linux traffic control classifier action subsystem
play

Linux Traffic Control Classifier-Action Subsystem Architecture - PowerPoint PPT Presentation

Nov 05, 2023 •927 likes •1.27k views

Linux Traffic Control Classifier-Action Subsystem Architecture Jamal Hadi Salim Netdev 0.1, Ottawa, On Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada Motivation Finally Document Hopefully have people use and build on

  1. Linux Traffic Control Classifier-Action Subsystem Architecture Jamal Hadi Salim Netdev 0.1, Ottawa, On Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  2. Motivation ● Finally Document ● Hopefully have people use and build on top (as opposed to re-invent) Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  3. Life Starts With A Port... Network Stack ● And Packets cometh... ● And Packets goeth... Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  4. Linux Datapath ● The main packet mangling hooks are traffic control and netfilter ● We will focus on traffic control Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  5. Traffic Control Hierarchy ● Note: Ingress side does not have a class(queues) ● Our focus is on Classifiers and Actions ● We will refer to those two as CA Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  6. Early History ● Alexey Kuznetsov is the originator of TC and most of the architecture as it stands right now – Much of the flexibility and beauty – Initial patches around kernel 2.1 ● Werner Almesberger did a lot of formative work (many things: classifiers, qdiscs, general education) ● Jamal created the “A” part of “CA” (and current maintainer) ● DaveM who was actively involved in those days Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  7. Classifiers ● Classifiers hold filters which segregate traffic – Built-in default classifier based on protocol ● Many different types of classifiers – No such thing as a universal classifier – Each does something they are good at ● Unix philosophy – Types can be mixed and matched when creating policies ● Example of classifiers – U32, fw, route, rsvp, basic, bpf, flow, openflow, etc ● Example u32 could be used to build an efficient tree for packet lookup based on chunks of 32-bit packet blocks ● Route is efficient with IP based route attributes Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  8. U32 Classifier Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  9. TC Classifier-Actions Action Block Classifier P+M Block ● Packet + Metadata exchanged between the 2 blocks ● Can create a policy graph made of filters and actions ● Graph flow is programmable at both blocks ● Programming Constructs and flow control: statement, if, else, while, goto, continue, end Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  10. CA Programmatic Flow Control ● Priority arrangement of rule predicates is equivalent to if/else if/else ● Rules of the same protocol are grouped by priority Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada ● Each rule maybe a totally different classifier algorithm

  11. Classifier Flow Control ● Continue construct (contributes to if/else branching) ● Essentially continue onto next classifier rule ● Useful for having default policies and overriding rules ● reclassify construct (jump-back operation) ● Useful for adding or removing tunnel headers ● It means start the classification again ● All other constructs(Accept/Drop/Steal) terminate the pipeline Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  12. Anatomy of a Classifier Block Branching rule using Reclassify: says to restart the classification classifier A priority X Rule using classifier B Priority X If ... else if .. Continue: says to continue the classification else ... Rule using classifier B Ambiguity resolution upto to admin Prio X+1 - Rules are sorted by priorities - When priority equal then Rule using => last entered rule more important classifier Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada C Prio X+2

  13. Example classifier branching classifier Reclassify: says to restart the classification Fw proto IP Match mark 3 priority 1 classifier U32 Proto IP Match icmp Priority 2 Continue: says to continue the classification Classifier basic Proto IP Match text “foo” Prio 3 classifier Route Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada Match realm X Priority 4

