1. Openflow Protocol • Software Defined Network (SDN) Total : 243 bits / packet header National Cheng Kung University CSIE Computer & Internet Architecture Lab

2. Drawbacks of Traditional Network • Difficult to perform real world experiments on large scale production networks. • Usage of custom ASICs with vendor specific software leads to innovation and configuration problems. National Cheng Kung University CSIE Computer & Internet Architecture Lab

3. Software Defined Network • Decouples the control plane and data plane. • Program a network instead of configure a network. National Cheng Kung University CSIE Computer & Internet Architecture Lab

4. OpenFlow Overview • Stanford Nick McKeown proposed a way for researchers to run experimental protocols in networks they use every day • OpenFlow is a protocol which enables programmability of the data/forwarding plane. • OpenFlow specification describes the requirements of an OpenFlow Logical Switch. • OpenFlow specification also specifies a list of OpenFlow messages/API. National Cheng Kung University CSIE Computer & Internet Architecture Lab

5. OpenFlow Controller • Manages one or more switch via OpenFlow channels. • OpenFlow protocol to communicate with OpenFlow switch. • Provides a network wide abstraction for the applications on north bound. • Responsible for programming various tables in OpenFlow switch. • OpenSource controllers: ONOS (JAVA) OpenDayLight (JAVA) Floodlight (JAVA) RYU (Python) NOX/POX (Python) Control-plane Data-plane Data-plane Data-plane National Cheng Kung University CSIE Computer & Internet Architecture Lab

6. OpenFlowAware Switch • OpenFlow 1.1 introduces multi table and group table support. • OpenFlow 1.3 introduces meter table support. • Up to 1.5.1 National Cheng Kung University CSIE Computer & Internet Architecture Lab

7. Packet Processing Pipeline National Cheng Kung University CSIE Computer & Internet Architecture Lab

8. Flow Table • Aflow table consists of flow entries: • Match fields specifies which packet headers are used to match against. OpenFlow 1.0 supports 12match fields, while OpenFlow 1.3/1.4/1.5 supports up to 40/41/44 match fields. • Priority describes the rule precedence. • Counters field is used to count packets/bytes that match the entry. • Instructions are executed when a packet matches the entry. Instructions contain either a set of actions to add to the action set, contains a list of actions to apply immediately to the packet, or modifies pipeline processing. • Timeouts specify the liveness time of a entry. Eth type Switch Port IP Src IP Dst IP Prot L4 sport L4 dport IP ToS MAC src MAC dst VLAN pcp VLAN ID National Cheng Kung University CSIE Computer & Internet Architecture Lab

9. Reactive Forwarding Scheme Controller Flow_Mod Packet_Out Flow_Mod Packet_Out Flow_Mod Packet_Out IP=10.0.0.2 IP=10.0.0.1 Packet_In Packet_In Packet_In packet packet packet packet H1 Switch1 Switch2 Switch3 H2 1 2 1 3 2 1 National Cheng Kung University CSIE Computer & Internet Architecture Lab

10. Hash-based OpenFlow Packet Classification onHeterogeneous System Architecture(在異質性系統架構上之以Hash為基礎的OpenFlow封包分類) • Single hash table can not process the macroflow rules. • Linear Search in the macroflow tables is very slow. • Binary Range Tree and Binary Trie are not efficient for the fields eith only exact values. National Cheng Kung University CSIE Computer & Internet Architecture Lab

11. Proposed scheme • We proposed a hash-based and decision-tree based scheme to process the fields those contain exact value • This scheme can be used as an accelerator for traditional packet classification method. National Cheng Kung University CSIE Computer & Internet Architecture Lab

12. Proposed scheme – Overview National Cheng Kung University CSIE Computer & Internet Architecture Lab

13. Bloom Filter • Used to check an element is in a set or not. • High space efficiency and constant lookup time. • May has false positive matches, but does not have false negatives. • Hash function 1: F(k) = k mod 16  F(34) = 2 • Hash function 2: F' (k) = (k/11) mod 16  F'(34) = 1 Bloom filter (16 bits) 0110 0011 0101 1010 • If updateis needed, use Counting Bloom Filter National Cheng Kung University CSIE Computer & Internet Architecture Lab

14. Cuckoo Hashing • h(k ) = • h’(k) = Computer & Internet Architecture Lab CSIE, National Cheng Kung University

15. Cuckoo Hashing Insert Example 3 3 20 20 20 20 20 20 20 100 100 67 20 20 67 67 67 100 67 100 39 36 3 36 3 53 53 53 50 53 50 50 50 53 53 50 50 105 50 50 105 50 39 105 50 50 105 75 67 75 75 75 53 53 75 53 20 53 75 53 53 Computer & Internet Architecture Lab CSIE, National Cheng Kung University 20 105 20 75 75 75 100 100 100 100 100

