kernel tls and hardware tls offload in freebsd 13 by
play

Kernel TLS and hardware TLS offload in FreeBSD 13 by Mellanox, - PowerPoint PPT Presentation

Sep 06, 2022 •491 likes •801 views

Kernel TLS and hardware TLS offload in FreeBSD 13 by Mellanox, Chelsio and Netflix Why crypto? Bob and Alice and the secret message Mathematical dependance on a relatively small pre-shared key When used right: Prevents

  1. Kernel TLS and hardware TLS offload in FreeBSD 13 by Mellanox, Chelsio and Netflix

  2. Why crypto? ● Bob and Alice and the secret message ● Mathematical dependance on a relatively small pre-shared key ● When used right: ○ Prevents eavesdropping ○ Prevents data tampering ● When used wrong: ○ Makes denial of service easier

  3. What is TLS ? ● Transport Layer Security, TLS ● Used behind https:// (TCP port 443) ● Supports multiple crypto codecs among others ○ AES 128B / 256B ● Supports multiple key exchange protocols ○ DiffieHellman, DH ○ Ron Rivest, Adi Shamir, Leonard Adleman, RSA ● Most recent version is v1.3

  4. What is TLS ?

  5. TLS v1.2 ● Layout of a TLS record ● More detailed information at: https://tls.ulfheim.net/ TLS uint8_t tls_type (data, REC(s) handshake,alert) uint8_t tls_vmajor (3) TCP HDR uint8_t tls_vminor (3) IPv4/IPv uint16_t tls_length (0..16K) 6 HDR uint8_t tls_nonce[ ] ETH uint8_t tls_data[ ] HDR

  6. TLS v1.3 ● Layout of a TLS record ● More detailed information at: https://tls.ulfheim.net/ TLS uint8_t tls_type (data=23) REC(s) uint8_t tls_vmajor (3) TCP uint8_t tls_vminor (3) HDR uint16_t tls_length (0..16K) IPv4/IPv 6 uint8_t tls_data[ ] HDR ETH HDR

  7. AES 128B / 256B ● Advanced Encryption Standard, AES ○ See: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard ● A 16-byte block cipher ● The stream version can stop and resume encryption at any arbitrary point in the TLS record ○ Supports the concept of a crypto cursor ● FreeBSD also supports CBC

  8. TLS implementations ● Current FreeBSD alternatives (OpenSSL based) ○ Generic user-space, AES-NI ○ SW kernel TLS, AES-NI ○ Open Crypto Framework kernel backend ○ TCP Offload Engine for TLS ○ NIC kernel TLS ... vs ...

  9. A look inside OpenSSL ● Datapath is oriented around: ○ typedef struct bio_st BIO; ○ BIO_read() ○ BIO_write() ● All data must have a pointer in user-space in order to be encrypted ● Based on the source and sink methodology ● Refer to the bio(3) manual page

  10. OpenSSL and kTLS ● 16 patches have been submitted by: Boris Pismenny <borisp@mellanox.com> ● FreeBSD userspace APIs: ○ #include <sys/ktls.h> ○ setsockopt(TCP_TXTLS_ENABLE) ○ setsockopt(TCP_TXTLS_MODE) ● FreeBSD kernel support added in r351522: ○ https://svnweb.freebsd.org/changeset/base/351522

  11. Netflix kTLS ● Kernel TLS Motivation ○ Handle 100Gb/s of TLS with nginx ○ Retain performance advantages of async sendfile(9) (fewer context switches, no nginx thread pool, no extra memory copy) ○ Eliminate any possible inefficiency

  12. New mbuf technologies ● Not ready flag ● Unmapped mbufs ● Send Tags

  13. not ready mbuf flag ● mbuf flag M_NOTREADY tell socket buffers if mbufs are ready for transmission or not. ● Added to support async sendfile in r275329 ● Sendfile(9) adds mbuf to socket buffer marked M_NOTREADY ○ Until M_NOTREADY is cleared, tcp cannot send it ● disk reads are issued into those mbufs ● M_NOTREADY cleared and tcp_usr_ready() routine called after disk read is complete ● Allows a simple mbuf filter routine, like TLS encryption, to process the mbufs before they are submitted to the network driver via the TCP stack.

