The RouterVM Architecture: Motivation and Principles Mel Tsai

Slides:



Advertisements
Similar presentations
Operating Systems Components of OS
Advertisements

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
An Overview of Software-Defined Network Presenter: Xitao Wen.
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
The road to reliable, autonomous distributed systems
SDN and Openflow.
Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
The RouterVM Architecture: Motivation and Principles Mel Tsai
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
Keith Wiles DPACC vNF Overview and Proposed methods Keith Wiles – v0.5.
Resource Management – a Solution for Providing QoS over IP Tudor Dumitraş, Frances Jen-Fung Ning and Humayun Latif.
1 OASIS: Enabling Services with Programmable Networks George Porter Mel Tsai Li Yin Randy Katz.
1/21/2008CSCI 315 Operating Systems Design1 Operating System Structures Notice: The slides for this lecture have been largely based on those accompanying.
An Active Networking Testbed for Storage Presenter Mel Tsai People Mel Tsai Anshi Liang Paul Huang Perry Dong and Tal Lavian.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
1 A High-Level Framework for Network Application Design Mel Tsai 12/5/2002 EE249 Final Project Presentation.
RouterVM A High-Level Programming Model and Virtual Machine Architecture for Next-Generation Programmable Routers Mel Tsai
Inside the Internet. INTERNET ARCHITECTURE The Internet system consists of a number of interconnected packet networks supporting communication among host.
The RouterVM Architecture: Motivation and Principles Mel Tsai
A Programming Model and VM Architecture for Next-Generation Programmable Routers Mel Tsai
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
An Overview of Software-Defined Network
Insights Into RouterVM’s Flexibility and Performance Mel Tsai
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
An Overview of Software-Defined Network Presenter: Xitao Wen.
Understanding and Managing WebSphere V5
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.
OpenFlow: Enabling Technology Transfer to Networking Industry Nikhil Handigol Nikhil Handigol Cisco Nerd.
Introducing Axis2 Eran Chinthaka. Agenda  Introduction and Motivation  The “big picture”  Key Features of Axis2 High Performance XML Processing Model.
M.Menelaou CCNA2 ROUTING. M.Menelaou ROUTING Routing is the process that a router uses to forward packets toward the destination network. A router makes.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
1 Liquid Software Larry Peterson Princeton University John Hartman University of Arizona
Module 12: Routing Fundamentals. Routing Overview Configuring Routing and Remote Access as a Router Quality of Service.
To be smart or not to be? Siva Subramanian Polaris R&D Lab, RTP Tal Lavian OPENET Lab, Santa Clara.
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
Putting Intelligence in Internetworking: an Architecture of Two Level Overlay EE228 Project Anshi Liang Ye Zhou.
Middleware for FIs Apeego House 4B, Tardeo Rd. Mumbai Tel: Fax:
Web Cache Redirection using a Layer-4 switch: Architecture, issues, tradeoffs, and trends Shirish Sathaye Vice-President of Engineering.
Issues Autonomic operation (fault tolerance) Minimize interference to applications Hardware support for new operating systems Resource management (global.
Lecture 12: Reconfigurable Systems II October 20, 2004 ECE 697F Reconfigurable Computing Lecture 12 Reconfigurable Systems II: Exploring Programmable Systems.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
VMware vSphere Configuration and Management v6
High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Full and Para Virtualization
Improving Network Management with Software Defined Network Group 5 : z Xuling Wu z Haipeng Jiang z Sichen Wu z Aparna Sanil.
Addressing Data Compatibility on Programmable Network Platforms Ada Gavrilovska, Karsten Schwan College of Computing Georgia Tech.
Scrapping the Internet Presented by Dhaval Joshi.
Danilo Florissi, Yechiam Yemini (YY), Sushil da Silva, Hao Huang Columbia University, New York, NY 10027
Fabric: A Retrospective on Evolving SDN Presented by: Tarek Elgamal.
SDN and Beyond Ghufran Baig Mubashir Adnan Qureshi.
Active Networks Jennifer Rexford. Nice Quotation from the Tennenhouse Paper There is presently a disconnect between what users consider to be “inside”
Cofax Scalability Document Version Scaling Cofax in General The scalability of Cofax is directly related to the system software, hardware and network.
CONNECTING TO THE INTERNET
Operating System Structure
Chapter 4: Routing Concepts
Processes The most important processes used in Web-based systems and their internal organization.
Oracle Solaris Zones Study Purpose Only
OASIS Deployment: VideoCollective
Unit 27: Network Operating Systems
The Stanford Clean Slate Program
Software Defined Networking (SDN)
IS4680 Security Auditing for Compliance
Outline Chapter 2 (cont) OS Design OS structure
Integrating Active Networking and Commercial-Grade Routing Platforms
Presentation transcript:

