Programming Network Data Planes · probabilistic data structures How do you build stateful apps?...
Transcript of Programming Network Data Planes · probabilistic data structures How do you build stateful apps?...
![Page 1: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/1.jpg)
Advanced Topics in Communication Networks
Programming Network Data Planes
ETH Zürich
Laurent Vanbever
Oct 8 2019
Materials inspired from p4.org
nsg.ee.ethz.ch
![Page 2: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/2.jpg)
Last week on
Advanced Topics in Communication Networks
![Page 3: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/3.jpg)
P4
environment
P4
language
What is needed to
program in P4?
P4
in practice
![Page 4: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/4.jpg)
P416 introduces the concept of an architecture
P4 ArchitectureP4 Target
a model of a specific hardware implementation
an API to program a target
![Page 5: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/5.jpg)
We'll rely on a simple P416 switch architecture (v1model)which is roughly equivalent to "PISA"
https://p4.org/p4-spec/p4-14/v1.0.4/tex/p4.pdfsource
v1model/ simple switch
![Page 6: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/6.jpg)
Each architecture also defines a list of "externs",i.e. blackbox functions whose interface is known
Think of externs as Java interfaces
Most targets contain specialized components
which cannot be expressed in P4 (e.g. complex computations)
only the signature is known, not the implementation
At the same time, P416 should be target-independent
In P414 almost 1/3 of the constructs were target-dependent
![Page 7: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/7.jpg)
≠ architectures → ≠ metadata & ≠ externs
Copyright © 2018 – P4.org
NetFPGA-SUME
96
http://isfpga.org/fpga2018/slides/FPGA-2018-P4-tutorial.pdfmore info
![Page 8: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/8.jpg)
P4
environment
P4
language
Deeper dive into
the language constructs (*)
P4
in practice
https://p4.org/p4-spec/docs/P4-16-v1.0.0-spec.html(*) full info
![Page 9: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/9.jpg)
P416 is a statically-typed language with base types and operators to derive composed ones
no values, used in few restricted circumstancesvoid
used to signal errorserror
describes ways to match table keysmatch_kind
Boolean valuebool
Bit-string of width W bit<W>
Signed integer of width Wint<W>
Bit-string of dynamic length ≤Wvarbit<W>
not supportedfloat
not supportedstring
![Page 10: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/10.jpg)
Header Header stack Header union
header Ethernet_h { bit<48> dstAddr; bit<48> srcAddr; bit<16> etherType; }
header Mpls_h { bit<20> label; bit<3> tc; bit bos; bit<8> ttl; }
Mpls_h[10] mpls;
header_union IP_h { IPv4_h v4; IPv6_h v6; }
Array of up to 10 MPLS headers
Either IPv4 or IPv6 header is present
P416 is a statically-typed language with base types and operators to derive composed ones
only one alternative
![Page 11: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/11.jpg)
Struct Tuple
struct standard_metadata_t {
bit<9> ingress_port;
bit<9> egress_spec;
bit<9> egress_port;
…
}
tuple<bit<32>, bool> x;
x = { 10, false };
Unordered collectionof named members
Unordered collectionof unnamed members
P416 is a statically-typed language with base types and operators to derive composed ones
![Page 12: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/12.jpg)
P4 operations are similar to C operations and vary depending on the types (unsigned/signed ints, …)
arithmetic operations
logical operations
non-standard operations
+, –, *
~, &, |, ^, >>, <<
[m:l]
++
Bit-slicing
Bit concatenation
no division and modulo
https://p4.org/p4-spec/docs/P4-16-v1.0.0-spec.htmlmore info
(can be approximated)
![Page 13: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/13.jpg)
Variables have local scope and their values is not maintained across subsequent invocations
variables cannot be used to maintain state
between different network packets
important
insteadto maintain state
you can only use two stateful constructs
tables
extern objects
modified by control plane
modified by control plane &
data plane
![Page 14: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/14.jpg)
This week on
Advanced Topics in Communication Networks
![Page 15: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/15.jpg)
stateful
programming
statefulness
in practice
probabilistic
data structures
How do you build
stateful apps?
fast network
convergence
bloom
filters
part 1[USENIX NSDI'19]
![Page 16: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/16.jpg)
stateful
programming
statefulness
in practice
probabilistic
data structures
How do you build
stateful apps?
