Router Plugins : A Software Architecture for Next-generation Router

1
Router Plugins A Software Architecture for
Next-generation Router

• IEEE/ACM Trans. On Networking, 2000 Feb
• Decasper et al.
• Washington Univ. Applied Research Lab
• http//www.arl.wustl.edu/

2
Washington Univ. ARL

• AN Journal
• Design Issues for High Performance Active
  Routers, IEEE JSAC, March 2001.
• Dynamic Hardware Plugins (DHP) Exploiting
  Reconfigurable Hardware for High-Performance
  Programmable Routers. Computer Networks, 2/02
• Scalable High Speed Prefix Matching, ACM Tran. on
  Computer Systems.
• A Scalable High-Performance Active Network Node,
  IEEE Network, January/February 1999

3
Outline

• Introduction
• Architecture
• Plug-ins and Plug-in Control Unit
• Association Identification Unit
• Performance
• Conclusions and future work

4
Modern Router Service

• Integrated service / DS
• L3 / L4 routing /switching tech.
• Security (VPN / Firewall).
• Enhancements to existing protocol , (congestion
  control. RED).
• New core protocol (IPv6).
• New service (NAT, Http Proxy)

5
Extended Services Router (ESR)
Arch-1
Arch-2
6
ESR

• Modularity Core / Module
• Extensibility Dynamic Load
• Flexibility Easy control,
• ( Create , configure , bind )
• Performance

7
Proposed Arch.
ESR

• Kernel NetBSD
• Flow classification and configured profiles
• Per flow classification
• Class-based classification (CBQ)
• Security and application layer gateway
• Classify packets into flow and apply different
  policy.

8
Proposed Arch. (cont.)
ESR

• System Monitor
• Monitor traffic, and to gather and report various
  statistic .
• Result
• IPv6 based.
• Only 8 more overhead than BE kernel.
• Large num of filters. (50000)
• Two packet schedulers Deficit Round Robin (DRR)
  , Hierarchical Fair Service Curves (H-FSC)

9
Related Work

• Microsoft Routing and Remote Access Service for
  Windows NT
• Alternate queueing in NetBSD
• X-kernel
• Click modular router
• Active network

10
Overview Arch

• Full kernel space implementation for High
  performance
• Dynamic Loading and Unloading of plug-ins at run
  time into the networking subsystem
• Creation of individual instances of plug-ins for
  maximal flexibility
• Efficient mapping of individual data packets to
  flows and the ability to bind flows to plug-in
  instances.

11
Overview Arch (con.t)

• For different configuration, there are multiple
  instances for one plug-in.
• Plug-in Control Unit (PCU) hides implementation
  specific details from plug-in and allow them to
  access the system.
• The plug-ins use standardized messages.

12
Overview Arch (con.t)

• Filter
• ltsource address, destination address,
  protocol, source port, destination port, incoming
  interfacegt
• Filter lookup using a direct acyclic graph (DAG).
• The filter lookup to determine the right plug-in
  instance for first packet of a burst. Subsequent
  packets get info from a fast flow cache.

13
The Control Path
conf1
CP1
conf2
conf3
CP2
14
The Control Path (cont.)
CP

• IPv4 / IPv6 core
• No plug-in-related control path interactions
  with.
• Plug-ins
• Plug-in control unit
• Responsible for forward message to individual
  plug-ins from kernel or other plug-ins.
• Association identification unit
• It implements a packet classifier and builds the
  glue between the flows and plug-ins instances.

15
The Control Path (cont.)
CP

• Plug-in manager
• A user space utility used to configure the
  system. Application call user-space router
  plug-in library to configure all kernel level
  component.
• Daemons
• Route daemon / RSVP

16
Configuration
CP

• Load a Plug-in
• Load plug-ins into the kernel. Plug-ins will
  register themselves with the PCU by providing
  callback function.
• Callback function is used to send messages to the
  plug-in, such as creating and freeing instances ,
  binding plug-in instances to flows, pass plug-in
  specific data between an instance of a plug-in
  and an application

17
Configuration (cont.)
CP

• Creating a instance of a plug-in
• Using the plug-in manager application,
  configuration messages can be sent to plug-in.
• Ex lt firewall plug-in instance , interfacegt
• Creating filters
• Binding one or more flows to plug-in instance.The
  plug-ins manager or daemons can create filters
  through calls to the AIU

18
Configuration (cont.)
CP

• Binding flows to instances
• Register the filter table with a gate
• The plug-in register its filter table with a gate
  in the IP core.

