redundant logic elimination in network functions
play

Redundant Logic Elimination in Network Functions Bangwen Deng 1 , - PowerPoint PPT Presentation

Oct 03, 2022 •223 likes •697 views

Redundant Logic Elimination in Network Functions Bangwen Deng 1 , Wenfei Wu 1 , Linhai Song 2 1: Tsinghua University 2: The Pennsylvania State University Network Functions: Critical components in network Growing impact: Various network

  1. Redundant Logic Elimination in Network Functions Bangwen Deng 1 , Wenfei Wu 1 , Linhai Song 2 1: Tsinghua University 2: The Pennsylvania State University

  2. Network Functions: Critical components in network • Growing impact: • Various network scenarios • Diverse functions (e.g. , Firewall, NAT, IDS, Load Balancer) • NF’s efficiency in flow processing is critical: • Affects network’s end-to-end performance in a significant way (e.g., latency accumulation, throughput bottleneck )

  3. Network Functions: Critical components in network • Mismatch of the protocol space in the development and that in the deployment leads to redundant logic: • Covering a large protocol space in development • Configuring a subspace of the entire protocol space in deployment Whole Protocol Space

  4. Network Functions: Critical components in network • Mismatch of the protocol space in the development and that in the deployment leads to redundant logic: • Covering a large protocol space in development • Configuring a subspace of the entire protocol space in deployment Rules: Whole Protocol Space drop tcp 10.0.0.0/24 any −> 10.1.0.0/24 any …… …… Subspace

  5. Network Functions: Critical components in network • Mismatch of the protocol space in the development and that in the deployment leads to redundant logic: • Covering a large protocol space in development • Configuring a subspace of the entire protocol space in deployment Goal: To use compiler techniques to optimize away the redundancy.

  6. Outline • Introduction • Design Intuition • NFReducer Implementation • Preliminary Evaluation • Conclusion

  7. Snort IDS Code(Simplified)

  8. Snort IDS Code(Simplified) Parsing

  9. Snort IDS Code(Simplified) Parsing Match

  10. Snort IDS Code(Simplified) Action Parsing Match

  11. Type-I Redundancy: Unused layer parsing • Example Action Parsing Match Pkt.IP == Rule.IP IP address (L3) Drop Pkt.Port == Rule.Port Port (L4) Pass

  12. Type-I Redundancy: Unused layer parsing • Example What if only L3 header is used? E.g., <10.0.0.1->*, s/d port=*, drop> Action Parsing Match Pkt.IP == Rule.IP IP address (L3) Drop Pkt.Port == Rule.Port Port (L4) Pass

  13. Type-I Redundancy: Unused layer parsing • Example What if only L3 header is used? E.g., <10.0.0.1->*, s/d port=*, drop> Unused Wildcard Action Parsing Match Pkt.IP == Rule.IP IP address (L3) Drop Pkt.Port == Rule.Port Port (L4) Pass Always True

  14. Type-I Redundancy: Method to Solve • Apply Rules <10.0.0.1->*, s/d port=*, drop> Match Parsing Action Pkt.IP == Rule.IP IP address (L3) Drop Pass Port (L4) Pkt.Port == *

  15. Type-I Redundancy: Method to Solve • Apply Rules • Constant Folding and Propagation <10.0.0.1->*, s/d port=*, drop> Match Parsing Action Pkt.IP == Rule.IP IP address (L3) Drop Pass Port (L4) True

  16. Type-I Redundancy: Method to Solve • Apply Rules • Constant Folding and Propagation • Dead Code Elimination <10.0.0.1->*, s/d port=*, drop> Match Parsing Action Pkt.IP == Rule.IP IP address (L3) Drop Pass Port (L4) Port (L4) True

  17. Type-II Redundancy: Unused Protocol (Branch) Parsing • Branches in Parse and Match If NF processes TCP packets only, E.g., <10.0.0.0/24, tcp, 80, drop> IP Parsing IP Proto==TCP Proto==UDP Proto==TCP Proto==UDP TCP UDP TCP UDP Port==80 Port!=80 Port==* Parsing Parsing pass pass drop Parsing Match