![Page 17: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/17.jpg)
Stateful objects in P4
Table
Register
Counter
managed by the control plane
store arbitrary data
count events
Meter
…
rate-limiting
…
externs in v1model
![Page 18: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/18.jpg)
Stateful objects in P4
Table
Register
Counter
managed by the control plane
store arbitrary data
count events
Meter
…
rate-limiting
…
externs in v1model
![Page 19: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/19.jpg)
Registers are useful for storing (small amounts of) arbitrary data
<Type>
r.write(…)
r.read(…)
![Page 20: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/20.jpg)
Registers are assigned in arrays
N
01234567
<Type>
r.write(0,value)
r.read(result,0)
register<Type>(N) r;
![Page 21: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/21.jpg)
Example: Calculating inter packet gap
register<bit<48>>(16384) last_seen;
action get_inter_packet_gap(out bit<48> interval, bit<32> flow_id)
{
bit<48> last_pkt_ts;
/* Get the time the previous packet was seen */
last_seen.read(last_pkt_ts, flow_id);
/* Calculate the time interval */
interval = standard_metadata.ingress_global_timestamp – last_pkt_ts;
/* Update the register with the new timestamp */
last_seen.write(flow_id, standard_metadata.ingress_global_timestamp);
...
}
![Page 22: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/22.jpg)
Example: Stateful firewall
Only allow incoming packets if they belong to
an established connection
![Page 23: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/23.jpg)
Example: Stateful firewall
TCPPacket
from
internal?SYN flag?
add flow to register
forwardflow in
register?
drop
yes yes
no
no
yes
no
![Page 24: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/24.jpg)
Example: Stateful firewallregister to memorize
established connections
add to register if itit is a SYN packet
from internal
drop if the packet does not belong to a known flow and
comes from outside
control MyIngress(...) { register<bit<1>>(4096) known_flows; ... apply { meta.flow_id = ... // hash(5-tuple) if (hdr.ipv4.isValid()){ if (hdr.tcp.isValid()){ if (standard_metadata.ingress_port == 1){ if (hdr.tcp.syn == 1){ known_flows.write(meta.flow_id, 1); } }
if (standard_metadata.ingress_port == 2){ known_flows.read(meta.flow_is_known, meta.flow_id); if (meta.flow_is_known != 1){ drop(); return; } } } ipv4_lpm.apply(); } } }
![Page 25: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/25.jpg)
Stateful objects in P4
Table
Register
Counter
managed by the control plane
store arbitrary data
count events
Meter
…
rate-limiting
…
externs in v1model
![Page 26: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/26.jpg)
Counters are useful for… counting
Type
c.count(…)
c.read(…)
only from the control plane
![Page 27: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/27.jpg)
Counters can be of three different types
Type
c.count(…)
packets
bytes
packets_and_bytes
![Page 28: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/28.jpg)
Like registers, countersare assigned in arrays
N
01234567
Type
c.count(0)
counter(N,Type) c;
![Page 29: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/29.jpg)
use the ingress port as counter index
Example: Counting packets and bytes arriving at each port
control MyIngress(...) {
counter(512, CounterType.packets_and_bytes) port_counter;
apply {
port_counter.count((bit<32>)standard_metadata.ingress_port);
}
}
![Page 30: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/30.jpg)
use the ingress port as counter index
Example: Reading the counter valuesfrom the control plane
control MyIngress(...) {
counter(512, CounterType.packets_and_bytes) port_counter;
apply {
port_counter.count((bit<32>)standard_metadata.ingress_port);
}
}
Control Plane
RuntimeCmd: counter_read MyIngress.port_counter 1
MyIngress.port_counter[1]= BmCounterValue(packets=13, bytes=1150)
![Page 31: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/31.jpg)
Direct counters are a special kind of counters that are attached to tables
Match ActionKey ID Data
Default
Counter
Each entry has a counter cell that counts when the entry matches
![Page 32: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/32.jpg)
Example: Counting packets and bytes arriving at each port using a direct counter
attach counter to table
control MyIngress(...) {
direct_counter(CounterType.packets_and_bytes) direct_port_counter;
table count_table {
key = {
standard_metadata.ingress_port: exact;
}
actions = {
NoAction;
}
default_action = NoAction;
counters = direct_port_counter;
size = 512;
}
apply {
count_table.apply();
}
}
![Page 33: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/33.jpg)
Stateful objects in P4
Table
Register
Counter
managed by the control plane
store arbitrary data
count events
Meter
…
rate-limiting
…
externs in v1model
![Page 34: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/34.jpg)
Meters
Stream of packets Meter Stream of colored packets
![Page 35: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/35.jpg)
Meters
Exceeds the PIR
Does not exceed PIR
but exceeds CIR
Does not exceed
PIR and CIRStream of packets
PIR Peak Information Rate
CIR Committed Information Rate
[bytes/s] or [packets/s]
[bytes/s] or [packets/s]
Parameters:
https://tools.ietf.org/html/rfc2698more info
Meter
![Page 36: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/36.jpg)
Like registers and counters, metersare assigned in arrays
N
01234567
Type
m.execute(0)
meter(N,Type) m;
![Page 37: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/37.jpg)
