redundant logic elimination in network functions
play

Redundant Logic Elimination in Network Functions Bangwen Deng 1 , - PowerPoint PPT Presentation

Oct 03, 2022 •223 likes •697 views

Redundant Logic Elimination in Network Functions Bangwen Deng 1 , Wenfei Wu 1 , Linhai Song 2 1: Tsinghua University 2: The Pennsylvania State University Network Functions: Critical components in network Growing impact: Various network

  1. Redundant Logic Elimination in Network Functions Bangwen Deng 1 , Wenfei Wu 1 , Linhai Song 2 1: Tsinghua University 2: The Pennsylvania State University

  2. Network Functions: Critical components in network • Growing impact: • Various network scenarios • Diverse functions (e.g. , Firewall, NAT, IDS, Load Balancer) • NF’s efficiency in flow processing is critical: • Affects network’s end-to-end performance in a significant way (e.g., latency accumulation, throughput bottleneck )

  3. Network Functions: Critical components in network • Mismatch of the protocol space in the development and that in the deployment leads to redundant logic: • Covering a large protocol space in development • Configuring a subspace of the entire protocol space in deployment Whole Protocol Space

  4. Network Functions: Critical components in network • Mismatch of the protocol space in the development and that in the deployment leads to redundant logic: • Covering a large protocol space in development • Configuring a subspace of the entire protocol space in deployment Rules: Whole Protocol Space drop tcp 10.0.0.0/24 any −> 10.1.0.0/24 any …… …… Subspace

  5. Network Functions: Critical components in network • Mismatch of the protocol space in the development and that in the deployment leads to redundant logic: • Covering a large protocol space in development • Configuring a subspace of the entire protocol space in deployment Goal: To use compiler techniques to optimize away the redundancy.

  6. Outline • Introduction • Design Intuition • NFReducer Implementation • Preliminary Evaluation • Conclusion

  7. Snort IDS Code(Simplified)

  8. Snort IDS Code(Simplified) Parsing

  9. Snort IDS Code(Simplified) Parsing Match

  10. Snort IDS Code(Simplified) Action Parsing Match

  11. Type-I Redundancy: Unused layer parsing • Example Action Parsing Match Pkt.IP == Rule.IP IP address (L3) Drop Pkt.Port == Rule.Port Port (L4) Pass

  12. Type-I Redundancy: Unused layer parsing • Example What if only L3 header is used? E.g., <10.0.0.1->*, s/d port=*, drop> Action Parsing Match Pkt.IP == Rule.IP IP address (L3) Drop Pkt.Port == Rule.Port Port (L4) Pass

  13. Type-I Redundancy: Unused layer parsing • Example What if only L3 header is used? E.g., <10.0.0.1->*, s/d port=*, drop> Unused Wildcard Action Parsing Match Pkt.IP == Rule.IP IP address (L3) Drop Pkt.Port == Rule.Port Port (L4) Pass Always True

  14. Type-I Redundancy: Method to Solve • Apply Rules <10.0.0.1->*, s/d port=*, drop> Match Parsing Action Pkt.IP == Rule.IP IP address (L3) Drop Pass Port (L4) Pkt.Port == *

  15. Type-I Redundancy: Method to Solve • Apply Rules • Constant Folding and Propagation <10.0.0.1->*, s/d port=*, drop> Match Parsing Action Pkt.IP == Rule.IP IP address (L3) Drop Pass Port (L4) True

  16. Type-I Redundancy: Method to Solve • Apply Rules • Constant Folding and Propagation • Dead Code Elimination <10.0.0.1->*, s/d port=*, drop> Match Parsing Action Pkt.IP == Rule.IP IP address (L3) Drop Pass Port (L4) Port (L4) True

  17. Type-II Redundancy: Unused Protocol (Branch) Parsing • Branches in Parse and Match If NF processes TCP packets only, E.g., <10.0.0.0/24, tcp, 80, drop> IP Parsing IP Proto==TCP Proto==UDP Proto==TCP Proto==UDP TCP UDP TCP UDP Port==80 Port!=80 Port==* Parsing Parsing pass pass drop Parsing Match