16. Proposed scheme – L1 Hash Table National Cheng Kung University CSIE Computer & Internet Architecture Lab

17. Proposed scheme – L2 Hash Table National Cheng Kung University CSIE Computer & Internet Architecture Lab

18. Proposed scheme – L3 Hash Table National Cheng Kung University CSIE Computer & Internet Architecture Lab

19. Proposed scheme – Bloom filter phase (1/5) • In the Bloom filter phase of L1, it contains a 128bits Main bloom filter, 2 possibility bitmaps and a 4bits ignoring flag. • In the Bloom filter phase of L2 node, it contains a 64bits Main bloom filter, 2 possibility bitmaps and 8bits ignoring flag. National Cheng Kung University CSIE Computer & Internet Architecture Lab

20. Bloom Filter phase Input filed 11, 12 of header Proposed scheme – Bloom filter phase(2/5) miss Main Bloom Filter Hit in bloom filter Possibility Bitmap Get possibility bitmap Ignoring Flag Merge with ignoring flag Get a result without merging possibility bitmap Get a bitmap result Continue to hash table phase National Cheng Kung University CSIE Computer & Internet Architecture Lab

21. Proposed scheme – Bloom filter phase (3/5) National Cheng Kung University CSIE Computer & Internet Architecture Lab

22. Proposed scheme – Bloom filter phase (4/5) Main Bloom filter • Use 2 hash functions • Result of hash function 1 = 2 • Result of hash function 2 = 7 National Cheng Kung University CSIE Computer & Internet Architecture Lab

23. Proposed scheme – Bloom filter phase (5/5) Possibility bitmap x 2 • Result of hash function 1 = 2 • Result of hash function 2 = 7 • Merge 2 bitmaps using OR operation • (1011) OR (1100) = 1000 • Means only table 0 need to be search National Cheng Kung University CSIE Computer & Internet Architecture Lab

24. Proposed scheme –Insert into Hash Table L1 Hash table L2 Hash table L3 Hash table • Rule ID = 50 • L1 Hash Code = 2 • L2 Hash Code = 6 • L3 Hash Code = 4 National Cheng Kung University CSIE Computer & Internet Architecture Lab

25. Proposed scheme –Search inHash Table L1 Hash table L2 Hash table L3 Hash table Get result Rule ID = 4792 • L1 Hash Code = 4 • L2 Hash Code = 7 • L3 Hash Code = 4 National Cheng Kung University CSIE Computer & Internet Architecture Lab

26. Proposed scheme – Compression Bitmap Base Array National Cheng Kung University CSIE Computer & Internet Architecture Lab

27. Proposed scheme – Cache and Microflow National Cheng Kung University CSIE Computer & Internet Architecture Lab

28. Proposed scheme – Optimize National Cheng Kung University CSIE Computer & Internet Architecture Lab

29. Outline • Introduction • Related Work • Proposed Schemes • Experimental Result • Conclusion National Cheng Kung University CSIE Computer & Internet Architecture Lab

30. Experiment Result - Environment Platform 1 Platform 2 National Cheng Kung University CSIE Computer & Internet Architecture Lab

31. Experiment Result – Rule Set (1/2) • We use FRuGto generate two rule sets. • One ruleset contains only one type of rule, contains no wildcard (*), the size is 50K • Another one ruleset contains 127 types of rules, contains wildcards (*), the size is 12K. • All the parameter of generator is set as default. National Cheng Kung University CSIE Computer & Internet Architecture Lab

32. Experiment Result – Rule Set (2/2) National Cheng Kung University CSIE Computer & Internet Architecture Lab

33. Experiment Result – Throughput National Cheng Kung University CSIE Computer & Internet Architecture Lab

34. Experiment Result – Memory Consumption National Cheng Kung University CSIE Computer & Internet Architecture Lab

35. Experiment Result – Comparing (1/3) National Cheng Kung University CSIE Computer & Internet Architecture Lab

36. Experiment Result – Comparing (2/3) National Cheng Kung University CSIE Computer & Internet Architecture Lab

37. Experiment Result – Comparing (3/3) National Cheng Kung University CSIE Computer & Internet Architecture Lab

38. Conclusion • In this thesis, we proposed a high throughput, low cost and low power consumption scheme, it can achieve high throughput on APU platform. • The throughput of our scheme can achieve 1836MPPS, and achieve 1983 MPPS with cache. • The memory consumption is 38 MB. • The power consumption of whole platform is about 115 watts. National Cheng Kung University CSIE Computer & Internet Architecture Lab

39. Thanks for Your Attention National Cheng Kung University CSIE Computer & Internet Architecture Lab