Upgrade to Pro — share decks privately, control downloads, hide ads and more …

#34 “MTPSA: Multi-Tenant Programmable Switches”

#34 “MTPSA: Multi-Tenant Programmable Switches”

cafenero_777

June 22, 2023
Tweet

More Decks by cafenero_777

Other Decks in Technology

Transcript

  1. Agenda •ର৅࿦จ •֓ཁͱಡ΋͏ͱͨ͠ཧ༝ 1. INTRODUCTION 2. PDP VIRTUALIZATION 3. DATA

    PLANE ISOLATION 4. ROLES AND PRIVILEGES 5. ARCHITECTURE OF MTPSA 6. IMPLEMENTATION 7. EVALUATION 8. DISCUSSION 9. RELATED WORK 10.CONCLUSION 2
  2. ର৅࿦จ •MTPSA: Multi-Tenant Programmable Switches • Radostin Stoyanov, Noa Zilberman

    • University of Cambridge, University of Oxford • P4 Workshop on EuroP4 ‘20 • https://dl.acm.org/doi/10.1145/3426744.3431329 • OxfordͰͷIn-network computingݚڀϦετʢʁʣ • https://eng.ox.ac.uk/computing/projects/in-network-computing/ 3
  3. ֓ཁͱಡ΋͏ͱͨ͠ཧ༝ •֓ཁ • ϚϧνςφϯτͳϓϩάϥϚϒϧεΠον • isolation (resource, security, performance)͕ඞཁ •

    MTPSA (Multi-Tenant Portable Switch Architecture)Λ࣮૷ɾධՁ •ಡ΋͏ͱͨ͠ཧ༝ • Alibaba cloudͷcloud-GWͰϚϧνςφϯτ࣮૷͕ؾʹͳͬͯɻ • P4ΞʔΩςΫνϟ͕ؾʹͳΔ 4
  4. P4 Architectureͷ෮श •MTPSA = MT + PSA (Multi Tenant +

    Portable Switch Architecture) 5 https://sdn.systemsapproach.org/switch.html PISA (Protocol Independent Switching Architecture) PSA (Portable Switch Architecture) TNA (To fi no Native Architecture) https://github.com/barefootnetworks/Open-To fi no/blob/master/PUBLIC_To fi no-Native-Arch-Document.pdf
  5. 1. INTRODUCTION •PDP: Programable Data Plane • ݻఆػೳͳεΠον΍NICͰ͸ͳ͍ɻP4ͳͲͷDSLͰॻ͚Δ • αʔό͔ΒPDPʹΦϑϩʔυ

    -> ޮ཰Խ • Ծ૝Խ (~= isolation)͸ඞཁ • secure execution, performance, resourcesΛ෼཭͠ɺෳ਺P4ϓϩάϥϜΛಉ࣮࣌ߦ (P4HV) •MTPSA (Multi-Tenant Portable Switch Architecture) • P4Ͱ֤छ෼཭ϝΧχζϜͷఏҊ • ςφϯτ෼཭ΞʔΩςΫνϟఏҊ • SWʗHW࣮૷ͱධՁ 7
  6. 2. PDP VIRTUALIZATION •ૉ๿ͳPDP & P4 • P4ͰϓϩτίϧϔομͷղੳͱϚονɾΞΫγϣϯ • ୯ҰωοτϫʔΫίϯςΩετͰಈ࡞

    • Ϣʔβ͸PDPͷϦιʔεΛڞ༗ͯ͠͠·͏ •Ծ૝ԽPDP • ෳ਺ϓϩάϥϜΛ഑ஔ͠ɺಠཱͨ͠ίϯςΩετͰಈ࡞ • ػೳͷ੾Γସ͑ʢࠩ͠ସ͑ʣ΋Մೳ (recon fi guration) 8
  7. 3. DATA PLANE ISOLATION •Isolation? • Resource: table/entry, register/extern •

    Performance: ҰఆͷεϧʔϓοτΛୡ੒ʢଞͷϓϩάϥϜ͕ಈ͍͍ͯͯ΋ʣ • Security: Ϧιʔε΁ͷΞΫηε੍ݶ • લஈɾޙஈͰACLΛ͔͚͓ͯ͘ • ෳ੡ύέοτͰϦιʔεރׇͤ͞ΔDDoS -> ෳ੡΍ύΠϓϥΠϯ࠶॥؀ॲཧճ਺ͷ੍ݶͰ؇࿨ • ॳظԽ࣌ͷϦιʔε࠶ར༻ͷѱ༻ (PacketHeaderVector pool෼཭) 9
  8. 4. ROLES AND PRIVILEGES •OSͷ֓೦Λಋೖ • Role: ϩʔϧ, root/administratorͱPrivileges: ಛݖ

