ClassBench-ng: Recasting ClassBench After a Decade of Network - - PowerPoint PPT Presentation

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution

Jiri Matousek1, Gianni Antichi2, Adam Lucansky3 Jan Korenek1, Andrew W. Moore2

1Brno University of Technology 2University of Cambridge 3CESNET

Agenda

Introduction Analysis of Real Classification Rules IP Prefixes Ports and Protocol OpenFlow ClassBench-ng ClassBench-ng Evaluation Summary

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 2 / 39

Packet Classification

• matching incoming packets against a set of rules and

performing the corresponding action

• the basic operation of each networking device
• examples
• packet forwarding
• application of security policies
• application-specific processing
• application of quality-of-service guarantees
• packet classification according to IPv4 5-tuple
• src/dst IPv4 prefix
• src/dst port
• protocol

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 3 / 39

Internet Evolution

• many trends that influence packet classification
• growing deployment of IPv6 (longer IP prefixes)
• adoption of SDN with OpenFlow protocol (more header

fields)

• increasing transfer rates (faster classification)
• increasing number of classification rules (larger data

structures)

• Internet evolution stimulates development of new packet

classification algorithms

• new algorithms need to be benchmarked

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 4 / 39

Packet Classification Benchmarking

• lack of publicly available benchmarking data
• benchmarking using synthetically generated rule sets

ClassBench

Taylor, D. E., and Turner, J. S., ”ClassBench: A Packet Classification Benchmark,”IEEE/ACM Transactions on Networking, vol. 15, no. 3, pp. 499–511, June 2007

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 5 / 39

Recasting ClassBench

• today’s Internet is no more the one of a decade ago
• questions with respect to ClassBench
• Are the ideas behind the ClassBench still valid?
• What are the characteristics of real rule sets with IPv6 prefixes

and OpenFlow-specific fields?

• How to extend the ClassBench with respect to IPv6 and

OpenFlow?

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 6 / 39

Agenda

Introduction Analysis of Real Classification Rules IP Prefixes Ports and Protocol OpenFlow ClassBench-ng ClassBench-ng Evaluation Summary

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 7 / 39

Analyzed Real Data Sets

Prefixes Name

• r Rules

Source Date IPv4 Prefix Sets eqix 2015 550 511 http://archive.routeviews.org/ 2015-07-02 eqix 2005 164 455 2005-07-02 rrc00 2015 571 351 http://data.ris.ripe.net/ 2015-07-02 rrc00 2005 168 525 2005-07-02 IPv6 Prefix Sets eqix 2015 23 866 http://archive.routeviews.org/ 2015-07-02 eqix 2013 13 444 2013-07-02 eqix 2005 658 2005-07-02 rrc00 2015 24 162 http://data.ris.ripe.net/ 2015-07-02 rrc00 2013 14 374 2013-07-02 rrc00 2005 499 2005-07-02 Rule Sets From University Network uni 2010 96 university ACL 2010-08-30 uni 2015 122 university ACL 2015-01-14 OpenFlow Rule Sets

• f1

16 889 Open vSwitch in a cloud 2015-05-29

• f2

20 250 Open vSwitch in a cloud 2015-05-29

• f3

1 757 Open vSwitch in a cloud 2015-06-18 to to 7 456 2015-07-14

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 8 / 39

IP Prefix Set Representation

• representation using trie (binary prefix tree)
• desired properties of trie description
• anonymity
• completeness
• scalability
• the same trie description as in the original ClassBench
• prefix length distribution
• branching probability distributions
• average skew distribution

skew = 1 − weight(lighter) weight(heavier)

• prefix nesting threshold

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 9 / 39

Example of IP Prefix Set Representation

• prefix length distribution
• branching probability distribution
• probability of 1-child node
• probability od 2-children node
• average skew distribution
• prefix nesting threshold

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 10 / 39

IPv4 Prefix Sets (2005-2015)

Prefix Length Distribution

0 % 10 % 20 % 30 % 40 % 50 % 60 % 70 % 80 % 90 % 100 % 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 Distribution Prefix Length eqix_2015 eqix_2005

• 3-times more prefixes after 10 years of evolution

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 11 / 39

IPv4 Prefix Sets (2005-2015)

Branching Probability Distributions

0 % 10 % 20 % 30 % 40 % 50 % 60 % 70 % 80 % 90 % 100 % 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 Distribution Trie Depth eqix_2015 (2-children nodes) eqix_2015 (1-child nodes) eqix_2005 (2-children nodes)

• 3-times more prefixes after 10 years of evolution

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 12 / 39

IPv4 Prefix Sets (2005-2015)

Average Skew Distribution

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 Average Skew Trie Depth eqix_2015 eqix_2005

• 3-times more prefixes after 10 years of evolution

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 13 / 39

IPv6 Prefix Sets (2005-2015)

• 36-times more prefixes after 10 years of evolution
• the most common prefix length shifted from 32 (RIRs/ISPs) to

