Pa PacketScope: : Monit itorin ing the Pac acket Li Lifecycle - - PowerPoint PPT Presentation

pa packetscope monit itorin ing the pac acket li
SMART_READER_LITE
LIVE PREVIEW

Pa PacketScope: : Monit itorin ing the Pac acket Li Lifecycle - - PowerPoint PPT Presentation

Oct 01, 2022 154 likes •335 views

Pa PacketScope: : Monit itorin ing the Pac acket Li Lifecycle Wi Within a a S Swi witch Ross Teixeira (Princeton) Rob Harrison (United States Military Academy) Arpit Gupta (UC Santa Barbara) Jennifer Rexford (Princeton) Ou Outline

slide-1
SLIDE 1

Pa PacketScope: : Monit itorin ing the Pac acket Li Lifecycle Wi Within a a S Swi witch

Ross Teixeira (Princeton) Rob Harrison (United States Military Academy) Arpit Gupta (UC Santa Barbara) Jennifer Rexford (Princeton)

slide-2
SLIDE 2

Ou Outline

  • 1. Peeking Inside the Switch
  • 2. Packet Lifecycle Query Language
  • 3. Efficient Query Compilation
  • 4. PacketScope Prototype

2

slide-3
SLIDE 3

Ou Outline

  • 1. Peeking Inside the Switch
  • 2. Packet Lifecycle Query Language
  • 3. Efficient Query Compilation
  • 4. PacketScope Prototype

3

slide-4
SLIDE 4

What Happens Inside a (Programmable) Switch?

  • Packets are modified in the switch
  • Multiple pipelines
  • Access Control List (ACL) drops
  • Queues cause delays and loss

Ingress Queues Egress

4

slide-5
SLIDE 5

Prior Systems Don’t Peek Inside

  • Switch monitoring is important
  • Want to adapt dataflow monitoring systems
  • map, filter, reduce operators on incoming tuples
  • Prior systems only captured packets as they arrived

at a switch[1,3]

  • Or only provide queuing delay info[2]

5

Ingress Queues Egress

Switch Pipeline

[1] Sonata (SIGCOMM ‘18), [2] Marple (SIGCOMM ‘17), [3] Gigascope (SIGMOD ‘03)

slide-6
SLIDE 6

Introducing PacketScope

  • Monitoring the packet lifecycle
  • Packet modifications
  • ACL drops
  • Queuing delays/loss

Ingress Switch Fabric + Queues Egress Queues

6

slide-7
SLIDE 7

Ou Outline

  • 1. Peeking Inside the Switch
  • 2. Packet Lifecycle Query Language
  • 3. Efficient Query Compilation
  • 4. PacketScope Prototype

7

slide-8
SLIDE 8

Ingress Switch Fabric + Queues Egress

Queues

The Life of a Packet

port_in, headers_in, time_in port_intent, headers_mid queuing _in/_out (length, time) port_out, headers_out

(Could be modified/ dropped!)

8

(Could be delayed!) (Could be modified/ dropped!) Ingress() tuples Egress() tuples

slide-9
SLIDE 9

undropped_SSH_NAT = egress() .filter(tcp.srcPort_in == 22) .filter(ipv4.srcIP_in != ipv4.srcIP_out) .filter(port_out != -1) 1 2 3 4

Example Query

  • Count un-dropped SSH packets that traverse a NAT

SSH Packets Crossing a NAT Not Dropped

9

Not Lost

slide-10
SLIDE 10
  • Loss happens outside ingress/egress processing
  • We can’t insert processing to capture packet
  • Cannot execute query on individual packet tuples
  • But over time, we can track aggregate counts by keeping state
  • .lost(groupby_fields, epoch_ms) operator
  • count packets grouped by groupby_fields every epoch_ms
  • Arrival time determines epoch placement

How To Track Queuing Loss?

Ingress Queues

X

10

slide-11
SLIDE 11

Ou Outline

  • 1. Peeking Inside the Switch
  • 2. Packet Lifecycle Query Language
  • 3. Efficient Query Compilation
  • 4. PacketScope Prototype

11

slide-12
SLIDE 12

Ingress Switch Fabric + Queues Egress

Queues

Compilation: “Tag Little, Compute Early”

E.g. Queries across ports? .filter(ipv4.srcIP_in != ipv4.srcIP_out) A: Tag packet with metadata

Packet: ipv4.srcIP = X Metadata: ipv4.srcIP_in = X Packet: ipv4.srcIP = Y 12 Packet: ipv4.srcIP = ??

Execute

slide-13
SLIDE 13

Ingress Switch Fabric + Queues Egress

Queues

Compilation:“Tag Little, Compute Early”

Where to place computation? .filter(ipv4.srcIP_in != ipv4.srcIP_mid)… A: As early as possible!

Packet ipv4.srcIP = X 13 Metadata: ipv4.srcIP_in Metadata: Metadata: ?

slide-14
SLIDE 14

Ingress Switch Fabric + Queues Egress

Queues

Compilation:“Tag Little, Compute Early”

Where to place computation? .filter(ipv4.srcIP_in != ipv4.srcIP_mid)… A: As early as possible!

  • Metadata can be reused for future processing.

Packet: ipv4.srcIP = Y 14

Execute

Metadata: ipv4.srcIP_in Metadata:

slide-15
SLIDE 15

How To Compile Lost Operator?

Ingress Queues

X

15

  • .lost([ipv4.srcIP], 10ms)
  • Compile as a join of two queries:
  • Count by ipv4.srcIP on ingress
  • Count by ipv4.srcIP on egress
  • Report difference every 10ms of packet arrival times
  • Gory details in paper

Egress

State State

slide-16
SLIDE 16

Ou Outline

  • 1. Peeking Inside the Switch
  • 2. Packet Lifecycle Query Language
  • 3. Efficient Query Compilation
  • 4. PacketScope Prototype

16

slide-17
SLIDE 17

Pa PacketScope Pr Proto totype

  • We built a prototype[1] in Python and P4 with:
  • Support for packet modifications, queuing delays
  • Tag little, compute early compilation
  • We also built a queuing loss query prototype
  • Uses the BMv2 software model
  • More details and future work in paper

17

[1] As an extension to Sonata (SIGCOMM ‘18)

slide-18
SLIDE 18

Con Conclusion

  • n
  • PacketScope is a network telemetry system
  • Using a dataflow programming model (map, filter, reduce)
  • That supports queries on the full packet lifecycle:
  • Packet modifications
  • ACL drops
  • Queuing delays/loss
  • And compiles efficiently to programmable switches

Ingress Switch Fabric + Queues Egress Queues