mmb flexible high speed userspace middleboxes
play

mmb : Flexible High-Speed Userspace Middleboxes Korian Edeline , - PowerPoint PPT Presentation

Sep 11, 2023 •339 likes •624 views

mmb : Flexible High-Speed Userspace Middleboxes Korian Edeline , Justin Iurman, Cyril Soldani, Benoit Donnet Montefiore Institute, University of Lige Belgium A middleboxed Internet https://github.com/mami-project/roadshows 7/22/19 2 ANRW

  1. mmb : Flexible High-Speed Userspace Middleboxes Korian Edeline , Justin Iurman, Cyril Soldani, Benoit Donnet Montefiore Institute, University of Liège Belgium

  2. A middleboxed Internet https://github.com/mami-project/roadshows 7/22/19 2 ANRW 2019

  3. kernelspace vs userspace Kernel: Userspace: 3 ANRW 2019

  4. kernelspace vs userspace Kernel: ✗ T oo slow for high-speed forwarding ✗ Missing optimizations (batching, caching, etc) Userspace: 4 ANRW 2019

  5. kernelspace vs userspace Kernel: ✗ T oo slow for high-speed forwarding ✗ Missing optimizations (batching, caching, etc) Userspace: ✗ No direct access to NIC (context switch, sk_bufg) 5 ANRW 2019

  6. kernelspace vs userspace Kernel: ✗ T oo slow for high-speed forwarding ✗ Missing optimizations (batching, caching, etc) Userspace: ✗ No direct access to NIC (context switch, sk_bufg) ✔ DPDK (DMA, I/O batching) 6 ANRW 2019

  7. kernelspace vs userspace Kernel: ✗ T oo slow for high-speed forwarding ✗ Missing optimizations (batching, caching, etc) Userspace: ✗ No direct access to NIC (context switch, sk_bufg) ✔ DPDK (DMA, I/O batching) ✔ Software optimizations ✔ Flexibility 7 ANRW 2019

  8. Kernel-Bypass Frameworks 8 ANRW 2019

  9. architecture Vector Packet Processing (VPP) ● DPDK ● RSS queues, Zero-Copy and more ● Packet vectors ● Modular node-based processing ● Low-level optimizations (caching, pipelining) ANRW 2019

  10. architecture VPP Dual-Loop while (n_left_from >= 2) { /* prefetch next iteration */ if (PREDICT_TRUE(n_left_from >= 4)){ vlib_prefetch_bufger_header(b[2], STORE); vlib_prefetch_bufger_header(b[3], STORE); } process(b[0]); process(b[1]); b += 2; next += 2; n_left_from -= 2; } /* process remaining packets */ while(n_left_from > 0){ process(b[0]); b += 1; next += 1; n_left_from -= 1; } 7/22/19 10 ANRW 2019

  11. architecture mmb: A VPP middlebox Goals: ● Various middlebox policies (fjrewall, NAT, traffjc engineering) ● Fast even with thousands rules ● Intuitive CLI 11 ANRW 2019

  12. architecture mmb: CLI grammar 7/22/19 12 ANRW 2019

  13. architecture mmb: forwarding graph 7/22/19 13 ANRW 2019

  14. architecture mmb: forwarding graph ● Classifjcation: (Packet & Mask) ⊕ Key ● Rewrite (Packet & Mask) | Key 7/22/19 14 ANRW 2019

  15. architecture mmb: processing path 7/22/19 15 ANRW 2019

  16. measurement Performance Analysis ● FastClick: – Fast (multi-queue, ZC forwarding, batching, DPDK) – Click ● eXpress Data Path (XDP): – In-Kernel – eBPF ● iptables ANRW 2019

  17. measurement Performance Analysis: Testbed Direct Indirect PCI Passthrough Bridged 7/22/19 17 ANRW 2019

  18. measurement Performance Analysis: Baselines ● VPP, FastClick, 4.15 > 99% of direct baseline 7/22/19 18 ANRW 2019

