1. 1 cPredicates*: Software-controlled L7 Router Classification George Porter With Christoph Schuba and Randy Katz UC Berkeley OASIS Summer Retreat 2004 * short for “Classification Predicates”

2. 2 cPredicates Overview What is it? Router building block that enables software-based network services in PNE * s without datapath technology knowledge What does it enable? PNE switching decisions based on L7 features HTTP Url, iSCSI command type, XML object What is new about this approach? We don’t look at the whole stream cPredicates abstract away NPUs, FPGAs, etc. with a clean interface that supports multiple services * PNE = Programmable Network Element

3. 3 Motivation: Horizontally Scaled Systems (HSS) Desired policy: HTTP: “GET /images/*” across Web 2 and Web 3 XML: “WorkOrder” objects to App 2 ISCSI: Logical Unit (LUN) 3 to LUN 4 Network device needs visibility into the application layer LB / Firewall Web 1 Web 2 Web 3 App 1 App 2 App 3 DB 1 DB 2 Storage Tier 0 Tier 1 Tier 2 Tier 3 Storage

4. 4 Abstracted View Switch Fabric: 5-tuple based (L2-L4) Packets sent to CPU for L7 processing, but Too expensive to send all packets through CPU So instead: – CPU installs a 5-tuple map into the switch fabric – Rest of flow handled by switch fabric alone LB / Firewall Web 1 Web 2 Web 3 Web 4 App 1App 2App 3 DB 1DB 2 Storage HTTP XML, SOAP JDBC iSCSI Switch Fabric CPU Layer 4 Layer 7 packets

5. 5 What is the problem with that? Pipelined HTTP: iSCSI: XML: GET /index.html HTTP/1.0... HTTP/1.0 200 OK html data... GET /images/top.gif HTTP/1.0... HTTP/1.0 200 OK image data GET /images/sidebar.gif HTTP/1.0... HTTP/1.0 200 OK image data Operation: WRITE Block: 13210 LUN: 3 Length: 64 Operation: READ Block: 5622 LUN: 4 Length: 32 Operation: WRITE Block: 912 data order information order information Oski UC Berkeley </customer

6. 6 Example of what goes wrong GET /index.html HTTP/1.0... HTTP/1.0 200 OK html data... GET /images/top.gif HTTP/1.0... HTTP/1.0 200 OK image data GET /images/sidebar.gif HTTP/1.0... HTTP/1.0 200 OK image data

7. 7 Example of what goes wrong GET /index.html HTTP/1.0... HTTP/1.0 200 OK html data... GET /images/top.gif HTTP/1.0... HTTP/1.0 200 OK image data GET /images/sidebar.gif HTTP/1.0... HTTP/1.0 200 OK image data Sub- request #1 #2 #3

8. 8 Example of what goes wrong GET /index.html HTTP/1.0... HTTP/1.0 200 OK html data... GET /images/top.gif HTTP/1.0... HTTP/1.0 200 OK image data GET /images/sidebar.gif HTTP/1.0... HTTP/1.0 200 OK image data Sub- request #1 #2 #3

9. 9 Example of what goes wrong Switch Fabric CPU GET /index.html HTTP/1.0... HTTP/1.0 200 OK html data... GET /images/top.gif HTTP/1.0... HTTP/1.0 200 OK image data GET /images/sidebar.gif HTTP/1.0... HTTP/1.0 200 OK image data Sub- request #1 #2 #3 Action: Action: Send to Server 3  Server 3

10. 10 Problem Statement: Need efficient, selective processing HTTP: iSCSI: XML: GET /index.html HTTP/1.0... HTTP/1.0 200 OK html data... GET /images/top.gif HTTP/1.0... HTTP/1.0 200 OK image data GET /images/sidebar.gif HTTP/1.0... HTTP/1.0 200 OK image data Operation: WRITE Block: 13210 LUN: 3 Length: 64 Operation: READ Block: 5622 LUN: 4 Length: 32 Operation: WRITE Block: 912 data order information order information Oski UC Berkeley </customer

11. 11 New Idea: cPredicates Insert a predicate P() with the 5-tuple – P() evaluated on each packet – P() satisfied  packet sent to CPU – Otherwise, handled by switch Result: CPU can now selectively process flow Without knowledge of switch’s NPU, FPGA, etc. P() s enabled by NPU advances Switch Fabric CPU (  server i), P()

12. 12 What does P() look like? Which packets go to the CPU? P() == true All packets P() == false No packets (most common today) P() == exact_match(pattern) Any portion of packet matches pattern P() == range_match(x <= seqnum <= y) Specific field in packet lies in range (x,y) P() == regexp(pattern) Packets matching regular expression Others, depending on HW availability New opportunity to define minimum list of P() s needed

13. 13 cPredicates enable these protocols: We can now support: Pipelined HTTP P() == regexp(GET * HTTP/1.0) iSCSI Storage Protocol P() == range_match(x <= tcpseqnum <= y) XML object switching P() == exact_match( )

14. 14 New services with software Unlike before, now CPU-based network services can selectively process L7 flows Pipelined HTTP, iSCSI, XML, etc. PNE datapaths export a list of predicates Service writers only care about predicates, not underlying technology Clean, abstracted interface can enable new innovations

15. 15 Storage Example Switch Fabric CPU high? LowPrio HighPrio 2 Mb/s Action in switch marks packets as HighPriority or LowPriority iSCSI headers only sent to CPU (data goes through switch) CPU updates mark that is set by the switch on subsequent data packets iSCSI: < 5% of packets go to CPU P() is (seqnum == X)

16. 16 Storage Example File1 File2 File3 File5 File6 File7 File4

17. 17 Summary Heterogeneous, HSS systems  In-network selective protocol processing cPredicates separate data from control in datapath CPU controls which features of L7 protocol it sees Without knowledge of underlying technology Enables efficient, software-based processing of whole flows, not just the first part of them Enables switching based on app-level features Low overhead and latency because of advances in NPU technology

18. 18 Future Directions Develop predicates based on H/W devices I have access to: Nortel 2424, Sun Puma, Sun Nauticus, MIT Click Evaluate impact on application perfomance Focus on video, XML, web-services and HSS Recommend new H/W functionality to support interesting predicates Prototype in Click, emulate new HW architectures Recommend canonical set of P() s

19. 19 Questions? Thanks to Christoph Schuba, Mohamed Hefeeda, and Sumantra Kundu