48 (end users/organization) Prefix Length Distribution

0 % 10 % 20 % 30 % 40 % 50 % 60 % 70 % 80 % 90 % 100 % 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 62 64 Distribution Prefix Length eqix_2015 eqix_2005

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 14 / 39

IPv6 Prefix Sets (2005-2015)

Branching Probability Distributions

0 % 10 % 20 % 30 % 40 % 50 % 60 % 70 % 80 % 90 % 100 % 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 62 64 Distribution Trie Depth eqix_2015 (2-children nodes) eqix_2015 (1-child nodes) eqix_2005 (2-children nodes)

Average Skew Distribution

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 62 64 Average Skew Trie Depth eqix_2015 eqix_2005

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 15 / 39

IPv6 Prefix Sets (2013-2015)

• 2-times more prefixes after 2 years of evolution
• only minor changes in prefix length distribution

Prefix Length Distribution

0 % 10 % 20 % 30 % 40 % 50 % 60 % 70 % 80 % 90 % 100 % 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 62 64 Distribution Prefix Length eqix_2015 eqix_2013

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 16 / 39

IPv6 Prefix Sets (2013-2015)

Branching Probability Distributions

0 % 10 % 20 % 30 % 40 % 50 % 60 % 70 % 80 % 90 % 100 % 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 62 64 Distribution Trie Depth eqix_2015 (2-children nodes) eqix_2015 (1-child nodes) eqix_2013 (2-children nodes)

Average Skew Distribution

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 62 64 Average Skew Trie Depth eqix_2015 eqix_2013

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 17 / 39

Ports Representation

• 5 port classes are distinguished within analysis
• WC – wildcard
• HI – user port range [1024 : 65535]
• LO – well-known system port range [0 : 1023]
• AR – arbitrary range
• EM – exact match

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 18 / 39

Ports and Protocol

Transport Layer Protocol

• increasing number of rules specifying UDP protocol
• increasing number of rules with wildcarded protocol

Data Set Protocol Specification wildcard TCP UDP uni 2010 26.04 % 71.88 % 2.08 % uni 2015 38.52 % 54.92 % 6.56 %

Source and Destination TCP/UDP Port

• increasing number of rules with AR or WC destination port

specification

Port WC HI LO AR EM uni 2010 Source 100.00 0.00 0.00 0.00 0.00 Destination 26.04 0.00 0.00 5.21 68.75 uni 2015 Source 100.00 0.00 0.00 0.00 0.00 Destination 38.52 0.00 0.00 8.20 53.28

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 19 / 39

Source-Destination Port Pair Class

• port pair class (PPC) helps to understand

interdependencies between source and destination port classes

• analysis of PPC for TCP and UDP protocols in uni 2015

TCP

EM AR LO HI WC WC HI LO AR EM 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Destination port class Source port class

UDP

EM AR LO HI WC WC HI LO AR EM 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Destination port class Source port class

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 20 / 39

OpenFlow 1.0 Rules

• OpenFlow 1.0 extends the standard 5-tuple with 7 header

fields

• ingress port
• src/destinaiton MAC address
• EtherType
• VLAN ID
• VLAN priority
• DSCP (former IP ToS)

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 21 / 39

OpenFlow Header Fields Values

0 % 10 % 20 % 30 % 40 % 50 % 60 % 70 % 80 % 90 % 100 % in_port mac_src mac_dst eth_type vlan_id vlan_prio ip_tos ip_proto ip_src ip_dst l4_src l4_dst Distribution Header Fields specified wildcarded Rule Set in port mac src mac dst eth type ip proto ip src ip dst l4 src l4 dst

• f1

123 27 593 1 3 478 109 4 48 (0.866) (0.032) (0.047) (<0.001) (0.003) (0.046) (0.009) (0.029) (0.022)

• f2

140 19 791 1 3 390 97 4 8227 (0.864) (0.081) (0.050) (<0.001) (0.001) (0.028) (0.007) (<0.001) (0.927)

• f1+of2

182 45 1176 1 3 498 119 6 8237 (0.599) (0.042) (0.041) (<0.001) (<0.001) (0.020) (0.004) (0.001) (0.742) ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 22 / 39

OpenFlow Rule Types

• OpenFlow rule type describes which header fields are

wildcarded/specified in rules of this type

• rule type can be represented as 12-bit binary number
• theoretically 4096 different rule types
• practically only 18 utilized rule types

0 % 5 % 10 % 15 % 20 % 25 % 30 % 35 % 4 7 8 512 516 519 524 527 788 789 796 1024 1032 1304 1305 1551 2048 Distribution Rule T ype Number OpenFlow rules from combined of1+of2 rule set ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 23 / 39

OpenFlow Rule Set Dynamics

• dynamics of OpenFlow rule set expressed with the help of

symmetric difference A∆B = (A \ B) ∪ (B \ A)

