PISCES:AProgrammable,Protocol-IndependentSoftwareSwitch
MuhammadShahbaz,SeanChoi,BenPfaff,Changhoon Kim,NickFeamster,NickMcKeown,andJenniferRexford
TCP
IPv4
Ethernet
UDP
IPv6 BGP
HTTP
TLS
Fixed-FunctionSwitchChipFixedSetofProtocols
2
• EaseofAdding newprotocols
• EaseofRemoving unusedprotocols
• GaingreaterVisibilityintothenetwork
• Performnetworkfunctionsattheswitch
3
TCP
IPv4
Ethernet
CUSTOM_P
IPv6 BGP
HTTP
TLS
ProgrammableSwitchingChipCustomProtocols
4
SoftwareSwitch
VM VM
VirtualPort
PhysicalPort
5
0
20
40
60
2010 2011 2012 2013 2014 2015
Millions
Approx.NumberofPhysicalPortsvs.VirtualPortsinGlobalDataCenters[1]
PhyicalPorts VirtualPorts
[1]MartinCasado,VMWorld 2013 6
Notreally…
ItshouldbeEASYtoprogram softwareswitches!
7
FastPacketForwarding
SoftwareSwitch
KernelDPDK
8
PacketProcessingLogic
SoftwareSwitch
KernelDPDK
Parser Match-ActionPipeline
Requiresdomainexpertisein:
- Networkprotocoldesign
- Kerneldevelopment
SlowtoreleasechangesSpecializedAPIs
9
SoftwareSwitch
KernelDPDK
Parser Match-ActionPipeline
ToaddTCPFlaginOpenvSwitch…
changed20filesand370linesofcode[1]
Weeks ofdevelopmentandTest
[1]https://github.com/openvswitch/ovs/commit/dc235f7fbcff
10
Wecandothisin4lines andwithinminuteswithPISCES!
header_type tcp_t {fields {srcPort : 16;dstPort : 16;seqNo : 32;ackNo : 32;dataOffset : 4; res : 4;tcp_flags : 12;window : 16;checksum : 16;urgentPtr : 16;
}}
parser tcp {extract(tcp);set_metadata(flow.tcp_flags,
tcp.tcp_flags);return ingress;
}
header_type flow_t {fields {...tcp_flags_pad : 4;tcp_flags : 12;...
}}
11
KernelDPDK
SoftwareSwitch
Parser Match-ActionPipeline
12
KernelDPDK
Software Switch
Domain-SpecificLanguage(DSL)
Parser Match-ActionPipeline
Compile
Parser Match-ActionPipeline
TCPHeaderheader_type tcp_t {fields {srcPort : 16;dstPort : 16;seqNo : 32;ackNo : 32;dataOffset : 4; res : 4;window : 16;checksum : 16;urgentPtr : 16;
}}parser tcp {extract(tcp);return ingress;
}...
13
KernelDPDK
SoftwareSwitch
Domain-SpecificLanguage
Parser Match-ActionPipeline
Compile
Parser Match-ActionPipeline
Domain-SpecificLanguage2
Parser Match-ActionPipeline
KernelDPDK
Switch2
Parser Match-ActionPipeline
PISCESisasoftwareswitch thattakes
• a Domain-SpecificLanguageinput
andoutputsacustomized
• aSoftwareSwitchTarget
14
KernelDPDK
OVS
Parser Match-ActionPipeline
Compile
Parser Match-ActionPipeline
[1]http://p4.org
P4isanopen-sourcelanguage.[1]
Easilydefines- Packetheadersandfields- Parser- Actions- Match-ActionTables
P4[1]
15
KernelDPDK
P4
Parser Match-ActionPipeline
Compile
Parser Match-ActionPipeline
NativeOVSPacketProcessingLogic
341 linesofP4code
14,535 linesofCcode
OVS
16
Compiler
P4Program
P.I.OVSparse match action
OVSExecutable
header_type tcp_t {fields {srcPort : 16;dstPort : 16;seqNo : 32;ackNo : 32;dataOffset : 4; res : 4;window : 16;checksum : 16;urgentPtr : 16;
}}parser tcp {extract(tcp);return ingress;
}...
header_type tcpv2_t {fields {srcPort : 16;dstPort : 16;seqNo : 32;ackNo : 32;dataOffset : 4; res : 4;tcp_flags : 8;window : 16;checksum : 16;urgentPtr : 16;
}}parser tcpv2 {extract(tcpv2);set_metadata(flow.tcp_flags,
tcpv2.tcp_flags);return ingress;
}...
