Abstract
Network devices generally handle traffic with predefined policies that describe the operation of packets. Since these policies explain network operation, the number of policies in network devices naturally increases as the scale of a network. Unfortunately, processing a large number of policies may lead to performance loss; Although many policies can be stored in memory, a network processor in a network device can only handle a limited number of policies at once so that the policies should be divided and processed into several groups. Thus, the processing time for one packet will be delayed, and it can fill up an input buffer of the device and drop packets. However, improving a processor that supports large capacity is not an efficient way because it also increases the cost of the processor. To address these challenges, we propose a hardware architecture for network processors called Mobius. It allows a processor to re-process packets n more times with different policies by utilizing the idle resources of the processor caused by the propagation time of packets on a wire. Consequently, Mobius extends the capacity of the processor at a low-cost so that more policies can be processed for packets without performance loss. We implement the prototype of Mobius using NetFPGA-SUME and our evaluation demonstrates that Mobius achieves a line-rate throughput with a tiny latency overhead. A comparison with other network processor models shows that Mobius exhibits a similar performance but is more economical.
Similar content being viewed by others
References
Curtis, A.R., Mogul, J.C., Tourrilhes, J., Yalagandula, P., Sharma, P., Banerjee, S.: Devoflow: Scaling flow management for high-performance networks. ACM SIGCOMM Comput Commun Rev 41, 254–265 (2011)
Wang, Y.C., Lin, Y.D., Chang, G.Y.: Sdn-based dynamic multipath forwarding for inter-data center networking. Int J Commun Syst 32(1), e3843 (2019)
Greenberg, A., Lahiri, P., Maltz, D.A., Patel, P., Sengupta, S.: Towards a next generation data center architecture: scalability and commoditization. In: Proceedings of the ACM workshop on Programmable routers for extensible services of tomorrow, ACM, pp 57–62 (2008)
Sivaraman, A., Kim, C., Krishnamoorthy, R., Dixit, A., Budiu, M.: Dc. p4: Programming the forwarding plane of a data-center switch. In: Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research, ACM, p 2 (2015)
Burger, D., Goodman, J.R., Kagi, A.: Limited bandwidth to affect processor design. IEEE Micro 17(6), 55–62 (1997)
Mahapatra, N.R., Venkatrao, B.: The processor-memory bottleneck: problems and solutions. Crossroads 5(3es), 2 (1999)
Yazdanbakhsh, A., Thwaites, B., Esmaeilzadeh, H., Pekhimenko, G., Mutlu, O., Mowry, T.C.: Mitigating the memory bottleneck with approximate load value prediction. IEEE Design Test 33(1), 32–42 (2016)
Shah, S.A.R., Issac, B.: Performance comparison of intrusion detection systems and application of machine learning to snort system. Future Gener Comput Syst 80, 157–170 (2018)
Day, D., Burns, B.: A performance analysis of snort and suricata network intrusion detection and prevention engines. Fifth International Conference on Digital Society, pp. 187–192. Gosier, Guadeloupe (2011)
Marr, D.T., Binns, F., Hill, D.L., Hinton, G., Koufaty, D.A., Miller, J.A., Upton, M.: Hyper-threading technology architecture and microarchitecture. Intel Technology Journal 6(1), (2002)
Saini, S., Jin, H., Hood, R., Barker, D., Mehrotra, P., Biswas, R.: The impact of hyper-threading on processor resource utilization in production applications. In: 2011 18th International Conference on High Performance Computing, IEEE, pp 1–10 (2011)
NetFPGA ([Accessed 16-July-2020]) NetFPGA-SUME board. https://netfpga.org/site/#/systems/1netfpga-sume/details/
Zilberman, N., Audzevich, Y., Covington, G.A., Moore, A.W.: Netfpga sume: Toward 100 gbps as research commodity. IEEE Micro 34(5), 32–41 (2014)
Agarwal, A., Lim, B.H., Kranz, D., Kubiatowicz, J.: April: a processor architecture for multiprocessing. In: Proceedings of the 17th annual international symposium on Computer Architecture, pp 104–114 (1990)
Flynn, M.J., et al.: Computer architecture: Pipelined and parallel processor design. Jones & Bartlett Learning (1995)
