 ECE 526 – Network Processing Systems Design System Implementation Principles I Varghese Chapter 3

2 2 Outline What is network algorithmics Clarifying example Implementation principles ─ Reflect what we learned

3 3 Network Algorithmics Different with Network Algorithms Network Algorithmics ─ Interdisciplinary system approach to streamlining network implementation Using a design problem to clarify difference

4 4 Security Forensics Identifying a network intrusion (e.g., port scanning) need a period of time (e.g., 10 second) Suspicious intrusion is recorded as flow state in suspicious table Flow state is updated by checking each incoming packet from intruder. Once suspicion table deem a suspicious flow as bad, evidence (all packets from intruder will be reported to forensic system)

5 5 Packet Buffering Packet buffer needed to store all packets (100,000) during 10s for evidence if needed later Buffer bounded by inserting new packet in the head of queue, and discard at the tail if buffer is full

6 6 Evidence Collection Collecting all packets belonging the deemed attack /flow from 100, 000-packet queue The collection has to be performed fast enough before the new incoming packet overwrite the evidence

7 7 Hashing Table -- Algorithm Real problem: find all packet belong to flow F quickly Store pointer to packet belong to flow using linked list Pointer to the head of linked list is store in hash table. Advantage: quickly find the malicious flow Disadvantage: ─ Maintain a hashing table ─ Update the linked list of each flow ─ Read out packets of malicious flow

8 8 Algorithmics Approach Once attack/flow F identified, don’t attempt to immediately identify all packets of flow F Instead, identify each packet individually as they reach the end of packet queue. Shift computation time – evaluate lazily

9 9 Taxonomy of Principles P1-P5: System-oriented Principles ─ These recognize/leverage the fact that a system is made up of components ─ Basic idea: move the problem to somebody else’s subsystem P6-P10: Improve efficiency without destroying modularity ─ “Pushing the envelope” of module specifications ─ Basic engineering: system should satisfy spec but not do more P11-P15: Local optimization techniques ─ Speeding up a key routine ─ Apply these after you have looked at the big picture

10 10 P1: Avoid Obvious Waste Key Concept: look for ways to avoid doing something, or to avoid doing it multiple times Example: copying in protocol stacks ─ In the old days, copying was not a bottleneck ─ But transmission & processor speeds increased much faster than memory speeds Today, reading/writing from/to memory is slowest operation on a packet “Zero-copy” protocol stacks never copy packet data once it is stored in memory by the NIC ─ Eventually multiple copies became a bottleneck

11 11 P2: Shift Computation in Time Key Concept: Move expensive operations from where time is scarce to where it is more plentiful ─ P2a: Precompute (= shift earlier in time) Example: computing a function by table lookup ─ P2b: Evaluate Lazily (= shift later in time) Example: network forensics ─ P2c: Share Expenses (= collect things in time) Example: batch processing Examples:

12 12 P3: Relax Subsystem Requirements Key Concept: make one subsystem’s job easier by relaxing the specification (possibly at the expense of another subsystem’s job getting slightly harder) ─ P3a: Trade certainty for time (= use probabilistic solutions) Example: random sampling ─ P3b: Trade accuracy for time (= use approximate solutions) Example: hashing, bloom filter ─ P3c: Shift computation in space (= let someone else do it) Example: fast path/slow path

13 13 P4: Leverage Off-System Components Key Concept: design bottom-up, use hardware ─ P4a: Exploit locality (= exploit caches) Note: not always useful (cf. IP forwarding lookups) ─ P4b: Trade Memory for Speed Note: this can be interpreted two ways –Use more memory to avoid computation (cf P12) »Example: table lookup –Use less memory to make data structures fit in cache »Example: data compression ─ P4c: Exploit hardware features –Example: Incremental checksum computation Examples ─ Onboard Address Recognition & Filtering: Shift “processing” duty from CPU to NIC

14 14 P5: Add Hardware to Improve Performance Key Concept: Hardware is inherently parallel, can be very fast, and is cheap in volume; consider adding hardware to perform operations that must be done often and are expensive in software ─ P5a: Use memory interleaving, pipelining (= parallelism) ─ P5b: Use Wide-word parallelism (save memory accesses) ─ P5c: Combine SRAM, DRAM (low-order bits each counter in SRAM for a large number of counters) Examples:

15 15 P6: Replace inefficient general routines with efficient specialized ones Key Concept: General-purpose routines cannot leverage problem-specific knowledge that can improve performance Example: NAT using forwarding and reversing table

16 16 P7: Avoid Unnecessary Generality Key Concept: Do not include features or handle cases that are not needed. ─ "When in doubt, leave it out" Example: RISC, microengine

17 17 Reminder Read Varghese Chapter 3 NO Class, Wed. 11/5 ─ on-line quiz

Download ppt "1 ECE 526 – Network Processing Systems Design System Implementation Principles I Varghese Chapter 3."