  14. Actions ● Do one small thing they are good at – Unix philosophy ● Typically the attributes of each instance of a specific action sit in a table row – Creation from the control plane is equivalent to adding a table row Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  15. Actions ● Many actions exist – nat, checksum, TBF policing, generic action (drop/accept), arbitrary packet editor, mirroring, redirect, etc ● Each action instance maintains its own private state which is typically updated by arriving packets ● Each action instance carries attributes and statistics ● An action instance can be shared across more than one service graph Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  16. TC Actions: Simple chain P+M P+M P+M P+M P+M ● Actions policy chain using using pipe construct (emulating the unix | operator ) ● i.e pipe a packet across actions ● As in Unix pipe chain can conditionally be terminated earlier by any action ● Action state, packet Drop , Packet Acceptance , Packet stealing Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  17. Actions: Branching Control ● if and else conditions programmed in action instance ● Any action could conditionally repeat (REPEAT) ● Loop construct Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  18. A Simple Program Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  19. A Simple Program: Functional View Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  20. Summary: Classifier-Action Pipeline Classifier Programmatic control Action Programmatic Control ● CONTINUE ( iterate next rule) ● Stolen/Queued (end CA pipeline) ● RECLASSIFY ( restart pipeline) ● DROP (end CA pipeline) ● All others ( end CA pipeline) ● ACCEPT (end CA pipeline) ● PIPE ( iterate next action) ● CONTINUE (end A ction pipeline) ● RECLASSIFY (end A ction pipeline) ● REPEAT ( restart action processing) ● JUMPx ( jump X actions in pipeline) Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  21. Sharing Actions: IMQ Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  22. Aging of Policies ● All Actions keep track of when they were installed and last used ● Control side can use this info to implement aging algorithms Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  23. Late Binding ● Action instances can be created ● Later bound to policies Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  24. Distributing CA Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  25. Future Work ● More Classifiers and Actions of course ● Functional discovery ● Usability – tcng effort by Werner – Programmability extension into higher level language (python, lua etc) Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  26. Future Work: Hardware Offload Realtek RTL8366xx Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  27. Lets Write Some Programs Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  28. Counting Packets To A Host Action Block Classifier Block Egress Network U32 rule prio 10 Port Accept match dest = google.com Stack (eth1) ● Goal: get acquinted with the control setup via CLI ● Ping google.com ● Show statistics Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  29. Counting Packets To/From A Host Egress Network U32 rule prio 10 Accept Port match dest = google.com Stack Index 12 (eth1) Ingress U32 rule prio 10 Port Accept match src = google.com Index 2 (eth1) ● Goal: get acquinted with the control setup via CLI ● Ping google.com ● Show statistics Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  30. Counting Packets To/From A Host Shared Action Instance Egress Network U32 rule prio 10 Accept Port match dest = google.com Stack Index 12 (eth1) Ingress U32 rule prio 10 Port Accept match src = google.com Index 12 (eth1) ● Goal: A little more complex setup (sharing action instance) ● Ping google.com and show statistics ● Broken for ubuntu shipped kernels and iproute2 Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  31. More Complex Service Ingress egress U32 rule prio 10 Port Port skbedit skbedit copy to If match packet == icmp Mark 11 Mark 12 dummy0 (eth1) (dummy0) 1 If exceeded police police If exceeded 10kbps 20kbps 2 else !exceeded else !exceeded Network Stack ● Goal: Illustrate a more complex service – More complex action graph ● Broken for ubuntu shipped kernels and Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada iproute2

  32. More Complex Service Shared Rate control Ingress egress U32 rule prio 10 Port Port skbedit skbedit copy to If match packet == icmp Mark 11 Mark 12 dummy0 (eth1) (dummy0) 1 If exceeded police police If exceeded 10kbps 20kbps Index 1 Index 2 2 else !exceeded else !exceeded Network Stack else !exceeded else !exceeded police 2 police 20kbps If exceeded 10kbps Index 2 1 Index 1 If exceeded Ingress egress U32 rule prio 10 Port Port skbedit skbedit copy to Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada If match packet == icmp dummy1 Mark 21 Mark 22 (lo) (dummy1)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

LSS 2017: linux-integrity subsystem update Mimi Zohar 1 IBM Research Linux Integrity Subsystem

LSS 2017: linux-integrity subsystem update Mimi Zohar 1 IBM Research Linux Integrity Subsystem

LSS 2017: linux-integrity subsystem update Mimi Zohar 1 IBM Research Linux Integrity Subsystem Status Update Review of IMA goals New IMA features and other changes TPM related work Possible IMA specific fixes for TPM

567 views • 17 slides
Linux Traffic Control Cong Wang Software Engineer Twitter, Inc. Layer 2 Overview Qdisc:

Linux Traffic Control Cong Wang Software Engineer Twitter, Inc. Layer 2 Overview Qdisc:

Linux Traffic Control Cong Wang Software Engineer Twitter, Inc. Layer 2 Overview Qdisc: how to queue the packets Class: tied with qdiscs to form a hierarchy Filter: how to classify or filter the packets Action: how to deal

459 views • 31 slides
Groking the Linux SPI Subsystem Embedded Linux Conference 2017 Matt Porter Obligatory geek

Groking the Linux SPI Subsystem Embedded Linux Conference 2017 Matt Porter Obligatory geek

Groking the Linux SPI Subsystem Embedded Linux Conference 2017 Matt Porter Obligatory geek reference deobfuscation grok ( /grk/ ) verb to understand intuitively or by empathy, to establish rapport with. Overview What is SPI? SPI

938 views • 47 slides
Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com Website: http://www.gl.com 1 1 Traffic

228 views • 11 slides
Guidelines for Action Space Definition in Reinforcement Learning-based Traffic Signal Control

Guidelines for Action Space Definition in Reinforcement Learning-based Traffic Signal Control

Guidelines for Action Space Definition in Reinforcement Learning-based Traffic Signal Control Systems Maxime Trca, Julian Garbiso, Dominique Barth October 15, 2020 Outline I - Reinforcement Learning Applied to Traffic Signal Control II -

189 views • 16 slides
signin.ritlug.com sign in! Windows Subsystem For Linux RITlug - Week 4! Solomon Rubin Hold up.

signin.ritlug.com sign in! Windows Subsystem For Linux RITlug - Week 4! Solomon Rubin Hold up.