VanAken, J.R., Zick, G.L.: The expression processor: a pipelined, multiple-processor architecture. IEEE Transact Comput 8, 525–536 (1981)
Zeng, H., Zhang, S., Ye, F., Jeyakumar, V., Ju, M., Liu, J., McKeown, N., Vahdat, A.: Libra: Divide and conquer to verify forwarding tables in huge networks. In: 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14), pp 87–99 (2014)
Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. J Network Comput Appl 36(1), 42–57 (2013)
Gascon, H., Orfila, A., Blasco, J.: Analysis of update delays in signature-based network intrusion detection systems. Comput Security 30(8), 613–624 (2011)
Nie, X., Gazsi, L., Engel, F., Fettweis, G.: A new network processor architecture for high-speed communications. In: 1999 IEEE Workshop on Signal Processing Systems. SiPS 99. Design and Implementation (Cat. No. 99TH8461), IEEE, pp 548–557 (1999)
Crowley, P.: Network Processor Design, vol. 1. Morgan Kaufmann, (2003)
Greenberg, A., Hamilton, J., Maltz, D.A., Patel, P.: The cost of a cloud: research problems in data center networks. ACM SIGCOMM Comput Commun Rev 39(1), 68–73 (2008)
Wang, Z., Liu, Y., Sun, Y., Li, Y., Zhang, D., Yang, H.: An energy-efficient heterogeneous dual-core processor for internet of things. In: 2015 IEEE international symposium on circuits and systems (ISCAS), IEEE, pp 2301–2304 (2015)
Ma, N., Zou, Z., Lu, Z., Zheng, L., Blixt, S.: A hierarchical reconfigurable micro-coded multi-core processor for iot applications. In: 2014 9th International Symposium on Reconfigurable and Communication-Centric Systems-on-Chip (ReCoSoC), IEEE, pp 1–4 (2014)
Pfaff, B., Pettit, J., Koponen, T., Jackson, E., Zhou, A., Rajahalme, J., Gross, J., Wang, A., Stringer, J., Shelar, P., et al.: The design and implementation of open vswitch. In: 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15), pp 117–130 (2015)
Honda, M., Huici, F., Lettieri, G., Rizzo, L.: mswitch: a highly-scalable, modular software switch. In: Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research, ACM, p 1 (2015)
Ram, K.K., Cox, A.L., Chadha, M., Rixner, S.: Hyper-switch: A scalable software virtual switching architecture. In: Presented as part of the 2013 USENIX Annual Technical Conference (USENIXATC 13), pp 13–24 (2013)
Yoon, C., Park, T., Lee, S., Kang, H., Shin, S., Zhang, Z.: Enabling security functions with sdn: A feasibility study. Comput Networks 85, 19–35 (2015)
Specification OS: 1.4. 0 (2013)
Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., et al.: P4: Programming protocol-independent packet processors. ACM SIGCOMM Computer Communication Review 44(3), 87–95 (2014)
Berde, P., Gerola, M., Hart, J., Higuchi, Y., Kobayashi, M., Koide, T., Lantz, B., O’Connor, B., Radoslavov, P., Snow, W., et al.: Onos: towards an open, distributed sdn os. In: Proceedings of the third workshop on Hot topics in software defined networking, pp 1–6 (2014)
Medved, J., Varga, R., Tkacik, A., Gray, K.: Opendaylight: Towards a model-driven sdn controller architecture. In: Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014, IEEE, pp 1–6 (2014)
P4lang ([Accessed 16-July-2020]) p4c, a reference compiler for the P4 programming language. https://github.com/p4lang/p4c
Pan, H., Guan, H., Liu, J., Ding, W., Lin, C., Xie, G.: The flowadapter: Enable flexible multi-table processing on legacy hardware. In: Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, ACM, pp 85–90 (2013)
Gebert, S., Jarschel, M., Herrnleben, S., Zinner, T., Tran-Gia, P.: Table visor: An emulation layer for multi-table open flow switches. In: 2015 Fourth European Workshop on Software Defined Networks, IEEE, pp 117–118 (2015)
Long, F., Sun, Z., Zhang, Z., Chen, H., Liao, L.: Research on tcam-based openflow switch platform. In: 2012 International Conference on Systems and Informatics (ICSAI2012), IEEE, pp 1218–1221 (2012)
PICA8 ([Accessed 16-July-2020]) PICA8 switch manual. https://docs.pica8.com/display/PicOS36sp/Goto_table
Arista ([Accessed 16-July-2020]) Arista switch manual. https://www.arista.com/assets/data/pdf/user-manual/um-eos/Chapters/OpenFlow.pdf
HP ([Accessed 16-July-2020]) HP switch manual. https://community.hpe.com/hpeb/attachments/hpeb/sdn-discussions/784/1/OpenFlow switch configuration - emr_na-c03991489-1.pdf
Cisco ([Accessed 16-July-2020]) OpenFlow. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960xr/software/15-2_5_e/configuration_guide/b_1525e_consolidated_2960xr_cg/openflow.pdf
