1 / 17

The Router Plugins system architecture

The Router Plugins system architecture. Router Plugins Vocabulary. 6-tuple: src_addr, dest_addr, protocol, interface, src_port, dst_port flow: IP packet stream that is identified by a specific 6-tuple flow table: cache of existing flow information

redford
Download Presentation

The Router Plugins system architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Router Plugins system architecture

  2. Router Plugins Vocabulary 6-tuple: src_addr, dest_addr, protocol, interface, src_port, dst_port flow: IP packet stream that is identified by a specific 6-tuple flow table: cache of existing flow information loadable kernel module: executable code which can be dynamically loaded into the NetBSD kernel and subsequently executed. gate: spot in the NetBSD IP processing code where Router Plugin modules can be executed.

  3. Router Plugins Vocabulary (continued) plugin: A loadable kernel module (lkm) that can be associated with a Router Plugin gate. instance: An instantiation of a plugin. filter: A 6-tuple, possibly containing wildcards. filter table: For each gate, there may be a number of filters. The collection of these filters is a filter table. dag: Filter tables are implemented as a directed acyclic graph (dag).

  4. Plugin Control Unit (PCU) Plugin Manager RSVP/Route Daemons send messages to plugins set filters Packet Scheduling Firewall IP Sec register with a filter Router Plugins Control Path User Space Kernel Association Identification Unit (AIU) (flow and filter tables)

  5. Plugin Control Unit Packet Scheduling Firewall IP Sec return plugin to gate Which Plugin? find plugin call plugin U U U IP IP Packet Scheduling Firewall IP Sec Data Path Association Identification Unit (AIU) classify packet lookup filter settings for plugin type “Firewall”

  6. Plugin Control Unit Packet Scheduling Firewall IP Sec return plugin to gate call plugin which plugin? IP IP Data Path Association Identification Unit (AIU) U U U Packet Scheduling Firewall IP Sec

  7. Plugin Control Unit Packet Scheduling Firewall IP Sec which plugin? call plugin return plugin to gate U U U IP IP Packet Scheduling Firewall IP Sec Data Path Association Identification Unit (AIU)

  8. a 129.* 128.252.153.* 128.252.153.1 b c d 192.94.233.10 128.252.153.7 * * e f g TCP UDP TCP UDP 1 2 3 4 AIU Implementation: DAG Source Destination Protocol 1: 129.* 192.94.233.10 TCP 2: 128.252.153.1 128.252.153.7 UDP 3: 128.252.153.1 128.252.153.7 TCP 4: 128.252.153.* * UDP Source Address Destination Address Protocol

  9. Packet Scheduling Firewall IP Sec <,,,,,,> a a a 129.* 129.* 129.* 128.252.153.* 128.252.153.* 128.252.153.* 128.252.153.1 128.252.153.1 128.252.153.1 Classify b b b c c c d d d 192.94.233.10 192.94.233.10 192.94.233.10 128.252.153.7 128.252.153.7 128.252.153.7 * * * * * * IP IP FTE e e e f f f g g g TCP TCP TCP UDP UDP UDP TCP TCP TCP UDP UDP UDP 1 1 1 2 2 2 3 3 3 4 4 4 AIU Implementation: Flow Table AIU Plugin Control Unit Filter Table Flow Table U U U Packet Scheduling Firewall IP Sec

  10. Packet Scheduling Firewall IP Sec <,,,,,,> a a a 129.* 129.* 129.* 128.252.153.* 128.252.153.* 128.252.153.* 128.252.153.1 128.252.153.1 128.252.153.1 b b b c c c d d d 192.94.233.10 192.94.233.10 192.94.233.10 128.252.153.7 128.252.153.7 128.252.153.7 * * * * * * IP IP IP IP IP IP IP IP FTE FTE FTE FTE FTE FTE FTE FTE e e e f f f g g g TCP TCP TCP UDP UDP UDP TCP TCP TCP UDP UDP UDP 1 1 1 2 2 2 3 3 3 4 4 4 AIU Implementation: Flow Table AIU Plugin Control Unit Filter Table Flow Table IPS3 PS1 FW2 U U U Packet Scheduling Firewall IP Sec

  11. Packet Scheduling Firewall IP Sec <,,,,,,> a a a 129.* 129.* 129.* 128.252.153.* 128.252.153.* 128.252.153.* 128.252.153.1 128.252.153.1 128.252.153.1 Classify b b b c c c d d d 192.94.233.10 192.94.233.10 192.94.233.10 128.252.153.7 128.252.153.7 128.252.153.7 * * * * * * IP IP FTE e e e f f f g g g TCP TCP TCP UDP UDP UDP TCP TCP TCP UDP UDP UDP 1 1 1 2 2 2 3 3 3 4 4 4 AIU Implementation: Flow Table AIU Plugin Control Unit Filter Table Flow Table IPS3 PS1 FW2 U U U Packet Scheduling Firewall IP Sec

  12. Packet Scheduling Firewall IP Sec <,,,,,,> a a a 129.* 129.* 129.* 128.252.153.* 128.252.153.* 128.252.153.* 128.252.153.1 128.252.153.1 128.252.153.1 b b b c c c d d d 192.94.233.10 192.94.233.10 192.94.233.10 128.252.153.7 128.252.153.7 128.252.153.7 * * * * * * IP IP IP IP IP IP IP IP FTE FTE FTE FTE FTE FTE FTE FTE e e e f f f g g g TCP TCP TCP UDP UDP UDP TCP TCP TCP UDP UDP UDP 1 1 1 2 2 2 3 3 3 4 4 4 AIU Implementation: Flow Table AIU Plugin Control Unit Filter Table Flow Table IPS3 PS1 FW2 U U U Packet Scheduling Firewall IP Sec

  13. Router Plugins - The Control Path

  14. Router Plugins - The Data Path

  15. Plugin RSVP/SSP/Route daemons Manager Crossbow Socket User Kernel sets filters Association IPv4/IPv6-core Identification Unit (AIU) message registers to plugins instance registers IPSEC FW PS BMP callback Plugin Control Unit FW1 SEC1 PS1 BMP1 fct (PCU) FW2 SEC2 PS2 BMP2 forwards FW3 SEC3 PS3 BMP3 messages Crossbow library Crossbow Library

  16. Review: Router Plugins Vocabulary 6-tuple: src_addr, dest_addr, protocol, interface, src_port, dst_port flow: IP packet stream that is identified by a specific 6-tuple flow table: cache of existing flow information loadable kernel module: executable code which can be dynamically loaded into the NetBSD kernel and subsequently executed. gate: spot in the NetBSD IP processing code where Router Plugin modules can be executed. dynamic gate: bind plugin instances to a filters (hence, different flows MAY cause execution of different instances or plugins?) static gate: bind plugin instances to gate (all flows execute same inst.) plugin: A loadable kernel module (lkm) that can be associated with a Router Plugin gate. instance: An instantiation of a plugin. filter: A 6-tuple, possibly containing wildcards. filter table: For each dynamic gate, there may be a number of filters. The collection of these filters is referred to as a filter table. dag: Filter tables are implemented as a directed acyclic graph (dag).

  17. RP - additional facts • Plugins create instances • Instances are addressable run-time configurations of plugins • Every instance has a handle (16 bit number) • System interfaces mainly with instances • Plugins are addressable using 32 bit identifier (plugin code) • Filters, Gates, and Instances are addressable using handles (16 or 32 bit numbers) • Hybrid implementation of IPv4/v6 • Crossbow <=> Router Plugins

More Related