Post on 03-Jan-2016
description
transcript
Jon Turnerjst@cs.wustl.edu
http://www.arl.wustl.edu/arl
Extreme NetworkingAchieving Nonstop Network Operation Under Extreme Operating Conditions
Fred Kuhns fredk@cs.wustl.edu
http://www.arl.wustl.edu/arl
2 - Jonathan Turner - July 31, 2001
Motivation Internet subject to extreme traffic conditions.
»correlated user behavior; selfish and/or malicious users Growing reliance on data networks.
»higher expectations for reliability and performance Design networks for worst-case traffic conditions.
»practice constructive paranoia»provide carefully regulated reserved bandwidth services»better queueing mechanisms for traffic isolation»network mechanisms to protect web sites from DDOS»plan for continuous upgrading of network infrastructure
extensible routers that can adapt to new threats, as they appear
Technology progress making extreme defenses practical, without sacrificing performance.
3 - Jonathan Turner - July 31, 2001
Extreme Network Services Lightweight Flow Setup (LFS)
»one-way unicast flow with reserved bandwidth, soft-state»no complex signaling, wire-speed setup, easy to deploy
Network Access Service (NAS)»provides controlled access to LFS» registration/authentication of hosts, users» resource usage data collection for monitoring,
accounting Reserved Tree Service (RTS)
»configured, semi-private network infrastructure for information service providers
» reserved bandwidth, separate queues for traffic isolation»paced upstream forwarding with source-based queues
for isolation and DOS protection
4 - Jonathan Turner - July 31, 2001
Can We Afford Per Flow Processing? If it adds value, absolutely. Per Flow State
»at $50/MB (fast SRAM), 200B of flow state = 1 cent»at $1/MB (DRAM), 10KB of flow state = 1 cent» if used for 2000 hours (avg. of <5% over 5 years),
costs 1 mcent per hour to cover cost of both Per Flow Processing
» to enable average of 10 instructions/byte on OC-192, need 12.5 GIPS
10 i/b enough for header processing 100 i/b enough for DES encryption
»at $200/GIPS, a 10 Mb/s flow will cost 125 mcents/hour»by 2010, expect to do 100 inst./byte for 12.5 mc/h
5 - Jonathan Turner - July 31, 2001
Resource Reservation in Internet? Bandwidth reservation can provide dramatically
better performance for some applications. Obstacles to resource reservation in Internet.
» distaste for signaling protocols» perceived complexity of IntServ+RSVP» requires end-to-end deployment» little motivation for service providers
How to get resource reservation in Internet?» keep it simple
focus on top priorities - one-way unicast flows avoid complex signaling - leverage hardware routing
mechanisms
» make it useful when only partially deployed» provide motivation for ISPs to deploy it
6 - Jonathan Turner - July 31, 2001
Lightweight Flow Setup Implicit, one-way, unicast flow reservation.
» to setup flow, just send packets - no advance signaling»specify flow rate(s) in packet header (using IP option)»flow detected and route selection triggered as needed» route for flow pinned until flow is released or times out»prefer routes with ample unreserved bandwidth
Stable rate reservation.»allocated independently by routers along path»congested links forward packets as datagrams
reservation request honored as bandwidth released by other flows
Transient rate reservation.» routers allocate bandwidth fairly among competing flows»direct feedback of bottleneck bandwidth to senders
7 - Jonathan Turner - July 31, 2001
IP Option for LFS
Stable rate fraction updated by routers on path.»may trigger usage-based accounting
Status request flags trigger status report. Alloc. rate stored at last hop router for status gen. F.P. rates with 4 bit mantissa, 4 bit exponent.
»specify rates from 64 Kb/s to 4 Gb/s , 6% “granularity”
length op. rate1flags rate2 8 4 4 8 4
code8
requestedrate
op identifies flow setup operation - release state - reserve stable rate - reserve transient rate - status report
- status request- ignore
allocatedrate
8 - Jonathan Turner - July 31, 2001
Implementing LFS - Input Side
If flow table entry present, use stored next hop If no flow table entry, lookup route & create entry
» store selected next hop in flow table entry At access router
» check privileges and record usage in access table» if flow setup not enabled, forward packet as datagram
FlowTable
FlowProcessor
RouteTable
. . .
FlowProc.
FlowTable
AccessTable
9 - Jonathan Turner - July 31, 2001
Implementing LFS - Output Side
If flow table entry present, use it to find queue, otherwise create an entry & allocate queue.
If stable rate specified, update entry.»keep list of unsatisfied reservation requests to process as
bandwidth becomes available If transient rate, update fair share and pacing rate.
FlowTable
FlowProcessor
RouteTable
. . .FlowProc.
FlowTable
AccessTable
10 - Jonathan Turner - July 31, 2001
Example Application
Web site specifies stable rate in outgoing streaming media packets
Use feedback to adjust sending rate if necessary. Note: no action required by receivers.
