Presentation is loading. Please wait.

Presentation is loading. Please wait.

Arbitrary Packet Matching in Openflow

Published byNeil Green Modified over 8 years ago

Similar presentations

Presentation on theme: "Arbitrary Packet Matching in Openflow"— Presentation transcript:

1 Arbitrary Packet Matching in Openflow
Simon Jouet, Richard CzivA & Dimitrios PEzaros

2 Simon Jouet - University of Glasgow, simon.jouet@glasgow.ac.uk
OpenFlow Provide an API to decouple control and data plane: An OpenFlow controller inserts flow table entries through the API Each packet is matched against every flow entry Once matched the flow entry action is applied and statistics are updated FLOW MATCHING RULE ACTION STATISTICS Input port Ethernet src/dst VLAN, MPLS IP src/dst TCP sport/dport Forward to port Encapsulate Send to controller Set field Flow duration Packet count Byte count Simon Jouet - University of Glasgow,

3 OpenFlow – Match fields
Each version of OF as added support for new fields OF Version Release Date Match fields Depth Size 1.0 Dec 2009 12 264 1.1 Feb 2011 15 320 1.2 Dec 2011 36 9—18 603 1.3 Jun 2012 40 9—22 701 1.4 Oct 2013 41 9—23 709 1.5 Dec 2014 44 10—26 773 OF Version Release Match Depth Size Date fields 1.0 Dec 2009 12 12 264 1.1 Feb 2011 15 15 320 1.2 Dec 2011 36 9 18 603 1.3 Jun 2012 40 9 22 701 1.4 Oct 2013 41 9 23 709 1.5 Dec 2014 44 10 26 773 Source of the diagrams: Flowgrammable.org Simon Jouet - University of Glasgow,

4 OpenFlow - Limited Matching
Releasing new specifications for every new protocol is not scalable What about : GRE, VXLAN, STT, OTV … Vendor specific protocols Research protocols ? (“Enabling Innovation in Campus Networks”) Unable to do inequality or range matching Linux system ports, 2048 flow entries Not from physical port, need N-1 flow entries IPs range and , 100 flow entries What about Time-To-Live (TTL) ? Forward everything to the controller Custom OpenFlow match field Simon Jouet - University of Glasgow,

5 Protocol Independent Instruction Set
Do not try to support every existing protocol header fields: Provide an instruction set suitable to match arbitrary protocols and fields Execution of the instruction set is an implementation detail Interpreter, Just-in-time compiler, FPGAs, ASICS, NPU, Intel FlexPipe … 1992 Berkeley Packet Filter (BPF) — McCane and Jacobson: Designed for packet matching Platform independent bytecode Widely used by the Linux kernel Used by TCPdump, Wireshark, libpcap, winpcap … Extended BPF (eBPF) + JIT added in Linux kernel 3.18 Simon Jouet - University of Glasgow,

6 Simon Jouet - University of Glasgow, simon.jouet@glasgow.ac.uk
BPF Example BPF instructions Acyclic Control Flow Graph (CFG) representation of the BPF program Simon Jouet - University of Glasgow,

7 From OpenFlow Match to CFG
Benefits of an Acyclic CFG One parse per layer One memory access per layer to be parsed Execute in the order of the layers Execute instruction as the packet is received No backward jumps No loops (not Turing complete) Can calculate execution time at compile time (real-time constraints) Transform OpenFlow Match Fields to a CFG: Implement OpenFlow match using BPF Each field is compared using Load + Compare operations Easily compiled to BPF bytecode Simon Jouet - University of Glasgow,

8 Simon Jouet - University of Glasgow, simon.jouet@glasgow.ac.uk
BPF limitations However BPF designed to be attached to a socket Must support Layer 1 physical port matching Could just add input port instruction, not flexible OpenFlow only support Ethernet (what about the rest?) L2+ protocols have a wire format, what about L1 ? Ethernet, WiFi, CAN, (VLC) Need to define a structure for L1 protocols that can be used with BPF Protocol 12 = 802.3ab (1Gbit Ethernet) Simon Jouet - University of Glasgow,

9 Simon Jouet - University of Glasgow, simon.jouet@glasgow.ac.uk
Implementation OpenFlow 1.2 added OpenFlow Extended Match fields (OXM) Allow new match fields to be added to OpenFlow Still necessary to modify switch and controller to do the matching Define an OXM to install BPF bytecode Payload is the byte code that can be directly executed Modified Ofsoftswitch 1.3, OpenFlow Software Switch Added OpenFlow OXM to insert BPF Program in flow table Modified Ryu OpenFlow controller to send the BPF bytecode Modified the datapath to execute the program (libpcap engine) Simon Jouet - University of Glasgow,

10 Simon Jouet - University of Glasgow, simon.jouet@glasgow.ac.uk
Software Switch Simon Jouet - University of Glasgow,

11 Comparing match scenarios
Simon Jouet - University of Glasgow,

12 Simon Jouet - University of Glasgow, simon.jouet@glasgow.ac.uk
Consequences Arbitrary matching Can match on any protocol Do not impose particular implementation Top-of-Rack switches ~2000 flow entries Already small for complex controllers Range and inequality matching can quickly overflow the tables BPF use more memory Need to store instruction opcode and operands No need for ternary memory, high-speed RAM (SRAM) instead of TCAM SRAM, cheaper, denser and less power hungry than TCAM Simon Jouet - University of Glasgow,