  14. Netflix “unmapped” mbufs ● Called “unmapped” because they carry an array of pointers to unmapped physical addresses. ● Initially envisioned for sendfile, not TLS ● Dramatically reduces the length of socket buffer mbuf chains, thus reducing cache misses. For a 16K TLS record, it compresses chains by about 6:1 (TLS hdr, trailer and 4 buffers). For unencrypted sendfile, it can compress mbuf chains up to 19:1 ○ 5-20% CPU reduction in Netflix unencrypted workloads ● Describes a TLS record entirely, including TLS header, trailer, message data, and pointers to kernel TLS session state in a single mbuf ● A single reference counted entity per TLS record is key for NIC TLS offload to be able to easily handle TCP retransmissions.

  15. Netflix Software kTLS Software Kernel TLS Implementation, TLS 1.0 -> TLS 1.3 ○ Plaintext data passed to kernel via sendfile() or sosend(). ○ The kernel frames TLS records into M_NOMAP mbufs at sendfile() or sosend() time and places them into socket buffers. ○ Mbuf chains are marked with M_NOTREADY ○ Framed records are queued for encryption when they would previously be marked “ready” ○ Encryption is done by a pool of kernel threads (1 per core) ○ Once encrypted, mbufs are marked “ready” & sent to TCP

  16. mbuf send tags ● A property of mbufs which tell the underlying network interface about dedicated packet processing and queues. ● A quick and efficient way to demultiplex data traffic. ● Allows for traversal through VLAN and LAGG (Link Aggregation). ● Safe against route changes.

  17. mbuf send tag APIs ● Control path methods: ○ struct mbuf_snd_tag *mst; ○ struct ifnet *ifp; ○ Allocate(ifp, &mst) ○ Modify(mst, arg) ○ Query(mst, arg) ○ Free(ifp, mst)

  18. mbuf send tags ● From Network Stack, NS, perspective: ○ struct mbuf *mb; ○ struct ifnet *ifp; ○ m_pkthdr.snd_tag = mst; ○ m_pkthdr.csum_flag |= CSUM_SND_TAG; ○ ifp->if_output(mb);

  19. mbuf send tags ● From Network Driver, ND, perspective: ○ struct mbuf *mb; ○ struct xxx_send_tag *st; ○ st = container_of(m_pkthdr.snd_tag, …) ○ select queue by st->queue; NS LAGG VLAN o o o ND

  20. Dataflow overview

  21. Sendfile dataflow overview Using sendfile and software kTLS, data is encrypted by the host CPU. This increases our bandwidth requirements by 25GB/s to roughly CPU 55GB/s 12.5GB/s 5GB /s 5GB /s 12.5GB/s 12.5GB/s 100Gb/s 100Gb/s 12.5GB/s 12.5GB/s Disks Memory Network Card

  22. Sendfile dataflow overview Using sendfile and inline kTLS, data is encrypted by the NIC. This reduces our bandwidth requirements by 25GB/s to roughly the CPU same as no TLS. 12.5GB/s 5GB /s 5GB /s 12.5GB/s 100Gb/s 100Gb/s 12.5GB/s 12.5GB/s Disks Memory Network Card

  23. TLS before and after

  24. NIC kTLS offload challenges ● Minor OSI model violation. ● Packets are sent containing full headers, except for un-encrypted payload. ● Prior to retransmission, crypto cursor needs update by re-transmitting off-the-wire parts of the TLS record, if any.