  18. Type-II Redundancy: Unused Protocol (Branch) Parsing • Branches in Parse and Match If NF processes TCP packets only, E.g., <10.0.0.0/24, tcp, 80, drop> True Always False Redundant IP Parsing IP Logic Proto==TCP Proto==UDP Proto==TCP Proto==UDP TCP UDP TCP UDP Port==80 Port!=80 Port==* Parsing Parsing pass pass drop Parsing Match

  19. Type-II Redundancy: Method to Solve • Extract Feasible Execution Path Parse Match IP Parsing IP Proto==TCP Proto==UDP Proto==TCP Proto==UDP TCP UDP TCP UDP Port==80 Port!=80 Port==* Parsing Parsing pass pass drop

  20. Type-II Redundancy: Method to Solve • Extract Feasible Execution Path • Constant Folding and Propagation Parse Match IP Parsing IP Proto==TCP Proto==UDP Proto==TCP False TCP UDP TCP UDP Port==80 Port!=80 Port==* Parsing Parsing pass pass drop

  21. Type-II Redundancy: Method to Solve • Extract Feasible Execution Path • Constant Folding and Propagation • Dead Code Elimination Parse Match IP Parsing IP Proto==TCP Proto==UDP Proto==TCP False Dead Code Dead Code TCP UDP TCP UDP Port==80 Port!=80 Port==* Parsing Parsing pass pass drop

  22. Type-II Redundancy: Method to Solve • Extract Feasible Execution Path • Constant Folding and Propagation • Dead Code Elimination Parse Match IP Parsing IP Proto==TCP Proto==UDP Proto==TCP False TCP TCP Port==80 Port!=80 Parsing pass drop

  23. Type-III Redundancy: Cross-NF Redundancy • If a monitor deployed before an IDS instance who blocks UDP packets, all the parsing and counting for UDP packets in the monitor is redundant. Ingress flows Egress flows Monitor IDS Block UDP packets UDP packets processing is redundant

  24. Type-III Redundancy: Cross-NF Redundancy • If a monitor deployed before an IDS instance who blocks UDP packets, all the parsing and counting for UDP packets in the monitor is redundant. Ingress flows Egress flows Monitor IDS Block UDP packets UDP packets processing is redundant • Method to Solve: • Consolidate • Eliminate type-I and type-II redundancy • Decompose

  25. Outline • Introduction • Design Intuition • NFReducer Implementation • Preliminary Evaluation • Conclusion

  26. NFReducer Architecture • Labeling Critical Variables and Actions The architecture of NFReducer

  27. NFReducer Architecture • Labeling Critical Variables and Actions • Extracting Packet Processing Logic The architecture of NFReducer

  28. NFReducer Architecture • Labeling Critical Variables and Actions • Extracting Packet Processing Logic • Individual NF Optimization The architecture of NFReducer

  29. NFReducer Architecture • Labeling Critical Variables and Actions • Extracting Packet Processing Logic • Individual NF Optimization • Cross-NF Optimization The architecture of NFReducer

  30. NFReducer Architecture • Labeling Critical Variables and Actions • Critical Variables • Packet Variables: Holding the packet raw data. • State Variables: Maintaining the NF states. (e.g., counter) • Config Variables: Maintaining the config info. (e.g., rules) • NF Actions: • External Actions (e.g., replying, forward, drop packets) • Internal Actions (e.g., updating state variables)

  31. NFReducer Architecture • Labeling Critical Variables and Actions • Extracting Packet Processing Logic • Removing functionalities unrelated to packet processing (e.g., log). • Facilitate the compiler techniques applied later (e.g., symbolic execution). Source code Packet Processing Program Slicer Logic Labeled Variables && Actions

  32. NFReducer Architecture Packet Processing Configured Rules Logic Apply Configs & • Labeling Critical Variables and Actions Extract Paths • Extracting Packet Processing Logic … … Path1 Path2 Constant Folding & Propagation • Individual NF Optimization … … • Apply Configs Check path feasibility • Extract Paths … … • Constant Folding and Propagation • Check Path Feasibility Dead Code Elimination & Merge • Dead Code Elimination Optimized Code