19
Data Path
FT
EDP1
EDP2
EDP3
EDP4
20
Data Path (cont.)
DP

• Gate A gate is a point in the IP core where the
  flow of execution branches off to an instance of
  a plug-in.
• It is a simple macro that encapsulates
  function call to the AIU that will return the
  correct plug-in instance which is to be used for
  processing the packet.

21
Data Path (cont.)
DP
22
Data Path (cont.)
DP

• Flow Table
• The AIU maintain the binding between flows and
  plug-in instances. The Flow Table is used to
  cache flows. Implementation based on DAG.
• Filter Table
• The Filter Table store the bindings between
  filters and plug-ins for each gate.
  Implementation based on hashing.

23
Example for Data Path
DP

• Packet Arrival
• To allow shortcut forwarding, the first gate is
  put at the point where the device driver for the
  network hardware passes the packet to the IP
  core.
• Encountering a gate
• Discover the right instance
• The gate make a call to the AIU.
• ltpointer to packet, gate num,gt // no data copy

24
Example for Data Path (cont.)
DP

• Packet classification
• Lookup flow table. If miss b). Otherwise EX2.
• Lookup flow table.
• Return instance pointer.
• //allow all or wildcard
• Caching of the instance pointer
• Put instance pointer into flow table.
• // no all or wildcard

25
Example for Data Path (cont.)
DP

• Returning the instance pointer
• Calling the instance
• Repeating the cycle

26
Example for Data Path 2 (cont.)
DAG
DP

• Processing at the first gate
• Shortcut forwarding Storing routing table
  lookup with flow entry in flow table.
• Associating the packet with a flow index
• Recording flow index (FIX) in packets data
  structure.
• Processing at subsequent gates
• Faster search by FIX. The AIU doesnt have to be
  called

27
Plug-ins

• Each plug-in is identified by 32-bit code.
• Socket type for all plug-ins related user space
  communication with kernel.
• Plug-ins fulfill two requirements
• Register a callback with PCU.
• The callback function must reply to messages.
• Messages
• Standardized messages
• Plug-in specific messages

28
Plug-ins (cont.)

• Message
• Create_instance
• Allocating a data structure for store
  configuration and rut-time info.
• Free_instance
• Delete instance and all reference to it are
  removed from flow / filter table.
• Register_instance
• Register instance with AIU, and binds that to a
  filter.
• Multiple filter -gt same instance. ltgt

29
Plug-ins (cont.)

• Deregister_instance
• Set_data
• Passes specific data to an instance. The caller
  of this message can be a user space application
  or another plug-in.
• Get_data
• Passes specific data to a user space application
  or another plug-in.

30
Plug-ins (cont.)

• Five Plug-ins
• Firewall
• IPsec
• Packet Scheduling
• Packer Filter
• Longest-prefix matching

31
Plug-ins (cont.)

• Future
• Routing
• Monitor / Management
• Congestion control (RED)
• Outside ASIC control

32
PCU

• Managing a table to store the plug-ins code and
  callback function.
• All control path comm. to the plug-ins goes
  through the PCU.
• Message dispatcher.
• Handling exceptions.

33
AIU

• Packet Classifier
• Fast flow detection
• Filter / Flow table
• Binding control ( instance, filter)

34
Filter Table (cont.)
EDP4
35
Flow Table (cont.)

• Hashing
• lt src add , dest add , protocol , src port , dest
  port gt

36
Example
37
Example (cont.)
38
Performance
ATM MTU 9180byte 100 pks / per flow
39
Performance
40
Conclusions

• Authors presented an extensible and modular
  software framework to implement high-performance
  extended services router.

41
Active network
42
NT
43
NT

• Micro kernel
• Value-add service by TDI/NDIS interface. (System
  Library)
• TDI Transport Driver Interface
• NDIS network driver interface specification
• Routing protocol (RIP / OSPF)
• Packet filtering
• Remote Access (RPC)
• Graphical user interface for configuration and
  monitor (GUI)

44
NT (cont.)
device driver responsible for managing
Microsoft's Winsock TCP/IP communications protocol
TDI Interface ( library interface)
NDIS Interface ( library interface)
45
NT (cont.)
Ex NetBIOS over TCP/IP
Services dont know how to use TCP/IP
TDI-compliant NetBIOS programming API on top of
the TCP/IP driver