1 / 23

BPC: A language for packet classification

BPC: A language for packet classification. Haiyong Wang hw6h@cs.virginia.edu. What is classification. Classification is a mechanism that inspects incoming network packets, and based on the values found in selected header fields, determines how each to be processed.

jam
Download Presentation

BPC: A language for packet classification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BPC: A language for packet classification Haiyong Wang hw6h@cs.virginia.edu

  2. What is classification • Classification is a mechanism that inspects incoming network packets, and based on the values found in selected header fields, determines how each to be processed. • Usually, specifications are expressed as rules. • Packets satisfying the same rule are classify into one flow.

  3. net 202.128.201.0/24 net 202.128.202.0/24 net 202.128.203.0/24 Classification: an example Router ISP1 Flow1 Classifier ISP2 Flow2 Flow3 ISP3

  4. Why Classification • Essential to QoS (admission control, resource reservation, per-flow queuing and fair scheduling) • Necessary to many advanced services ( load balancing and content-based routing) • ISP ( Accounting, billing and network monitoring ) • Network Security

  5. What has been done? • Networking community: extend IP lookup • Focus on performance • Very limited specifications, no language. • Only work on Layer 3/4 header • OS community: packet demultiplexing • machine-code level specification(difficult to develop and test) • Filter composition issues

  6. My work • Based on a high-level packet filter language(BPF) • Filter composition • Look deeper and smarter • Keep status

  7. (((12:16 == 0x8 ) && #IP? Shift(6 + 6 + 2)&& #skip Ethernet header (9:8== 6)&& #TCP? Shift(20)&& #skip IP header (0:16 == 80)&& #src port 80 (2:16 == 80) #dst port 80 (((12:16 == 0x8 ) && #IP? Shift(6 + 6 + 2)&& #skip Ethernet header (9:8== 6)&& #TCP? Shift(20)&& #skip IP header (0:16 == 80)&& #src port 80 (2:16 == 80) #dst port 80 Tcp port HTTP Source network == Destination network Tcp port HTTP Why high-level language? Short! You can not express this in low level language! Easy to use and error-free

  8. Filter Composition • Syntax • $1 filter expression1 • $2 filter expression2 • … • $n filter expression n • Priority is used to resolve conflict

  9. ISP A Real Scenario UserA: Online chat Low Delay Low Bandwidth UserB: Napster fan Greedy Source UserC: Real player Stream Constant BW Low delay Low Jitter

  10. $1 host user A and port A $2 host user B and port B $3 host user C and port C Flow A: the highest priority Flow B:the lowest priority Flow C: reserve bandwidth BPC solution UserA: Online chat UserB: Napster fan UserC: Real player Stream

  11. Look Deeper and Smarter • Why • TCP/IP does not specify what to transmit • Many application-layer protocols put keywords at the beginning of the payload • How • Search Regular Expression • Allow User to define their own criteria

  12. Ethernet Header Ethernet Header IP Header IP Header TCP Header TCP Header Application protocol Application protocol Syntax Include “Regular String” From Len1 to Len2 Include “Regular String” from Len1 to Len2 many protocols are case insensitive Limit the range can reduce the expense Invoke “user routine” boolean user_routine( void *packet, int len)

  13. I Love you I Love you I Love you “I love you”

  14. I Love you I Love you I Love you $include “I *Love*You” from 20 to 100 and port mail port “I love you” (con’d)

  15. Why keep status • Enable us to classify packets dynamically according to the connections • Provide uniform services to all the packets in the same connection • Resource Reservation (allocation and de-allocation)

  16. How to do that: Syntax • trigger ( start expression ) • remove ( end expression ) • satisfy ( match expression ) • identify by ( key words )

  17. Keep status: an example • Example: TCP connection • trigger (tcp[13]&2 = 2) #SYN packet • remove tcp[13]&1 = 1 ) #FIN packet • satisfy ( tcp ) • identify (src host, src port, dst host, dst port)

  18. DDOS Packet Classifier

  19. luxury, spacious, butslow carriage economy, crowded and even unsafe, but super-fast rocket Performance!!! Is Everything all right Analogy What’s the moral

  20. How to run fast • Replace interpreter with native code • Special hardware (hash table, parallel computation) • Compiler Optimization • Intra-filter • Inter-filter

  21. Inter-filter Optimization Ip src host1 Ip dst host2

  22. Optimization( con’d )

  23. Summary • Work has been done • Design a packet classification language by extending BPF • Implement a working system.( You are welcomed to take a look after class ) • Future Work • Integrate BPC into BPF • Performance issues

More Related