1 / 48

Virtualizing Network I/O on End-Host OS

Virtualizing Network I/O on End-Host OS. Takashi “taka” Okumura Department of Computer Science University of Pittsburgh. MD/Ph.D. Who’s taka?. A Ph.D. student. Working with Dr. Mosse' Semantics-aware Control of Medical Network Virtualization of network I/O on end-host OS.

trella
Download Presentation

Virtualizing Network I/O on End-Host OS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtualizing Network I/O on End-Host OS Takashi “taka” Okumura Department of Computer Science University of Pittsburgh

  2. MD/Ph.D. Who’s taka? • A Ph.D. student • Working with Dr. Mosse' • Semantics-aware Control of Medical Network • Virtualization of network I/O on end-host OS

  3. Dummynet, IPFW, ALTQ, PF, netfilter, etc... Network Control on End-host OS • Traffic Management tool for system administrators • Privileged Instructions • Lack of Resource Protection Model • Static Configuration • Flat Queue Structure • It is Traffic Management model for intermediate-nodes

  4. We cannot simply port the router model onto end-node... The Traffic Control model limitsnetwork control technology • Why don’t we have a standard API even for bandwidth control?? • Why do we need to be a root, just to control its own traffic?? • Why can’t we realize access control per-application basis on Unix?? • Why can’t we use Extension Header of IPv6, for existing applications? Dummynet, IPFW, ALTQ, PF, LARTC, etc... Dummynet, IPFW, ALTQ, PF, LARTC, etc...

  5. What can we do ?

  6. Fundamental Problem Dissociation of Resource Management model and Network Control Model

  7. AFTER CPU Resource Management Before nice + renice

  8. AFTER Network Resource Management Before Virtualization of Network Interface!!

  9. Hierarchical Management Flexible Control Granularity

  10. 512Kbps Example 1 : netnice pid = 1234 % netnice 1234 512Kbps

  11. ftp 2Mbps Example 2 : sh sh % ftp ftp.freebsd.org@2Mbps

  12. Fair Queuing Packet shaping Various Controls throughhierarchical virtualization Priority Queuing Independent Packet Schedulers

  13. Proxy libpcap Diverting Interface Netnice Packet Filter Packet Filter (Firewall) ctrl Integration of QoS and Security Control BPF&libpcap Compatible

  14. The almighty primitive for network control • Various Controls in a single framework • Resource Protection • Sophisticated API • Integration of Network Control • Bandwidth Management • Queuing Control • Firewall/Packet Filter • Packet Capture

  15. Intermission - Project Status -

  16. India Gate, Bombay (Mumbai)

  17. Why did Taka go to India? Loves Indian Food! To collaborate with Indian Hackers! Gate Taka

  18. Netnice ORGan Opensource Project • Kernel Development - Porting • Application Development - Porting • (Research Division; discussed later)

  19. Kernel Development FreeBSD 4 97% Linux 50% NetBSD 70% OpenBSD 80% FreeBSD 5 90% MacOS X 5% Windows 1% We want Alpha/Beta testers!!!

  20. Applications Firewall Builder Netnice Daemon 3D-tcpdump Apache module inetd

  21. Rule Builder Rule Code Firewall Builder for Netnice • Firewall Rule Builder GUI Root VIF

  22. JavaScript !! netniced Scripting Network Control

  23. 11Mbps n n Hosts 11Mbps var vif = system.get_root(“wi0”); var node = new Tupple(1); function timer() { vif.bandwidth = 11 * Mbps / node.size(); } The Netnice Daemon: netniced Wireless Network

  24. libpcap ctrl 3D-TCPDUMP • 3D Network Analysis/ Visualization Tool

  25. Apache: mod_netnice

  26. inetd ftp telnet 32Kbps 1Mbps inetd #cat /etc/inetd.conf ftp tcp ftpd -l telnet tcp telnetd @32K/sec shell tcp rshd @32K/sec #inetd @1Mbps # Configuration of services and their resource should be integrated

  27. Got bored?

  28. Dummynet, IPFW, ALTQ, PF, LARTC, etc... Existing Primitives • Traffic Management tool for system administrators • Privileged Instructions • Lack of Resource Protection Model • Static Configuration • Flat Queue Structure • Each primitive has particular objective, and had control application just for that particular purpose

  29. Hierarchical Virtual Network Interface • Generic OS service for end-host oriented network control • Serves as a programming construct • Works for a variety of purposes • Extends the limit of end-host oriented network control • But, we need to extend the limit, much more...

  30. Research

  31. TOPICS • Architecture • Compiler • Algorithm • Operating System • Artificial Intelligence

  32. Architecture Dynamic Extension of Protocol Stack by Virtual Machine technology

  33. Linux Windows VM VM VM Protocol Stack Virtualization BSD Performance?

  34. Compiler Compiler for High-performance Firewall

  35. allow 192.9.200.123 Filter Filter Rule BPF code if (p[12:4] == 0xa209e081) return accept; else return reject; IA32 code Firewall Instrumentation packets NIC

  36. Algorithm Distributed Caching and Traffic Control Algorithm for Fermi FS

  37. Off-line Jobs Distributed Caching and Traffic Control L2 worker L1 Buffer Storage On-line Jobs 1 job / 396ns n = 96 Distributed Hash Table (P2P) technology?

  38. Operating System Coupled Scheduling Mechanism for CPU and Network

  39. CPU Scheduling + Network Control • High Priority Jobs • Higher Network Priority • Lower Priority Jobs • Lower Network Priority High Low

  40. Artificial Intelligence Traffic Control based on Semantics analysis of on-going communication

  41. Semantics-Aware Medical Network • Needs for better fairness, safety, and security • ex) Resource contention between traffic for... • Emergency Case (such as Acute MI) • Common cold

  42. Semantics Aware Medical Network • Each node understands traffic semantics and controls packets accordingly Hospital Ambulance Node

  43. ? ? ? Straightforward Approach • Hop-by-hop routing • Packet Dropping • Encripted Payload • Stateful Inspection • What if we analyze the traffic semantics at the intermediate nodes?

  44. Cooperation of End-nodes and Intermediate-nodes • What if the end-nodes attach semantics information they analyze onto each packet…? • Hop-by-hop routing • Packet Dropping • Encripted Payload • Stateful Inspection • Hop-by-hop routing • Packet Dropping • Encripted Payload • Stateful Inspection

  45. Fairness by Agent model We may realize “fair” and “efficient” semantics-aware network... • What if we prepare “fair” agents, and let the end-users select one for semantics analysis?

  46. To realize such a technology,we need an end-node mechanism! which allows analysis of flows at flexible granularity and active control of them just monitored.

  47. ? || /* */

More Related