Presentation is loading. Please wait.

Presentation is loading. Please wait.

ORange: Multi Field OpenFlow based Range Classifier Liron Schiff Tel Aviv University Yehuda Afek Tel Aviv University Anat Bremler-Barr Inter Disciplinary.

Published byLoraine Jacobs Modified over 9 years ago

Similar presentations

Presentation on theme: "ORange: Multi Field OpenFlow based Range Classifier Liron Schiff Tel Aviv University Yehuda Afek Tel Aviv University Anat Bremler-Barr Inter Disciplinary."— Presentation transcript:

1 ORange: Multi Field OpenFlow based Range Classifier Liron Schiff Tel Aviv University Yehuda Afek Tel Aviv University Anat Bremler-Barr Inter Disciplinary Center The 11th ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS '15) Supported by the European Research Council (ERC) Starting Grant no. 259085 and by the Israel Science Foundation Grant no. 1386/11. Presenter: Netanel Cohen Inter Disciplinary Center

2 ActionEndStart Server r361.26.188.550.0.0.0 Server r161.37.255.061.26.188. 56 Server r293.2.100.5061.37.255.1 Drop127.0.64.4093.2.100.51 ……………….. Source IP Address replicas Internet … Firewalls Forwarding Load Balancers DDoS mitigation ……. Range-based packet classification ActionEndStart Server r3192.168.15.7192.168.1.1 Server r1192.168.99.1192.168.1.1 Server r210.5.0.12710.0.0.1 Drop10.40.5.7710.12.0.100 ……………….. Destination IP Address

3 But OpenFlow matches can not be ranges! – Only masked values No consistent multi switch update ActionsMatch Flow Table: Flow Entry Field k…Field 2Field 1 Packet header :

4 Contributions Ranges classification in OpenFlow: ORange1 – Costs 2 entries per range (instead of linear with field size, usually 16 or 32) Multi Field ranges classification: ORange-k Update consistency (with ranges) – Per packet, per flow and cross-entrance

5 Single Field Ranges classification in OpenFlow ORange1

6 Ranges by Naive Prefix Expansion ActionEndStart Server A125.37.255.0125.26.188. 56 Server B126.2.100.50125.37.255.1 2w – 2 entries per range 62 entries per IPv4 range 254 entries per IPv6 range

7 Associative Memory chips: Properties: –Ternary values (‘0’,’1’ and ‘*’) –High throughput (300M ops per sec for 1Mb TCAM) –Used in routers (IP lookup, classification) –Expensive, high power consumption -> limited size –Sometimes used to implement Flow Tables Ternary CAMs (TCAMs) 0 * 10 ** 1 * 00100111 11 *** 011 01010110 in 0 1 2 m 0 00100111 out

8 A non OpenFlow Approach - PIDR [Panigrahy&Sharma2003] 1-ELCPs 0011**** … 0-ELCPs 0010**** … TCAMs: Longest common prefix (LCP):

9 A non OpenFlow Approach - PIDR [Panigrahy&Sharma2003] (TCAM) Query Compare Read Range Bound (TCAM) Query Read Range Bound

10 Adapting PIDR to OpenFlow Special hardware design – Parallel TCAMs – Query and read range bounds – Comparing with bounds Static configuration – No online updates New OpenFlow design – OpenFlow pipeline – Match+Action sets field – Compare by flow table and metadata field Dynamic configuration – Consistent updates ORange1 PIDR

11 A non OpenFlow Approach - PIDR [Panigrahy&Sharma2003] (TCAM) Query Compare Read Range Bound (TCAM) Query Read Range Bound

12 Adapting PIDR to OpenFlow Even Comparisons are Flow-Table based! Query Compare Flow Table based comparisons Read Range Bound Query Read Range Bound Flow Table match + action

13 Converting TCAM to Flow Table ActionsMatch (on q) Write rid,55 to metadata 0011**** q Packet: 51 qmaxrid 51550 1-ELCPs Flow Table

14 Adapting PIDR to OpenFlow ELCP1s (size n TCAM) Compare max≥q (size 2w TCAM) q qmax ELCP0s (size n TCAM) qmax RIDs (size n CAM) q max/ min rid False no match Compare min≤q (size 2w TCAM) False True qminrid Packet: Range Action Drop / controller no match True 51 550 Range 0 Action