  33. NFReducer Architecture NF1 NF2 • Labeling Critical Variables and Actions Consolidate • Extracting Packet Processing Logic Individual NF • Individual NF Optimization Optimization • Cross-NF Optimization Decompose • Preliminary discussion on the optimization of different NF chain execution models. Optimized Optimized NF1 NF2

  34. Implementation LLVM DG Static Slicer

  35. Outline • Introduction • Design Intuition • NFReducer Implementation • Preliminary Evaluation • Conclusion

  36. Evaluation: Eliminating Type-I Redundancy Throughput of Suricata Throughput of Snort • Setting: Configured with layer-3 rules. • Increase by nearly 15% for Snort and by 15% to 10X for Suricata (single thread). • Suricata is more significant • inspects packets deeper in payload than Snort.

  37. Evaluation: Eliminating Type-I Redundancy Throughput of Suricata Throughput of Snort • Setting: Configured with layer-3 rules. • Increase by nearly 15% for Snort and by 15% to 10X for Suricata (single thread). • Suricata is more significant • inspects packets deeper in payload than Snort.

  38. Evaluation: Eliminating Type-I Redundancy Throughput of Suricata Throughput of Snort • Setting: Configured with layer-3 rules. • Increase by nearly 15% for Snort and by 15% to 10X for Suricata (single thread). • Suricata is more significant • inspects packets deeper in payload than Snort.

  39. Evaluation: Eliminating Type-I Redundancy Throughput of Suricata Throughput of Snort • Setting: Configured with layer-3 rules. • Increase by nearly 15% for Snort and by 15% to 10X for Suricata (single thread). • Suricata is more significant • inspects packets deeper in payload than Snort.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Redundant Feature Elimination Redundant Feature Elimination for Multi-Class Problems for

Redundant Feature Elimination Redundant Feature Elimination for Multi-Class Problems for

1 Redundant Feature Elimination Redundant Feature Elimination for Multi-Class Problems for Multi-Class Problems Annalisa Appice, Michelangelo Ceci Dipartimento di Informatica, Universit degli Studi di Bari, Italy Simon Rawles, Peter Flach

512 views • 50 slides
Machine Independent Code Optimizations Useless Code and Redundant Expression Elimination cs5363

Machine Independent Code Optimizations Useless Code and Redundant Expression Elimination cs5363

Machine Independent Code Optimizations Useless Code and Redundant Expression Elimination cs5363 1 Code Optimization Source Target IR IR optimizer Back end Front end program program (Mid end) compiler The goal of code

631 views • 34 slides
Elimination Techniques In Modern Propositional Logic Reasoning Norbert Manthey

Elimination Techniques In Modern Propositional Logic Reasoning Norbert Manthey

Elimination Techniques In Modern Propositional Logic Reasoning Norbert Manthey nmanthey@conp-solutions.com December 7, 2017 Outline Satisfiability Testing Elimination in SAT Solving Algorithms Constraint Types Model

682 views • 47 slides
Cut-elimination for Intuitionistic Provability Logic Iris van der Giessen Utrecht University

Cut-elimination for Intuitionistic Provability Logic Iris van der Giessen Utrecht University

Introduction to provability logic Cut-elimination Cut-elimination for Intuitionistic Provability Logic Iris van der Giessen Utrecht University i.vandergiessen@uu.nl April 26, 2019 Iris van der Giessen Cut-elimination for Intuitionistic

521 views • 36 slides
AUTOMATED REASONING Otten &quot;Restricting Backtracking in Connection Calculii&quot; (2010).

AUTOMATED REASONING Otten &quot;Restricting Backtracking in Connection Calculii&quot; (2010).

Variants and extensions to Model Elimination 11ai In these slides we consider two extensions to Model Elimination; 1) Variation in the search mechanism : The method of removing potentially redundant backtracking (called non-essential

464 views • 7 slides
AUTOMATED REASONING Jens Otten &quot;Restricting Backtracking in Connection Calculii&quot; (2010).

AUTOMATED REASONING Jens Otten &quot;Restricting Backtracking in Connection Calculii&quot; (2010).

