mmb flexible high speed userspace middleboxes
play

mmb : Flexible High-Speed Userspace Middleboxes Korian Edeline , - PowerPoint PPT Presentation

Sep 11, 2023 •339 likes •624 views

mmb : Flexible High-Speed Userspace Middleboxes Korian Edeline , Justin Iurman, Cyril Soldani, Benoit Donnet Montefiore Institute, University of Lige Belgium A middleboxed Internet https://github.com/mami-project/roadshows 7/22/19 2 ANRW

  1. mmb : Flexible High-Speed Userspace Middleboxes Korian Edeline , Justin Iurman, Cyril Soldani, Benoit Donnet Montefiore Institute, University of Liège Belgium

  2. A middleboxed Internet https://github.com/mami-project/roadshows 7/22/19 2 ANRW 2019

  3. kernelspace vs userspace Kernel: Userspace: 3 ANRW 2019

  4. kernelspace vs userspace Kernel: ✗ T oo slow for high-speed forwarding ✗ Missing optimizations (batching, caching, etc) Userspace: 4 ANRW 2019

  5. kernelspace vs userspace Kernel: ✗ T oo slow for high-speed forwarding ✗ Missing optimizations (batching, caching, etc) Userspace: ✗ No direct access to NIC (context switch, sk_bufg) 5 ANRW 2019

  6. kernelspace vs userspace Kernel: ✗ T oo slow for high-speed forwarding ✗ Missing optimizations (batching, caching, etc) Userspace: ✗ No direct access to NIC (context switch, sk_bufg) ✔ DPDK (DMA, I/O batching) 6 ANRW 2019

  7. kernelspace vs userspace Kernel: ✗ T oo slow for high-speed forwarding ✗ Missing optimizations (batching, caching, etc) Userspace: ✗ No direct access to NIC (context switch, sk_bufg) ✔ DPDK (DMA, I/O batching) ✔ Software optimizations ✔ Flexibility 7 ANRW 2019

  8. Kernel-Bypass Frameworks 8 ANRW 2019

  9. architecture Vector Packet Processing (VPP) ● DPDK ● RSS queues, Zero-Copy and more ● Packet vectors ● Modular node-based processing ● Low-level optimizations (caching, pipelining) ANRW 2019

  10. architecture VPP Dual-Loop while (n_left_from >= 2) { /* prefetch next iteration */ if (PREDICT_TRUE(n_left_from >= 4)){ vlib_prefetch_bufger_header(b[2], STORE); vlib_prefetch_bufger_header(b[3], STORE); } process(b[0]); process(b[1]); b += 2; next += 2; n_left_from -= 2; } /* process remaining packets */ while(n_left_from > 0){ process(b[0]); b += 1; next += 1; n_left_from -= 1; } 7/22/19 10 ANRW 2019

  11. architecture mmb: A VPP middlebox Goals: ● Various middlebox policies (fjrewall, NAT, traffjc engineering) ● Fast even with thousands rules ● Intuitive CLI 11 ANRW 2019

  12. architecture mmb: CLI grammar 7/22/19 12 ANRW 2019

  13. architecture mmb: forwarding graph 7/22/19 13 ANRW 2019

  14. architecture mmb: forwarding graph ● Classifjcation: (Packet & Mask) ⊕ Key ● Rewrite (Packet & Mask) | Key 7/22/19 14 ANRW 2019

  15. architecture mmb: processing path 7/22/19 15 ANRW 2019

  16. measurement Performance Analysis ● FastClick: – Fast (multi-queue, ZC forwarding, batching, DPDK) – Click ● eXpress Data Path (XDP): – In-Kernel – eBPF ● iptables ANRW 2019

  17. measurement Performance Analysis: Testbed Direct Indirect PCI Passthrough Bridged 7/22/19 17 ANRW 2019

  18. measurement Performance Analysis: Baselines ● VPP, FastClick, 4.15 > 99% of direct baseline 7/22/19 18 ANRW 2019