    • superuser: PDPͷશͯͷϦιʔεʹΞΫηεՄ • user: PDP಺ͰͷϦιʔεΞΫηεʢςʔϒϧɺ֎෦ΞΫηεɺύέοτʣ΍ૢ࡞੍ݶʢϛϥʔϦϯάɺ࠶॥؀ʣ • ϔομͷread/writeݖݶɺϝλσʔλͷread/writeݖݶ • ϚονʢςʔϒϧʣΛ࢖ͬͯྑ͍͔ -> ࣮ߦݖݶͱ੍ͯ͠ݶɻ • ΞΫγϣϯ΋࣮ߦݖݶͱ੍ͯ͠ݶʢϛϥʔϦϯάɾ࠶॥؀ɾC-plane΁ͷ௨஌ͳͲʣ •ྫɿ • E: ΩϡʔαΠζΛ͍͡Δ͜ͱͰAΛόάΒͤΔɻA: ϝλσʔλ্ͷΩϡʔαΠζΛݟͯʢҙਤ͠ͳ͍ʣ᫔᫓੍ޚ͞Εͯ͠·͏ • ϝλσʔλ΁ͷΞΫηεݖݶΛ੍ݶ͢Ε͹๷͛Δ • E: ToSͳͲϔομΛมߋͯ͠ߴ༏ઌͤ͞ΔɻA͸drop͞Εͯ͠·͏ɻ • ϔομʔϑΟʔϧυૢ࡞ݖݶΛແޮʹ͢Δ 10
  9. 5. ARCHITECTURE OF MTPSA •PSAͷ֦ு • superuser P4: ingress/egressॲཧ, Ϣʔβׂ౰ɺݖݶׂ౰ɺϝλσʔλׂ౰

    • ྫɿouter IP/UDP/VxLANͷॲཧͱϢʔβׂ౰ॲཧɺॲཧ݁ՌͷϝλσʔλԽ • user P4: Ϟδϡʔϧͱͯ͠ಈ࡞ɺಠཱͯ͠ίϯύΠϧɾςετͰ͖Δ • ࣗ਎ͷύέοτͷΈͷૢ࡞อূɺ॥؀ճ਺ɺϔομ૿Ճྔͷ੍ݶʢ256B·ͰͳͲʣ 11 •࣮ߦϞσϧɿNWࣄۀऀͱϢʔβ • ࣗ෼ͷύέοτ͔͠ݟΕͳ͍ʢྫɿVxLANʣ • ύϑΥʔϚϯεͷ෼཭ͱ࠶॥؀ͷ੍ݶʢϢʔβϓϩά ϥϜͷ෼཭ʣ • Ϧιʔεͷ෼཭ʢίϯύΠϧ࣌ʹϦιʔεܾఆʣ
  10. 6. IMPLEMENTATION •target • SW൛ɿPSA on BMv2 • HW൛ɿP4/NetFPGAʢ࣮ͨͩ͠૷্ͷ੍ݶ͋Γʣ •

    https://github.com/mtpsa •ෳ਺P4ϢʔβϓϩάϥϜΛಠཱɾฒྻʹϩʔυʢͨͩ͠ʣ • ύϑΥʔϚϯε෼཭ • Ϧιʔε෼཭ʢྫɿPHVʣ, recon fi guration (BMv2ͷΈ) •ϥϯλΠϜ੍ޚɿ • APIܦ༝ͰಛఆϢʔβͷςʔϒϧΤϯτϦߋ৽ͳͲ •MTPSAίϯύΠϥ • BMv2: όοΫΤϯυͱͯ͠mtpsa_swichΛಋೖ • NetFPGA: 2ͭͷP4(suIngress/suEgress)ͱͦͷόεؒͰϢʔβP4͕ಈ࡞ 12 user_id user_permissions via metadata
  11. 7. EVALUATION •SW: P4C/BMv2, mininet on intel i5, standalone or

    8node+3SW, Fedora5.6 •HW: NetFPGA SUME, Xilinx Vivid 2018.2 + SDNet 2018.2, Ubuntu 16.04 •τϥϑΟοΫδΣωϨʔλɿOSNT (NetFPGA) 4*10Gbps •user_id: TCPϙʔτ൪߸ •ϢʔβϓϩάϥϜɿL2FWD •ൺֱɿP4->NetFPGAϦϑΝϨϯεɾσβΠϯɺMTPSA0,1,2,3,4,8 13
  12. 7. EVALUATION •ػೳ • suଆ: ether, IPv4/v6, TCP/UDP, VxLAN/VLAN (=ID)

    • userଆɿL2FWD, L4LB • ແޮͳuser_idͷύέοτഁغɺexternؔ਺ͷ࢖༻੍ݶͷ֬ೝ •ੑೳ • Ϧιʔεফඅɿ 4~6%ఔ౓ͷϦιʔεΦʔόʔϔου • ஗ԆɿྼԽͤͣεέʔϧΛ֬ೝ • εϧʔϓοτɿϢʔβϓϩάϥϜʹτϥϑΟοΫ͕ภͬͯ΋wire-rateग़Δ 14 https://www.youtube.com/watch?v=rERCMt95wro
  13. 9. RELATED WORK •P4Visor, P4Bricks • ෳ਺P̐ϓϩάϥϜΛ1ͭͷϓϩάϥϜͰಈ͔͢ • ෼཭͸໨ࢦ͍ͯ͠ͳ͍ •HyPer4,

    HyperVDP • P4ΤϛϡϨʔγϣϯʹΑΔԾ૝ԽɻϦιʔε࢖͏ •Switch ASICΛར༻ͨ͠chaining • ߴੑೳ͕ͩηΩϡϦςΟ෼཭͕ͳ͍ •P4VBox • P4ϕʔε͕ͩtarget͕FPGAͷΈ 16
  14. ׬૸ͨ͠ײ૝ •पลௐࠪɾҾ༻ݩ͕໾ʹཱͪͦ͏ • https://sdn.systemsapproach.org/switch.html • P4Ҏ֎΋͓͢͢Ί • https://ieeexplore.ieee.org/document/9078127 • ਤͰൺֱ

    • https://p4.org/p4-spec/docs/PSA.html • spec • https://github.com/barefootnetworks/Open-To fi no/blob/master/PUBLIC_To fi no-Native-Arch-Document.pdf • ࣮ࡍͷHW 19