Variants and extensions to Model Elimination 11ai In these slides we consider some extensions and alternatives to Model Elimination; 1) Variation in the search mechanism : The method of removing potentially redundant backtracking (called

232 views • 9 slides
Motivation Some expressions in a program may cause redundant recomputation of values. If such

Motivation Some expressions in a program may cause redundant recomputation of values. If such

Motivation Some expressions in a program may cause redundant recomputation of values. If such recomputation is safely eliminated, the program will usually become faster. There exist several redundancy elimination optimisations which attempt to

670 views • 37 slides
Logic Programming 1 Logic Programming Instead of using functions as in imperative and

Logic Programming 1 Logic Programming Instead of using functions as in imperative and

Logic Programming 1 Logic Programming Instead of using functions as in imperative and functional programs We use predicates, as in predicate calculus Interpretation = proving theorems 2 Prolog Developed at Univ. of

663 views • 7 slides
1 Mux Representation of Boolean Functions MUX circuit to implement logic 1 0 x1 x2 x3

1 Mux Representation of Boolean Functions MUX circuit to implement logic 1 0 x1 x2 x3

ECE 474A/57A Computer-Aided Logic Design Lecture 11 Binary Decision Diagrams (BDDs) ECE 474a/575a 1 of 31 Susan Lysecky Boolean Logic Functions Representations Function can be represented in different ways Truth table, equation, K-map,

457 views • 12 slides
Quantifier elimination, amalgamation, deductive interpolation and Craig interpolation in

Quantifier elimination, amalgamation, deductive interpolation and Craig interpolation in

Quantifier elimination, amalgamation, deductive interpolation and Craig interpolation in many-valued logic Franco Montagna, first part in collaboration with Tommaso Cortonesi and Enrico Marchioni Definition . A logic L has the deductive

380 views • 19 slides
Functions How to make the person run? (See: runForest.cpp) Functions You can also use functions

Functions How to make the person run? (See: runForest.cpp) Functions You can also use functions

Functions How to make the person run? (See: runForest.cpp) Functions You can also use functions that return bool types in an if statement or loop This is commonly used if you have complex logic as it is normally easier to write a function

260 views • 10 slides
The Elimination Algorithm Chris Williams School of Informatics, University of Edinburgh October

The Elimination Algorithm Chris Williams School of Informatics, University of Edinburgh October

The Elimination Algorithm Chris Williams School of Informatics, University of Edinburgh October 2009 1 / 14 Overview Inference in Belief Networks Elimination in an Example Network The Elimination Algorithm Evidence Potentials Graph

261 views • 14 slides
Variable and clause elimination for LTL satisfiability checking Martin Suda Max Planck Institut

Variable and clause elimination for LTL satisfiability checking Martin Suda Max Planck Institut

Variable and clause elimination for LTL satisfiability checking Martin Suda Max Planck Institut fr Informatik MACIS-2013 Introduction LTL preliminaries Labels Elimination in LTL Experimental evaluation Conclusion Linear temporal logic

1.17k views • 69 slides
Free-cut elimination in linear logic and an application to a feasible arithmetic Anupam Das

Free-cut elimination in linear logic and an application to a feasible arithmetic Anupam Das

Free-cut elimination in linear logic and an application to a feasible arithmetic Anupam Das Patrick Baillot LIP, Universit e de Lyon, CNRS, ENS de Lyon, INRIA, Universit e Claude-Bernard Lyon 1, Milyon 6 th October, 2016 Bologne ELICA

973 views • 62 slides
Logic for Computer Science 07 Functions Wouter Swierstra University of Utrecht 1 Last time

Logic for Computer Science 07 Functions Wouter Swierstra University of Utrecht 1 Last time

Logic for Computer Science 07 Functions Wouter Swierstra University of Utrecht 1 Last time Proof strategies 2 Today Functions 3 Functions Given two sets A and B, we can form a new set A B consisting of functions from A to B.

