Virtualizing Network I/O on End-Host OS

1
Virtualizing Network I/O on End-Host OS

• Takashi taka Okumura
• Department of Computer Science
• University of Pittsburgh

2
Whos taka?

• A Ph.D. student

• Working with Dr. Mosse'
• Semantics-aware Control of Medical Network
• Virtualization of network I/O on end-host OS

3
(No Transcript)
4
Network Control on End-host OS

• Traffic Management tool for system
  administrators
• Privileged Instructions
• Lack of Resource Protection Model
• Static Configuration
• Flat Queue Structure
• It is Traffic Management model for
  intermediate-nodes

5
The Traffic Control model limitsnetwork control
technology

• Why dont we have a standard API even for
  bandwidth control??
• Why do we need to be a root, just to control its
  own traffic??
• Why cant we realize access control
  per-application basis on Unix??
• Why cant we use Extension Header of IPv6, for
  existing applications?

Dummynet, IPFW, ALTQ, PF, LARTC, etc...
Dummynet, IPFW, ALTQ, PF, LARTC, etc...
6
What can we do ?
7
Fundamental Problem
Dissociation of Resource Management model and
Network Control Model
8
CPU Resource Management
Before
nice renice
9
Network Resource Management
Before
Virtualization of Network Interface!!
10
Hierarchical Management
Flexible Control Granularity
11
Example 1 netnice
pid 1234
netnice 1234 512Kbps
12
Example 2 sh
sh
ftp ftp.freebsd.org _at_2Mbps
13
Various Controls throughhierarchical
virtualization
Priority Queuing
Independent Packet Schedulers
14
Integration of QoS and Security Control
BPFlibpcap Compatible
15
The almighty primitive for network control

• Various Controls in a single framework
• Resource Protection
• Sophisticated API
• Integration of Network Control
• Bandwidth Management
• Queuing Control
• Firewall/Packet Filter
• Packet Capture

16
Intermission

• - Project Status -

17
India Gate, Bombay (Mumbai)
18
Why did Taka go to India?

• Loves Indian Food!
• To collaborate with Indian Hackers!

Gate
Taka
19
Netnice ORGan Opensource Project

• Kernel Development - Porting
• Application Development - Porting
• (Research Division discussed later)

20
Kernel Development

• FreeBSD 4 97
• Linux 50
• NetBSD 70
• OpenBSD 80
• FreeBSD 5 90
• MacOS X 5
• Windows 1

We want Alpha/Beta testers!!!
21
Applications

• Firewall Builder
• Netnice Daemon
• 3D-tcpdump
• Apache module
• inetd

22
Firewall Builder for Netnice

• Firewall Rule Builder GUI

Root VIF
23
Scripting Network Control
24
The Netnice Daemon netniced
Wireless Network
25
3D-TCPDUMP

• 3D Network Analysis/ Visualization Tool

26
Apache mod_netnice
27
inetd
cat /etc/inetd.conf ftp tcp ftpd -l telnet
tcp telnetd _at_32K/sec shell tcp rshd _at_32K/sec
inetd _at_1Mbps
Configuration of services and their resource
should be integrated
28
Got bored?
29
Existing Primitives

• Traffic Management tool for system
  administrators
• Privileged Instructions
• Lack of Resource Protection Model
• Static Configuration
• Flat Queue Structure
• Each primitive has particular objective, and had
  control application just for that particular
  purpose

30
Hierarchical Virtual Network Interface

• Generic OS service for end-host oriented network
  control
• Serves as a programming construct
• Works for a variety of purposes
• Extends the limit of end-host oriented network
  control
• But, we need to extend the limit, much more...

31
Research
32
TOPICS

• Architecture
• Compiler
• Algorithm
• Operating System
• Artificial Intelligence

33
Architecture

• Dynamic Extension of Protocol Stack by Virtual
  Machine technology

34
Protocol Stack Virtualization
BSD
Performance?
35
Compiler

• Compiler for High-performance Firewall

36
Firewall Instrumentation
packets
NIC
37
Algorithm

• Distributed Caching and Traffic Control Algorithm
  for Fermi FS

38
Distributed Caching and Traffic Control
Storage
L1 Buffer
L2 worker
On-line Jobs
1 job / 396ns
n 96
Distributed Hash Table (P2P) technology?
39
Operating System

• Coupled Scheduling Mechanism for CPU and Network

40
CPU Scheduling Network Control
High
Low

• High Priority Jobs
• Higher Network Priority
• Lower Priority Jobs
• Lower Network Priority

41
Artificial Intelligence

• Traffic Control based on Semantics analysis of
  on-going communication

42
Semantics-Aware Medical Network

• Needs for better fairness, safety, and security
• ex) Resource contention between traffic for...
• Emergency Case (such as Acute MI)
• Common cold

43
Semantics Aware Medical Network
Hospital
Ambulance
Node

• Each node understands traffic semantics and
  controls packets accordingly

44
Straightforward Approach

• Hop-by-hop routing
• Packet Dropping
• Encripted Payload
• Stateful Inspection

• What if we analyze the traffic semantics at the
  intermediate nodes?

45
Cooperation of End-nodes and Intermediate-nodes

• Hop-by-hop routing
• Packet Dropping
• Encripted Payload
• Stateful Inspection

• Hop-by-hop routing
• Packet Dropping
• Encripted Payload
• Stateful Inspection

• What if the end-nodes attach semantics
  information they analyze onto each packet?

46
Fairness by Agent model
We may realize fair and efficient
semantics-aware network...

• What if we prepare fair agents, and let the
  end-users select one for semantics analysis?

47
To realize such a technology,we need an end-node
mechanism!

• which allows analysis of flows at flexible
  granularity and active control of them just
  monitored.

48
? / /