linux traffic control classifier action subsystem
play

Linux Traffic Control Classifier-Action Subsystem Architecture - PowerPoint PPT Presentation

Nov 05, 2023 •927 likes •1.27k views

Linux Traffic Control Classifier-Action Subsystem Architecture Jamal Hadi Salim Netdev 0.1, Ottawa, On Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada Motivation Finally Document Hopefully have people use and build on

  1. Linux Traffic Control Classifier-Action Subsystem Architecture Jamal Hadi Salim Netdev 0.1, Ottawa, On Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  2. Motivation ● Finally Document ● Hopefully have people use and build on top (as opposed to re-invent) Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  3. Life Starts With A Port... Network Stack ● And Packets cometh... ● And Packets goeth... Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  4. Linux Datapath ● The main packet mangling hooks are traffic control and netfilter ● We will focus on traffic control Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  5. Traffic Control Hierarchy ● Note: Ingress side does not have a class(queues) ● Our focus is on Classifiers and Actions ● We will refer to those two as CA Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  6. Early History ● Alexey Kuznetsov is the originator of TC and most of the architecture as it stands right now – Much of the flexibility and beauty – Initial patches around kernel 2.1 ● Werner Almesberger did a lot of formative work (many things: classifiers, qdiscs, general education) ● Jamal created the “A” part of “CA” (and current maintainer) ● DaveM who was actively involved in those days Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  7. Classifiers ● Classifiers hold filters which segregate traffic – Built-in default classifier based on protocol ● Many different types of classifiers – No such thing as a universal classifier – Each does something they are good at ● Unix philosophy – Types can be mixed and matched when creating policies ● Example of classifiers – U32, fw, route, rsvp, basic, bpf, flow, openflow, etc ● Example u32 could be used to build an efficient tree for packet lookup based on chunks of 32-bit packet blocks ● Route is efficient with IP based route attributes Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  8. U32 Classifier Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  9. TC Classifier-Actions Action Block Classifier P+M Block ● Packet + Metadata exchanged between the 2 blocks ● Can create a policy graph made of filters and actions ● Graph flow is programmable at both blocks ● Programming Constructs and flow control: statement, if, else, while, goto, continue, end Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  10. CA Programmatic Flow Control ● Priority arrangement of rule predicates is equivalent to if/else if/else ● Rules of the same protocol are grouped by priority Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada ● Each rule maybe a totally different classifier algorithm

  11. Classifier Flow Control ● Continue construct (contributes to if/else branching) ● Essentially continue onto next classifier rule ● Useful for having default policies and overriding rules ● reclassify construct (jump-back operation) ● Useful for adding or removing tunnel headers ● It means start the classification again ● All other constructs(Accept/Drop/Steal) terminate the pipeline Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  12. Anatomy of a Classifier Block Branching rule using Reclassify: says to restart the classification classifier A priority X Rule using classifier B Priority X If ... else if .. Continue: says to continue the classification else ... Rule using classifier B Ambiguity resolution upto to admin Prio X+1 - Rules are sorted by priorities - When priority equal then Rule using => last entered rule more important classifier Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada C Prio X+2

  13. Example classifier branching classifier Reclassify: says to restart the classification Fw proto IP Match mark 3 priority 1 classifier U32 Proto IP Match icmp Priority 2 Continue: says to continue the classification Classifier basic Proto IP Match text “foo” Prio 3 classifier Route Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada Match realm X Priority 4