Gupta, P.C.: Data communications and computer networks. PHI Learning Pvt. Ltd, Delhi (2013)
Lisa Bechtold ([Accessed 16-July-2020]) Bit rate and frequency in data communications. https://www.cablinginstall.com/connectivity/rj45-utp-shielded/article/16469695/bit-rate-and-frequency-in-data-communications
Sourdis, I., Pnevmatikatos, D.: Fast, large-scale string match for a 10gbps fpga-based network intrusion detection system. In: International Conference on Field Programmable Logic and Applications, Springer, pp 880–889 (2003)
NetFPGA-SUME ([Accessed 16-July-2020]) NetFPGA Reference NIC. https://github.com/NetFPGA/NetFPGA-SUME-public/wiki/NetFPGA-SUME-Reference-NIC
Intel ([Accessed 16-July-2020]) Intel DPDK: Data Plane Development Kit. http://dpdk.org
Nping ([Accessed 16-July-2020]) An Open source network packet generation,. https://nmap.org/nping/
Haupt R (1989) A survey of priority rule-based scheduling. Operations-Research-Spektrum 11(1):3–16
Dragicevic, K., Bauer, D.: A survey of concurrent priority queue algorithms. In: 2008 IEEE International Symposium on Parallel and Distributed Processing, IEEE, pp 1–6 (2008)
Bosshart, P., Gibb, G., Kim, H.S., Varghese, G., McKeown, N., Izzard, M., Mujica, F., Horowitz, M.: Forwarding metamorphosis: Fast programmable match-action processing in hardware for sdn. ACM SIGCOMM Comput Commun Rev 43(4), 99–110 (2013)
Li, B., Tan, K., Luo, L., Peng, Y., Luo, R., Xu, N., Xiong, Y., Cheng, P., Chen, E.: Clicknp: Highly flexible and high performance network processing with reconfigurable hardware. In: Proceedings of the 2016 ACM SIGCOMM Conference, pp 1–14 (2016)
Yuan, Y., Wang, Y., Wang, R., Huang, J.: Halo: accelerating flow classification for scalable packet processing in nfv. In: 2019 ACM/IEEE 46th Annual International Symposium on Computer Architecture (ISCA), IEEE, pp 601–614 (2019)
Barach, D., Linguaglossa, L., Marion, D., Pfister, P., Pontarelli, S., Rossi, D.: High-speed software data plane via vectorized packet processing. IEEE Commun Magazine 56(12), 97–103 (2018)
Pontarelli, S., Bifulco, R., Bonola, M,. Cascone, C., Spaziani, M., Bruschi, V., Sanvito, D., Siracusano, G., Capone, A., Honda, M., et al.: Flowblaze: Stateful packet processing in hardware. In: NSDI, pp 531–548 (2019)
McLoone, M., McCanny, J.V.: A single-chip ipsec cryptographic processor. In: IEEE Workshop on Signal Processing Systems, IEEE, pp 133–138 (2002)
Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E.P., Ioannidis, S.: Gnort: High performance network intrusion detection using graphics processors. In: International Workshop on Recent Advances in Intrusion Detection, Springer, pp 116–134 (2008)
Jyothi, V., Addepalli, S.K., Karri, R.: Dpfee: A high performance scalable pre-processor for network security systems. IEEE Transact Multi Scale Comput Syst 4(1), 55–68 (2017)
Avudaiammal, R., Swarnalatha, A., Seethalakshmi, P.: Network processor based high speed packet classifier for multimedia applications. Wireless Personal Commun 98(1), 1219–1236 (2018)
Mai, H., Khurshid, A., Agarwal, R., Caesar, M., Godfrey, P., King, S.T. Debugging the data plane with anteater. In: ACM SIGCOMM Computer Communication Review, ACM, vol 41, pp 290–301. (2011)
Khurshid, A., Zou, X., Zhou, W., Caesar, M., Godfrey, P.B.: Veriflow: Verifying network-wide invariants in real time. In: Presented as part of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI 13), pp 15–27 (2013)
Park, T., Kim, Y., Yegneswaran, V., Porras, P., Xu, Z., Park, K., Shin, S.: Dpx: Data-plane extensions for sdn security service instantiation. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, pp 415–437 (2019)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This work was supported by Institute of Civil Military Technology Cooperation Center (ICMTC) funded by the Korea government (MOTIE & DAPA) [18-CM-SW-09], and Korea Electric Power Corporation (Grant number:R18XA05).
Rights and permissions
About this article
Cite this article
Park, T., Shin, S. Mobius: Packet Re-processing Hardware Architecture for Rich Policy Handling on a Network Processor. J Netw Syst Manage 29, 3 (2021). https://doi.org/10.1007/s10922-020-09568-3
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10922-020-09568-3