Universität Stuttgart Institute of Parallel and Distributed Systems (IPVS) Universitätsstraße 38 D-70569 Stuttgart P4CEP: Towards In-Network Complex Event Processing Thomas Kohler, Ruben Mayer, Frank Dürr, Marius Maaß, Sukanya Bhowmik, and Kurt Rothermel August 20 th , 2018 ACM SIGCOMM 2018 Workshop on In-Network Computing
Motivation – In-Network Complex Event Processing Temperature sensor Fire! Extinguisher Fire! system ex-situ processing additional latency Smoke ! detector in software limited throughput CEP operator Status quo of latency-critical Complex Event Processing (CEP): • Operators implemented off-path in software (middlebox model) • Inherent distribution of sources/sinks; overlay graph of operators Research Group Universität Stuttgart Distributed Systems IPVS 2
Motivation – In-Network Complex Event Processing Temperature ! sensor Fire! Extinguisher system in-situ processing no additional RTTs (latency), Smoke on reconfigurable detector high throughput hardware In-Network Complex Event Processing: • Implement CEP within reconfigurable data plane hardware • .. using a uniform language for Data Plane Programming Research Group Universität Stuttgart Distributed Systems IPVS 3
Contributions • Concepts for in-network implementation of Complex Event Processing (P4CEP) ◦ Rule specification language ◦ Compiler from rule specification to P4 • Proof-of-concept implementation of P4CEP compiler ◦ For programmable NICs (Netronome NFP) and bmv2 ◦ Publicly available at http://goo.gl/MEdPvv • Discuss experience and limitations of Data Plane Programming for stateful packet processing • Evaluation on a programmable NIC (NFP) • Roadmap towards a distributed in-network CEP Research Group Universität Stuttgart Distributed Systems IPVS 4
Complex Event Processing • CEP operator: processes streams of incoming events ( � � ) ! to detect complex events ( � � ) ! ! • Event specification language ! ◦ Specifies conditions (expressions) for complex events ▪ � � : predicates on values (numerical and logical operators) ▪ � � : logical operators for combination of input streams ( AND , OR , ...) ◦ Example: temperature > 50 AND smoke_detected ⇒ Fire! � ���� � � � �� � ����� � �_���� : ... 20°C 18°C 30°C 35°C 42°C 55°C 49°C 63°C 65°C � � �_����� : ... false false false false true true true true true Research Group Universität Stuttgart Distributed Systems IPVS 5
Complex Event Processing • Conditions on history of events ◦ Infinite input sequence is split into windows ◦ Window operators : aggregation functions ( � � ) over a window ... size slide � �_���� : ... 20°C 18°C 30°C 35°C 42°C 55°C 49°C 63°C 65°C � � : avg/min/max � �_����� : ... false false false false true true true true true � � : count • Requirements on processing ◦ Memory for storing (limited) event history stateful processing ◦ Processing logic for evaluation of expressions and window operators Research Group Universität Stuttgart Distributed Systems IPVS 6
P4CEP – System Model end-system end-system D a t a P l a n e P4CEP- P4CEP- TARGET TARGET up- CEP end-system CEP end-system monitor date (source) (sink) State Control P4 Table Plane P4CEP Runtime Entries transitions Component Research Group Universität Stuttgart Distributed Systems IPVS 7
P4CEP – Pipeline Processing • Classification of ingress packets or events ◦ Events are encoded in packet headers, leveraging P4’s flexible parser • Co-NF processing: forwarding, other non-CEP network functions • Sequential CEP processing (for each complex event to detect) 1. Window operations (persisting value, window evaluation) 2. State machine execution (pattern detection) P4CEP- TARGET C O -NF C LASSIFIER WINDOW - OPERATORS C E P packets, packets, P ATTERN DETECTION basic events, basic events, ENGINE ( STATE MACHINE ) complex events complex events resubmission Research Group Universität Stuttgart Distributed Systems IPVS 8
P4CEP – Compile-time Workflow P4CEP Event Header Def. Rules/Patterns HDL C-files CEP P4CEP Design Compiler C- NFP Config NFP Sand IR Toolchain box extern intf . P4CEP P4 Comp. P4 Comp. P4FPGA R Fct.- Runtime NetFPGA P4 Code Toolchain Block (front-end) (back-end) U Config extern intf . N T Software Switch include I P4 Run- bmv2 M time P4 Code E Config T ARGET - SPECIFIC C O -N ETWORK F UNCTIONS Research Group Universität Stuttgart Distributed Systems IPVS 9