  14. Actions ● Do one small thing they are good at – Unix philosophy ● Typically the attributes of each instance of a specific action sit in a table row – Creation from the control plane is equivalent to adding a table row Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  15. Actions ● Many actions exist – nat, checksum, TBF policing, generic action (drop/accept), arbitrary packet editor, mirroring, redirect, etc ● Each action instance maintains its own private state which is typically updated by arriving packets ● Each action instance carries attributes and statistics ● An action instance can be shared across more than one service graph Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  16. TC Actions: Simple chain P+M P+M P+M P+M P+M ● Actions policy chain using using pipe construct (emulating the unix | operator ) ● i.e pipe a packet across actions ● As in Unix pipe chain can conditionally be terminated earlier by any action ● Action state, packet Drop , Packet Acceptance , Packet stealing Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  17. Actions: Branching Control ● if and else conditions programmed in action instance ● Any action could conditionally repeat (REPEAT) ● Loop construct Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  18. A Simple Program Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  19. A Simple Program: Functional View Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  20. Summary: Classifier-Action Pipeline Classifier Programmatic control Action Programmatic Control ● CONTINUE ( iterate next rule) ● Stolen/Queued (end CA pipeline) ● RECLASSIFY ( restart pipeline) ● DROP (end CA pipeline) ● All others ( end CA pipeline) ● ACCEPT (end CA pipeline) ● PIPE ( iterate next action) ● CONTINUE (end A ction pipeline) ● RECLASSIFY (end A ction pipeline) ● REPEAT ( restart action processing) ● JUMPx ( jump X actions in pipeline) Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  21. Sharing Actions: IMQ Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  22. Aging of Policies ● All Actions keep track of when they were installed and last used ● Control side can use this info to implement aging algorithms Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  23. Late Binding ● Action instances can be created ● Later bound to policies Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  24. Distributing CA Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  25. Future Work ● More Classifiers and Actions of course ● Functional discovery ● Usability – tcng effort by Werner – Programmability extension into higher level language (python, lua etc) Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  26. Future Work: Hardware Offload Realtek RTL8366xx Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  27. Lets Write Some Programs Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  28. Counting Packets To A Host Action Block Classifier Block Egress Network U32 rule prio 10 Port Accept match dest = google.com Stack (eth1) ● Goal: get acquinted with the control setup via CLI ● Ping google.com ● Show statistics Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  29. Counting Packets To/From A Host Egress Network U32 rule prio 10 Accept Port match dest = google.com Stack Index 12 (eth1) Ingress U32 rule prio 10 Port Accept match src = google.com Index 2 (eth1) ● Goal: get acquinted with the control setup via CLI ● Ping google.com ● Show statistics Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  30. Counting Packets To/From A Host Shared Action Instance Egress Network U32 rule prio 10 Accept Port match dest = google.com Stack Index 12 (eth1) Ingress U32 rule prio 10 Port Accept match src = google.com Index 12 (eth1) ● Goal: A little more complex setup (sharing action instance) ● Ping google.com and show statistics ● Broken for ubuntu shipped kernels and iproute2 Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  31. More Complex Service Ingress egress U32 rule prio 10 Port Port skbedit skbedit copy to If match packet == icmp Mark 11 Mark 12 dummy0 (eth1) (dummy0) 1 If exceeded police police If exceeded 10kbps 20kbps 2 else !exceeded else !exceeded Network Stack ● Goal: Illustrate a more complex service – More complex action graph ● Broken for ubuntu shipped kernels and Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada iproute2

  32. More Complex Service Shared Rate control Ingress egress U32 rule prio 10 Port Port skbedit skbedit copy to If match packet == icmp Mark 11 Mark 12 dummy0 (eth1) (dummy0) 1 If exceeded police police If exceeded 10kbps 20kbps Index 1 Index 2 2 else !exceeded else !exceeded Network Stack else !exceeded else !exceeded police 2 police 20kbps If exceeded 10kbps Index 2 1 Index 1 If exceeded Ingress egress U32 rule prio 10 Port Port skbedit skbedit copy to Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada If match packet == icmp dummy1 Mark 21 Mark 22 (lo) (dummy1)

Recommend

LSS 2017: linux-integrity subsystem update Mimi Zohar 1 IBM Research Linux Integrity Subsystem

LSS 2017: linux-integrity subsystem update Mimi Zohar 1 IBM Research Linux Integrity Subsystem

LSS 2017: linux-integrity subsystem update Mimi Zohar 1 IBM Research Linux Integrity Subsystem Status Update Review of IMA goals New IMA features and other changes TPM related work Possible IMA specific fixes for TPM

567 views • 17 slides
Linux Traffic Control Cong Wang Software Engineer Twitter, Inc. Layer 2 Overview Qdisc:

Linux Traffic Control Cong Wang Software Engineer Twitter, Inc. Layer 2 Overview Qdisc:

Linux Traffic Control Cong Wang Software Engineer Twitter, Inc. Layer 2 Overview Qdisc: how to queue the packets Class: tied with qdiscs to form a hierarchy Filter: how to classify or filter the packets Action: how to deal

459 views • 31 slides
Groking the Linux SPI Subsystem Embedded Linux Conference 2017 Matt Porter Obligatory geek

Groking the Linux SPI Subsystem Embedded Linux Conference 2017 Matt Porter Obligatory geek

Groking the Linux SPI Subsystem Embedded Linux Conference 2017 Matt Porter Obligatory geek reference deobfuscation grok ( /grk/ ) verb to understand intuitively or by empathy, to establish rapport with. Overview What is SPI? SPI

938 views • 47 slides
Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com Website: http://www.gl.com 1 1 Traffic