17
PISCES
KernelDPDK
OVS
P4
Parser Match-ActionPipeline
Parser Match-ActionPipeline
PerformanceOverhead?Compile
18
8.2913.62
19.0025.71
13.43
23.35
33.17
43.00
05101520253035404550
64 128 192 256
Throughp
ut(G
bps)
PacketSize(Bytes)
PISCESv0.1
OVS
ThroughputonEth+IPv4+ACLbenchmarkapplication
Performanceoverheadof
~40%19
PacketParser
IngressMatch-Action
Tables
PacketDeparser
EgressChecksumVerify
ChecksumUpdate
CPUCyclesperPacket
20
CausefortheOverhead
ExtraCPUcyclesareconsumedby
• Checksumcomputation
• Packetheadereditingmode
andmore…
21
PacketParser
Ingress Match-ActionPipeline
EgressChecksumVerify
ChecksumUpdate
ChecksumVerify (version,ihl,diffserv,totalLen,identification,flags,fragOffset,ttl,protocol,hdrChecksum,srcAddr,dstAddr)
ChecksumUpdate(version,ihl,diffserv,totalLen,identification,flags,fragOffset,ttl,protocol,hdrChecksum,srcAddr,dstAddr)
22
ChecksumInefficiencies
PacketParser
IngressDecrement(ttl)
EgressChecksumVerify
ChecksumUpdate
ChecksumVerify (version,ihl,diffserv,totalLen,identification,flags,fragOffset,ttl,protocol,hdrChecksum,srcAddr,dstAddr)
IncrementalChecksumUpdate(ttl)
23
ChecksumInefficiencies
PacketParser Match-Action
Tables
PacketDeparser
Ingress Egress
HeaderFields
IngressPacket EgressPacket
ChecksumUpdate
ChecksumVerify
Post-PipelineEditing
24
PacketParser
Ingress
EgressPacketIngressPacket
EgressMatch-ActionTables
InlineEditing
25
EditingMode Advantage DisadvantagePost-Pipeline Packetheadersizeis
adjustedonlyonceExtracopyofheaders
Inline Noextracopyofheaders Packetheadersizeisadjustedmultipletimes
26
EditingMode Advantage DisadvantagePost-Pipeline Extracopyofheaders
Inline Noextracopyofheaders
PacketParser
IngressMatch-Action
Tables
PacketDeparser
Egress
PISCESautomaticallychoosesbetween• InlineEditing• Post-pipelineEditing
ChecksumVerify
ChecksumUpdate
27
7.59
12.28 12.56 13.32 13.43
0
2
4
6
8
10
12
14
16
64
Throughp
ut(G
bps)
PacketSize(Bytes)
PISCESv0.1
IncrementalChecksum
EditingModeSelection
PISCESv1.0
NativeOVS
Performanceoverheadof
<2%
ThroughputonEth+IPv4+ACLbenchmarkapplication
28
28
1820
1 1 10
5
10
15
20
25
30
ConnectionLabel TunnelOAMFlag TCPFlag
NumberofFilesChanged
NativeOVS PISCES
411
170
370
5 6 40
50
100
150
200
250
300
350
400
450
ConnectionLabel TunnelOAMFlag TCPFlag
LinesofCodeChanged
NativeOVS PISCES
29
• Amethodtoquicklydevelopanddeploypacketprocessinglogiconasoftwareswitch
• Withhardlyanyperformancecost!
30
LearnmoreandTry PISCEShere:http://pisces.cs.princeton.edu