Presentation is loading. Please wait.

Presentation is loading. Please wait.

FFPF: Fairly Fast Packet Filters uspace kspace nspace Vrije Universiteit Amsterdam Herbert Bos Willem de Bruijn Trung Nguyen Mihai Cristea Georgios Portokalidis.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "FFPF: Fairly Fast Packet Filters uspace kspace nspace Vrije Universiteit Amsterdam Herbert Bos Willem de Bruijn Trung Nguyen Mihai Cristea Georgios Portokalidis."— Presentation transcript:

1 FFPF: Fairly Fast Packet Filters uspace kspace nspace Vrije Universiteit Amsterdam Herbert Bos Willem de Bruijn Trung Nguyen Mihai Cristea Georgios Portokalidis Universiteit Leiden Vrije Universiteit Amsterdam u k n http://ffpf.sourceforge.net/

2 Network Monitoring ● Increasingly important – traffic characterisation, security traffic engineering, SLAs, billing, etc. ● Existing solutions: – designed for slow networks or traffic engineering/QoS – not very flexible ● We’re hurting because of – hardware (bus, memory) – software (copies, context switches) -process at lowest possible level -minimise copying -minimise context switching -freedom at the bottom  demand for solution: - scales to high link rates - scales in no. of apps - flexible spread of SAPPHIRE in 30 minutes

3 HTTP RTSP RTP bytecount generalised notion of flow Flow: “a stream of packets that match arbitrary user criteria” TCP SYN UID 0 eth0 U TCP UDP IP “contains worm”  Flowgraph UDP with CodeRed

4 ? x ? ? ? kernel userspace network card efficient ● reduced copying and context switches ● sharing data ● flowgraphs: sharing computations “push filtering tasks as far down the processing hierarchy as possible”

5 Application B reduce copying ● FFPF avoids both ‘horizontal’ and ‘vertical’ copies Application A U K ‘filter’ - no ‘vertical’ copies - no ‘horizontal’ copies within flow group - more than ‘just filtering’ in kernel (e.g.,statistics)

6 (device,eth0) | (device,eth1) -> (sampler,2) -> (FPL-2,”..”) | (BPF,”..”) -> (bytecount) (device,eth0) -> (sampler,2) -> (BPF,”..”) -> (packetcount) Extensible ✔ modular framework ✔ language agnostic ✔ plug-in filters

7 Buffers O O O O O OO W R ● PacketBuf – circular buffer with N fixed-size slots – large enough to hold packet ● IndexBuf – circular buffer with N slots – contains classification result + pointer

8 Buffers O O O O O OO W R ● PacketBuf – circular buffer with N fixed-size slots – large enough to hold packet ● IndexBuf – circular buffer with N slots – contains classification result + pointer

9 X X X X X OO W R Buffers ● PacketBuf – circular buffer with N fixed-size slots – large enough to hold packet ● IndexBuf – circular buffer with N slots – contains classification result + pointer

10 Buffer management  what to do if writer catches up with slowest reader? ● slow reader preference – drop new packets (traditional way of dealing with this) – overall speed determined by slowest reader ● fast reader preference – overwrite existing packets – application responsible for keeping up ● can check that packets have been overwritten ● different drop rates for different apps O O O O O OO R1 O O O O O O O O O W

11 Languages ● FFPF is language neutral ● Currently we support: – BPF – C – OKE Cyclone – FPL simple to use compiles to optimised native code resource limited (e.g., restricted FOR loop) access to persistent storage (scratch memory) calls to external functions (e.g., fast C functions or hardware assists) compiler for uspace, kspace, and nspace (ixp1200) IF (PKT.IP_PROTO == PROTO_TCP) THEN // reg.0 = hash over flow fields R[0] = Hash (14,12,1024) // increment pkt counter at this // location in MBuf MEM[ R[0] ]++ FI IF (PKT.IP_PROTO == PROTO_TCP) THEN // reg.0 = hash over flow fields R[0] = Hash (14,12,1024) // increment pkt counter at this // location in MBuf MEM[ R[0] ]++ FI

12 packet sources uspace kspace nspace ● currently three kinds implemented - netfilter -net_if_rx() -IXP1200 ● implementation on IXPs : NIC-FIX -bottom of the processing hierarchy -eliminates mem & bus bottlenecks

13 Network Processors “programmable NIC” zero copy copy once on-demand copy

14 Performance results pkt loss: FFPF: < 0.5% LSF: 2-3%

15 Performance results pkt loss: LSF:64-75% FFPF: 10-15%

16 Performance

17 Summary concept of ‘flow’  generalised copying and context switching  minimised processing in kernel/NIC  complex programs + ‘pipes’ FPL: FFPF Packet Languages  fast + flexible persistent storage  flow-specific state authorisation + third-party code  any user flow groups  applications sharing packet buffers

18 More Information http://ffpf.sourceforge.net/

19 microbenchmarks

Download ppt "FFPF: Fairly Fast Packet Filters uspace kspace nspace Vrije Universiteit Amsterdam Herbert Bos Willem de Bruijn Trung Nguyen Mihai Cristea Georgios Portokalidis."