Example: Using a meter for rate-limiting
max. 1 packet/s
![Page 38: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/38.jpg)
Example: Using a meter for rate-limiting
IP Packet
m_read m_filter
11:11:… 022:22:… 1
33:33:… 2
44:44:… 3
NoActiondrop
drop
Map the sender (source MAC address) to a meter index
Map the meter tagto a policy
![Page 39: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/39.jpg)
Example: Using a meter for rate-limiting
handle packetsdepending on
meter tag
packet meter
execute meter
control MyIngress(...) {
meter(32w16384, MeterType.packets) my_meter;
action m_action(bit<32> meter_index) {
my_meter.execute_meter<bit<32>>(meter_index, meta.meter_tag);
}
table m_read {
key = { hdr.ethernet.srcAddr: exact; }
actions = { m_action; NoAction; }
...
}
table m_filter {
key = { meta.meter_tag: exact; }
actions = { drop; NoAction; }
...
}
apply {
m_read.apply();
m_filter.apply();
}
}
![Page 40: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/40.jpg)
Direct meters are a special kind of meters that are attached to tables
Match ActionKey ID Data
Default
Meter
Each entry has a meter cell that is executed when the entry matches
![Page 41: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/41.jpg)
Example: Using a meter for rate-limiting
direct meter
read meter
attach meter to table
control MyIngress(...) {
direct_meter<bit<32>>(MeterType.packets) my_meter;
action m_action(bit<32> meter_index) {
my_meter.read(meta.meter_tag);
}
table m_read {
key = { hdr.ethernet.srcAddr: exact; }
actions = { m_action; NoAction; }
meters = my_meter;
...
}
table m_filter { ... }
apply {
m_read.apply();
m_filter.apply();
}
}
![Page 42: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/42.jpg)
Summary
Object
Table
Register
Counter
Meter
read
apply()
read()
—
execute()
modify/write
—
write()
count()
read
yes
yes
yes
configuration only
modify/write
yes
yes
reset
Data plane interface Control plane interface
![Page 43: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/43.jpg)
stateful
programming
statefulness
in practice
probabilistic
data structures
fast network
convergence
[USENIX NSDI'19]
![Page 44: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/44.jpg)
stateful
programming
statefulness
in practice
probabilistic
data structures
bloom
filters
part 1
![Page 45: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/45.jpg)
Programming more advanced statefuldata structures
![Page 46: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/46.jpg)
Programming more advanced statefuldata structures
We are provided with built-in stateful data structuressuch as arrays of registers, counters or meters
We need to deal with severe limitationssuch as a limited number of operations and memory
![Page 47: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/47.jpg)
Programming more advanced statefuldata structures
We are provided with built-in stateful data structuressuch as arrays of registers, counters or meters
We need to deal with severe limitationssuch as a limited number of operations and memory
Today: how can we implement a set with its usual methodsi.e., add an element, membership query, delete anelement, lookup, listing
![Page 48: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/48.jpg)
Deterministic Probabilistic
strategy #1 strategy #2
output
number of requiredoperations Probabilistic Deterministic
There are two common strategiesto implement a set
![Page 49: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/49.jpg)
Deterministic Probabilistic
strategy #1 strategy #2
output
number of requiredoperations Probabilistic Deterministic
There are two common strategiesto implement a set
![Page 50: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/50.jpg)
Intuitive implementation of a set
![Page 51: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/51.jpg)
Intuitive implementation of a setSeparate-chaining
0
10
TCP
![Page 52: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/52.jpg)
;
;
;;
Hello
Go
You
Fire
Fine
TCP
P4
Port
0
10
TCP
Intuitive implementation of a setSeparate-chaining
![Page 53: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/53.jpg)
N elements and M cells
list sizeaverage N/Mworse-case N
Intuitive implementation of a setSeparate-chaining
![Page 54: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/54.jpg)
Con: only works in hardware if there is a lownumber of elements (e.g. < 100)
Pros: accurate and fast in the average case
Intuitive implementation of a setSeparate-chaining
![Page 55: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/55.jpg)
Deterministic Probabilistic
strategy #1 strategy #2
output
number of requiredoperations Probabilistic Deterministic
There are two common strategiesto implement a set
![Page 56: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/56.jpg)
0
10
0
00
0
0
0
00
0
01-bit cells
A simple approach for insertionsand membership queries
![Page 57: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/57.jpg)
0
10
TCP
insert "TCP"
1
0
00
0
0
0
0
0
01-bit cells
A simple approach for insertionsand membership queries
![Page 58: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/58.jpg)
0
10
Hello
insert "Hello"
1
1
00
0
0
0
0
0
01-bit cells
A simple approach for insertionsand membership queries
![Page 59: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/59.jpg)
0
10
Fine
insert "Fine"
1
1
1
00
0
0
0
0
0
1-bit cells
A simple approach for insertionsand membership queries
![Page 60: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/60.jpg)
0
10
Hello
is "Hello" inthe set?