  19. measurement Performance Analysis: 5-tuples fjrewall ● Stateless matching on 5-tuples (saddr, daddr, sport, dport, proto) 7/22/19 19 ANRW 2019

  20. measurement Performance Analysis: 5-tuples fjrewall ● Stateless matching on 5-tuples (saddr, daddr, sport, dport, proto) ● mmb & XDP at direct baseline ● FastClick matching (IPFilter) has performance issues ● Iptables 4.15 sustains direct baseline with up to 1,000 rules 7/22/19 20 ANRW 2019

  21. measurement Performance Analysis: stateful fmow matching ● Stateful matching on 5-tuples (saddr, daddr, sport, dport, proto) 7/22/19 21 ANRW 2019

  22. measurement Performance Analysis: stateful fmow matching ● Stateful matching on 5-tuples (saddr, daddr, sport, dport, proto) ● mmb & XDP at direct baseline ● FastClick at 85% direct baseline ● Iptables stateful is similar to stateless (with few rules). 7/22/19 22 ANRW 2019

  23. measurement Performance Analysis: TCP Options ● Matching on TCP Options ● Not applicable to iptables, FastClick & XDP ● Stable until 78 rules 7/22/19 23 ANRW 2019

  24. measurement Conclusion & Next steps ● mmb sustains line rate for difgerent use cases ● Next Step: Payload reconstruction ● https://github.com/mami-project/vpp-mb 24 ANRW 2019

  25. measurement Thanks ! 7/22/19 25 ANRW 2019

  26. measurement Performance Analysis: Testbed ● Intel Xeon E5-2620 2.1GHz, 16 Threads, 32GB RAM ● Intel XL710 2x40GB NICs ● Huawei CE6800 switch ● Debian 9 26 ANRW 2019

  27. measurement Performance Analysis: RTT 7/22/19 27 ANRW 2019

  28. measurement Performance Analysis: CPU time 7/22/19 28 ANRW 2019

Recommend

XtreemFS: high- performance network file system clients and servers in userspace Minor Gordon,

XtreemFS: high- performance network file system clients and servers in userspace Minor Gordon,

XtreemFS: high- performance network file system clients and servers in userspace Minor Gordon, NEC Deutschland GmbH mgordon@hpce.nec.com HIGH PERFORMANCE Why userspace? COMPUTING 05/04/09 File systems traditionally implemented in the

275 views • 15 slides
Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada Popa, Sylvia Ratnasamy, Zhi Liu UC Berkeley Tsinghua University 1 Background Middleboxes are prevalent and problematic Number of Middleboxes

1.31k views • 44 slides
Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada Popa, Sylvia Ratnasamy, Zhi Liu UC Berkeley Tsinghua University 1 Background Middleboxes are prevalent and problematic Number of Middleboxes

572 views • 40 slides
MINUTES OF ORAL EVIDENCE taken before the HIGH SPEED RAIL BILL COMMITTEE on the HIGH SPEED RAIL

MINUTES OF ORAL EVIDENCE taken before the HIGH SPEED RAIL BILL COMMITTEE on the HIGH SPEED RAIL

MINUTES OF ORAL EVIDENCE taken before the HIGH SPEED RAIL BILL COMMITTEE on the HIGH SPEED RAIL (WEST MIDLANDS CREWE) BILL Monday 19 March 2018 (Afternoon) In Committee Room 5 PRESENT: James Duddridge (Chair) Sandy Martin Mrs Sheryll

956 views • 57 slides
Introduction of High speed line High speed line Japan International Consultants for

Introduction of High speed line High speed line Japan International Consultants for

Introduction of High speed line High speed line Japan International Consultants for Transportation Co., Ltd. (JIC) Index Trend of the HSR Project HSR Project in The World Superiority of Introducing HSR Transport Needs

1.02k views • 25 slides
Is he ever going to quit? 1 High power, high speed and high linearity photodiode for

Is he ever going to quit? 1 High power, high speed and high linearity photodiode for

