190 likes | 320 Views
Herbert Bos Willem de Bruijn Trung Nguyen Mihai Cristea Georgios Portokalidis. Vrije Universiteit Amsterdam. Universiteit Leiden. uspace. kspace. nspace. Vrije Universiteit Amsterdam. FFPF: Fairly Fast Packet Filters. u. k. n. http://ffpf.sourceforge.net/.
E N D
Herbert Bos Willem de Bruijn Trung Nguyen Mihai Cristea Georgios Portokalidis Vrije Universiteit Amsterdam Universiteit Leiden uspace kspace nspace Vrije Universiteit Amsterdam FFPF: Fairly Fast Packet Filters u k n http://ffpf.sourceforge.net/
spread of SAPPHIRE in 30 minutes -process at lowest possible level-minimise copying -minimise context switching -freedom at the bottom Network Monitoring • Increasingly important • traffic characterisation, securitytraffic engineering, SLAs, billing, etc. • Existing solutions: • designed for slow networksor traffic engineering/QoS • not very flexible • We’re hurting because of • hardware (bus, memory) • software (copies, context switches) demand for solution:-scales to high link rates - scales in no. of apps - flexible
UDP with CodeRed eth0 TCP SYN bytecount HTTP U RTSP TCP IP “contains worm” UDP RTP UID 0 generalised notion of flow Flow: “a stream of packets that match arbitraryuser criteria” Flowgraph
efficient userspace ? • reduced copying and context switches • sharing data • flowgraphs: sharing computations kernel ? network card ? ? x “push filtering tasks as far down the processing hierarchy as possible”
- no ‘vertical’ copies - no ‘horizontal’ copies within flow group - more than ‘just filtering’ in kernel (e.g.,statistics) Application B ‘filter’ reduce copying • FFPF avoids both ‘horizontal’ and ‘vertical’ copies Application A U K
Extensible • modular framework • language agnostic • plug-in filters (device,eth0) -> (sampler,2) -> (BPF,”..”) -> (packetcount) (device,eth0) | (device,eth1) -> (sampler,2) -> (FPL-2,”..”) | (BPF,”..”) -> (bytecount)
R O O O O O O O W Buffers • PacketBuf • circular buffer with N fixed-size slots • large enough to hold packet • IndexBuf • circular buffer with N slots • contains classification result + pointer
Buffers O O O • PacketBuf • circular buffer with N fixed-size slots • large enough to hold packet • IndexBuf • circular buffer with N slots • contains classification result + pointer O O O O W R
Buffers X X X • PacketBuf • circular buffer with N fixed-size slots • large enough to hold packet • IndexBuf • circular buffer with N slots • contains classification result + pointer X X O O W R
R1 Buffer management O O O O O O O O O O what to do if writer catches up with slowest reader? • slow reader preference • drop new packets (traditional way of dealing with this) • overall speed determined by slowest reader • fast reader preference • overwrite existing packets • application responsible for keeping up • can check that packets have been overwritten • different drop rates for different apps O O O O O O R1 W
IF (PKT.IP_PROTO == PROTO_TCP) THEN // reg.0 = hash over flow fields R[0] = Hash (14,12,1024) // increment pkt counter at this // location in MBuf MEM[ R[0] ]++FI • simple to use • compiles to optimised native code • resource limited (e.g., restricted FOR loop) • access to persistent storage (scratch memory) • calls to external functions (e.g., fast C functions or hardware assists) • compiler for uspace, kspace, and nspace (ixp1200) Languages • FFPF is language neutral • Currently we support: • BPF • C • OKE Cyclone • FPL
packet sources • currently three kinds implemented -netfilter -net_if_rx() -IXP1200 • implementation on IXPs: NIC-FIX -bottom of the processing hierarchy -eliminates mem & bus bottlenecks uspace kspace nspace
zero copy copy once on-demand copy Network Processors “programmable NIC”
Performance results pkt loss: FFPF: < 0.5% LSF: 2-3%
Performance results pkt loss: LSF:64-75% FFPF: 10-15%
Summary concept of ‘flow’ generalised copying and context switching minimised processing in kernel/NIC complex programs + ‘pipes’ FPL: FFPF Packet Languages fast + flexible persistent storage flow-specific state authorisation + third-party code any user flow groupsapplications sharing packet buffers
More Information http://ffpf.sourceforge.net/