908 views • 63 slides
Quantifiers and Functions in Intuitionistic Logic Association for Symbolic Logic Spring Meeting

Quantifiers and Functions in Intuitionistic Logic Association for Symbolic Logic Spring Meeting

Quantifiers and Functions in Intuitionistic Logic Association for Symbolic Logic Spring Meeting Seattle, April 12, 2017 Rosalie Iemhoff Utrecht University, the Netherlands 1 / 37 Quantifiers are complicated. 2 / 37 Even more so in

519 views • 37 slides
Parallel Functional Programming Lecture 2 Mary Sheeran (with thanks to Simon Marlow for use of

Parallel Functional Programming Lecture 2 Mary Sheeran (with thanks to Simon Marlow for use of

Parallel Functional Programming Lecture 2 Mary Sheeran (with thanks to Simon Marlow for use of slides) http://www.cse.chalmers.se/edu/course/pfp Remember nfib nfib :: Integer -&gt; Integer nfib n | n&lt;2 = 1 nfib n = nfib (n-1) + nfib (n-2)

1.19k views • 90 slides
Finding the Optimal Reconfiguration for Network Function Virtualization Orchestration with

Finding the Optimal Reconfiguration for Network Function Virtualization Orchestration with

Finding the Optimal Reconfiguration for Network Function Virtualization Orchestration with Time-varied Workload Satyajit Padhy, Jerry Chou National Tsing Hua University The Third International Workshop on Systems and Network Telemetry and

725 views • 26 slides
Verse in 23 And not only the creation, but we ourselves, who have the firstfruits of the

Verse in 23 And not only the creation, but we ourselves, who have the firstfruits of the

I KNOW part 7: My Body Will Be Made Perfect 01.22.12 Scripture: Romans 8:23 ESV / Video: I KNOW Intro: Whenever we come to that place in our video promo when we hear the line I KNOW my body will be made perfect, I almost tear

202 views • 3 slides
The Neuroendocrinology of Psychopathy Abraham J. Nunes MD, MBA PGY-1, Psychiatry Dalhousie

The Neuroendocrinology of Psychopathy Abraham J. Nunes MD, MBA PGY-1, Psychiatry Dalhousie

Introduction to Psychopathy Somatic Findings in Psychopathy Neural Bases of Psychopathy A Focus on OXT/AVP Future Directions The Neuroendocrinology of Psychopathy Abraham J. Nunes MD, MBA PGY-1, Psychiatry Dalhousie University Abraham J.

654 views • 36 slides
Equilibrium Refinements Mihai Manea MIT Sequential Equilibrium In many games information is

Equilibrium Refinements Mihai Manea MIT Sequential Equilibrium In many games information is

Equilibrium Refinements Mihai Manea MIT Sequential Equilibrium In many games information is imperfect and the only subgame is the original game. . . subgame perfect equilibrium = Nash equilibrium Play starting at an information set can

401 views • 39 slides
Hadronic Vacuum Polarization with Twisted Mass Fermions Marcus Petschlies ETMC

Hadronic Vacuum Polarization with Twisted Mass Fermions Marcus Petschlies ETMC

Hadronic Vacuum Polarization with Twisted Mass Fermions Marcus Petschlies ETMC Helmholtz-Institut f ur Strahlen- und Kernphysik, Rheinische Friedrich-Willhelms-Universit at Bonn First Workshop on the g 2 Initiative QCenter, Fermilab,

535 views • 29 slides
Normalization by Evaluation for Martin-L of Type Theory Daniel Gratzer October 1, 2018 Goal

Normalization by Evaluation for Martin-L of Type Theory Daniel Gratzer October 1, 2018 Goal

Normalization by Evaluation for Martin-L of Type Theory Daniel Gratzer October 1, 2018 Goal Produce a function nf ( , t, A ) : Ctx Term Type Term so that the following 3 conditions hold: 1. t 1 t 2 : A = nf ( , t

1.05k views • 67 slides
Speckers Proof of Infinity in NF Sergei Tupailo Centro de Matem atica e Aplica c oes

Speckers Proof of Infinity in NF Sergei Tupailo Centro de Matem atica e Aplica c oes

Speckers Proof of Infinity in NF Sergei Tupailo Centro de Matem atica e Aplica c oes Fundamentais Universidade de Lisboa sergei@cs.ioc.ee Tallinn, January 24, 2012 L := { = , } . The logic is Classical with Equality .

335 views • 12 slides

More recommend