  18. Type-II Redundancy: Unused Protocol (Branch) Parsing • Branches in Parse and Match If NF processes TCP packets only, E.g., <10.0.0.0/24, tcp, 80, drop> True Always False Redundant IP Parsing IP Logic Proto==TCP Proto==UDP Proto==TCP Proto==UDP TCP UDP TCP UDP Port==80 Port!=80 Port==* Parsing Parsing pass pass drop Parsing Match

  19. Type-II Redundancy: Method to Solve • Extract Feasible Execution Path Parse Match IP Parsing IP Proto==TCP Proto==UDP Proto==TCP Proto==UDP TCP UDP TCP UDP Port==80 Port!=80 Port==* Parsing Parsing pass pass drop

  20. Type-II Redundancy: Method to Solve • Extract Feasible Execution Path • Constant Folding and Propagation Parse Match IP Parsing IP Proto==TCP Proto==UDP Proto==TCP False TCP UDP TCP UDP Port==80 Port!=80 Port==* Parsing Parsing pass pass drop

  21. Type-II Redundancy: Method to Solve • Extract Feasible Execution Path • Constant Folding and Propagation • Dead Code Elimination Parse Match IP Parsing IP Proto==TCP Proto==UDP Proto==TCP False Dead Code Dead Code TCP UDP TCP UDP Port==80 Port!=80 Port==* Parsing Parsing pass pass drop

  22. Type-II Redundancy: Method to Solve • Extract Feasible Execution Path • Constant Folding and Propagation • Dead Code Elimination Parse Match IP Parsing IP Proto==TCP Proto==UDP Proto==TCP False TCP TCP Port==80 Port!=80 Parsing pass drop

  23. Type-III Redundancy: Cross-NF Redundancy • If a monitor deployed before an IDS instance who blocks UDP packets, all the parsing and counting for UDP packets in the monitor is redundant. Ingress flows Egress flows Monitor IDS Block UDP packets UDP packets processing is redundant

  24. Type-III Redundancy: Cross-NF Redundancy • If a monitor deployed before an IDS instance who blocks UDP packets, all the parsing and counting for UDP packets in the monitor is redundant. Ingress flows Egress flows Monitor IDS Block UDP packets UDP packets processing is redundant • Method to Solve: • Consolidate • Eliminate type-I and type-II redundancy • Decompose

  25. Outline • Introduction • Design Intuition • NFReducer Implementation • Preliminary Evaluation • Conclusion

  26. NFReducer Architecture • Labeling Critical Variables and Actions The architecture of NFReducer

  27. NFReducer Architecture • Labeling Critical Variables and Actions • Extracting Packet Processing Logic The architecture of NFReducer

  28. NFReducer Architecture • Labeling Critical Variables and Actions • Extracting Packet Processing Logic • Individual NF Optimization The architecture of NFReducer

  29. NFReducer Architecture • Labeling Critical Variables and Actions • Extracting Packet Processing Logic • Individual NF Optimization • Cross-NF Optimization The architecture of NFReducer

  30. NFReducer Architecture • Labeling Critical Variables and Actions • Critical Variables • Packet Variables: Holding the packet raw data. • State Variables: Maintaining the NF states. (e.g., counter) • Config Variables: Maintaining the config info. (e.g., rules) • NF Actions: • External Actions (e.g., replying, forward, drop packets) • Internal Actions (e.g., updating state variables)

  31. NFReducer Architecture • Labeling Critical Variables and Actions • Extracting Packet Processing Logic • Removing functionalities unrelated to packet processing (e.g., log). • Facilitate the compiler techniques applied later (e.g., symbolic execution). Source code Packet Processing Program Slicer Logic Labeled Variables && Actions

  32. NFReducer Architecture Packet Processing Configured Rules Logic Apply Configs & • Labeling Critical Variables and Actions Extract Paths • Extracting Packet Processing Logic … … Path1 Path2 Constant Folding & Propagation • Individual NF Optimization … … • Apply Configs Check path feasibility • Extract Paths … … • Constant Folding and Propagation • Check Path Feasibility Dead Code Elimination & Merge • Dead Code Elimination Optimized Code