CEP Design Rule Specification Language Config • Sole input to P4CEP compiler • Consists of ◦ Definition of windows ◦ Definition of complex events to detect • Example: window sample_wnd { size 4 value ipv4.totalLen } complex_event sample_evt { value sum(ipv4.totalLen) strategy skip-till-next-match pattern ([ipv4.totalLen > 500] && [tcp.dstPort == 80]) ; ([sum(sample_wnd) > 6000] || [ipv4.protocol == 17]) } Research Group Universität Stuttgart Distributed Systems IPVS 10
CEP Design Window Operators Config • Supported aggregation functions ( � � ) Definition: window sample_wnd { ◦ max , min , sum , count size 4 ◦ average (future work) value ipv4.totalLen } • Implementation ◦ Ring-buffer (event values) and index-pointer stored in P4 registers ◦ Register access protected by confinement in critical section ▪ Preventing inconsistency effects (e.g., lost updates) “ Packet Transactions ...” ▪ NFP: pre-processor pragma or C mutex library Sivaraman et al., SIGCOMM‘16 ▪ P4 16 : atomic control flow block ◦ Evaluating aggregation functions ▪ Un-rolling the iteration over the window ▪ Transient metadata fields storing aggregate value, index variable, value Research Group Universität Stuttgart Distributed Systems IPVS 11
CEP Design Complex Event Definition Config Definition: complex_event sample_evt { value sum(ipv4.totalLen) strategy skip-till-next-match pattern ... } • Elements ◦ return value static expression, field reference, window aggregate ◦ transition strategy { skip-till-next-match , strict } ◦ pattern : P4 expression (simple or compound predicate) • Implementation ◦ Deterministic Finite State Machine Research Group Universität Stuttgart Distributed Systems IPVS 12
CEP Design Pattern Detection Engine – FSM Representation Config pattern ([ipv4.totalLen > 500] && [tcp.dstPort == 80]) ; ([sum(sample_wnd) > 6000] || [ipv4.protocol == 17]) • Pattern definition ◦ Pattern of basic events (input symbol x ∈ Σ ) ◦ Predicates � � on field references, window aggregates ◦ Composition of predicates using logical operators seq., conj., disj. � � Σ, �, � � , �, � Research Group Universität Stuttgart Distributed Systems IPVS 13
P4CEP Runtime Pattern Detection Engine –Transition Table Entries Config pattern ([ipv4.totalLen > 500] && [tcp.dstPort == 80]) ; ([sum(sample_wnd) > 6000] || [ipv4.protocol == 17]) • FSM transition ◦ Metadata fields storing current state ( � ∈ � ), matched predicate ( � � → � ) ◦ Lookup in transition table � , persisting new state / handle complex event Keys Values State Match (predicate ID) Next State Accept. State 0 totalLen > 500 1 false 0 dstPort == 80 2 false dstPort == 80 1 3 false 2 totalLen > 500 3 false sum > 6000 3 4 true 3 protocol == 17 4 true Research Group Universität Stuttgart Distributed Systems IPVS 14
Encountered Limitations • Target-dependent ◦ Synchronization of state memory access additional latency • Language-dependent (P4) ◦ Registers cannot directly be referenced by arithmetic operators or as table keys indirection over transient meta data field ◦ No floating point arithmetic, no division operator fixed-point arithmetic ◦ No loop-construct (not even bounded loops) requires manual loop-unrolling Research Group Universität Stuttgart Distributed Systems IPVS 15
Evaluation – Methodology • 1 CEP pattern of 2 basic events, sum over window of varying size � • Acquired metrics: target’s processing latency and throughput Netronome Agilio C O -NF 2x 10GbE NIC T proc ( NFP , NFP-C ) WINDOW - OPERATORS C E P P ATTERN DETECTION ENGINE ( STATE MACHINE ) triggered triggering (2 nd ) 10GbE 10GbE basic event complex event t s,TX t r,RX HW TIMESTAMP HW TIMESTAMP CEP source CEP sink CEP Network Namespace 1 Network Namespace 2 end-system Research Group Universität Stuttgart Distributed Systems IPVS 16
Evaluation – Results • NFP-C: ▪ 9.8 μ� � � � � 29.5 μ� ▪ 56% � � � � 16% ▪ � � scales linearly with window size � ( � � 1000� • bmv2: ▪ 512 μ� � � � � 10,000 μ� ▪ � � � 0.05% Research Group Universität Stuttgart Distributed Systems IPVS 17
Conclusion • Introduced to Complex Event Processing and requirements on processing • Presented our in-network implementation of Complex Event Processing (P4CEP) • Discussed encountered limitations of Data Plane Programming for stateful packet processing • Shown P4CEP’s practicability on a programmable NIC target ◦ Microsecond / million messages per second scales Research Group Universität Stuttgart Distributed Systems IPVS 18
Recommend
More recommend