0 % 10 % 20 % 30 % 40 % 50 % 60 % 70 % 80 % 90 % 100 % 2015-06-19 2015-06-20 2015-06-21 2015-06-22 2015-06-23 2015-06-24 2015-06-25 2015-06-26 2015-06-27 2015-06-28 2015-06-29 2015-06-30 2015-07-01 2015-07-02 2015-07-03 2015-07-04 2015-07-05 2015-07-06 2015-07-07 2015-07-08 2015-07-09 2015-07-10 2015-07-11 2015-07-12 2015-07-13 2015-07-14 Rate of Changes Day of Origin ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 24 / 39

Agenda

Introduction Analysis of Real Classification Rules IP Prefixes Ports and Protocol OpenFlow ClassBench-ng ClassBench-ng Evaluation Summary

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 25 / 39

ClassBench Generation Accuracy

• comparison of 10 runs against original values

Branching Probability Distribution

0 % 10 % 20 % 30 % 40 % 50 % 60 % 70 % 80 % 90 % 100 % 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 Distribution Trie Depth seed (2-children nodes) generated (2-children nodes) ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 26 / 39

ClassBench Generation Accuracy

• comparison of 10 runs against original values

Average Skew Distribution

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 Average Skew Trie Depth seed generated ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 27 / 39

ClassBench-ng

• built upon the original ClassBench
• improves IPv4 prefixes generation accuracy
• supports IPv6 prefixes generation and OpenFlow

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 28 / 39

Improved ClassBench

• IPv4 prefixes generation is improved using trie pruning

algorithm

• starts from 100-times bigger src/dst prefix sets
• removes individual prefixes to adjust prefix set parameters to

given values

• three steps of trie pruning algorithm

1 branching probability adjustment (↓) 2 skew distribution adjustment (↑) 3 prefixes length distribution adjustment (↓)

• first two steps try to remove as less prefixes as possible
• each step aims to not alter the already ajusted

characteristics

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 29 / 39

OpenFlow Analysis

• generates OpenFlow seed from OpenFlow rule set (in
• vs-ofctl format)
• 3 parts of OpenFlow seed
• rule type distribution
• 5-tuple seed
• OpenFlow-specific seed
• 4 types of representation within OpenFlow-specific seed
• values (in port, eth type)
• parts (mac src, mac dst)
• size (vlan id)
• null (vlan prio, ip tos)

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 30 / 39

OpenFlow Generation

• consists of 3 steps

1 uses Improved ClassBench to generate given number of IPv4

5-tuples

2 removes IPv4 5-tuple fields that are not part of the given

OpenFlow rule type

3 adds OpenFlow-specific header fields that are part of the

given OpenFlow rule type

• does not allow to generate inconsistent rules (e.g., rule

specifying VLAN ID and EtherType 0x0800)

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 31 / 39

Agenda

Introduction Analysis of Real Classification Rules IP Prefixes Ports and Protocol OpenFlow ClassBench-ng ClassBench-ng Evaluation Summary

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 32 / 39

Improved ClassBench Evaluation

• comparison of IPv4 prefixes generation accuracy of

ClassBench and ClassBench-ng using RMSE RMSE =

• 1

n

n

• i=1

(¯ y − yi)2 Branching Probability Distribution

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 RMSE Trie Depth ClassBench-ng (2-children nodes) ClassBench (2-children nodes) ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 33 / 39

Improved ClassBench Evaluation

Skew Distribution

0.05 0.1 0.15 0.2 0.25 0.3 0.35 0.4 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 RMSE Trie Depth ClassBench-ng ClassBench ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 34 / 39

OpenFlow Generation Evaluation

• comparison of 10 runs against original values

OpenFlow Rule Types

0 % 10 % 20 % 30 % 40 % 50 % 60 % 4 5 7 8 512 516 517 519 524 525 527 788 789 796 1024 1032 1304 1305 1548 1549 1551 2048 Distribution Rule Type Number seed generated ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 35 / 39

OpenFlow Generation Evaluation

• comparison of 10 runs against original values

Destination MAC address (vendor part)

0 % 10 % 20 % 30 % 40 % 50 % 60 % 70 % 80 % 90 % 100 % any c2:81:09 fa:16:3e ff:ff:ff 00:e0:2b 00:00:00 01:00:0c 01:00:00 01:80:c2 Distribution mac_dst seed generated ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 36 / 39

Agenda

Introduction Analysis of Real Classification Rules IP Prefixes Ports and Protocol OpenFlow ClassBench-ng ClassBench-ng Evaluation Summary

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 37 / 39

Summary

• detailed analysis of real classification rule sets
• IPv4/IPv6 prefixes from core routers
• ACL rules from university network
• OpenFlow rules from datacenter
• ClassBench-ng tool that is able to
• accurately generate IPv4/IPv6 5-tuples
• analyze real OpenFlow rule sets
• accurately generate OpenFlow rules
• ClassBench-ng is planned to be released in January 2017

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution 38 / 39

Thank you for your attention