  33. NFReducer Architecture NF1 NF2 • Labeling Critical Variables and Actions Consolidate • Extracting Packet Processing Logic Individual NF • Individual NF Optimization Optimization • Cross-NF Optimization Decompose • Preliminary discussion on the optimization of different NF chain execution models. Optimized Optimized NF1 NF2

  34. Implementation LLVM DG Static Slicer

  35. Outline • Introduction • Design Intuition • NFReducer Implementation • Preliminary Evaluation • Conclusion

  36. Evaluation: Eliminating Type-I Redundancy Throughput of Suricata Throughput of Snort • Setting: Configured with layer-3 rules. • Increase by nearly 15% for Snort and by 15% to 10X for Suricata (single thread). • Suricata is more significant • inspects packets deeper in payload than Snort.

  37. Evaluation: Eliminating Type-I Redundancy Throughput of Suricata Throughput of Snort • Setting: Configured with layer-3 rules. • Increase by nearly 15% for Snort and by 15% to 10X for Suricata (single thread). • Suricata is more significant • inspects packets deeper in payload than Snort.

  38. Evaluation: Eliminating Type-I Redundancy Throughput of Suricata Throughput of Snort • Setting: Configured with layer-3 rules. • Increase by nearly 15% for Snort and by 15% to 10X for Suricata (single thread). • Suricata is more significant • inspects packets deeper in payload than Snort.

  39. Evaluation: Eliminating Type-I Redundancy Throughput of Suricata Throughput of Snort • Setting: Configured with layer-3 rules. • Increase by nearly 15% for Snort and by 15% to 10X for Suricata (single thread). • Suricata is more significant • inspects packets deeper in payload than Snort.

Recommend

Redundant Feature Elimination Redundant Feature Elimination for Multi-Class Problems for

Redundant Feature Elimination Redundant Feature Elimination for Multi-Class Problems for

1 Redundant Feature Elimination Redundant Feature Elimination for Multi-Class Problems for Multi-Class Problems Annalisa Appice, Michelangelo Ceci Dipartimento di Informatica, Universit degli Studi di Bari, Italy Simon Rawles, Peter Flach

512 views • 50 slides
Machine Independent Code Optimizations Useless Code and Redundant Expression Elimination cs5363

Machine Independent Code Optimizations Useless Code and Redundant Expression Elimination cs5363

Machine Independent Code Optimizations Useless Code and Redundant Expression Elimination cs5363 1 Code Optimization Source Target IR IR optimizer Back end Front end program program (Mid end) compiler The goal of code

631 views • 34 slides
Elimination Techniques In Modern Propositional Logic Reasoning Norbert Manthey

Elimination Techniques In Modern Propositional Logic Reasoning Norbert Manthey

Elimination Techniques In Modern Propositional Logic Reasoning Norbert Manthey nmanthey@conp-solutions.com December 7, 2017 Outline Satisfiability Testing Elimination in SAT Solving Algorithms Constraint Types Model

682 views • 47 slides
Cut-elimination for Intuitionistic Provability Logic Iris van der Giessen Utrecht University

Cut-elimination for Intuitionistic Provability Logic Iris van der Giessen Utrecht University

Introduction to provability logic Cut-elimination Cut-elimination for Intuitionistic Provability Logic Iris van der Giessen Utrecht University i.vandergiessen@uu.nl April 26, 2019 Iris van der Giessen Cut-elimination for Intuitionistic

521 views • 36 slides
AUTOMATED REASONING Otten &quot;Restricting Backtracking in Connection Calculii&quot; (2010).

AUTOMATED REASONING Otten &quot;Restricting Backtracking in Connection Calculii&quot; (2010).

Variants and extensions to Model Elimination 11ai In these slides we consider two extensions to Model Elimination; 1) Variation in the search mechanism : The method of removing potentially redundant backtracking (called non-essential

464 views • 7 slides
AUTOMATED REASONING Jens Otten &quot;Restricting Backtracking in Connection Calculii&quot; (2010).