Is he ever going to quit? 1 High power, high speed and high linearity photodiode for NextGen-VLA antenna project Qinglong Li, Andreas Beling, Joe C. Campbell University of Virginia, Charlottesville, VA 22904 Outline High power photodiode

746 views • 25 slides
High speed CMOS image sensors Wim Wuyts Sr. Staff Applications Engineer Cypress Semiconductor

High speed CMOS image sensors Wim Wuyts Sr. Staff Applications Engineer Cypress Semiconductor

High speed CMOS image sensors Wim Wuyts Sr. Staff Applications Engineer Cypress Semiconductor Corporation Belgium Vision 2006 P E R F O R M Outline Introduction Architecture Analog high speed CIS Digital high speed CIS

593 views • 32 slides
Sean Graves PhD Visi-Trak Sensors Charlottesville VA High Speed/High Resolution Encoder

Sean Graves PhD Visi-Trak Sensors Charlottesville VA High Speed/High Resolution Encoder

Sean Graves PhD Visi-Trak Sensors Charlottesville VA High Speed/High Resolution Encoder Interface for Overview New linear position/velocity sensor Non-contact High resolution High speed Based on proven

320 views • 27 slides
1 High Speed UK Connecting the Nation, Connecting the North: The Only Way is Woodhead High

1 High Speed UK Connecting the Nation, Connecting the North: The Only Way is Woodhead High

1 High Speed UK Connecting the Nation, Connecting the North: The Only Way is Woodhead High Speed UK Connecting the Nation Who are we? Colin Elliff BSc CEng MICE Civil Engineering Principal, HSUK Quentin Macdonald

899 views • 85 slides
RTD-based High Speed and Low RTD-based High Speed and Low Power Integrated Circuits Power

RTD-based High Speed and Low RTD-based High Speed and Low Power Integrated Circuits Power

RTD-based High Speed and Low RTD-based High Speed and Low Power Integrated Circuits Power Integrated Circuits 2009. 04. 27 Kwangseok Seo Seoul National University Outline Outline Introduction RTD/HEMT Integration Technology

369 views • 22 slides
High Speed Rail for Australia: Opportunities and Issues by Dale Budd Hunter Business Chamber

High Speed Rail for Australia: Opportunities and Issues by Dale Budd Hunter Business Chamber

High Speed Rail for Australia: Opportunities and Issues by Dale Budd Hunter Business Chamber Newcastle, 7 December 2012 What is high speed rail? High speed rail refers to passenger trains travelling at 250 km/h or more, on purpose-built tracks.

354 views • 11 slides
High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges & Approaches Security: Challenges & Approaches C-DAC Asia-Pacific Advanced Network 32 nd Meeting, India Habitat Centre, New Delhi APAN 32nd Meeting,

647 views • 28 slides
High-speed dispersing between two deinking loops: are there optimisation possibilities?

High-speed dispersing between two deinking loops: are there optimisation possibilities?

High-speed dispersing between two deinking loops: are there optimisation possibilities? Benjamin FABRY and Bruno CARRE Niagara Falls, September 2007 Guideline Introduction Theoretical aspects High-speed dispersing between two

464 views • 44 slides
High-speed cryptography Do we care about speed? Daniel J. Bernstein Almost all software is

High-speed cryptography Do we care about speed? Daniel J. Bernstein Almost all software is

1 2 High-speed cryptography Do we care about speed? Daniel J. Bernstein Almost all software is University of Illinois at Chicago & much slower than it could be. Technische Universiteit Eindhoven Is software applied to much data? with

1.17k views • 115 slides
Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network

Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network

Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network functionality can be really helpful Security (IPS) Performance (proxies) Fairness (traffic management) 2 Middleboxes are pervasive

617 views • 37 slides
Chapter: 9 9 9 9 Chapter: Chapter: Chapter: High-Speed Downlink High-Speed Downlink Packet

Chapter: 9 9 9 9 Chapter: Chapter: Chapter: High-Speed Downlink High-Speed Downlink Packet