1
1
1
1 = YES00
0
0
0
0
0
1-bit cells
A simple approach for insertionsand membership queries
![Page 61: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/61.jpg)
0
10
Bye
is "Bye" inthe set?
1
1
1
00
0
0
0
0
0
0 = NO
1-bit cells
A simple approach for insertionsand membership queries
![Page 62: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/62.jpg)
0
10
Hello
is "P4" inthe set?
1
1
1
00
0
0
0
0
0
1 = YESFalse Positive!
1-bit cells
A simple approach for insertionsand membership queries
![Page 63: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/63.jpg)
N elements and M cells
probability of an element to bemapped into a particular cell
probability of an element not tobe mapped into a particular cell
probability of a cell to be 0
1
M
false positive rate (FPR)
(1� 1
M)N
1� (1� 1
M)N
false negative rate 0
A simple approach for insertionsand membership queries
1� 1
M
![Page 64: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/64.jpg)
# of elements
1000 9.5%
A simple approach for insertionsand membership queries
1000 1%
FPR# of cells
10000100000
![Page 65: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/65.jpg)
Con: roughly 100x more cells are required thanthe number of element we want to storefor a 1% false positive rate
A simple approach for insertionsand membership queries
Pros: simple and only one operation perinsertion or query
![Page 66: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/66.jpg)
0
10
0
00
0
0
0
00
0
01-bit cells
Bloom Filters: a more memory-efficient approachfor insertions and membership queries
![Page 67: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/67.jpg)
0
10
TCP
insert "TCP"
1
0
0
0
0
0
0
0
TCP
TCPhash #1
hash #2
hash #31
1
1-bit cells
0
0
0
Bloom Filters: a more memory-efficient approachfor insertions and membership queries
![Page 68: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/68.jpg)
0
10
Hello
insert "Hello"
1
0
0
0
0
0
Hello
Hellohash #1
hash #2
hash #31
1
1-bit cells
1
1
0
0
Bloom Filters: a more memory-efficient approachfor insertions and membership queries
![Page 69: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/69.jpg)
0
10
Fine
insert "Fine"
1
0
0
0
0Fine
Finehash #1
hash #2
hash #31
1
1-bit cells
1
1
0 1
Bloom Filters: a more memory-efficient approachfor insertions and membership queries
![Page 70: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/70.jpg)
0
10
Fine
insert "Fine"
1
0
0
0
0Fine
Finehash #1
hash #2
hash #31
1
1-bit cells
1
1
1
An element is considered inthe set if all the hash valuesmap to a cell with 1
An element is not in the set ifat least one hash value maps toa cell with 0
Bloom Filters: a more memory-efficient approachfor insertions and membership queries
![Page 71: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/71.jpg)
is "Hello" inthe set?
0
10
Hello
1
0
0
0
0Hello
Hellohash #1
hash #2
hash #31
1
1-bit cells
1
1
Yes
An element is not in the set ifat least one hash value maps toa cell with 0
Bloom Filters: a more memory-efficient approachfor insertions and membership queries
1
An element is considered inthe set if all the hash valuesmap to a cell with 1
![Page 72: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/72.jpg)
0
10
Bye
1
0
0
0
0Bye
Byehash #1
hash #2
hash #31
1
1-bit cells
1
1
is "Bye" inthe set?