AUTOMATED REASONING Jens Otten &quot;Restricting Backtracking in Connection Calculii&quot; (2010).

Variants and extensions to Model Elimination 11ai In these slides we consider some extensions and alternatives to Model Elimination; 1) Variation in the search mechanism : The method of removing potentially redundant backtracking (called

232 views • 9 slides
Motivation Some expressions in a program may cause redundant recomputation of values. If such

Motivation Some expressions in a program may cause redundant recomputation of values. If such

Motivation Some expressions in a program may cause redundant recomputation of values. If such recomputation is safely eliminated, the program will usually become faster. There exist several redundancy elimination optimisations which attempt to

670 views • 37 slides
Logic Programming 1 Logic Programming Instead of using functions as in imperative and

Logic Programming 1 Logic Programming Instead of using functions as in imperative and

Logic Programming 1 Logic Programming Instead of using functions as in imperative and functional programs We use predicates, as in predicate calculus Interpretation = proving theorems 2 Prolog Developed at Univ. of

663 views • 7 slides
1 Mux Representation of Boolean Functions MUX circuit to implement logic 1 0 x1 x2 x3

1 Mux Representation of Boolean Functions MUX circuit to implement logic 1 0 x1 x2 x3

ECE 474A/57A Computer-Aided Logic Design Lecture 11 Binary Decision Diagrams (BDDs) ECE 474a/575a 1 of 31 Susan Lysecky Boolean Logic Functions Representations Function can be represented in different ways Truth table, equation, K-map,

457 views • 12 slides
Quantifier elimination, amalgamation, deductive interpolation and Craig interpolation in

Quantifier elimination, amalgamation, deductive interpolation and Craig interpolation in

Quantifier elimination, amalgamation, deductive interpolation and Craig interpolation in many-valued logic Franco Montagna, first part in collaboration with Tommaso Cortonesi and Enrico Marchioni Definition . A logic L has the deductive

380 views • 19 slides
Functions How to make the person run? (See: runForest.cpp) Functions You can also use functions

Functions How to make the person run? (See: runForest.cpp) Functions You can also use functions

Functions How to make the person run? (See: runForest.cpp) Functions You can also use functions that return bool types in an if statement or loop This is commonly used if you have complex logic as it is normally easier to write a function

260 views • 10 slides
The Elimination Algorithm Chris Williams School of Informatics, University of Edinburgh October

The Elimination Algorithm Chris Williams School of Informatics, University of Edinburgh October

The Elimination Algorithm Chris Williams School of Informatics, University of Edinburgh October 2009 1 / 14 Overview Inference in Belief Networks Elimination in an Example Network The Elimination Algorithm Evidence Potentials Graph

261 views • 14 slides
Variable and clause elimination for LTL satisfiability checking Martin Suda Max Planck Institut

Variable and clause elimination for LTL satisfiability checking Martin Suda Max Planck Institut

Variable and clause elimination for LTL satisfiability checking Martin Suda Max Planck Institut fr Informatik MACIS-2013 Introduction LTL preliminaries Labels Elimination in LTL Experimental evaluation Conclusion Linear temporal logic

1.17k views • 69 slides
Free-cut elimination in linear logic and an application to a feasible arithmetic Anupam Das

Free-cut elimination in linear logic and an application to a feasible arithmetic Anupam Das

Free-cut elimination in linear logic and an application to a feasible arithmetic Anupam Das Patrick Baillot LIP, Universit e de Lyon, CNRS, ENS de Lyon, INRIA, Universit e Claude-Bernard Lyon 1, Milyon 6 th October, 2016 Bologne ELICA

973 views • 62 slides
Logic for Computer Science 07 Functions Wouter Swierstra University of Utrecht 1 Last time

Logic for Computer Science 07 Functions Wouter Swierstra University of Utrecht 1 Last time

Logic for Computer Science 07 Functions Wouter Swierstra University of Utrecht 1 Last time Proof strategies 2 Today Functions 3 Functions Given two sets A and B, we can form a new set A B consisting of functions from A to B.