Dont forget to signin.ritlug.com sign in! Windows Subsystem For Linux RITlug - Week 4! Solomon Rubin Hold up. Linux... on windows? Overview What is it? Literally, Linux on Windows Allows for actual ELF Binaries to be executed

502 views • 15 slides
So you want to write a Linux driver subsystem? Michael Turquette <mturquette@baylibre.com>

So you want to write a Linux driver subsystem? Michael Turquette <mturquette@baylibre.com>

So you want to write a Linux driver subsystem? Michael Turquette <mturquette@baylibre.com> Who am I? And why am I here? CEO of BayLibre, Inc Previously at Texas Instruments, Linaro, San Francisco start-up Contributor to various

638 views • 37 slides
Groking the Linux SPI Subsystem FOSDEM 2017 Matt Porter Obligatory geek reference

Groking the Linux SPI Subsystem FOSDEM 2017 Matt Porter Obligatory geek reference

Groking the Linux SPI Subsystem FOSDEM 2017 Matt Porter Obligatory geek reference deobfuscation grok ( /grk/ ) verb to understand intuitively or by empathy, to establish rapport with. Overview What is SPI? SPI Fundamentals

977 views • 45 slides
Transbay Transit Center TG05.4R Traffic Control Package TG05.4R Traffic Control Request for

Transbay Transit Center TG05.4R Traffic Control Package TG05.4R Traffic Control Request for

Transbay Transit Center TG05.4R Traffic Control Package TG05.4R Traffic Control Request for Proposal (RFP) Package Overview Negotiated General Traffic Control & Engineering Services for Overall Project Traffic Control &

393 views • 15 slides
The DRM/KMS subsystem from a newbies point of view Free Electrons. Kernel, drivers and

The DRM/KMS subsystem from a newbies point of view Free Electrons. Kernel, drivers and

The DRM/KMS subsystem from a newbies point of view Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http://free-electrons.com 1/49 Boris Brezillon Embedded Linux engineer and trainer at

759 views • 49 slides
Industrial I/O Subsystem: The Home of Linux Sensors Daniel Baluta Intel daniel.baluta@intel.com

Industrial I/O Subsystem: The Home of Linux Sensors Daniel Baluta Intel daniel.baluta@intel.com

Industrial I/O Subsystem: The Home of Linux Sensors Daniel Baluta Intel daniel.baluta@intel.com October 5, 2015 Daniel Baluta (Intel) Industrial I/O October 5, 2015 1 / 29 Why Industrial I/O? past - industrial process control or scientific

679 views • 29 slides
MLC/TLC NAND support: (new ?) challenges for the MTD/NAND subsystem Free Electrons - Embedded

MLC/TLC NAND support: (new ?) challenges for the MTD/NAND subsystem Free Electrons - Embedded

MLC/TLC NAND support: (new ?) challenges for the MTD/NAND subsystem Free Electrons - Embedded Linux, kernel, drivers and Android - Development, consulting, training and support. http://free-electrons.com 1/47 Boris Brezillon Embedded Linux

746 views • 47 slides
PDE Backstepping Control Traffic Congestion Control: of Congested Traffic A PDE Backstepping

PDE Backstepping Control Traffic Congestion Control: of Congested Traffic A PDE Backstepping

PDE Backstepping Control Traffic Congestion Control: of Congested Traffic A PDE Backstepping Perspective Miroslav Krstic (with Huan Yu) Mud pump From Mud Pit Harder: PT Oil Drilling Mud-assisted drilling u c helps take cuttings away +

935 views • 46 slides
Security Subsystem Report: Yama Linux Security Summit 2012 Kees Cook (pronounced

Security Subsystem Report: Yama Linux Security Summit 2012 Kees Cook (pronounced

Security Subsystem Report: Yama Linux Security Summit 2012 Kees Cook (pronounced "Case") keescook@chromium.org http://outflux.net/slides/2012/lss/lsm/ Overview Past Present Future Past ("ruler of the

194 views • 6 slides
Noah Hypervisor-Based Darwin Subsystem for Linux Takaya Saeki, Yuichi Nishiwaki Self

Noah Hypervisor-Based Darwin Subsystem for Linux Takaya Saeki, Yuichi Nishiwaki Self

Noah Hypervisor-Based Darwin Subsystem for Linux Takaya Saeki, Yuichi Nishiwaki Self Introduction Noah Development Team Takaya Saeki Yuichi Nishiwaki They both are graduate students at the University of Tokyo. They are developing Noah in

