1. No category

TQ - DEEPNESS Lab

ORange: Multi Field OpenFlow
based Range Classifier
Liron Schiff Tel Aviv University
Yehuda Afek Tel Aviv University
Anat Bremler-Barr Inter Disciplinary Center
Presenter: Netanel Cohen Inter Disciplinary Center
The 11th ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS '15)
Supported by the European Research Council (ERC) Starting Grant no. 259085 and by the Israel Science Foundation
Grant no. 1386/11.
Range-based packet classification
replicas
Internet
Source IP Address
End
Action
Start
61.26.188.55 Server
r3
192.168.1.1
End
Action
192.168.15.7 Server r3
…
Start
0.0.0.0
Destination IP Address
61.26.188. 56 61.37.255.0
61.37.255.1
93.2.100.50
Server
r1 Firewalls
192.168.1.1
192.168.99.1 Server r1
Server
10.0.0.1r2 Forwarding
10.5.0.127
Server r2
93.2.100.51
…..
Balancers Drop
Drop
10.12.0.100Load10.40.5.77
DDoS
mitigation ……
……
…..
………
127.0.64.40
………
…….
Packet header : Field 1 Field 2
Flow Table:
… Field k
Match
Actions
Flow Entry
Flow Entry
But
• OpenFlow matches can not be ranges!
– Only masked values
• No consistent multi switch update
Contributions
• Ranges classification in OpenFlow: ORange1
– Costs 2 entries per range
(instead of linear with field size , usually 16 or 32)
• Multi Field ranges classification: ORange-k
• Update consistency (with ranges)
– Per packet, per flow and cross-entrance
Single Field Ranges classification
in OpenFlow
ORange1
Ranges by Naive Prefix Expansion
• 2w – 2 entries per range
62 entries per IPv4 range
254 entries per IPv6 range
Start
End
Action
125.26.188. 56 125.37.255.0 Server A
125.37.255.1 126.2.100.50 Server B
Pattern
125.26.188. [00111***]
125.26.188. [01******]
125.26.188. [1*******]
125. [00011011].*.*
125. [000111**].*.*
125. [001000**].*.*
125.[00100100].*.*
125.37.[0*******].*
125.37.[10******].*
125.37.[110*****].*
125.37.[1110****].*
125.37.[11110***].*
125.37.[111110**].*
125.37.[1111110*].*
125.37.[11111110].*
125.37. 255.0
125.37. 255.1
125.37. 255.[0000001*]
125.37. 255.[000001**]
125.37. 255.[00001***]
125.37. 255.[0001****]
125.37. 255.[001*****]
125.37. 255.[01******]
125.37. 255.[1*******]
125.[0010011*].*.*
125.[00101***].*.*
125.[0011****].*.*
125.[01******].*.*
125.[1*******].*.*
126. [0000000*].*.*
126. 2. [00******].*
126. 2. [010*****].*
126. 2. [011000**].*
126. 2. 100.[0010****]
126. 2. 100.[00110001]
126. 2. 100.[00110010]
Action
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Ternary CAMs (TCAMs)
• Associative Memory chips:
00100111
in
0 0*10**1*
1 00100111
2 11***011
out
0
m 01010110
• Properties:
– Ternary values (‘0’,’1’ and ‘*’)
– High throughput (300M ops per sec for 1Mb TCAM)
– Used in routers (IP lookup, classification)
– Expensive, high power consumption -> limited size
– Sometimes used to implement Flow Tables
A non OpenFlow Approach - PIDR
[Panigrahy&Sharma2003]
𝑅 = 34, 55 = [00100010𝑏, 00110111𝑏]
Longest common prefix (LCP):
TCAMs:
0-ELCPs
0010****
…
001
1-ELCPs
0011****
…
A non OpenFlow Approach - PIDR
[Panigrahy&Sharma2003]
𝟓𝟏 > 𝟔𝟐 ?
Compare
(TCAM)
Query
Read
Range
Bound
(TCAM)
Query
Read
Range
Bound
Compare
𝟓𝟏 < 𝟓𝟓 ?
Adapting PIDR to OpenFlow
PIDR
• Special hardware design
– Parallel TCAMs
– Query and read range bounds
– Comparing with bounds
• Static configuration
– No online updates
ORange1
• New OpenFlow design
– OpenFlow pipeline
– Match+Action sets field
– Compare by flow table
and metadata field
• Dynamic configuration
– Consistent updates
A non OpenFlow Approach - PIDR
[Panigrahy&Sharma2003]
(TCAM)
Query
Read
Range
Bound
Compare
Read
Range
Bound
Compare
(TCAM)
Query
Adapting PIDR to OpenFlow
Read
Range
Query
Bound
are Flow-Table
Flow Table match + action
Flow Table based comparisons
Compare
Compare
•
Read
Query Range
Even Comparisons
Bound
based!