  25. Benchmarks

  26. Netflix Video Serving with TLS Kernel TLS Performance: 90Gb/s, 68% CPU (SW), 35% CPU (T6 NIC kTLS) ○ Original (~2016) Netflix 100G NVME flash appliance ■ E5-2697A v4 @ 2.60GHz (16 core / 32 HTT), 128GB DDR4 2400MT/s, 1x100GbE, 4xNVME

  27. Mellanox NIC TLS

  28. Mellanox NIC TLS support ● ConnectX-6 DX (coming October 2019) ○ http://www.mellanox.com/page/ethernet_cards_overview ○ 16 000 000 simultaneous TLS connections (25, 50, 100 and 200 Gbit/s)

  29. Chelsio HW TLS support ● T6 NIC TLS supports TLS v1.1 and v1.2 using both AES-CBC and AES-GCM. ● TOE TLS support for kTLS is in progress. ● ccr(4) can be used for AES-GCM via the OCF backend.

  30. Questions and Answers Q/A

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Debugging the Introduction to Debugging the FreeBSD Kernel FreeBSD Kernel May

Introduction to Debugging the Introduction to Debugging the FreeBSD Kernel FreeBSD Kernel May

Introduction to Debugging the Introduction to Debugging the FreeBSD Kernel FreeBSD Kernel May 17, 2008 John Baldwin jhb@FreeBSD.org Introduction Introduction Existing Documentation DDB kgdb Debugging Strategies 2 Existing

640 views • 26 slides
HIERARCHICAL QOS HARDWARE OFFLOAD Yossi Kuperman, Maxim Mikityanskiy, 2020 AGENDA Hierarchical

HIERARCHICAL QOS HARDWARE OFFLOAD Yossi Kuperman, Maxim Mikityanskiy, 2020 AGENDA Hierarchical

HIERARCHICAL QOS HARDWARE OFFLOAD Yossi Kuperman, Maxim Mikityanskiy, 2020 AGENDA Hierarchical Token Bucket Brief description of HTB and its issues HTB offload solution Modifications to HTB to solve the issues and offload the logic Current

1.06k views • 13 slides
Hardware accelerating Linux network functions Roopa Prabhu, Wilson Kok Proceedings of netdev

Hardware accelerating Linux network functions Roopa Prabhu, Wilson Kok Proceedings of netdev

Hardware accelerating Linux network functions Roopa Prabhu, Wilson Kok Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada Agenda Recap: offload models, offload drivers Introduction to switch asic hardware L2 offload

457 views • 26 slides
FreeBSD Kernel massacre Patroklos (argp) Argyroudis argp@{grhack.net, census-labs.com}

FreeBSD Kernel massacre Patroklos (argp) Argyroudis argp@{grhack.net, census-labs.com}

FreeBSD Kernel massacre Patroklos (argp) Argyroudis argp@{grhack.net, census-labs.com} PH-Neutral 0x7db WARNING: Yet another zombie-themed presentation Outline Introduction Why target the kernel? Why target FreeBSD? Related work

1.05k views • 51 slides
Binding the Daemon FreeBSD Kernel Stack and Heap Exploitation Patroklos (argp) Argyroudis

Binding the Daemon FreeBSD Kernel Stack and Heap Exploitation Patroklos (argp) Argyroudis

Binding the Daemon FreeBSD Kernel Stack and Heap Exploitation Patroklos (argp) Argyroudis argp@census-labs.com Outline Introduction Why target the kernel? Why target FreeBSD? Background Related work Exploitation

1.55k views • 56 slides
CSE 120 Hardware How hardware works Operating Systems Layer What the kernel does API

CSE 120 Hardware How hardware works Operating Systems Layer What the kernel does API

Overview CSE 120 Hardware How hardware works Operating Systems Layer What the kernel does API What the programmer does July 27, 2006 Day 8 Input/Output Instructor: Neil Rhodes 2 Hardware Hardware Kinds Bus : a set of wires

613 views • 6 slides
Status of the Graphics Stack on FreeBSD Jean-Sbastien Pdron The FreeBSD Project The X.Org

Status of the Graphics Stack on FreeBSD Jean-Sbastien Pdron The FreeBSD Project The X.Org

In the kernel In the Ports tree With the community Future challenges Summary Status of the Graphics Stack on FreeBSD Jean-Sbastien Pdron The FreeBSD Project The X.Org Developers Conference, 2014 J.S. Pdron FreeBSD Graphics Stack