890 views • 53 slides
LightNVM: The Linux Open-Channel SSD Subsystem Matia tias Bj Bjrli ling (ITU (ITU, CN

LightNVM: The Linux Open-Channel SSD Subsystem Matia tias Bj Bjrli ling (ITU (ITU, CN

LightNVM: The Linux Open-Channel SSD Subsystem Matia tias Bj Bjrli ling (ITU (ITU, CN CNEX La Labs), Javier Gonzlez (CNEX Labs), Philippe Bonnet (ITU) 0% Writes - Read Latency 4K Random Read 4K Random Read Latency Percentile 2

963 views • 20 slides
- Varun Batra Why PipeDream? Pipeline Parallelism Partitioning Scheduling Learning

- Varun Batra Why PipeDream? Pipeline Parallelism Partitioning Scheduling Learning

- Varun Batra Why PipeDream? Pipeline Parallelism Partitioning Scheduling Learning Implementation Experimentation Distbelief and Adam Using Commodity Machines TensorFlow Generalization and giving user the power to

611 views • 23 slides
GEOLOGY OF THE GAHCHO KU KIMBERLITE PIPES, NWT, CANADA: ROOT TO DIATREME TRANSITION ZONES

GEOLOGY OF THE GAHCHO KU KIMBERLITE PIPES, NWT, CANADA: ROOT TO DIATREME TRANSITION ZONES

GEOLOGY OF THE GAHCHO KU KIMBERLITE PIPES, NWT, CANADA: ROOT TO DIATREME TRANSITION ZONES Hetman, C.M. 1 , Scott Smith, B.H. 2 , Paul, J.L. 3 and Winter, F.W. 4 1 De Beers Canada Kimberlite Petrology Unit, Canada; 2 Scott-Smith Petrology Inc.,

283 views • 6 slides
Assessment of Internal Hazards Javier Yllera Department of Nuclear Safety and Security Division

Assessment of Internal Hazards Javier Yllera Department of Nuclear Safety and Security Division

Joint ICTP-IAEA Essential Knowledge Workshop on Deterministic Safety Analysis and Engineering Aspects Important to Safety Trieste, 12-23 October 2015 Assessment of Internal Hazards Javier Yllera Department of Nuclear Safety and Security

904 views • 43 slides
Office Of fice of of Hou Housing sing Couns Counseling eling Facilitated by Booth

Office Of fice of of Hou Housing sing Couns Counseling eling Facilitated by Booth

U.S. .S. Depar Department of tment of Housing Housing and and Urban De Urban Development elopment Office Of fice of of Hou Housing sing Couns Counseling eling Facilitated by Booth Management Consulting 7230 Lee Deforest Drive,

393 views • 36 slides
Architectural Patterns Dr. James A. Bednar jbednar@inf.ed.ac.uk

Architectural Patterns Dr. James A. Bednar jbednar@inf.ed.ac.uk

Architectural Patterns Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar Dr. David Robertson dr@inf.ed.ac.uk http://www.inf.ed.ac.uk/ssp/members/dave.htm SAPM Spring 2012: Architecture 1 Architectural Patterns

620 views • 48 slides
Debugging Usually Slightly Broken Devices and Drivers Krzysztof Opasiak Samsung R&D

Debugging Usually Slightly Broken Devices and Drivers Krzysztof Opasiak Samsung R&D

Debugging Usually Slightly Broken Devices and Drivers Krzysztof Opasiak Samsung R&D Institute Poland Agenda USB basics Plug & Play Plug & do what I want Plug & tell me more Summary Q & A 1 This presentation is

976 views • 49 slides
How to fix Usually Slightly Broken devices and drivers? Krzysztof Opasiak Samsung R&D

How to fix Usually Slightly Broken devices and drivers? Krzysztof Opasiak Samsung R&D

How to fix Usually Slightly Broken devices and drivers? Krzysztof Opasiak Samsung R&D Institute Poland Agenda USB basics Plug & Play Plug & do what I want Plug & tell me more Summary Q & A 1 This presentation is

1.03k views • 53 slides
15-410 My other car is a cdr -- Unknown Exam #1 Oct. 17, 2007 Dave Eckhardt Dave

15-410 My other car is a cdr -- Unknown Exam #1 Oct. 17, 2007 Dave Eckhardt Dave

15-410 My other car is a cdr -- Unknown Exam #1 Oct. 17, 2007 Dave Eckhardt Dave Eckhardt Roger Dannenberg Roger Dannenberg 1 L20_Exam 15-410, F'07 Synchronization Checkpoint 2 Wednesday, in cluster Checkpoint 2

583 views • 24 slides

More recommend