The RouterVM Architecture: Motivation and Principles Mel Tsai

2 Outline Motivation: The Changing Landscape of Routers The Goals of RouterVM The RouterVM Architecture Generalized Packet Filters GPF considerations Programming with RouterVM RouterVM for Linux Summary

3 Changing Landscape of Routers (1) Application-level processing being pushed into routers and network appliances Routers are no longer “dumb…” Hardware can support wire-speed packet classification, computation, and state management on thousands/millions of flows Paradigm shift from servers to routers Implications:  How should designers think about this new, highly-programmable datapath? Examples: At what stage does the computation occur? How to avoid head-of-line blocking during high-latency, complex computation? How “configurable” should the datapath be? How to maintain per-session state and share this across the router?

4 Changing Landscape of Routers (2) Recent trend towards “all-in-one” programmable platforms that can be customized for a variety of applications “Hot” applications: P2P traffic detectors, WAN link compressors, SSL offload, XML preprocessing, server load balancers Implications:  Convergence: customers will soon desire a laundry list of functions in one, easy-to-maintain, easy-to-upgrade box. (Picture a combination router, firewall, VoIP gateway, server, and secure storage array)  Impractical for vendors to write every possible application. Instead, can third-party developers write “plug-and-play” applications for these boxes? If so, a consistent, abstracted view of the any possible hardware will create a market for such plug-ins.

5 Changing Landscape of Routers (3) Vendors use a wide range of hardware architectures to implement their products General-purpose CPUs, hardwired ASICs, FPGAs, programmable network processors Implications:  Development framework is very bottom-up: programmers develop “firmware,” not whole applications. Programmer productivity is low, and application-level problems may be discovered too late  Applications become highly architecture-dependent… Programmers desire a well-defined and consistent view of the underlying hardware resources, yet hardware can change late in the design cycle. Code reuse is challenging.

6 Changing Landscape of Routers (4) Many network reliability and security problems are due to router and server misconfiguration (or bugs that make it through the development phase) Implications:  Can applications be developed and verified in an architecture- independent way?  Once deployed, who maintains and configures an all-in-one network appliance? Desirable to have a user interface that gives network administrators (not just application engineers) the flexibility to implement complex applications, policies, and usage scenarios without writing new code  Can a router become self-maintaining and support features such as “undo”?

7 Proposal: RouterVM RouterVM: A flexible, high-level platform for developing and testing network applications Virtualized architecture: Provides a consistent view of the underlying hardware resources of any architecture Applications are portable across different architectures, from PCs to multi- gigabit programmable routers Applications can be easily simulated before deployment Applications, policies, and standard routing functions are managed through a CLI RouterVM implements a basic functional unit (the generalized packet filter) that allows new applications and policies to be implemented and configured through the CLI. Many types of new applications can be implemented without writing new code

8 A Virtual Machine Architecture Virtualized components are representative of a “common” router implementation. Although the VM structure is well-defined, it does not depend on a particular hardware architecture A virtual line card is instantiated for every port required by the application A virtual backplane shuttles packets between line cards A control CPU handles routing protocols and management tasks When required, compute engines perform complex, high-latency processing on flows Blue components are “standard” and are instantiated by default. Yellow components are added and configured on a per-application basis Filters are the key to the flexibility of RouterVM