ISP Network
Edge Router
WebSite
PrivateLAN
11 - Jonathan Turner - July 31, 2001
Regulating LFS Usage Regulate LFS use to ensure availability to users.
»user-specific privileges (limit rates, # reserved flows,...) Record usage for monitoring, accounting.
» record reservation periods, rates, # bytes delivered User privilege and usage information stored in
host/user database. Regulation & monitoring at network access points.
» for fixed access, just use physical interface» for roaming access to ISP or corporate network
registration protocol executed when host connects to network IP tunnel for data transfers between host and access point all data to/from host passes through that point
12 - Jonathan Turner - July 31, 2001
Reserved Tree Service
Reserved tree branches out to locations where users are.Downstream packets forwarded on-tree, share reserved bandwidth pipes.
» last hops use datagram forwardingUpstream packets paced and kept in source-based queues.
Reserved Tree
Entry-ExitPoint
DatagramForwarding
WebSite
15 Mb/s
10 Mb/s
10 Mb/s
100 Mb/s70 Mb/s
70 Mb/s
upstream
downstream
13 - Jonathan Turner - July 31, 2001
Extreme Router Architecture
ControlProcessor
Switch Fabric
. . .
Flow/RouteLookup
Dist. Q. Ctl.Dist. Q. Ctl. OutputPortProc.
FlowLookup
InputPortProc.
Flow/RouteLookup
Dist. Q. Ctl.Dist. Q. Ctl.
FlowLookup
Lookup routeor state forreserved flows
Scalableswitch fabric
•system mgmt.•route table cfg.•setup for non-LFS flows
Distrib. queueing•traffic isolation•protect res. flows
14 - Jonathan Turner - July 31, 2001
Improving Datagram Service
Bandwidth hogging.»single user can take more than
fair share of link bandwidth»other users’ packets delayed
Synchronization of TCP flows.»large queues and large delays
SharedOutputQueue
sending rate
queue length
>500 MB
1000 flows at avg. rate of 10 Mb/s10 Kbits per packet, 100 ms RTT
>6.5 sec.
Deficit round-robin service.
Discard policy»longest queue with
hysteresis»discard front
Provides traffic isolation.»each queue gets fair share»small delays for “nice” flows
Aggregate queues based on source prefix.»avoid using up queues»limits bandwidth use from
single subnet
. . .Per SourceAggregateQueues
15 - Jonathan Turner - July 31, 2001
Super-Scalable Packet Scheduling
Scalability of QoS packet schedulers constrained by need to maintain sorted list of queues.
Use approximate radix sorting, with compensation - O(1).» timing wheels with increasing granularity and range» approximate sorting produces inter-packet timing errors» observe errors & compensate when next packet scheduled
Fast-forward bits used to skip to empty buckets. Scheduler puts no limit on number of queues.
wheel 1 wheel 2 wheel 3
output list
fast forward bits 00110100 10000010 00101010
16 - Jonathan Turner - July 31, 2001
Distributed Queueing Distributed queueing
regulates flow of traffic through fabric.»ensures reserved flows
receive assigned bandwidth»allocates unreserved
bandwidth fairly to datagram traffic Periodic broadcast of bandwidth assignments.
»per flow guarantees, without per flow info. broadcast»switch fabric “repackages” data so each port receives
only relevant information»update period limited to use <5% of switch bandwidth
adds <100 KB to each input’s buffer space in 1K port router
. . .
. . .
. . .
Sw
itch
Fab
ric
. . .. . .
17 - Jonathan Turner - July 31, 2001
Switch Fabric
IPP
OP
P
FPX
SPC
TI
IPP
OP
P
FPX
SPC
TI
IPP
OP
P
FPX
SPC
TI
IPP
OP
P
FPX
SPC
TI
IPP
OP
P
FPX
SPC
TI
IPP
OP
PFPX
SPC
TI
ControlProcessor
Prototype Extreme RouterField Programmable Port Ext.
NetworkInterfaceDevice
ReprogrammableApplication
Device
SDRAM128 MB
SRAM4 MB
Field Programmable Port Extenders
Input Port Processor
VCI VCI OUT
Smart Port Card
Sys.FPGA
64MB
Pentium
Cache
NorthBridge APIC
ATM Switch Core
Transmisson Interfaces
Embedded Processors
18 - Jonathan Turner - July 31, 2001
Summary Growing reliance on data networks creates higher
expectations - reliability, consistent performance. Design for worst-case - constructive paranoia. Technology progress making extreme defenses
practical, without sacrificing performance. Extensible, rapidly reconfigurable routers
essential.» reconfigurable hardware, embedded processors
Project will develop & evaluate technologies for extreme networking .
Things that haven’t worked.»PI’s lumbar region»otherwise, too early to say