BPC: A language for packet classification
description
Transcript of BPC: A language for packet classification
![Page 2: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/2.jpg)
What is classification
Classification is a mechanism that inspects incoming network packets, and based on the values found in selected header fields, determines how each to be processed.
Usually, specifications are expressed as rules.
Packets satisfying the same rule are classify into one flow.
![Page 3: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/3.jpg)
Classification: an example
ISP1
ISP2
ISP3
Router
Classifier
Flow1
Flow2
Flow3
net 202.128.201.0/24
net 202.128.202.0/24
net 202.128.203.0/24
![Page 4: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/4.jpg)
Why Classification
Essential to QoS (admission control, resource
reservation, per-flow queuing and fair scheduling)Necessary to many advanced services
( load balancing and content-based routing)ISP ( Accounting, billing and network monitoring )Network Security
![Page 5: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/5.jpg)
What has been done?
Networking community: extend IP lookup Focus on performance Very limited specifications, no language. Only work on Layer 3/4 header
OS community: packet demultiplexing machine-code level specification(difficult to
develop and test) Filter composition issues
![Page 6: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/6.jpg)
My work
Based on a high-level packet filter language(BPF)
Filter compositionLook deeper and smarterKeep status
![Page 7: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/7.jpg)
Why high-level language?
Tcp port HTTP
(((12:16 == 0x8 ) && #IP?
Shift(6 + 6 + 2)&& #skip Ethernet header
(9:8== 6)&& #TCP?
Shift(20)&& #skip IP header
(0:16 == 80)&& #src port 80
(2:16 == 80) #dst port 80
Easy to use and error-free
Short!
You can not express this in low level language!Source network ==
Destination network
Tcp port HTTP
(((12:16 == 0x8 ) && #IP?
Shift(6 + 6 + 2)&& #skip Ethernet header
(9:8== 6)&& #TCP?
Shift(20)&& #skip IP header
(0:16 == 80)&& #src port 80
(2:16 == 80) #dst port 80
![Page 8: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/8.jpg)
Filter Composition
Syntax $1 filter expression1 $2 filter expression2 … $n filter expression n
Priority is used to resolve conflict
![Page 9: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/9.jpg)
A Real Scenario
UserA: Online chat
UserB: Napster fan
UserC: Real player Stream
Low Delay
Low Bandwidth
Greedy Source
Constant BW
Low delay
Low Jitter ISP
![Page 10: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/10.jpg)
BPC solution
$1 host user A and port A
$2 host user B and port B
$3 host user C and port C
Flow A: the highest priority
Flow B:the lowest priority
Flow C: reserve bandwidth
UserB: Napster fan
UserA: Online chat
UserC: Real player Stream
![Page 11: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/11.jpg)
Look Deeper and Smarter
Why TCP/IP does not specify what to transmit Many application-layer protocols put
keywords at the beginning of the payload
How Search Regular Expression Allow User to define their own criteria
![Page 12: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/12.jpg)
Syntax
Include “Regular String” from Len1 to Len2
Ethernet Header IP Header TCP Header Application protocol
Include “Regular String”
From Len1 to Len2
Ethernet Header IP Header TCP Header Application protocol
Invoke “user routine”
many protocols are case insensitive
Limit the range can reduce the expense
boolean user_routine( void *packet, int len)
![Page 13: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/13.jpg)
“I love you”
I Love youI Love you
I Love you
![Page 14: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/14.jpg)
“I love you” (con’d)
$include “I *Love*You” from 20 to 100 and port mail port
I Love you
I Love you
I Love you
![Page 15: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/15.jpg)
Why keep status
Enable us to classify packets dynamically according to the connections
Provide uniform services to all the packets in the same connection
Resource Reservation (allocation and de-allocation)
![Page 16: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/16.jpg)
How to do that: Syntax
trigger ( start expression ) remove ( end expression ) satisfy ( match expression ) identify by ( key words )
![Page 17: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/17.jpg)
Keep status: an example
Example: TCP connection trigger (tcp[13]&2 = 2) #SYN packet remove tcp[13]&1 = 1 ) #FIN packet satisfy ( tcp ) identify (src host, src port, dst host, dst
port)
![Page 18: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/18.jpg)
DDOS
Intruder
Master Master
D
Web Server
D D D D D
Packet Classifier
![Page 19: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/19.jpg)
Is Everything all right
Analogy
luxury, spacious, but slow carriage
economy, crowded and even unsafe,
but super-fast rocketWhat’s the moral
Performance!!!
![Page 20: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/20.jpg)
How to run fast
Replace interpreter with native codeSpecial hardware (hash table,
parallel computation)Compiler Optimization
Intra-filter Inter-filter
![Page 21: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/21.jpg)
Inter-filter Optimization
ether.type== IP
ip.src ==host1
True False
No
No
Yes
Yes
ether.type== IP
ip.dst ==host2
True False
No
No
Yes
Yes
Ip src host1 Ip dst host2
![Page 22: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/22.jpg)
Optimization( con’d )
Yes
ether.type== IP
ip.dst ==host2
False#1
NoNo
ip.src ==host1
Yes
#2Yes No
![Page 23: BPC: A language for packet classification](https://reader036.fdocuments.net/reader036/viewer/2022062301/568157c4550346895dc54f6b/html5/thumbnails/23.jpg)
Summary
Work has been done Design a packet classification language
by extending BPF Implement a working system.( You are
welcomed to take a look after class )Future Work
Integrate BPC into BPF Performance issues