13 Simon Jouet - University of Glasgow, simon.jouet@glasgow.ac.uk
Performance Comparing: Linux JIT compiler Linux interpreter libpcap interpreter 1Gbps classification: Min: 0.682μs, 108 instructions Max: μs, 2090 instructions As a ref. can match all OF fields using 34 BPF instructions Simon Jouet - University of Glasgow,

14 Simon Jouet - University of Glasgow, simon.jouet@glasgow.ac.uk
Conclusion OpenFlow won’t work if field matching is not changed Wildcard or exact match, no range, no inequality Very limited L1 matching, Limited protocol support We propose to use a platform and protocol independent instruction set Berkeley Packet Filters (BPF) ? Match at L1+ CFG for operation ordering and real-time constraints Implementation on ofsoftswitch switch and support in Ryu controller Simon Jouet - University of Glasgow,

15 Simon Jouet - University of Glasgow, simon.jouet@glasgow.ac.uk
Thank you! (code is on github, links in the paper) Simon Jouet - University of Glasgow,

16 Simon Jouet - University of Glasgow, simon.jouet@glasgow.ac.uk
P4 ? (sigcomm 2014) Declarative language for packet processing Similar idea different approach Each target platform needs a language compiler No well-defined control plane protocol (thrift RPC in BM) Highly focussed on match table mechanism (OpenFlow like) exact, ternary, lpm, range, valid What about inequality ? Compile P4 to BPF ? Abstract language to bytecode (we released our code before them) Simon Jouet - University of Glasgow,

Download ppt "Arbitrary Packet Matching in Openflow"

Similar presentations

OpenFlow and Software Defined Networks. Outline o The history of OpenFlow o What is OpenFlow? o Slicing OpenFlow networks o Software Defined Networks.

OpenFlow and Software Defined Networks. Outline o The history of OpenFlow o What is OpenFlow? o Slicing OpenFlow networks o Software Defined Networks.
Programming Protocol-Independent Packet Processors

Programming Protocol-Independent Packet Processors
P4 demo: a basic L2/L3 switch in 170 LOC

P4 demo: a basic L2/L3 switch in 170 LOC
How to tell your plumbing what to do Protocol Independent Forwarding

How to tell your plumbing what to do Protocol Independent Forwarding
P4: specifying data planes

P4: specifying data planes
ENGINEERING WORKSHOP Compute Engineering Workshop P4: specifying data planes Mihai Budiu San Jose, March 11, 2015.

ENGINEERING WORKSHOP Compute Engineering Workshop P4: specifying data planes Mihai Budiu San Jose, March 11, 2015.
Forwarding Metamorphosis: Fast Programmable Match-Action Processing in Hardware for SDN Pat Bosshart, Glen Gibb, Hun-Seok Kim, George Varghese, Nick.

Forwarding Metamorphosis: Fast Programmable Match-Action Processing in Hardware for SDN Pat Bosshart, Glen Gibb, Hun-Seok Kim, George Varghese, Nick.
IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.

IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.

OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
Bio Michel Hanna M.S. in E.E., Cairo University, Egypt B.S. in E.E., Cairo University at Fayoum, Egypt Currently is a Ph.D. Student in Computer Engineering.

Bio Michel Hanna M.S. in E.E., Cairo University, Egypt B.S. in E.E., Cairo University at Fayoum, Egypt Currently is a Ph.D. Student in Computer Engineering.
OpenFlow Switch Specification-v1.3.0 -part1 Speaker: Hsuan-Ling Weng Date: 2014/12/02.

OpenFlow Switch Specification-v part1 Speaker: Hsuan-Ling Weng Date: 2014/12/02.
An Overview of Software-Defined Network Presenter: Xitao Wen.

An Overview of Software-Defined Network Presenter: Xitao Wen.
OpenFlow Costin Raiciu Using slides from Brandon Heller and Nick McKeown.

OpenFlow Costin Raiciu Using slides from Brandon Heller and Nick McKeown.
Software-Defined Networking, OpenFlow, and how SPARC applies it to the telecommunications domain Pontus Sköldström - Wolfgang John – Elisa Bellagamba November.

Software-Defined Networking, OpenFlow, and how SPARC applies it to the telecommunications domain Pontus Sköldström - Wolfgang John – Elisa Bellagamba November.
OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA 2011. 04. 11 Presented.

OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA Presented.
SDN and Openflow.

SDN and Openflow.
Network Innovation using OpenFlow: A Survey

Network Innovation using OpenFlow: A Survey
1 Improving the Performance of Distributed Applications Using Active Networks Mohamed M. Hefeeda 4/28/1999.

1 Improving the Performance of Distributed Applications Using Active Networks Mohamed M. Hefeeda 4/28/1999.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
An Overview of Software-Defined Network

An Overview of Software-Defined Network

Similar presentations

Ads by Google