9 Generalized Packet Filters GPFs are the key to flexibility in this approach Extends concept of “filters” normally found on routers A relatively small number of GPFs can be used as building blocks for a large number of applications Ideally, the database of GPFs precludes the writing of new code! Supports flexible classification, computation, and actions GPFs are executed in numeric order: L2 Switching Engine w/ARP L2 Switching Engine w/ARP Packet filter 1 Packet filter 2 Packet filter n Default filter

10 Example: A standard GPF

11 Example: P2P bandwidth throttle

12 Some proposed types of GPFs Traffic shaping and monitoring L7 traffic detection (Kazaa, HTTP, AIM, POP3, etc.) QoS and packet scheduling NAT Intrusion detection Protocol conversion (e.g. IPv6) Content caching Load balancing Router/server health monitoring Storage, Fibre Channel to IP, iSCSI XML preprocessing TCP offload (TOE) Mobile host management, Encryption/compression, VPNs Multicast, Overlays, DHTs

13 GPF Considerations Classification criteria is not necessarily stateless Many applications require per-flow state and possibly full TCP stream reassembly Functionality and control flow can be supported with complex actions Simple actions: drop allow Mid-level actions: jump filter 43 bandwidth limit 1k/sec verify checksum Complex actions: Decrypt SSL flow using Engine1 if (dip== /24) then tag “possible intrusion”

14 GPF Considerations (cont.) RouterVM’s state model is currently shared memory Easier for VM component implementers to deal with Implications for tables that are shared across GPFs, e.g. in a NAT filter or IPv4-IPv6 gateway If necessary, any hardware that supports message passing can also emulate shared memory How to handle very complex processing in the fast path? Assumption is that the hardware can do it… How should programmers think about complex functionality

15 Computation with GPFs Should not put high-latency, complex computation in the fast path Needs to be decoupled to prevent head-of-line blocking How to implement? One solution: include a filter that redirects to a computation engine Similar to Nortel’s Alteon-iSD operation The underlying architecture and hardware of compute engines is not dictated by RouterVM A primary goal of RouterVM is to be a relatively high-level environment and interface for elegantly specifying L2-L7 applications in routers L2 Switching Engine w/ARP L2 Switching Engine w/ARP Packet filter 1 Packet filter 2 Packet filter n Default filter Compute Engine

16 “Programming” with RouterVM With a handful of GPFs, very interesting functionality can be implemented at the CLI, even by non-programmers A library of GPFs cannot implement every possible application However, RouterVM provides a standardized architecture and a well-defined framework for implementing any new functionality. Similarly, Java programmers write applications for the JVM, not for a PC.

17 From RouterVM to Hardware Mapping is simplified because RouterVM “looks” like a real router Mapping becomes the process of implementing the RouterVM runtime and the GPF library on the desired hardware architecture Potentially high startup cost, but worth the effort GPFs and other VM components are structurally parallel Applications written in C++/Java/Click/etc. have no inherent parallelism and require significant effort to parallelize and map to hardware Designers can guide (and possibly automate) the mapping process through VM component annotations:

18 RouterVM for Linux A proof-of-concept multithreaded linux implementation of the VM architecture Written in C++, highly object-oriented Performance is not a primary goal Supports either “simulated” network ports (using packet trace files) or network ports that are bound to real interfaces (e.g. eth0) GPFs can be dynamically reconfigured, installed, or deleted Maintains two sets of data virtually everywhere: one for the runtime, and one that is being edited at the CLI Detects possible configuration errors (such as jumping to filters that don’t exist) Supports “undo” Can be used in places where MIT’s Click is currently suitable New GPFs are easily written in C++ for custom use

19 Summary RouterVM A high-level, abstracted environment for writing L2-L7 applications for future programmable router architectures GPFs are an elegant way to build interesting router applications Network admins (not firmware engineers) can “program” applications by configuring GPFs Specialized computation is supported by the concept of compute engines and redirection filters RouterVM does not dictate the underlying hardware architecture, but the mapping process is simplified due to its structural parallelism

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.