No it isn’t
An element is not in the set ifat least one hash value maps toa cell with 0
Bloom Filters: a more memory-efficient approachfor insertions and membership queries
1
An element is considered inthe set if all the hash valuesmap to a cell with 1
![Page 73: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/73.jpg)
0
10
Bye
1
0
0
0
0Bye
Byehash #1
hash #2
hash #31
1
1-bit cells
1
1
is "Fire" inthe set?
An element is not in the set ifat least one hash value maps toa cell with 0
Bloom Filters: a more memory-efficient approachfor insertions and membership queries
1
Yes
False Positive!
An element is considered inthe set if all the hash valuesmap to a cell with 1
![Page 74: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/74.jpg)
N elements, M cells and K hash functions
probability that one hash function returns the index of a particular cell
probability that one hash function doesnot return the index of a particular cell
probability of a cell to be 0
false positive rate
false negative rate
1
M
0
Bloom Filters: a more memory-efficient approachfor insertions and membership queries
1� 1
M
(1� 1
M)KN
(1� (1� 1
M)KN )K
![Page 75: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/75.jpg)
# of elements
1000 0.82%1000 0%
FPR# of cells
10000100000
# hash functions
77 ⇡
Bloom Filters: a more memory-efficient approachfor insertions and membership queries
![Page 76: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/76.jpg)
Con: Requires slightly more operations than the simple approach (7 hashes instead of just 1)
Pro: consumes roughly 10x less memory than the simple approach
Bloom Filters: a more memory-efficient approachfor insertions and membership queries
![Page 77: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/77.jpg)
Dimension your Bloom Filter
Number of
operations
Memory
False Positive
Rate
Tradeoff
![Page 78: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/78.jpg)
Dimension your Bloom Filter
N elementsM cellsK hash functionsFP false positive rate
![Page 79: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/79.jpg)
Dimension your Bloom Filter
FP = (1� (1� 1
M)KN )K ⇡ (1� exp(�kn/m))k
asymptotic approx.
with calculus you candimension your bloom filter
N elementsM cellsK hash functionsFP false positive rate
⇡ (1� e�KN/M )K
![Page 80: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/80.jpg)
Dimension your Bloom Filter
N = 1000M = 10000K hash functionsFP false positive rate
K (number of hash functions)
False PositiveRate (%)
0 10 20
10
5
![Page 81: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/81.jpg)
Dimension your Bloom Filter
N = 1000M = 10000K hash functionsFP false positive rate
K (number of hash functions)
False PositiveRate (%)
0 10 20
10
5
more chance to finda 0 bit for an elementnot in the set
increases thefraction of 0 bits
![Page 82: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/82.jpg)
Dimension your Bloom Filter
N = 1000M = 10000K hash functionsFP false positive rate
K (number of hash functions)
False PositiveRate (%)
0 10 20
10
5
more chance to finda 0 bit for an elementnot in the set
increases thefraction of 0 bits
there is always aglobal minimum when foundby taking the derivativeof
K = ln 2 ⇤ (M/N)
7
⇡ (1� e�KN/M )K
![Page 83: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/83.jpg)
Implementation of a Bloom Filter in P416
You will have to use hash functions
v1model enum HashAlgorithm { crc32, crc32_custom, crc16, s, random, identity, csum16, xor16}
extern void hash<O, T, D, M>(out O result,in HashAlgorithm algo, in T base, in D data, in M max);
more info https://github.com/p4lang/p4c/blob/master/p4include/v1model.p4
![Page 84: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/84.jpg)
Implementation of a Bloom Filter in P416
You will have to use hash functions, as well as registers
v1model
more info https://github.com/p4lang/p4c/blob/master/p4include/v1model.p4
extern register<T> {
register(bit<32> size);
void read(out T result, in bit<32> index); void write(in bit<32> index, in T value);}
![Page 85: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/85.jpg)
Implementation of a Bloom Filter in P416
with 2 hash functions
control MyIngress(…) {
register register<bit<1>>(NB_CELLS) bloom_filter;
![Page 86: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/86.jpg)
Implementation of a Bloom Filter in P416
with 2 hash functions
control MyIngress(…) {
register register<bit<1>>(NB_CELLS) bloom_filter;
apply { hash(meta.index1, HashAlgorithm.my_hash1, 0, {meta.dstPrefix, packet.ip.srcIP}, NB_CELLS);