15 OpenFlow based Comparison patterns 0*******1******* 0******* *0*******1****** *0******............ *******0*******1 *******0 ******** Result m>q m<q m>q m<q...... m>q m<q m=q qm Packet header 2w+1 entries w is the field's width (32 for IPv4)

16 Reducing Pipeline Length ELCP1s (size n TCAM) Compare max≥q (size 2w TCAM) q qmax ELCP0s (size n TCAM) qmax RIDs (size n CAM) q max/ min rid False no match Compare min≤q (size 2w TCAM) False True qminrid Packet: Range Action Drop / controller no match True No need if ranges span the entire space No need if ranges span the entire space Can be implemented by the groups table

17 ORange1 Implementation Space Complexity (entries per range) – Naive Approach: 2w-2 – Our work: 2 e.g. for 100 IPv4 ranges: 6,200 vs 265 entries Limitation – only disjoint ranges 2 per range + 65 for comparison table

18 k field Ranges Classification ORange-k

19 Multi Dimensional Ranges Naive expansion: #entries exponentially grows with the dimension k: Naive expansion: #entries exponentially grows with the dimension k: entries per range Bigger problem!

20 Field Reduction Given k-dimensional ranges:

21 Field Reduction We project them on each axis

22 Field Reduction We compose each axis to disjoint intervals [1,3] [4,6] [7,10] [11,13]

23 Field Reduction We re-encode the ranges according to intervals ids

24 Field Reduction For each packet we re-encode its field values

25 Field Reduction Smaller fields make much smaller k-dimensional encoding

26 ORange-k Implementation Re-encode each field in the metadata field Then classify by new (smaller) k field ranges MetadataPacket header fk…f2f1field k…field2field1 ORange1 Classifier #1 ORange1 Classifier #2 ORange1 Classifier #k … k dims. Classifier 8 4 2 1

27 ORange-k Implementation

28 ORange-k Space Improvement 1000 Random ranges 16bit fields

29 ORange-k Space Improvement Total space for 100 Random 4-dimensional ranges. Naïve expansion ORange

30 Consistency As time permits

31 Update Consistency Consistency of adding, changing and deleting ranges Three levels of consistency: Per-Packet Per-Flow Cross-Entrance

32 Per-Packet consistency Change affects several entries ActionEndStart Server A125.37.255.0125.26.188. 56 Server B126.2.100.50125.37.255.1 36 Flow table:

33 Per-Packet consistency Change affects several entries Need atomicity (while traffic passes thru) Existing solutions implemented using Packet buffering, or duplicating and switching tables time Flow Table Accesses modify entry modify entry modify entry modify entry modify entry modify entry Packet match Single range update

34 Per-Flow Consistency [Reitblatt, Foster, Rexford, Schlesinger, Walker 2012] Internet replicas client’s IPs … ActionEndStart Server 2125.37.255.0125.26.188. 56 Server 3126.2.100.50125.37.255.1

35 Internet replicas client’s IPs Change in weights  Change in ranges … ActionEndStart Server 2125.37.255.0125.26.188. 56 Server 3126.2.100.50125.37.255.1 36 But existing flow shouldn’t change Per-Flow Consistency [Wang, Butnariu, Rexford, 2011]

36 replicas client’s IPs … ActionEndStart Server 2125.37.255.0125.26.188. 56 Server 3126.2.100.50125.37.255.1 36 Per-Flow Consistency [Wang, Butnariu, Rexford, 2011] New flow

37 Cross-Entrance Consistency replicas … client’s IPs Internet X SDN Network

38 summary Efficient Ranges implementation in OpenFlow – One dimensional – ORange1 – Multi-dimensional – ORange-k Update Consistency – Per packet – Per flow – Cross-entrance

39 Questions ?

Download ppt "ORange: Multi Field OpenFlow based Range Classifier Liron Schiff Tel Aviv University Yehuda Afek Tel Aviv University Anat Bremler-Barr Inter Disciplinary."

Similar presentations

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.
Liron Schiff * (TAU) Joint work with Yehuda Afek, Anat Bremler-Barr (TAU) (IDC) Recursive Design of Hardware Priority Queues Supported by European Research.