  19. measurement Performance Analysis: 5-tuples fjrewall ● Stateless matching on 5-tuples (saddr, daddr, sport, dport, proto) 7/22/19 19 ANRW 2019

  20. measurement Performance Analysis: 5-tuples fjrewall ● Stateless matching on 5-tuples (saddr, daddr, sport, dport, proto) ● mmb & XDP at direct baseline ● FastClick matching (IPFilter) has performance issues ● Iptables 4.15 sustains direct baseline with up to 1,000 rules 7/22/19 20 ANRW 2019

  21. measurement Performance Analysis: stateful fmow matching ● Stateful matching on 5-tuples (saddr, daddr, sport, dport, proto) 7/22/19 21 ANRW 2019

  22. measurement Performance Analysis: stateful fmow matching ● Stateful matching on 5-tuples (saddr, daddr, sport, dport, proto) ● mmb & XDP at direct baseline ● FastClick at 85% direct baseline ● Iptables stateful is similar to stateless (with few rules). 7/22/19 22 ANRW 2019

  23. measurement Performance Analysis: TCP Options ● Matching on TCP Options ● Not applicable to iptables, FastClick & XDP ● Stable until 78 rules 7/22/19 23 ANRW 2019

  24. measurement Conclusion & Next steps ● mmb sustains line rate for difgerent use cases ● Next Step: Payload reconstruction ● https://github.com/mami-project/vpp-mb 24 ANRW 2019

  25. measurement Thanks ! 7/22/19 25 ANRW 2019

  26. measurement Performance Analysis: Testbed ● Intel Xeon E5-2620 2.1GHz, 16 Threads, 32GB RAM ● Intel XL710 2x40GB NICs ● Huawei CE6800 switch ● Debian 9 26 ANRW 2019

  27. measurement Performance Analysis: RTT 7/22/19 27 ANRW 2019

  28. measurement Performance Analysis: CPU time 7/22/19 28 ANRW 2019

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

XtreemFS: high- performance network file system clients and servers in userspace Minor Gordon,

XtreemFS: high- performance network file system clients and servers in userspace Minor Gordon,

XtreemFS: high- performance network file system clients and servers in userspace Minor Gordon, NEC Deutschland GmbH mgordon@hpce.nec.com HIGH PERFORMANCE Why userspace? COMPUTING 05/04/09 File systems traditionally implemented in the

275 views • 15 slides
Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada Popa, Sylvia Ratnasamy, Zhi Liu UC Berkeley Tsinghua University 1 Background Middleboxes are prevalent and problematic Number of Middleboxes

1.31k views • 44 slides
Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada Popa, Sylvia Ratnasamy, Zhi Liu UC Berkeley Tsinghua University 1 Background Middleboxes are prevalent and problematic Number of Middleboxes

572 views • 40 slides
MINUTES OF ORAL EVIDENCE taken before the HIGH SPEED RAIL BILL COMMITTEE on the HIGH SPEED RAIL

MINUTES OF ORAL EVIDENCE taken before the HIGH SPEED RAIL BILL COMMITTEE on the HIGH SPEED RAIL

MINUTES OF ORAL EVIDENCE taken before the HIGH SPEED RAIL BILL COMMITTEE on the HIGH SPEED RAIL (WEST MIDLANDS CREWE) BILL Monday 19 March 2018 (Afternoon) In Committee Room 5 PRESENT: James Duddridge (Chair) Sandy Martin Mrs Sheryll

954 views • 57 slides
Introduction of High speed line High speed line Japan International Consultants for

Introduction of High speed line High speed line Japan International Consultants for

Introduction of High speed line High speed line Japan International Consultants for Transportation Co., Ltd. (JIC) Index Trend of the HSR Project HSR Project in The World Superiority of Introducing HSR Transport Needs