hash(meta.index2, HashAlgorithm.my_hash2, 0, {meta.dstPrefix, packet.ip.srcIP}, NB_CELLS);
![Page 87: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/87.jpg)
Implementation of a Bloom Filter in P416
with 2 hash functions
control MyIngress(…) {
register register<bit<1>>(NB_CELLS) bloom_filter;
apply { hash(meta.index1, HashAlgorithm.my_hash1, 0, {meta.dstPrefix, packet.ip.srcIP}, NB_CELLS);
hash(meta.index2, HashAlgorithm.my_hash2, 0, {meta.dstPrefix, packet.ip.srcIP}, NB_CELLS);
if (meta.to_insert == 1) { bloom_filter.write(meta.index1, 1); bloom_filter.write(meta.index2, 1);
}
if (meta.to_query == 1) { bloom_filter.read(meta.query1, meta.index1); bloom_filter.read(meta.query2, meta.index2);
if (meta.query1 == 0 || meta.query2 == 0) { meta.is_stored = 0;
} else { meta.is_stored = 1;
} }
} }
![Page 88: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/88.jpg)
Implementation of a Bloom Filter in P416
with 2 hash functions
control MyIngress(…) {
register register<bit<1>>(NB_CELLS) bloom_filter; apply {
hash(meta.index1, HashAlgorithm.my_hash1, 0, {meta.dstPrefix, packet.ip.srcIP}, NB_CELLS);
hash(meta.index2, HashAlgorithm.my_hash2, 0, {meta.dstPrefix, packet.ip.srcIP}, NB_CELLS);
if (meta.to_insert == 1) { bloom_filter.write(meta.index1, 1); bloom_filter.write(meta.index2, 1);
}
if (meta.to_query == 1) { bloom_filter.read(meta.query1, meta.index1); bloom_filter.read(meta.query2, meta.index2);
if (meta.query1 == 0 || meta.query2 == 0) { meta.is_stored = 0;
} else {
meta.is_stored = 1; }
} }
}
Everything in boldred must be adaptedfor your program
![Page 89: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/89.jpg)
Depending on the hardware limitations,splitting the bloom filter might be required
M cells are split into M/K disjoint groups
An element is hashed toK cells, one in each group
One hash function per group
Same performance, may beeasier to implement or parallelize
![Page 90: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/90.jpg)
Because deletions are not possible, the controllermay need to regularly reset the bloom filters
Resetting a bloom filter takes some timeduring which it is not usable
Common trick: use two bloom filters and use one whenthe controller resets the other one
![Page 91: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/91.jpg)
Deterministic Probabilistic
strategy #1 strategy #2
output
number of requiredoperations Probabilistic Deterministic
So far we have seen how to do insertions andmembership queries
Bloom Filters
![Page 92: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/92.jpg)
However Bloom Filters do not handle deletions
0
10
Fine
insert "Fine"
1
0
0
0
0Fine
Finehash #1
hash #2
hash #31
1
1-bit cells
1
1
1
insert "TCP"
TCP
TCP
TCPhash #1
hash #2
hash #3
![Page 93: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/93.jpg)
0
10
Fine
delete "Fine"
1
0
0
0
0Fine
Finehash #1
hash #2
hash #31
0
1-bit cells
1
0
0
insert "TCP"
TCP
TCP
TCPhash #1
hash #2
hash #3
If deleting an elementmeans resetting 1s to 0s,then deleting "Fine" alsodeletes "TCP"
However Bloom Filters do not handle deletions
![Page 94: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/94.jpg)
But we can easily extend them to handle deletionsThis extended version is called a Counting Bloom Filter
![Page 95: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/95.jpg)
But we can easily extend them to handle deletionsThis extended version is called a Counting Bloom Filter
0
10
TCP
insert "TCP"
1
0
0
0
0
0
0
0
TCP
TCPhash #1
hash #2
hash #31
1
4-bit cells
0
0
0
To add an element, incrementthe corresponding counters
![Page 96: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/96.jpg)
0
10
Hello
insert "Hello"
1
0
0
0
0
0
Hello
Hellohash #1
hash #2
hash #31
1
4-bit cells
1
1
2
To add an element, incrementthe corresponding counters
But we can easily extend them to handle deletionsThis extended version is called a Counting Bloom Filter
![Page 97: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/97.jpg)
0
10
Fine
insert "Fine"
1
0
0
0
0Fine
Finehash #1
hash #2
hash #32
2
4-bit cells
1
2
1
1
1
To add an element, incrementthe corresponding counters
But we can easily extend them to handle deletionsThis extended version is called a Counting Bloom Filter
![Page 98: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/98.jpg)
0
10
Fine
delete "TCP"
1
0
0
0
0Fine
Finehash #1
hash #2
hash #3
2
4-bit cells
1
2
1
To delete an element, decrementthe corresponding counters
To add an element, incrementthe corresponding counters1
0
2 1