908 views • 63 slides
Quantifiers and Functions in Intuitionistic Logic Association for Symbolic Logic Spring Meeting

Quantifiers and Functions in Intuitionistic Logic Association for Symbolic Logic Spring Meeting

Quantifiers and Functions in Intuitionistic Logic Association for Symbolic Logic Spring Meeting Seattle, April 12, 2017 Rosalie Iemhoff Utrecht University, the Netherlands 1 / 37 Quantifiers are complicated. 2 / 37 Even more so in

519 views • 37 slides
Elimination with Content Overhearing in Wireless Networks Haiying Shen , Shenghua He*, Lei Yu

Elimination with Content Overhearing in Wireless Networks Haiying Shen , Shenghua He*, Lei Yu

Prediction-based Redundant Data Elimination with Content Overhearing in Wireless Networks Haiying Shen , Shenghua He*, Lei Yu and Ankur Sarker Department of Computer Science, University of Virginia * Department of Computer Science

709 views • 26 slides
Internet communication The internet A redundant, decentralized communication network

Internet communication The internet A redundant, decentralized communication network

Internet communication The internet A redundant, decentralized communication network connecting computers all over the world Data is sent in packets between machines Communication between computers is routed using the Internet

464 views • 7 slides
Markov Logic Markov Logic Probability First-Order Logic Propositional Logic Markov Logic

Markov Logic Markov Logic Probability First-Order Logic Propositional Logic Markov Logic

Putting the Pieces Together Markov Logic Markov Logic Probability First-Order Logic Propositional Logic Markov Logic Definition A Markov Logic Network (MLN) is a set of A logical KB is a set of hard constraints pairs (F, w) where on

350 views • 6 slides
Chapt er 14: Redundant Arit hmet ic Keshab K. Parhi A non-redundant radix-r number has

Chapt er 14: Redundant Arit hmet ic Keshab K. Parhi A non-redundant radix-r number has

Chapt er 14: Redundant Arit hmet ic Keshab K. Parhi A non-redundant radix-r number has digit s f rom t he set {0, 1, , r - 1} and all numbers can be represent ed in a unique way. A radix-r redundant signed-digit number syst em

346 views • 21 slides
Kripke Models, Proof Search and Cut-elimination for LJ Grigori Mints Stanford University/SRI

Kripke Models, Proof Search and Cut-elimination for LJ Grigori Mints Stanford University/SRI

Kripke Models, Proof Search and Cut-elimination for LJ Grigori Mints Stanford University/SRI Abstract Existing Sch utte-style completeness proofs for intuitionistic predicate logic with respect to Kripke models provide cut-elimination only

354 views • 21 slides
Semantics and Pragmatics of NLP and Functions Lascarides &amp; Propositional Logic, Predicates

Semantics and Pragmatics of NLP and Functions Lascarides &amp; Propositional Logic, Predicates

SPNLP: Propositional Logic, Predicates Semantics and Pragmatics of NLP and Functions Lascarides &amp; Propositional Logic, Predicates and Klein Functions Outline Motivation Propositional Logic Alex Lascarides &amp; Ewan Klein

724 views • 35 slides
for Digital Systems Specifying logic functions 1 Sources: TSR, Katz, Boriello &amp; Vahid Last

for Digital Systems Specifying logic functions 1 Sources: TSR, Katz, Boriello &amp; Vahid Last

CSE140: Components and Design Techniques for Digital Systems Specifying logic functions 1 Sources: TSR, Katz, Boriello &amp; Vahid Last lecture We have seen various concepts: Logic function (as a mathematical formula) : some 0 ,

788 views • 51 slides
Quantifiers and Functions in Intuitionistic Logic Collegium Logicum Proof Theory: Herbrands

Quantifiers and Functions in Intuitionistic Logic Collegium Logicum Proof Theory: Herbrands

Quantifiers and Functions in Intuitionistic Logic Collegium Logicum Proof Theory: Herbrands Theorem revisited Vienna, 2527 May, 2017 Rosalie Iemhoff Utrecht University, the Netherlands 1 / 28 Skolemization in classical logic Thm For any

673 views • 27 slides

More recommend