Liron Schiff * (TAU) Joint work with Yehuda Afek, Anat Bremler-Barr (TAU) (IDC) Recursive Design of Hardware Priority Queues Supported by European Research.
A Search Memory Substrate for High Throughput and Low Power Packet Processing Sangyeun Cho, Michel Hanna and Rami Melhem Dept. of Computer Science University.

A Search Memory Substrate for High Throughput and Low Power Packet Processing Sangyeun Cho, Michel Hanna and Rami Melhem Dept. of Computer Science University.
Router/Classifier/Firewall Tables Set of rules—(F,A)  F is a filter Source and destination addresses. Port number and protocol. Time of day.  A is an.

Router/Classifier/Firewall Tables Set of rules—(F,A)  F is a filter Source and destination addresses. Port number and protocol. Time of day.  A is an.
Internet Routers

Internet Routers
1 IP-Lookup and Packet Classification Advanced Algorithms & Data Structures Lecture Theme 08 – Part I Prof. Dr. Th. Ottmann Summer Semester 2006.

1 IP-Lookup and Packet Classification Advanced Algorithms & Data Structures Lecture Theme 08 – Part I Prof. Dr. Th. Ottmann Summer Semester 2006.
A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.

A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.

OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
1 An Efficient, Hardware-based Multi-Hash Scheme for High Speed IP Lookup Hot Interconnects 2008 Socrates Demetriades, Michel Hanna, Sangyeun Cho and Rami.

1 An Efficient, Hardware-based Multi-Hash Scheme for High Speed IP Lookup Hot Interconnects 2008 Socrates Demetriades, Michel Hanna, Sangyeun Cho and Rami.
Bio Michel Hanna M.S. in E.E., Cairo University, Egypt B.S. in E.E., Cairo University at Fayoum, Egypt Currently is a Ph.D. Student in Computer Engineering.

Bio Michel Hanna M.S. in E.E., Cairo University, Egypt B.S. in E.E., Cairo University at Fayoum, Egypt Currently is a Ph.D. Student in Computer Engineering.
M. Waldvogel, G. Varghese, J. Turner, B. Plattner Presenter: Shulin You UNIVERSITY OF MASSACHUSETTS, AMHERST – Department of Electrical and Computer Engineering.

M. Waldvogel, G. Varghese, J. Turner, B. Plattner Presenter: Shulin You UNIVERSITY OF MASSACHUSETTS, AMHERST – Department of Electrical and Computer Engineering.
Incremental Consistent Updates Naga Praveen Katta Jennifer Rexford, David Walker Princeton University.

Incremental Consistent Updates Naga Praveen Katta Jennifer Rexford, David Walker Princeton University.
Survey of Packet Classification Algorithms. Outline Background and problem definition Classification schemes – One dimensional classification – Two dimensional.

Survey of Packet Classification Algorithms. Outline Background and problem definition Classification schemes – One dimensional classification – Two dimensional.
1 TCAM Razor: A Systematic Approach Towards Minimizing Packet Classifiers in TCAMs Department of Computer Science and Information Engineering National.

1 TCAM Razor: A Systematic Approach Towards Minimizing Packet Classifiers in TCAMs Department of Computer Science and Information Engineering National.
OpenFlow-Based Server Load Balancing GoneWild

OpenFlow-Based Server Load Balancing GoneWild
Ranges & Cross-Entrance Consistency with OpenFlow Liron Schiff (TAU) Joint work with Yehuda Afek (TAU) Anat Bremler-Barr (IDC) Israel Networking Day 2014.

Ranges & Cross-Entrance Consistency with OpenFlow Liron Schiff (TAU) Joint work with Yehuda Afek (TAU) Anat Bremler-Barr (IDC) Israel Networking Day 2014.
Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.

Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.
On the Code Length of TCAM Coding Schemes Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel) 1.

On the Code Length of TCAM Coding Schemes Ori Rottenstreich (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel) 1.
Efficient Multi-match Packet Classification with TCAM Fang Yu Randy H. Katz EECS Department, UC Berkeley {fyu,

Efficient Multi-match Packet Classification with TCAM Fang Yu Randy H. Katz EECS Department, UC Berkeley {fyu,
張 燕 光 資訊工程學系 Dept. of Computer Science & Information Engineering,

張 燕 光 資訊工程學系 Dept. of Computer Science & Information Engineering,

Similar presentations

Ads by Google