Adapting PIDR to OpenFlow
51
Packet:
<tmp>
q
0 55 51
rid max
rid max
q
q
Compare
max≥q
(size 2w
TCAM)
q
rid
max/
min
q
no match
no match
ELCP1s
(size n
TCAM)
rid min
False
ELCP0s
(size n
TCAM)
Drop /
controller
Compare
min≤q
(size 2w
TCAM)
True
True
False
RIDs
(size n
CAM)
Range
Action
Range
0
Action
Reducing Pipeline Length
Packet:
<tmp>
q
rid max
rid max
q
q
rid min
Compare
max≥q
(size 2w
TCAM)
rid
max/
min
q
no match
no match
ELCP1s
(size n
TCAM)
q
False
ELCP0s
(size n
TCAM)
True
No need
if ranges span
the entire space
Drop /
controller
Compare
min≤q
(size 2w
TCAM)
False
Can be
implemented by
the groups table
True
RIDs
(size n
CAM)
Range
Action
ORange1 Implementation
• Space Complexity (entries per range)
– Naive Approach: 2w-2
– Our work: 2
2 per range +
65 for comparison table
e.g. for 100 IPv4 ranges: 6,200 vs 265 entries
• Limitation
– only disjoint ranges
k field Ranges Classification
ORange-k
Multi Dimensional Ranges
• Naive expansion: #entries exponentially grows
with the dimension k:
(2𝑤 − 2)𝑘
entries per range
Bigger problem!
y
0001
001*
010*
0110
0001
001*
010*
0110
0001
001*
010*
0110
0001
001*
010*
0110
0111
10**
110*
01**
100*
1010
01**
100*
1010
01**
100*
1010
01**
100*
1010
x range
0001
1
0001
1
0001
1
0001
1
001*
1
001*
1
001*
1
001*
1
010*
1
010*
1
010*
1
010*
1
0110
1
0110
1
0110
1
0110
1
10**
3
10**
3
10**
3
0011
2
0011
2
0011
2
01**
2
01**
2
01**
2
10**
2
10**
2
10**
2
1100
2
1100
2
1100
2
Field Reduction
• Given k-dimensional ranges:
𝑟1 = 1,6 𝑥[1,6]
𝑟2 = 4,10 𝑥[3,12]
𝑟3 = 7,13 𝑥[8,11]
Field Reduction
• We project them on each axis
Field Reduction
• We compose each axis to disjoint intervals
[11,13]
[7,10]
[4,6]
[1,3]
Field Reduction
• We re-encode the ranges according to intervals ids
𝑟′1 = 0,1 𝑥[0,1]
𝑟′2 = 1,2 𝑥[1,4]
𝑟′3 = 2,3 𝑥{3}
Field Reduction
• For each packet we re-encode its field values
𝑦, 𝑥 = (8,4)
𝑦′, 𝑥′ = (2,1)
𝑟′1 = 0,1 𝑥[0,1]
𝑟′2 = 1,2 𝑥[1,4]
𝑟′3 = 2,3 𝑥{3}
Field Reduction
• Smaller fields make much smaller k-dimensional
encoding
y
0001
001*
010*
0110
0001
001*
010*
0110
0001
001*
010*
0110
0001
001*
010*
0110
0111
10**
110*
01**
100*
1010
01**
100*
1010
01**
100*
1010
01**
100*
x range
0001
1
0001
1
0001
1
0001
1
001*
1
001*
1
001*
1
001*
1
010*
1
010*
1
010*
1
010*
1
0110
1
0110
1
0110
1
0110
1
10**
3
10**
3
10**
3
0011
2
0011
2
0011
2
01**
2
01**
2
01**
2
10**
2
10**
2
10**
2
1100
2
1100
2
y'
00*
001
010
01*
001
010
001
010
x' range
00*
1
001
1
001
1
011
3
01*
2
01*
2
100
2
100
2
𝑟1 = 1,6 𝑥[1,6]
𝑟′1 = 0,1 𝑥[0,1]
𝑟2 = 4,10 𝑥[3,12]
𝑟′2 = 1,2 𝑥[1,4]
𝑟3 = 7,13 𝑥[8,11]
𝑟′3 = 2,3 𝑥{3}
ORange-k Implementation
• Re-encode each field in the metadata field
• Then classify by new (smaller) k field ranges
Packet header
Metadata
field1 field2 … field k f1 f2 … fk
8
2 1
4
k dims. Classifier
ORange1
Classifier
#1
ORange1
Classifier
#2
…
ORange1
Classifier
#k
ORange-k Implementation
• Space Complexity (entries per range)
– Naive expansion: (2𝑤 − 2)𝑘
– Our approach: 4k + 2 log 𝑛
𝑘
e.g. for 100 2-dimensional IPv4 ranges: 20k vs 380k
entries in the worst case
• Pipeline length 3k + 1
• Atomic updates (next slides)
• Works well with overlapping ranges
ORange-k Space Improvement
Improvment (%)
w=16
60%
50%
40%
30%
20%
10%
0%
1
• 1000 Random ranges
• 16bit fields
2
3
# dimensions
4
ORange-k Space Improvement
1.00E+09
109
Space (bits)
1.00E+08
108
Naïve expansion
1.00E+07
107
1.00E+06
106
ORange
1.00E+05
105
1.00E+04
104
1.00E+03
103
8
16
24
32 40 48
width (bits)
56
• Total space for 100 Random 4-dimensional ranges.