228 views • 11 slides
Guidelines for Action Space Definition in Reinforcement Learning-based Traffic Signal Control

Guidelines for Action Space Definition in Reinforcement Learning-based Traffic Signal Control

Guidelines for Action Space Definition in Reinforcement Learning-based Traffic Signal Control Systems Maxime Trca, Julian Garbiso, Dominique Barth October 15, 2020 Outline I - Reinforcement Learning Applied to Traffic Signal Control II -

189 views • 16 slides
signin.ritlug.com sign in! Windows Subsystem For Linux RITlug - Week 4! Solomon Rubin Hold up.

signin.ritlug.com sign in! Windows Subsystem For Linux RITlug - Week 4! Solomon Rubin Hold up.

Dont forget to signin.ritlug.com sign in! Windows Subsystem For Linux RITlug - Week 4! Solomon Rubin Hold up. Linux... on windows? Overview What is it? Literally, Linux on Windows Allows for actual ELF Binaries to be executed

502 views • 15 slides
So you want to write a Linux driver subsystem? Michael Turquette <mturquette@baylibre.com>

So you want to write a Linux driver subsystem? Michael Turquette <mturquette@baylibre.com>

So you want to write a Linux driver subsystem? Michael Turquette <mturquette@baylibre.com> Who am I? And why am I here? CEO of BayLibre, Inc Previously at Texas Instruments, Linaro, San Francisco start-up Contributor to various

638 views • 37 slides
Groking the Linux SPI Subsystem FOSDEM 2017 Matt Porter Obligatory geek reference

Groking the Linux SPI Subsystem FOSDEM 2017 Matt Porter Obligatory geek reference

Groking the Linux SPI Subsystem FOSDEM 2017 Matt Porter Obligatory geek reference deobfuscation grok ( /grk/ ) verb to understand intuitively or by empathy, to establish rapport with. Overview What is SPI? SPI Fundamentals

977 views • 45 slides
Transbay Transit Center TG05.4R Traffic Control Package TG05.4R Traffic Control Request for

Transbay Transit Center TG05.4R Traffic Control Package TG05.4R Traffic Control Request for

Transbay Transit Center TG05.4R Traffic Control Package TG05.4R Traffic Control Request for Proposal (RFP) Package Overview Negotiated General Traffic Control & Engineering Services for Overall Project Traffic Control &

393 views • 15 slides
The DRM/KMS subsystem from a newbies point of view Free Electrons. Kernel, drivers and

The DRM/KMS subsystem from a newbies point of view Free Electrons. Kernel, drivers and

The DRM/KMS subsystem from a newbies point of view Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http://free-electrons.com 1/49 Boris Brezillon Embedded Linux engineer and trainer at

759 views • 49 slides
Industrial I/O Subsystem: The Home of Linux Sensors Daniel Baluta Intel daniel.baluta@intel.com

Industrial I/O Subsystem: The Home of Linux Sensors Daniel Baluta Intel daniel.baluta@intel.com

Industrial I/O Subsystem: The Home of Linux Sensors Daniel Baluta Intel daniel.baluta@intel.com October 5, 2015 Daniel Baluta (Intel) Industrial I/O October 5, 2015 1 / 29 Why Industrial I/O? past - industrial process control or scientific

679 views • 29 slides
MLC/TLC NAND support: (new ?) challenges for the MTD/NAND subsystem Free Electrons - Embedded

MLC/TLC NAND support: (new ?) challenges for the MTD/NAND subsystem Free Electrons - Embedded

MLC/TLC NAND support: (new ?) challenges for the MTD/NAND subsystem Free Electrons - Embedded Linux, kernel, drivers and Android - Development, consulting, training and support. http://free-electrons.com 1/47 Boris Brezillon Embedded Linux

746 views • 47 slides
PDE Backstepping Control Traffic Congestion Control: of Congested Traffic A PDE Backstepping

PDE Backstepping Control Traffic Congestion Control: of Congested Traffic A PDE Backstepping

PDE Backstepping Control Traffic Congestion Control: of Congested Traffic A PDE Backstepping Perspective Miroslav Krstic (with Huan Yu) Mud pump From Mud Pit Harder: PT Oil Drilling Mud-assisted drilling u c helps take cuttings away +

935 views • 46 slides
Security Subsystem Report: Yama Linux Security Summit 2012 Kees Cook (pronounced

Security Subsystem Report: Yama Linux Security Summit 2012 Kees Cook (pronounced

Security Subsystem Report: Yama Linux Security Summit 2012 Kees Cook (pronounced "Case") keescook@chromium.org http://outflux.net/slides/2012/lss/lsm/ Overview Past Present Future Past ("ruler of the

194 views • 6 slides
Noah Hypervisor-Based Darwin Subsystem for Linux Takaya Saeki, Yuichi Nishiwaki Self

Noah Hypervisor-Based Darwin Subsystem for Linux Takaya Saeki, Yuichi Nishiwaki Self

Noah Hypervisor-Based Darwin Subsystem for Linux Takaya Saeki, Yuichi Nishiwaki Self Introduction Noah Development Team Takaya Saeki Yuichi Nishiwaki They both are graduate students at the University of Tokyo. They are developing Noah in

890 views • 53 slides
LightNVM: The Linux Open-Channel SSD Subsystem Matia tias Bj Bjrli ling (ITU (ITU, CN

LightNVM: The Linux Open-Channel SSD Subsystem Matia tias Bj Bjrli ling (ITU (ITU, CN

LightNVM: The Linux Open-Channel SSD Subsystem Matia tias Bj Bjrli ling (ITU (ITU, CN CNEX La Labs), Javier Gonzlez (CNEX Labs), Philippe Bonnet (ITU) 0% Writes - Read Latency 4K Random Read 4K Random Read Latency Percentile 2

963 views • 20 slides
On getting tc classifier fully programmable with cls bpf. Daniel Borkmann

On getting tc classifier fully programmable with cls bpf. Daniel Borkmann

Proceedings of NetDev 1.1: The Technical Conference on Linux Networking (February 10th-12th 2016. Seville, Spain) On getting tc classifier fully programmable with cls bpf. Daniel Borkmann <daniel@iogearbox.net> Noiro Networks / Cisco

598 views • 23 slides
Maintaining a large kernel subsystem Embedded Linux Conference 2015 Arnd Bergmann

Maintaining a large kernel subsystem Embedded Linux Conference 2015 Arnd Bergmann

Maintaining a large kernel subsystem Embedded Linux Conference 2015 Arnd Bergmann <arnd@linaro.org> In an isolated system, entropy can only increase In an isolated system, entropy can only increase Muse, the 2nd law Overview 1.

459 views • 35 slides
Worksheet 9 Worksheet 9 Linux as a router, packet filtering, traffic Linux as a router, packet

Worksheet 9 Worksheet 9 Linux as a router, packet filtering, traffic Linux as a router, packet

Worksheet 9 Worksheet 9 Linux as a router, packet filtering, traffic Linux as a router, packet filtering, traffic shaping shaping Linux as a router Linux as a router Capable of acting as a router, firewall, traffic Capable of acting as a

366 views • 21 slides
An Introduction to SPI-NOR Subsystem By Vignesh R Texas Instruments India vigneshr@ti.com

An Introduction to SPI-NOR Subsystem By Vignesh R Texas Instruments India vigneshr@ti.com

An Introduction to SPI-NOR Subsystem By Vignesh R Texas Instruments India vigneshr@ti.com About me Software Engineer at Texas Instruments India Part of Linux team that works on supporting various TI SoCs in mainline kernel I work

561 views • 30 slides
Panta Rhei More Quality of Traffic by centralized or decentralized Control ?! Heraclitus All

Panta Rhei More Quality of Traffic by centralized or decentralized Control ?! Heraclitus All

Panta Rhei More Quality of Traffic by centralized or decentralized Control ?! Heraclitus All things are in (540 480 B.C.) constant flux Prof. Dr.-Ing. Dr. h. c. E. Schnieder Overview Traffic System view Control arrangements and

805 views • 42 slides
Maximum Entropy Classifier Ensembling using Ge- netic Algorithm for NER in Bengali Asif Ekbal 1

Maximum Entropy Classifier Ensembling using Ge- netic Algorithm for NER in Bengali Asif Ekbal 1

Outline Background and Motivation Classifier Ensembling Genetic Algorithms Proposed Method of Classifier Ensemble Feature Set Used Experimental Results Conclusions Future Works Maximum Entropy Classifier Ensembling using Ge- netic

749 views • 36 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
UMBC A B M A L F T U M B C I O M Y O T R 1 (November 26, 2000 9:39 pm) I E S

UMBC A B M A L F T U M B C I O M Y O T R 1 (November 26, 2000 9:39 pm) I E S

Advanced VLSI Design Subsystem Design CMSC 491C/691C Control Control is the hard part of design. The regularity found in arithmetic and memory structures usually not present in control structures. Finite-State machines provide an organized

521 views • 4 slides

More recommend