But we can easily extend them to handle deletionsThis extended version is called a Counting Bloom Filter
![Page 99: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/99.jpg)
0
10
Fine
delete "TCP"
1
0
0
0
0Fine
Finehash #1
hash #2
hash #3
2
4-bit cells
1
2
1
To delete an element, decrementthe corresponding counters
To add an element, incrementthe corresponding counters1
0
2 1All of our prior analysis forstandard bloom filters appliesto counting bloom filters
But we can easily extend them to handle deletionsThis extended version is called a Counting Bloom Filter
![Page 100: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/100.jpg)
Counting Bloom Filters do handle deletionsat the price of using more memory
![Page 101: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/101.jpg)
Counting Bloom Filters do handle deletionsat the price of using more memory
Counters must be large enough to avoid overflowIf a counter eventually overflows, the filter may yieldfalse negatives
![Page 102: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/102.jpg)
Counting Bloom Filters do handle deletionsat the price of using more memory
Counters must be large enough to avoid overflowIf a counter eventually overflows, the filter may yieldfalse negatives
Poisson approximation suggests 4 bits/counterThe average load (i.e., ) is assuming With N=10000 and M=80000 the probability that some counter overflows if we use b-bit counters is at most
NK
Mln 2 K = ln 2 ⇤ (M/N)
M ⇤ Pr(Poisson(ln 2) � 2b) = 1.78e�11
![Page 103: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/103.jpg)
Implementation of a Counting Bloom Filter in P416
with 2 hash functions
control MyIngress(…) {
register register<bit<4>>(NB_CELLS) bloom_filter;
apply { hash(meta.index1, HashAlgorithm.my_hash1, 0, {meta.dstPrefix, packet.ip.srcIP}, NB_CELLS);
hash(meta.index2, HashAlgorithm.my_hash2, 0, {meta.dstPrefix, packet.ip.srcIP}, NB_CELLS);
// Add a new element if not yet in the set bloom_filter.read(meta.query1, meta.index1); bloom_filter.read(meta.query2, meta.index2);
if (meta.query1 == 0 || meta.query2 == 0) { bloom_filter.write(meta.index1, meta.query1 + 1); bloom_filter.write(meta.index2, meta.query2 + 1);
} }
}
Add a new element
![Page 104: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/104.jpg)
Implementation of a Counting Bloom Filter in P416
with 2 hash functions
control MyIngress(…) {
register register<bit<32>>(NB_CELLS) bloom_filter;
apply { hash(meta.index1, HashAlgorithm.my_hash1, 0, {meta.dstPrefix, packet.ip.srcIP}, NB_CELLS);
hash(meta.index2, HashAlgorithm.my_hash2, 0, {meta.dstPrefix, packet.ip.srcIP}, NB_CELLS);
// Delete a element only if it is in the set bloom_filter.read(meta.query1, meta.index1); bloom_filter.read(meta.query2, meta.index2);
if (meta.query1 > 0 && meta.query2 > 0) { bloom_filter.write(meta.index1, meta.query1 - 1); bloom_filter.write(meta.index2, meta.query2 - 1);
} }
}
Delete an element
![Page 105: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/105.jpg)
Deterministic Probabilistic
strategy #1 strategy #2
output
number of requiredoperations Probabilistic Deterministic
So far we have seen how to do insertions, deletionsand membership queries
Bloom FiltersCounting Bloom Filters
![Page 106: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/106.jpg)
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
![Page 107: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/107.jpg)
Each cell contains three fields
count which counts the numberof entries mapped to this cell
keySum which is the sum of allthe keys mapped to this cell
valueSum which is the sum of allthe values mapped to this cell
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
![Page 108: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/108.jpg)
For each hash functionhash the key to find the index
Then at this indexincrement the count by oneadd key to keySumadd value to valueSum
Add a new key-value pair (assuming it isnot in the set yet )
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
![Page 109: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/109.jpg)
For each hash functionhash the key to find the index
Then at this indexsubtract one to the countsubtract key to keySumsubtract value to valueSum
Delete a key-value pair (assuming it is in the set)
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
![Page 110: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/110.jpg)
0
0
0
0
0
0
10
1
1
0
0
0
0
0
0
152
0
0
0
0
0
0
0
0
count keySum valueSum
152
insertkey:152 value:3
152