Similar presentations

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.
P4: specifying data planes

P4: specifying data planes
ENGINEERING WORKSHOP Compute Engineering Workshop P4: specifying data planes Mihai Budiu San Jose, March 11, 2015.

ENGINEERING WORKSHOP Compute Engineering Workshop P4: specifying data planes Mihai Budiu San Jose, March 11, 2015.
Multi-granular, multi-purpose and multi-Gb/s monitoring on off-the-shelf systems TELE9752 Group 3.

Multi-granular, multi-purpose and multi-Gb/s monitoring on off-the-shelf systems TELE9752 Group 3.
Computer Organization and Architecture

Computer Organization and Architecture
01/05/2015Leiden Institute of Advanced Computer Science 1 The Open Kernel Environment - spinning Linux - Herbert Bos Bart Samwel

01/05/2015Leiden Institute of Advanced Computer Science 1 The Open Kernel Environment - spinning Linux - Herbert Bos Bart Samwel
The Open Kernel Environment (opening up all levels of the processing hierarchy in a 'safe' manner) Herbert Bos Bart Samwel Leiden University

The Open Kernel Environment (opening up all levels of the processing hierarchy in a 'safe' manner) Herbert Bos Bart Samwel Leiden University
Chapter 12 CPU Structure and Function. CPU Sequence Fetch instructions Interpret instructions Fetch data Process data Write data.

Chapter 12 CPU Structure and Function. CPU Sequence Fetch instructions Interpret instructions Fetch data Process data Write data.
Computer Organization and Architecture

Computer Organization and Architecture
An IST Projecthttp://www.ist-lobster.org/ 1 Herbert Bos, VU, The Ruler Anonymization Language Kees van Reeuwijk Herbert Bos.

An IST Projecthttp:// 1 Herbert Bos, VU, The Ruler Anonymization Language Kees van Reeuwijk Herbert Bos.
CMPT 300: Operating Systems I Dr. Mohamed Hefeeda

CMPT 300: Operating Systems I Dr. Mohamed Hefeeda
Engine Design: Stream Operators Everywhere Theodore Johnson AT&T Labs – Research Contributors: Chuck Cranor Vladislav Shkapenyuk.

Engine Design: Stream Operators Everywhere Theodore Johnson AT&T Labs – Research Contributors: Chuck Cranor Vladislav Shkapenyuk.
EE228A Project, Fall 2000 Yunfei Deng, Kenneth Cheung, Daniil Khidekel Professor Jean Walrand 12/5/2000 Modular TCP.

EE228A Project, Fall 2000 Yunfei Deng, Kenneth Cheung, Daniil Khidekel Professor Jean Walrand 12/5/2000 Modular TCP.
1 School of Computing Science Simon Fraser University CMPT 300: Operating Systems I Dr. Mohamed Hefeeda.

1 School of Computing Science Simon Fraser University CMPT 300: Operating Systems I Dr. Mohamed Hefeeda.
Computer Organization and Architecture The CPU Structure.

Computer Organization and Architecture The CPU Structure.
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.

CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.

Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
FFPF: Fairly Fast Packet Filters uspace kspace nspace Vrije Universiteit Amsterdam Herbert Bos Willem de Bruijn Trung Nguyen Mihai Cristea Georgios Portokalidis.

FFPF: Fairly Fast Packet Filters uspace kspace nspace Vrije Universiteit Amsterdam Herbert Bos Willem de Bruijn Trung Nguyen Mihai Cristea Georgios Portokalidis.
Computer System Overview

Computer System Overview
OS support for (flexible) high-speed networking Herbert Bos Vrije Universiteit Amsterdam uspace kspace nspace u k n monitoring intrusion detection packet.

OS support for (flexible) high-speed networking Herbert Bos Vrije Universiteit Amsterdam uspace kspace nspace u k n monitoring intrusion detection packet.

Similar presentations

Ads by Google