64
Consistency
As time permits
Update Consistency
Consistency of adding, changing and
deleting ranges
Three levels of consistency:
• Per-Packet
• Per-Flow
• Cross-Entrance
Per-Packet consistency
• Change affects several entries
Start
End36
Action
125.26.188. 56
125.37.255.0
Server A
125.37.255.1
126.2.100.50
Server B
36
Pattern
125.26.188. [00111***]
125.26.188. [01******]
125.26.188. [1*******]
125. [00011011].*.*
125. [000111**].*.*
125. [001000**].*.*
125.[00100100].*.*
125.37.[0*******].*
125.37.[10******].*
125.37.[110*****].*
125.37.[1110****].*
125.37.[11110***].*
125.37.[111110**].*
125.37.[1111110*].*
125.37.[11111110].*
125.37. 255.0
125.37. 255.1
125.37. 255.[0000001*]
125.37. 255.[000001**]
125.37. 255.[00001***]
125.37. 255.[0001****]
125.37. 255.[001*****]
125.37. 255.[01******]
125.37. 255.[1*******]
125.[0010011*].*.*
125.[00101***].*.*
125.[0011****].*.*
125.[01******].*.*
125.[1*******].*.*
126. [0000000*].*.*
126. 2. [00******].*
126. 2. [010*****].*
126. 2. [011000**].*
126. 2. 100.[0010****]
126. 2. 100.[00110001]
126. 2. 100.[00110010]
Action
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
<empty>
125.36.[0*******].*
125.36.[10******].*
125.36.[110*****].*
125.36.[1110****].*
125.36.[11110***].*
125.36.[111110**].*
125.36.[1111110*].*
125.36.[11111110].*
125.36. 255.0
125.36. 255.1
125.36. 255.[0000001*]
125.36. 255.[000001**]
125.36. 255.[00001***]
125.36. 255.[0001****]
125.36. 255.[001*****]
125.36. 255.[01******]
125.36. 255.[1*******]
125.[00100101].*.*
Flow table:
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server A
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Server B
Per-Packet consistency
• Change affects several entries
• Need atomicity (while traffic passes thru)
• Existing solutions implemented using
Packet buffering, or
Packet
duplicating and switching tables
match
Flow Table
Accesses
modify
entry
modify
entry
modify
entry
time
Single range update
Per-Flow Consistency
[Reitblatt, Foster, Rexford, Schlesinger, Walker 2012]
Start
End
Action
125.26.188. 56
125.37.255.0
Server 2
125.37.255.1
126.2.100.50
Server 3
replicas
Internet
…
client’s IPs
Per-Flow Consistency
[Wang, Butnariu, Rexford, 2011]
Start
End
Action
36
125.26.188. 56
125.37.255.0
Server 2
125.37.255.1
126.2.100.50
Server 3
Change in weights

Change in ranges
replicas
36
Internet
But existing flow
shouldn’t change
…
client’s IPs
Per-Flow Consistency
[Wang, Butnariu, Rexford, 2011]
Start
End
Action
replicas
36
125.26.188. 56
125.37.255.0
Server 2
125.37.255.1
126.2.100.50
Server 3
36
client’s IPs
…
New
flow
Cross-Entrance Consistency
SDN Network
replicas
X
Internet
…
client’s IPs
summary
• Efficient Ranges implementation in OpenFlow
– One dimensional – ORange1
– Multi-dimensional – ORange-k
• Update Consistency
– Per packet
– Per flow
– Cross-entrance
Questions ?

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz