Presentation is loading. Please wait.

Presentation is loading. Please wait.

Design and Implementation of a Data Plane for the OpenBox Framework Pavel Lazar March 2016 This research was supported by the European Research Council.

Published byJoshua Floyd Modified over 8 years ago

Similar presentations

Presentation on theme: "Design and Implementation of a Data Plane for the OpenBox Framework Pavel Lazar March 2016 This research was supported by the European Research Council."— Presentation transcript:

1 Design and Implementation of a Data Plane for the OpenBox Framework Pavel Lazar March 2016 This research was supported by the European Research Council under the European Union’s Seventh Framework Programme (FP7/2007- 2013)/ERC Grant agreement no 259085.

2 Outline OpenBox Background The OpenBox Framework OBI Design Challenges OBI Architecture OBI Implementation Performance Future Work Summary

3 Background - The problem Network Functions (Middleboxes: -High cost -Limited and separate management -Limited provisioning and scalability -No multi-tenancy -Limited functionality and limited innovation -Similar processing steps, no re-use

4 Background - The OpenBox solution Bring Software-Defined Control to the middlebox. Decouple network function control from their data plane Unifies data plane of multiple network functions. SDN Controller OpenBox Controller OBI

5 Read Packets Header Classifier Drop Alert Output Firewall: Read Packets Header Classifier Drop Alert Regex Classifier Output IPS Read Packets Header Classifier Drop Alert (IPS) Regex Classifier Output Alert (Firewall)

6 The OpenBox Framework OpenBox Protocol OpenBox Service Instances OpenBox Controller OpenBox Applications Control Plane Data Plane NB API

7 OBI OBI Design challenges OBC OpenBox Protocol Input Traffic Output Traffic

8 OBI Design challenges OBC OpenBox Protocol Input Traffic Output Traffic Generic Manager Execution Engine Configuration Builder Control Message Handling

9 OBI Architecture

10 OBI Architecture – Generic Manager

11 OBI Architecture – Execution Engine

12 OBI Implementation - Generic Manager

13 OBI Implementation –Set Graph Flow Example 1 2 3 4 5 6 7 8 9 10

14 OBI Execution Engine - Click Element is the basic building block Router: Elements connected by edges Describes possible packet flows

15 OBI Execution Engine – Click package OpenBox Package ChatterMessage PushMessage StringClassifier StringMatcher RegexClassifier RegexMatcher GroupRegexMatcher MultiCounter AutoMarkIPHeader NetworkDirectionSwap NetworkHeaderFieldsRewriter

16 OpenBox Processing Graph to Click Configuration FromDevice Header Payload Classifier Discard ToDevice Discard FromDevice AutoMark IpHeader Counter ToDevice Content Classifier RegexClassifier MultiCounter New Classifier New Click Classifier elements

17 Performance – Packet Processing Firewall – 4560 header rules: – Throughput: 840 Mbps, – Latency: 48us IPS – Snort rules (Header + Payload): – Throughput: 454 Mbps – Latency: 76 us

18 Performance – Time Measurements Startup time: 2.1 seconds Set Processing Graph*: 1250ms Global Stats: < 2ms Read Handler: 8ms Log message: < 2ms

19 Possible Future Work Implement additional blocks Add more elements Improve data flow between OBIs Add Execution Engine optimization inside the ConfigurationBuilder Implement Click packet processing improvement researches Or even, replace Click with a different engine (HW)

20 Summary Helped implementing the OpenBox Protocol Designed an OpenBox Instance architecture. Implemented an OBI to be used within the OpenBox project. Used Click as the Execution Engine. Easy to improve and add features

Download ppt "Design and Implementation of a Data Plane for the OpenBox Framework Pavel Lazar March 2016 This research was supported by the European Research Council."

Similar presentations

Click Router: Hands on Arvind Venkatesan. Acknowledgements Thanks Hema for beautifying the slides!

Click Router: Hands on Arvind Venkatesan. Acknowledgements Thanks Hema for beautifying the slides!
Towards Software Defined Cellular Networks

Towards Software Defined Cellular Networks
SDN Controller Challenges

SDN Controller Challenges
Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.

Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.
Making Cellular Networks Scalable and Flexible Li Erran Li Bell Labs, Alcatel-Lucent Joint work with collaborators at university of Michigan, Princeton,

Making Cellular Networks Scalable and Flexible Li Erran Li Bell Labs, Alcatel-Lucent Joint work with collaborators at university of Michigan, Princeton,
Mobile Agents in Click Tushar Mohan. Click Elements Graphs made of simple elements Separate flows have separate ports Common case fast Reduce function.

Mobile Agents in Click Tushar Mohan. Click Elements Graphs made of simple elements Separate flows have separate ports Common case fast Reduce function.
Network Innovation using OpenFlow: A Survey

Network Innovation using OpenFlow: A Survey
Extensible Networking Platform 1 1 - IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
CS 268: Lecture 12 (Router Design) Ion Stoica March 18, 2002.

CS 268: Lecture 12 (Router Design) Ion Stoica March 18, 2002.
Tesseract A 4D Network Control Plane

Tesseract A 4D Network Control Plane
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Jaehoon (Paul) Jeong, Hyoungshick Kim, and Jung-Soo Park

Jaehoon (Paul) Jeong, Hyoungshick Kim, and Jung-Soo Park
IOFlow: A Software-defined Storage Architecture Eno Thereska, Hitesh Ballani, Greg O’Shea, Thomas Karagiannis, Antony Rowstron, Tom Talpey, Richard Black,

IOFlow: A Software-defined Storage Architecture Eno Thereska, Hitesh Ballani, Greg O’Shea, Thomas Karagiannis, Antony Rowstron, Tom Talpey, Richard Black,
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Enabling Innovation Inside the Network Jennifer Rexford Princeton University

Enabling Innovation Inside the Network Jennifer Rexford Princeton University
XOMB Incrementally scalable architecture for middleboxes Presenter : Donghwi Kim.

XOMB Incrementally scalable architecture for middleboxes Presenter : Donghwi Kim.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Penetration Testing Security Analysis and Advanced Tools: Snort.

Penetration Testing Security Analysis and Advanced Tools: Snort.
Chapter 6: Packet Filtering

Chapter 6: Packet Filtering

Similar presentations

Ads by Google