152hash #1
hash #2
hash #3
152
152
3
3
3
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
![Page 111: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/111.jpg)
0
0
0
0
0
1
11
2
1
0
0
0
0
0
7
152
7
0
0
0
0
0
98
count keySum valueSum
7
insertkey:7 value:98
7
7hash #1
hash #2
hash #3
159
152
3
101
3
98
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
![Page 112: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/112.jpg)
0
0
0
0
0
1
21
3
2
0
0
0
0
0
7
202
7
0
0
0
0
0
98
98
count keySum valueSum
50
insertkey:50 value:45
50
50hash #1
hash #2
hash #3
209
202
48
146
48
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
![Page 113: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/113.jpg)
The value of a key can be foundif the key is associated to at leastone cell with a count = 1
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
Key-value pair lookup
![Page 114: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/114.jpg)
0
0
0
0
0
1
21
3
2
0
0
0
0
0
7
202
7
0
0
0
0
0
98
98
count keySum valueSum
209
202
48
146
48
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
![Page 115: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/115.jpg)
0
0
0
0
0
1
21
3
2
0
0
0
0
0
7
202
7
0
0
0
0
0
98
98
count keySum valueSum
209
202
48
146
48
7
lookup key:7
7
7hash #1
hash #2
hash #3
Key 7 has the value 98
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
![Page 116: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/116.jpg)
0
0
0
0
0
1
21
3
2
0
0
0
0
0
7
202
7
0
0
0
0
0
98
98
count keySum valueSum
209
202
48
146
48
7
lookup key:50
7
7hash #1
hash #2
hash #3
The value for the key 50can’t be found
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
![Page 117: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/117.jpg)
Listing the IBLT
While there is an index for which count = 1Find the corresponding key-value pair and return itDelete the corresponding key-value pair
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
![Page 118: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/118.jpg)
Listing the IBLT
While there is an index for which count = 1Find the corresponding key-value pair and return itDelete the corresponding key-value pair
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
Unless the number of iterations is very low, loopscan’t be implemented in hardwareThe listing is done by the controller
![Page 119: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/119.jpg)
0
0
0
0
0
1
21
3
2
0
0
0
0
0
7
202
7
0
0
0
0
0
98
98
count keySum valueSum
209
202
48
146
48
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
![Page 120: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/120.jpg)
0
0
0
0
0
1
21
3
2
0
0
0
0
0
7
202
7
0
0
0
0
0
98
98
count keySum valueSum
209
202
48
146
48
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
Return key:7 value: 98
![Page 121: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/121.jpg)
0
0
0
0
0
0
20
2
2
0
0
0
0
0
0
202
0
0
0
0
0
0
0
0
count keySum valueSum
202
202
48
48
48
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
Delete key:7 value: 98
![Page 122: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/122.jpg)
0
0
0
0
0
0
20
2
2
0
0
0
0
0
0
202
0
0
0
0
0
0
0
0
count keySum valueSum
202
202
48
48
48
Invertible Bloom Lookup Tables (IBLT) stores key-valuepairs and allows for lookups and a complete listing
In this example, acomplete listingis not possible
![Page 123: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/123.jpg)
0
0
0
0
0
1
21
3
2
0
0
0
0
0
7
202
7
XORkeySum
209
202
In many settings, we can use XORs in place of sumsFor example to avoid overflow issues
count
![Page 124: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/124.jpg)
For further information about Bloom Filters, CountingBloom Filters and IBLT
Space/Time Trade-offs in Hash Codingwith Allowable Errors. Burton H. Bloom. 1970.
Network Applications of Bloom Filters: A Survey.Andrei Broder and Michael Mitzenmacher. 2004.
Invertible Bloom Lookup Tables.Michael T. Goodrich and Michael Mitzenmacher. 2015.
FlowRadar: A Better NetFlow for Data CentersYuliang Li et al. NSDI 2016.
![Page 125: Programming Network Data Planes · probabilistic data structures How do you build stateful apps? fast network convergence bloom filters [USENIX NSDI'19] part 1. stateful programming](https://reader033.fdocuments.net/reader033/viewer/2022051913/6003bdb097d532363c2fb3e2/html5/thumbnails/125.jpg)
Advanced Topics in Communication Networks
Programming Network Data Planes
ETH Zürich
Laurent Vanbever
Oct 8 2019
nsg.ee.ethz.ch