P4 to OpenDataPlane Compiler - BUD17-304
Die SlideShare-Präsentation wird heruntergeladen.
×
Hier ansehen
Weitere Verwandte Inhalte
Diashows für Sie (20)
Andere mochten auch (6)
Ähnlich wie Functional approach to packet processing (20)
Aktuellste (20)
Functional approach to packet processing
- 1. A purely functional approach to packet processing Nicola Bonelli Nicola Bonelli, Stefano Giordano, Gregorio Procissi University of Pisa Luca Abeni University of Trento
- 2. 2 Facts on Linux ● Linux is a general purpose operating system often used to create middleboxes o large amount of open source software o a feature-rich subsystem of networking ● The kernel provides o network stack supports a large amount of protocols o traffic control (tc), firewall (netfilter) o routing (iproute2), bridging o monitoring facilities (AF_PACKET and BPF filters) ● Open-source kernel modules o PF_RING-DNA / Netmap (accelerated drivers) o PFQ framework for multi-core architectures
- 3. 3 Motivation ● What’s wrong with Linux as a middlebox? o Components are designed to be configurable ! programmability is not fully addressed ● only low level libraries enable tools to communicate to the kernel o Interoperability among heterogeneous components? ! components are statically linked to each other ! what about bridging packets that satisfy a given BPF ? o With no virtual machines, the configuration is system-wide ! Multiple applications can concurrently manage the networking for different purposes?
- 4. 4 Objective ● Design a new language for programmable middleboxes that: o at high level enables reusability and interoperability among kernel components ! interfaces, kernel and sockets are end-points o is multi-thread oriented by design ! allows concurrent execution of networking applications o as much close as possible to NICs ● But where to implement it? o Use PFQ as underlying architecture
- 5. 5 Why PFQ? ● Multi-language framework o C, C++11-14, Haskell o compliant with a plethora of device drivers o line-speed with Intel vanilla drivers (14.8Mpps) ● Flexible parallelism o decouple software from hardware parallelism ● Address multi-core architectures o scale almost linearly in any possible configuration ● Best practices of concurrent programming o no mutexes, no spinlocks in fast data-path o amortized atomic operations
- 6. 6 PFQ/lang overview ● PFQ/lang as a functional language ! DLS describing networking application as a sequence of elementary operations (functions) ! simple firewall, bridge, load balancer, etc. ! early stage of monitoring applications (dispatcher) ● A PFQ/lang program consists of a functional composition o takes a packet and return a packet enriched with a context ! information about the distribution (Fanout) ! state, annotation (State) etc. ! possible side effect (IO)
- 7. 7 PFQ/lang features ● strongly typed language ● high-order functions o functions that take functions as argument (i.e. conditional expressions) ● currying o Used to bind arguments in user-space " string, vectors, trivially copyable objects in C++ " storable types, storable tuples, list in Haskell ● immutability of data o COW (copy-on-write) ● deterministic garbage collector (GC) o Value semantic with no impact on performance
- 8. 8 PFQ/lang principles ● PFQ/lang computations are defined in user-space o C++11/Haskell eDSL ● AST is transferred to kernel module for a group of endpoints o runtime strict type-checking (to avoid kernel panic) ● Converted into an executable data structure by a runtime linker o structure with data and pointers to functions ● … and executed on top of network device drivers
- 9. 9 PFQ/lang current state ● In-kernel functions are implemented in C language o reusability of Linux kernel functions o about a hundred of functions ready to use o functional library eases the implementation ● The runtime linker is extensible o users can add custom functions and make them available in the DLS ● What is missing... o grammar parser for computations from text o PFQ/lang native compiler
- 10. 10 PFQ/lang theory (in short) ● Fanout, State and IO can be seen as mathematical abstractions called monads (category theory) ● Monads are data structures that represent computations o extend pure functions with side effect ● PFQ/Lang elementary operations are monadic functions o Action: fanout monad, IO monad and state monad. ● Functional composition of monadic functions with the Kleisli operator
- 11. 11 Monads: fanout and state ● Fanout monad is designed to model packet dispatching o fanout values can be: Drop, Pass, Broadcast, Steer, Deliver and Dispatch Drop => drop the packet Pass => pass this packet to the next function Broadcast => broadcast this packet to all the endpoints of this group Deliver => send the packet to the endpoints of the given class Steer => send the packet to an endpoint by means of a hash (random) Dispatch => combination of Deliver + Steer ● State monad is designed to model a mutable state o the state is associated with the computation simple state, used to mark packets o persistent state assiciated with flows
- 12. 12 IO monad ● IO monad (+GC) is used to implement packet forwarding o lazy implementation carried out after the computation is evaluated ● Lazy means faster! o A shallow copy per packet forwarding o The last forward can be done without the copy o A posteriori with lazy forwarding we can save the last skb_clone
- 13. 13 PFQ/lang simple functions ● Simple functions are divided into the following categories: o predicates: ! is_ip, is_udp, is_tcp, is_icmp, is_ip6, is_udp6, is_tcp6, is_flow, is_frag, is_first_frag, is_more_frag, has_port, has_src_port, has_dst_port, has_vlan, has_vid, bloom etc... o combinators: ! ||, &&, ^^ (binary), not (unary) o properties: ! ip_tos, ip_tot_len, ip_id, ip_frag, ip_ttl, tcp_src, tcp_dst, tcp_hdrlen, udp_src, udp_dst, udp_len, icmp_type, icmp_code... o comparators: ! >, >=, <, <=, ==, /=, any_bit, all_bit
- 14. 14 PFQ/lang monadic functions ● Monadic functions are divided into the following categories: o filters: ! ip, ip6, udp, tcp, udp6, tcp6, icmp, icmp6, flow, rtp, no_frag, no_more_frag, vlan_filter, bloom_filter, etc. o steering functions: ! steer_link, steer_vlan, steer_ip, steer_ip6, steer_flow, steer_rtp, steer_net, steer_field o conditionals: ! when, unless, conditional o others: ! kernel, forward, bridge, tee, tap, inv, par, log_msg, log_packet,etc.
- 15. 15 PFQ/lang example Haskell: comp = ip >-‐> forward "eth1" >-‐> log_msg "IP packet" >-‐> addr "192.168.0.0" 16 >-‐> (when’ is_icmp log_packet) >-‐> kernel C++11: auto comp = ip >> forward ("eth1") >> log_msg ("IP packet") >> addr ("192.168.0.0",16) >> when(is_icmp, log_packet) >> kernel;
- 16. 16 PFQ/lang use cases Port mirroring forward "eth1" >-‐> kernel Smart Bridging (when is_udp (forward "eth1")) >-‐> kernel tap "eth2" is_rtp >-‐> kernel Load Balancer steer_flow ip >-‐> steer_link
- 17. 17 PFQ/lang use cases Stateless Firewall (when has_port 22 && !address("131.114.0.0", 16) drop) >-‐> kernel when (bloom 16 ["192.168.0.1", "192.168.0.2" ...]) kernel Monitoring (early stage application) conditional is_rtp (class 0 >-‐> steer_flow) class 1
- 18. 18 Performance Speed test: 10Gb link, 64B packets, Xeon 6 cores x5650 (Nehalem) @2.67Ghz, 16G Ram + Intel 82599 10G (Debian Wheezy)
- 19. 19 Performance Conditional: (when is_tcp steer_flow) bridge: tap is_udp “eth2”
- 20. 20 Performance speed test: comparisons of different computations
- 21. 21 PFQ wiki and download http://www.pfq.io https://github.com/pfq/PFQ/wiki