3G Evolution 3G Evolution 3G Evolution 3G Evolution Chapter: 9 9 9 9 Chapter: Chapter: Chapter: High-Speed Downlink High-Speed Downlink Packet Access Deepak Dasalukunte Department of Electrical and Information Technology 16-Apr-2009

393 views • 25 slides
Using Low-Speed Links for High-Speed Wireless Data Delivery Henning Schulzrinne Dept. of

Using Low-Speed Links for High-Speed Wireless Data Delivery Henning Schulzrinne Dept. of

Using Low-Speed Links for High-Speed Wireless Data Delivery Henning Schulzrinne Dept. of Computer Science Columbia University (with Stelios Sidiroglou and Maria Papadopouli) ORBIT Research Review - May 13, 2004 1 Overview Disconnected

226 views • 22 slides
High-speed engineering of high-speed software D. J. Bernstein Traditional software engineering:

High-speed engineering of high-speed software D. J. Bernstein Traditional software engineering:

High-speed engineering of high-speed software D. J. Bernstein Traditional software engineering: Design programming environment to minimize programmer time. Environment is now constant. Write tons of software. Software is now constant. Try

389 views • 4 slides
EXPLORER+727 Comprehensive communication hub for vehicles EXPLORER+ 727 High-speed

EXPLORER+727 Comprehensive communication hub for vehicles EXPLORER+ 727 High-speed

EXPLORER+727 Comprehensive communication hub for vehicles EXPLORER+ 727 High-speed broadband-on-the-move: Automatically tracks satellite positions enabling high-speed connectivity while on-the-move. Simultaneous 432 kbps data and phone

412 views • 11 slides
CALIFORNIAS HIGH-SPEED TRAIN A presentation to Los Angeles Metropolitan Transportation

CALIFORNIAS HIGH-SPEED TRAIN A presentation to Los Angeles Metropolitan Transportation

CALIFORNIAS HIGH-SPEED TRAIN A presentation to Los Angeles Metropolitan Transportation Authority By Jeff Barker , Deputy Director, California High- Speed Rail Authority May 2010 BACKGROUND First discussions started 30 years ago

205 views • 17 slides
Middlebox Technologies with Intel SGX A Literature Survey Shiv Kushwah & Sumukh Shivakumar 1

Middlebox Technologies with Intel SGX A Literature Survey Shiv Kushwah & Sumukh Shivakumar 1

Middlebox Technologies with Intel SGX A Literature Survey Shiv Kushwah & Sumukh Shivakumar 1 Whats all the fuss with middleboxes? 2 Background 3 What are middleboxes? 4 Middleboxes in the Cloud Cloud APLOMB gateway Enterprise

668 views • 37 slides
High-speed cryptography, Speed-oriented Jacobian standards part 2: 2000 IEEE Std 1363

High-speed cryptography, Speed-oriented Jacobian standards part 2: 2000 IEEE Std 1363

High-speed cryptography, Speed-oriented Jacobian standards part 2: 2000 IEEE Std 1363 more elliptic-curve formulas; uses Weierstrass curves field arithmetic in Jacobian coordinates Daniel J. Bernstein to provide the fastest

2.15k views • 187 slides
1 SA-C Image Processing Support Cameron Project Objective Data parallelism through tight

1 SA-C Image Processing Support Cameron Project Objective Data parallelism through tight

Opportunity: FPGAs Reconfigurable Computing technology High speed at low power High Level, high speed FPGA Array of programmable computing cells: Configurable Logic Blocks (CLBs) programming Programmable interconnect among cells

565 views • 8 slides
The Financial and Economic Assessment of Chinas High Speed Rail Investments Jianhong Wu Beijing

The Financial and Economic Assessment of Chinas High Speed Rail Investments Jianhong Wu Beijing

The Financial and Economic Assessment of Chinas High Speed Rail Investments Jianhong Wu Beijing Jiaotong University OECD/ITF Roundtable on The Economics of Investment in High Speed Rail, New Delhi, India, 18-19 December 2013 Main Content 1.

509 views • 47 slides

More recommend