Virtualizing Network I/O on End-Host OS

internalchildlikeInternet and Web Development

Nov 12, 2013 (3 years and 9 months ago)

75 views

Virtualizing Network I/O on End
-
Host OS

Takashi “taka” Okumura


Department of Computer Science

University of Pittsburgh

Who’s taka?


A Ph.D. student


Working with
Dr. Mosse'


Semantics
-
aware Control of
Medical Network


Virtualization of network I/O
on end
-
host OS

Network Control on End
-
host OS

Dummynet, IPFW, ALTQ,
PF, netfilter, etc...


Traffic Management tool for
system administrators



Privileged Instructions


Lack of Resource Protection Model


Static Configuration


Flat Queue Structure



It is Traffic Management model
for intermediate
-
nodes

The Traffic Control model limits

network control technology


Why don’t we have a standard API
even for
bandwidth control
??



Why do we need to be a
root
, just
to control its own traffic??



Why can’t we realize
access control

per
-
application basis on Unix??



Why can’t we use
Extension Header

of IPv6, for existing applications?

Dummynet, IPFW, ALTQ,
PF, LARTC, etc...

Dummynet, IPFW, ALTQ,
PF, LARTC, etc...

We cannot simply port the router model
onto end
-
node...

What can we do ?

Fundamental Problem

Dissociation of Resource Management model


and Network Control Model

CPU Resource Management

Before

AFTER

nice + renice

Network Resource Management

Before

AFTER

Virtualization of Network Interface!!

Hierarchical Management

Flexible Control Granularity

Example 1 : netnice

% netnice 1234 512Kbps

pid = 1234

512
Kbps

Example 2 : sh

% ftp ftp.freebsd.org

@2Mbps

sh

ftp

2
Mbps

Various Controls through

hierarchical virtualization

Independent Packet Schedulers

Fair Queuing

Packet shaping

Priority Queuing

Integration of QoS and Security Control

libpcap

ctrl

BPF&libpcap Compatible

Netnice Packet Filter

Diverting Interface

Proxy

Packet Filter (Firewall)

The almighty primitive for network control


Various Controls in a single framework


Resource Protection


Sophisticated API


Integration of Network Control


Bandwidth Management


Queuing Control


Firewall/Packet Filter


Packet Capture

Intermission

-

Project Status
-

India Gate, Bombay (Mumbai)

Why did Taka go to India?


Loves
Indian Food
!


To collaborate with Indian
Hackers
!

Gate

Taka

Netnice ORG

an Opensource Project


Kernel Development
-

Porting



Application Development
-

Porting



(Research Division; discussed later)

Kernel Development


FreeBSD 4


97%


Linux



50%


NetBSD



70%


OpenBSD


80%


FreeBSD 5


90%


MacOS X



5%


Windows




1%

We want Alpha/Beta testers!!!

Applications


Firewall Builder


Netnice Daemon


3D
-
tcpdump


Apache module


inetd

Firewall Builder for Netnice


Firewall Rule Builder GUI

Root VIF

Rule Builder

Rule Code

netniced

Scripting Network Control

The Netnice Daemon: netniced

Wireless Network

11Mbps

n Hosts

11Mbps

n

var vif = system.get_root(“wi0”);

var node = new Tupple(1);


function timer()

{


vif.bandwidth = 11 * Mbps / node.size();

}

3D
-
TCPDUMP


3D Network Analysis/ Visualization Tool

libpcap

ctrl

Apache: mod_netnice

inetd


#

cat /etc/inetd.conf

ftp tcp ftpd
-
l

telnet tcp telnetd
@32K/sec

shell tcp rshd
@32K/sec


#

inetd @1Mbps

#


ftp

32
Kbps

inetd

telnet

1
Mbps

Configuration of services and their resource
should be integrated

Got bored?

Existing Primitives

Dummynet, IPFW, ALTQ,
PF, LARTC, etc...


Traffic Management tool for system
administrators



Privileged Instructions


Lack of Resource Protection Model


Static Configuration


Flat Queue Structure



Each primitive has particular objective,
and had control application just for
that particular purpose

Hierarchical Virtual Network Interface


Generic OS service for end
-
host
oriented network control



Serves as a programming construct


Works for a variety of purposes


Extends the limit of end
-
host oriented
network control



But, we need to extend the limit,
much more...

Research

TOPICS


Architecture


Compiler


Algorithm


Operating System


Artificial Intelligence

Architecture

Dynamic Extension of Protocol Stack
by Virtual Machine technology

Protocol Stack Virtualization

BSD

Linux

Windows

VM

VM

VM

Performance?

Compiler

Compiler for High
-
performance Firewall

Firewall Instrumentation

packets

NIC

Filter

IA32 code

BPF code

if (p[12:4] == 0xa209e081)


return accept;

else


return reject;

Filter Rule

allow 192.9.200.123

Algorithm

Distributed Caching and Traffic Control
Algorithm for Fermi FS

Distributed Caching and Traffic Control

Storage

n = 96

L1 Buffer

On
-
line Jobs

L2 worker

Off
-
line Jobs

1 job / 396ns

Distributed Hash Table (P2P) technology?

Operating System

Coupled Scheduling Mechanism for
CPU and Network

CPU Scheduling + Network Control


High Priority Jobs


Higher Network Priority



Lower Priority Jobs


Lower Network Priority

High

Low

Artificial Intelligence

Traffic Control based on Semantics
analysis of on
-
going communication

Semantics
-
Aware Medical Network


Needs for better
fairness
,
safety
, and
security


ex) Resource contention between traffic for...


Emergency Case (such as Acute MI)


Common cold

Ambulance

Semantics Aware Medical Network


Each node understands traffic semantics and
controls packets accordingly

Hospital

Node

Straightforward Approach


Hop
-
by
-
hop

routing


Packet

Dropping


Encripted

Payload


Stateful

Inspection

?

?

?


What if we analyze the traffic semantics at the
intermediate nodes?

Cooperation of End
-
nodes and
Intermediate
-
nodes


Hop
-
by
-
hop

routing


Packet

Dropping


Encripted

Payload


Stateful

Inspection


What if the end
-
nodes attach semantics
information they analyze onto each packet

?


Hop
-
by
-
hop

routing


Packet

Dropping


Encripted

Payload


Stateful

Inspection

Fairness by Agent model


What if we prepare “fair” agents, and let the
end
-
users select one for semantics analysis?

We
may

realize

fair


and

efficient


semantics
-
aware network...

To realize such a technology,

we need an end
-
node mechanism!

which allows analysis of flows at flexible granularity
and active control of them just monitored.

? || /* */