678 views • 45 slides
FreeBSD is not Linux Niclas Zeising zeising@FreeBSD.org what is FreeBSD what is FreeBSD

FreeBSD is not Linux Niclas Zeising zeising@FreeBSD.org what is FreeBSD what is FreeBSD

FreeBSD is not Linux Niclas Zeising zeising@FreeBSD.org what is FreeBSD what is FreeBSD complete operating system documentation over 30 000 packages a community history history patches to v6 Unix ex/vi, pascal Berkely Software

715 views • 28 slides
FreeBSD Development for Smarties The quest for a better kernel development environment Lawrence

FreeBSD Development for Smarties The quest for a better kernel development environment Lawrence

FreeBSD Development for Smarties The quest for a better kernel development environment Lawrence Stewart lastewart@swin.edu.au Centre for Advanced Internet Architectures (CAIA) Swinburne University of Technology Outline Getting started 1

394 views • 35 slides
Hardware offload BOF Shrijeet Mukherjee, Neil Horman https://etherpad.mozilla.org/2PlezMRjCF

Hardware offload BOF Shrijeet Mukherjee, Neil Horman https://etherpad.mozilla.org/2PlezMRjCF

Hardware offload BOF Shrijeet Mukherjee, Neil Horman https://etherpad.mozilla.org/2PlezMRjCF Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada A fantasy agenda Capabilities a.Explicit list Or Query serially, punt to higher level

251 views • 5 slides
In-Kernel TLS Framing and Encryp6on for FreeBSD John Baldwin vBSDCon September 6, 2019

In-Kernel TLS Framing and Encryp6on for FreeBSD John Baldwin vBSDCon September 6, 2019

In-Kernel TLS Framing and Encryp6on for FreeBSD John Baldwin vBSDCon September 6, 2019 Overview Mo6va6on Kernel TLS SoJware TLS NIC TLS Numbers Why KTLS? The story of KTLS is really a repeat of the story of sendfile(2)

531 views • 35 slides
eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why eBPF? Target architecture (NFP based NIC) RX Path Flow of eBPF Packet The Flow Processing Core (Fully Programmable) Mapping eBPF -&gt; NFP

668 views • 24 slides
FreeBSD on IBM PowerNV Patryk Duda pdk@semihalf.com Wojciech Macek wma@FreeBSD.org,

FreeBSD on IBM PowerNV Patryk Duda pdk@semihalf.com Wojciech Macek wma@FreeBSD.org,

FreeBSD on IBM PowerNV Patryk Duda pdk@semihalf.com Wojciech Macek wma@FreeBSD.org, wma@semihalf.com Micha Stanek mst@semihalf.com Presentation plan Hardware platform Power8 and PowerNV S821LC Power8 system internals

591 views • 41 slides
2 Berkeley Socket Userspace Kernel Hardware Time 1983 2 Berkeley TCP Arrakis &amp;

2 Berkeley Socket Userspace Kernel Hardware Time 1983 2 Berkeley TCP Arrakis &amp;

LITE Kernel RDMA Support for Datacenter Applications Shin-Yeh Tsai , Yiying Zhang Time 2 Berkeley Socket Userspace Kernel Hardware Time 1983 2 Berkeley TCP Arrakis &amp; Socket IX O ffl oad engine mTCP Userspace Kernel Hardware

1.34k views • 104 slides
Tracking FreeBSD in a Commercial Environment Warner Losh imp@FreeBSD.org The FreeBSD Project

Tracking FreeBSD in a Commercial Environment Warner Losh imp@FreeBSD.org The FreeBSD Project

Tracking FreeBSD in a Commercial Environment Warner Losh imp@FreeBSD.org The FreeBSD Project BSDCan 2009 Ottawa, Canada 8 May 2009 Background and Context FreeBSD Development Model Product Life Cycle Tracking Options SVK Hints

801 views • 45 slides
Livepatching FreeBSD kernel Maciej Grochowski Maciej.Grochowski[at]protonmail.com EuroBSDcon