1.02k views • 25 slides
Is he ever going to quit? 1 High power, high speed and high linearity photodiode for

Is he ever going to quit? 1 High power, high speed and high linearity photodiode for

Is he ever going to quit? 1 High power, high speed and high linearity photodiode for NextGen-VLA antenna project Qinglong Li, Andreas Beling, Joe C. Campbell University of Virginia, Charlottesville, VA 22904 Outline High power photodiode

746 views • 25 slides
High speed CMOS image sensors Wim Wuyts Sr. Staff Applications Engineer Cypress Semiconductor

High speed CMOS image sensors Wim Wuyts Sr. Staff Applications Engineer Cypress Semiconductor

High speed CMOS image sensors Wim Wuyts Sr. Staff Applications Engineer Cypress Semiconductor Corporation Belgium Vision 2006 P E R F O R M Outline Introduction Architecture Analog high speed CIS Digital high speed CIS

593 views • 32 slides
Sean Graves PhD Visi-Trak Sensors Charlottesville VA High Speed/High Resolution Encoder

Sean Graves PhD Visi-Trak Sensors Charlottesville VA High Speed/High Resolution Encoder

Sean Graves PhD Visi-Trak Sensors Charlottesville VA High Speed/High Resolution Encoder Interface for Overview New linear position/velocity sensor Non-contact High resolution High speed Based on proven

320 views • 27 slides
1 High Speed UK Connecting the Nation, Connecting the North: The Only Way is Woodhead High

1 High Speed UK Connecting the Nation, Connecting the North: The Only Way is Woodhead High

1 High Speed UK Connecting the Nation, Connecting the North: The Only Way is Woodhead High Speed UK Connecting the Nation Who are we? Colin Elliff BSc CEng MICE Civil Engineering Principal, HSUK Quentin Macdonald

899 views • 85 slides
RTD-based High Speed and Low RTD-based High Speed and Low Power Integrated Circuits Power

RTD-based High Speed and Low RTD-based High Speed and Low Power Integrated Circuits Power

RTD-based High Speed and Low RTD-based High Speed and Low Power Integrated Circuits Power Integrated Circuits 2009. 04. 27 Kwangseok Seo Seoul National University Outline Outline Introduction RTD/HEMT Integration Technology

369 views • 22 slides
High Speed Rail for Australia: Opportunities and Issues by Dale Budd Hunter Business Chamber

High Speed Rail for Australia: Opportunities and Issues by Dale Budd Hunter Business Chamber

High Speed Rail for Australia: Opportunities and Issues by Dale Budd Hunter Business Chamber Newcastle, 7 December 2012 What is high speed rail? High speed rail refers to passenger trains travelling at 250 km/h or more, on purpose-built tracks.

354 views • 11 slides
High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges & Approaches Security: Challenges & Approaches C-DAC Asia-Pacific Advanced Network 32 nd Meeting, India Habitat Centre, New Delhi APAN 32nd Meeting,

647 views • 28 slides
High-speed dispersing between two deinking loops: are there optimisation possibilities?

High-speed dispersing between two deinking loops: are there optimisation possibilities?

High-speed dispersing between two deinking loops: are there optimisation possibilities? Benjamin FABRY and Bruno CARRE Niagara Falls, September 2007 Guideline Introduction Theoretical aspects High-speed dispersing between two

464 views • 44 slides
High-speed cryptography Do we care about speed? Daniel J. Bernstein Almost all software is

High-speed cryptography Do we care about speed? Daniel J. Bernstein Almost all software is

1 2 High-speed cryptography Do we care about speed? Daniel J. Bernstein Almost all software is University of Illinois at Chicago & much slower than it could be. Technische Universiteit Eindhoven Is software applied to much data? with

1.17k views • 115 slides
Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network

Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network

Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network functionality can be really helpful Security (IPS) Performance (proxies) Fairness (traffic management) 2 Middleboxes are pervasive

