BPC: A language for packet classification

1
BPC A language for packet classification

• Haiyong Wang
• hw6h_at_cs.virginia.edu

2
What is classification

• Classification is a mechanism that inspects
  incoming network packets, and based on the values
  found in selected header fields, determines how
  each to be processed.
• Usually, specifications are expressed as rules.
• Packets satisfying the same rule are classify
  into one flow.

3
Classification an example
Router
ISP1
Flow1
Classifier
ISP2
Flow2
Flow3
ISP3
4
Why Classification

• Essential to QoS (admission control, resource
  reservation, per-flow queuing and fair
  scheduling)
• Necessary to many advanced services ( load
  balancing and content-based routing)
• ISP ( Accounting, billing and network monitoring
  )
• Network Security

5
What has been done?

• Networking community extend IP lookup
• Focus on performance
• Very limited specifications, no language.
• Only work on Layer 3/4 header
• OS community packet demultiplexing
• machine-code level specification(difficult to
  develop and test)
• Filter composition issues

6
My work

• Based on a high-level packet filter language(BPF)
• Filter composition
• Look deeper and smarter
• Keep status

7
Why high-level language?
Short!
You can not express this in low level language!
Easy to use and error-free
8
Filter Composition

• Syntax
• 1 filter expression1
• 2 filter expression2
• n filter expression n
• Priority is used to resolve conflict

9
A Real Scenario
UserA Online chat
Low Delay Low Bandwidth
UserB Napster fan
Greedy Source
UserC Real player Stream
Constant BW Low delay Low Jitter
10
BPC solution
UserA Online chat
UserB Napster fan
UserC Real player Stream
11
Look Deeper and Smarter

• Why
• TCP/IP does not specify what to transmit
• Many application-layer protocols put keywords at
  the beginning of the payload
• How
• Search Regular Expression
• Allow User to define their own criteria

12
Syntax
Include Regular String From Len1 to Len2
Include Regular String from Len1 to Len2
many protocols are case insensitive
Limit the range can reduce the expense
Invoke user routine
boolean user_routine( void packet, int len)
13
I love you
14
I love you (cond)
15
Why keep status

• Enable us to classify packets dynamically
  according to the connections
• Provide uniform services to all the packets in
  the same connection
• Resource Reservation (allocation and
  de-allocation)

16
How to do that Syntax

• trigger ( start expression )
• remove ( end expression )
• satisfy ( match expression )
• identify by ( key words )

17
Keep status an example

• Example TCP connection
• trigger (tcp132 2) SYN packet
• remove tcp131 1 ) FIN packet
• satisfy ( tcp )
• identify (src host, src port, dst host, dst port)
  

18
DDOS
Packet Classifier
19
Is Everything all right
Analogy
Whats the moral
20
How to run fast

• Replace interpreter with native code
• Special hardware (hash table, parallel
  computation)
• Compiler Optimization
• Intra-filter
• Inter-filter

21
Inter-filter Optimization
Ip src host1
Ip dst host2
22
Optimization( cond )
23
Summary

• Work has been done
• Design a packet classification language by
  extending BPF
• Implement a working system.( You are welcomed to
  take a look after class )
• Future Work
• Integrate BPC into BPF
• Performance issues