Similar presentations

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.
M AINTAINING L ARGE A ND F AST S TREAMING I NDEXES O N F LASH Aditya Akella, UW-Madison First GENI Measurement Workshop Joint work with Ashok Anand, Steven.

M AINTAINING L ARGE A ND F AST S TREAMING I NDEXES O N F LASH Aditya Akella, UW-Madison First GENI Measurement Workshop Joint work with Ashok Anand, Steven.
Spring 2006CS 685 Network Algorithmics1 Principles in Practice CS 685 Network Algorithmics Spring 2006.

Spring 2006CS 685 Network Algorithmics1 Principles in Practice CS 685 Network Algorithmics Spring 2006.
Network Algorithms, Lecture 4: Longest Matching Prefix Lookups George Varghese.

Network Algorithms, Lecture 4: Longest Matching Prefix Lookups George Varghese.
Bio Michel Hanna M.S. in E.E., Cairo University, Egypt B.S. in E.E., Cairo University at Fayoum, Egypt Currently is a Ph.D. Student in Computer Engineering.

Bio Michel Hanna M.S. in E.E., Cairo University, Egypt B.S. in E.E., Cairo University at Fayoum, Egypt Currently is a Ph.D. Student in Computer Engineering.
Computer Organization and Architecture

Computer Organization and Architecture
Quick Review of Apr 10 material B+-Tree File Organization –similar to B+-tree index –leaf nodes store records, not pointers to records stored in an original.

Quick Review of Apr 10 material B+-Tree File Organization –similar to B+-tree index –leaf nodes store records, not pointers to records stored in an original.
M. Waldvogel, G. Varghese, J. Turner, B. Plattner Presenter: Shulin You UNIVERSITY OF MASSACHUSETTS, AMHERST – Department of Electrical and Computer Engineering.

M. Waldvogel, G. Varghese, J. Turner, B. Plattner Presenter: Shulin You UNIVERSITY OF MASSACHUSETTS, AMHERST – Department of Electrical and Computer Engineering.
Computer Organization and Architecture

Computer Organization and Architecture
Chapter 4 Conventional Computer Hardware Architecture

Chapter 4 Conventional Computer Hardware Architecture
Chapter 8 Hardware Conventional Computer Hardware Architecture.

Chapter 8 Hardware Conventional Computer Hardware Architecture.
Router Architecture : Building high-performance routers Ian Pratt

Router Architecture : Building high-performance routers Ian Pratt
Software and Hardware Circular Buffer Operations First presented in ENCM515 2005. There are 3 earlier lectures that are useful for midterm review. M. R.

Software and Hardware Circular Buffer Operations First presented in ENCM There are 3 earlier lectures that are useful for midterm review. M. R.
What's inside a router? We have yet to consider the switching function of a router - the actual transfer of datagrams from a router's incoming links to.

What's inside a router? We have yet to consider the switching function of a router - the actual transfer of datagrams from a router's incoming links to.
Computer Organization and Architecture The CPU Structure.

Computer Organization and Architecture The CPU Structure.
CS 300 – Lecture 20 Intro to Computer Architecture / Assembly Language Caches.

CS 300 – Lecture 20 Intro to Computer Architecture / Assembly Language Caches.
Computer System Overview

Computer System Overview
ECE 526 – Network Processing Systems Design

ECE 526 – Network Processing Systems Design
Chapter 9 Classification And Forwarding. Outline.

Chapter 9 Classification And Forwarding. Outline.
Connecting Devices and Multi-Homed Machines. Layer 1 (Physical) Devices Repeater: Extends distances by repeating a signal Extends distances by repeating.

Connecting Devices and Multi-Homed Machines. Layer 1 (Physical) Devices Repeater: Extends distances by repeating a signal Extends distances by repeating.

Similar presentations

Ads by Google