617 views • 37 slides
Chapter: 9 9 9 9 Chapter: Chapter: Chapter: High-Speed Downlink High-Speed Downlink Packet

Chapter: 9 9 9 9 Chapter: Chapter: Chapter: High-Speed Downlink High-Speed Downlink Packet

3G Evolution 3G Evolution 3G Evolution 3G Evolution Chapter: 9 9 9 9 Chapter: Chapter: Chapter: High-Speed Downlink High-Speed Downlink Packet Access Deepak Dasalukunte Department of Electrical and Information Technology 16-Apr-2009

393 views • 25 slides
Status ! Next project (after exam) will be similar to last year BUT using a different strategy

Status ! Next project (after exam) will be similar to last year BUT using a different strategy

Status ! Next project (after exam) will be similar to last year BUT using a different strategy perhaps stride scheduling. CSCI [4|6] 730 ! Scheduling ( 2-3 lectures, 2 before the exam 3 rd lecture (if needed) will not on the exam)

298 views • 10 slides
Processes Eric McCreath Processes A process is a program in execution. To provide

Processes Eric McCreath Processes A process is a program in execution. To provide

Processes Eric McCreath Processes A process is a program in execution. To provide multiprogramming the operating system will maintain multiple independent program contexts. The operating system will manage the simultaneous execution of

302 views • 8 slides
Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer

Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer

Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer Science Room R4.20, steen@cs.vu.nl Chapter 03: Processes Version: November 1, 2012 Processes 3.1 Threads Introduction to Threads Basic idea We

706 views • 34 slides
MC714 - Sistemas Distribuidos slides by Maarten van Steen (adapted from Distributed System - 3rd

MC714 - Sistemas Distribuidos slides by Maarten van Steen (adapted from Distributed System - 3rd

MC714 - Sistemas Distribuidos slides by Maarten van Steen (adapted from Distributed System - 3rd Edition) Chapter 03: Processes Version: March 21, 2019 Processes: Threads Introduction to threads Introduction to threads Basic idea We build

564 views • 43 slides
Operating Systems ECE344 Lecture 4: Threads Ding Yuan Processes Recall that a process

Operating Systems ECE344 Lecture 4: Threads Ding Yuan Processes Recall that a process

Operating Systems ECE344 Lecture 4: Threads Ding Yuan Processes Recall that a process includes many things An address space (defining all the code and data pages) OS resources (e.g., open files) and accounting information

497 views • 30 slides
Time-domain determinism using modern SoCs OSPERT 2019 David Haworth 1/42 1 / 42 Elektrobit

Time-domain determinism using modern SoCs OSPERT 2019 David Haworth 1/42 1 / 42 Elektrobit

Elektrobit Time-domain determinism using modern SoCs OSPERT 2019 David Haworth 1/42 1 / 42 Elektrobit Introduction Introduction What is time-domain determinism? What causes non-deterministic behavior? Overview of the AUTOSAR

600 views • 43 slides
COVID-19: Understanding markets through context What's changed since the last 2009 pandemic?

COVID-19: Understanding markets through context What's changed since the last 2009 pandemic?

COVID-19: Understanding markets through context What's changed since the last 2009 pandemic? (H1N1 in 2009) Source: World Bank 2 What's changed since the last 2019 pandemic? (H1N1 in 2009) Source: World Bank 3 ~3 million news Shared

423 views • 17 slides
CS885 Reinforcement Learning Lecture 8b: May 25, 2018 Bayesian and Contextual Bandits [SutBar]

CS885 Reinforcement Learning Lecture 8b: May 25, 2018 Bayesian and Contextual Bandits [SutBar]

CS885 Reinforcement Learning Lecture 8b: May 25, 2018 Bayesian and Contextual Bandits [SutBar] Sec. 2.9 University of Waterloo CS885 Spring 2018 Pascal Poupart 1 Outline Bayesian bandits Thompson sampling Contextual bandits

464 views • 22 slides

More recommend