Livepatching FreeBSD kernel Maciej Grochowski Maciej.Grochowski[at]protonmail.com EuroBSDcon

Livepatching FreeBSD kernel Maciej Grochowski Maciej.Grochowski[at]protonmail.com EuroBSDcon 2018 University Politehnica of Bucharest Bucuresti, Romania September 22 23, 2018 Outline Problem statement Some background Why we

710 views • 19 slides
HOST Cryptography III ECE 525 AES Block Cipher Blockciphers are central tool in the design of

HOST Cryptography III ECE 525 AES Block Cipher Blockciphers are central tool in the design of

HOST Cryptography III ECE 525 AES Block Cipher Blockciphers are central tool in the design of protocols for shared-key cryptography What is a blockcipher? } k } n } n { , { , { , It is a function E of parameters k and n that maps

329 views • 17 slides
LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me

LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me

LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me PhD student at Hasselt University since 2014 Since 2016 on FWO SBO research grant Researching wireless security Protocol security,

803 views • 57 slides
RC6The elegant AES choice Ron Rivest rivest@mit.edu Matt Robshaw mrobshaw@supanet.com Yiqun

RC6The elegant AES choice Ron Rivest rivest@mit.edu Matt Robshaw mrobshaw@supanet.com Yiqun

RC6The elegant AES choice Ron Rivest rivest@mit.edu Matt Robshaw mrobshaw@supanet.com Yiqun Lisa Yin yiqun@nttmcl.com RC6 is the right AES choice Security Performance Ease of implementation Simplicity Flexibility RC6 is

314 views • 15 slides
Objectives Introduction to Finite Fields AES Algorithm Sub Byte Shift row

Objectives Introduction to Finite Fields AES Algorithm Sub Byte Shift row

Modern Block Cipher Standards (AES) Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Introduction to Finite Fields AES

604 views • 31 slides
Getting started with ggplot2 STAT 133 Gaston Sanchez Department of Statistics, UCBerkeley

Getting started with ggplot2 STAT 133 Gaston Sanchez Department of Statistics, UCBerkeley

Getting started with ggplot2 STAT 133 Gaston Sanchez Department of Statistics, UCBerkeley gastonsanchez.com github.com/gastonstat/stat133 Course web: gastonsanchez.com/stat133 ggplot2 2 Resources for &quot;ggplot2&quot; Documentation:

1.27k views • 44 slides
Network Security Technology Project 1 Neng Li ln-fjpt@sjtu.edu.cn Part I 2 Implement the

Network Security Technology Project 1 Neng Li ln-fjpt@sjtu.edu.cn Part I 2 Implement the

Network Security Technology Project 1 Neng Li ln-fjpt@sjtu.edu.cn Part I 2 Implement the textbook RSA algorithm. The textbook RSA is essentially RSA without any padding. Part I 3 Goals Generate a random RSA key pair with a given

438 views • 18 slides
Talk Overview Introduction 1 Table-based 2 Vector-Permutation 3 Bitslice 4 Results and

Talk Overview Introduction 1 Table-based 2 Vector-Permutation 3 Bitslice 4 Results and

Implementing Lightweight Block Ciphers on x86 Architectures Ryad Benadjila 1 Jian Guo 2 e 1 Thomas Peyrin 2 Victor Lomn 1 ANSSI, France 2 NTU, Singapore SAC, August 15, 2013 Introduction Table-based Vector-Permutation Bitslice Results and

899 views • 43 slides
got HW crypto? On the (in)security of a Self-Encrypting Drive series Research motivation is HW

got HW crypto? On the (in)security of a Self-Encrypting Drive series Research motivation is HW

got HW crypto? On the (in)security of a Self-Encrypting Drive series Research motivation is HW crypto more secure? JMS538S SW6316 OXUF943SE INIC-1607E x x x x JMS569 INIC-3608 x x 2 Speakers intro Gunnar Alendal: Christian Kison:

718 views • 56 slides

More recommend