Skip to main content
SpringerLink
Log in

Mobius: Packet Re-processing Hardware Architecture for Rich Policy Handling on a Network Processor

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Network devices generally handle traffic with predefined policies that describe the operation of packets. Since these policies explain network operation, the number of policies in network devices naturally increases as the scale of a network. Unfortunately, processing a large number of policies may lead to performance loss; Although many policies can be stored in memory, a network processor in a network device can only handle a limited number of policies at once so that the policies should be divided and processed into several groups. Thus, the processing time for one packet will be delayed, and it can fill up an input buffer of the device and drop packets. However, improving a processor that supports large capacity is not an efficient way because it also increases the cost of the processor. To address these challenges, we propose a hardware architecture for network processors called Mobius. It allows a processor to re-process packets n more times with different policies by utilizing the idle resources of the processor caused by the propagation time of packets on a wire. Consequently, Mobius extends the capacity of the processor at a low-cost so that more policies can be processed for packets without performance loss. We implement the prototype of Mobius using NetFPGA-SUME and our evaluation demonstrates that Mobius achieves a line-rate throughput with a tiny latency overhead. A comparison with other network processor models shows that Mobius exhibits a similar performance but is more economical.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Similar content being viewed by others

References

  1. Curtis, A.R., Mogul, J.C., Tourrilhes, J., Yalagandula, P., Sharma, P., Banerjee, S.: Devoflow: Scaling flow management for high-performance networks. ACM SIGCOMM Comput Commun Rev 41, 254–265 (2011)

    Article  Google Scholar 

  2. Wang, Y.C., Lin, Y.D., Chang, G.Y.: Sdn-based dynamic multipath forwarding for inter-data center networking. Int J Commun Syst 32(1), e3843 (2019)

    Article  Google Scholar 

  3. Greenberg, A., Lahiri, P., Maltz, D.A., Patel, P., Sengupta, S.: Towards a next generation data center architecture: scalability and commoditization. In: Proceedings of the ACM workshop on Programmable routers for extensible services of tomorrow, ACM, pp 57–62 (2008)

  4. Sivaraman, A., Kim, C., Krishnamoorthy, R., Dixit, A., Budiu, M.: Dc. p4: Programming the forwarding plane of a data-center switch. In: Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research, ACM, p 2 (2015)

  5. Burger, D., Goodman, J.R., Kagi, A.: Limited bandwidth to affect processor design. IEEE Micro 17(6), 55–62 (1997)

    Article  Google Scholar 

  6. Mahapatra, N.R., Venkatrao, B.: The processor-memory bottleneck: problems and solutions. Crossroads 5(3es), 2 (1999)

    Article  Google Scholar 

  7. Yazdanbakhsh, A., Thwaites, B., Esmaeilzadeh, H., Pekhimenko, G., Mutlu, O., Mowry, T.C.: Mitigating the memory bottleneck with approximate load value prediction. IEEE Design Test 33(1), 32–42 (2016)

    Article  Google Scholar 

  8. Shah, S.A.R., Issac, B.: Performance comparison of intrusion detection systems and application of machine learning to snort system. Future Gener Comput Syst 80, 157–170 (2018)

    Article  Google Scholar 

  9. Day, D., Burns, B.: A performance analysis of snort and suricata network intrusion detection and prevention engines. Fifth International Conference on Digital Society, pp. 187–192. Gosier, Guadeloupe (2011)

  10. Marr, D.T., Binns, F., Hill, D.L., Hinton, G., Koufaty, D.A., Miller, J.A., Upton, M.: Hyper-threading technology architecture and microarchitecture. Intel Technology Journal 6(1), (2002)

  11. Saini, S., Jin, H., Hood, R., Barker, D., Mehrotra, P., Biswas, R.: The impact of hyper-threading on processor resource utilization in production applications. In: 2011 18th International Conference on High Performance Computing, IEEE, pp 1–10 (2011)

  12. NetFPGA ([Accessed 16-July-2020]) NetFPGA-SUME board. https://netfpga.org/site/#/systems/1netfpga-sume/details/

  13. Zilberman, N., Audzevich, Y., Covington, G.A., Moore, A.W.: Netfpga sume: Toward 100 gbps as research commodity. IEEE Micro 34(5), 32–41 (2014)

    Article  Google Scholar 

  14. Agarwal, A., Lim, B.H., Kranz, D., Kubiatowicz, J.: April: a processor architecture for multiprocessing. In: Proceedings of the 17th annual international symposium on Computer Architecture, pp 104–114 (1990)

  15. Flynn, M.J., et al.: Computer architecture: Pipelined and parallel processor design. Jones & Bartlett Learning (1995)

  16. VanAken, J.R., Zick, G.L.: The expression processor: a pipelined, multiple-processor architecture. IEEE Transact Comput 8, 525–536 (1981)

    Article  Google Scholar 

  17. Zeng, H., Zhang, S., Ye, F., Jeyakumar, V., Ju, M., Liu, J., McKeown, N., Vahdat, A.: Libra: Divide and conquer to verify forwarding tables in huge networks. In: 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14), pp 87–99 (2014)

  18. Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. J Network Comput Appl 36(1), 42–57 (2013)

    Article  Google Scholar 

  19. Gascon, H., Orfila, A., Blasco, J.: Analysis of update delays in signature-based network intrusion detection systems. Comput Security 30(8), 613–624 (2011)

    Article  Google Scholar 

  20. Nie, X., Gazsi, L., Engel, F., Fettweis, G.: A new network processor architecture for high-speed communications. In: 1999 IEEE Workshop on Signal Processing Systems. SiPS 99. Design and Implementation (Cat. No. 99TH8461), IEEE, pp 548–557 (1999)

  21. Crowley, P.: Network Processor Design, vol. 1. Morgan Kaufmann, (2003)

  22. Greenberg, A., Hamilton, J., Maltz, D.A., Patel, P.: The cost of a cloud: research problems in data center networks. ACM SIGCOMM Comput Commun Rev 39(1), 68–73 (2008)

    Article  Google Scholar 

  23. Wang, Z., Liu, Y., Sun, Y., Li, Y., Zhang, D., Yang, H.: An energy-efficient heterogeneous dual-core processor for internet of things. In: 2015 IEEE international symposium on circuits and systems (ISCAS), IEEE, pp 2301–2304 (2015)

  24. Ma, N., Zou, Z., Lu, Z., Zheng, L., Blixt, S.: A hierarchical reconfigurable micro-coded multi-core processor for iot applications. In: 2014 9th International Symposium on Reconfigurable and Communication-Centric Systems-on-Chip (ReCoSoC), IEEE, pp 1–4 (2014)

  25. Pfaff, B., Pettit, J., Koponen, T., Jackson, E., Zhou, A., Rajahalme, J., Gross, J., Wang, A., Stringer, J., Shelar, P., et al.: The design and implementation of open vswitch. In: 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15), pp 117–130 (2015)

  26. Honda, M., Huici, F., Lettieri, G., Rizzo, L.: mswitch: a highly-scalable, modular software switch. In: Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research, ACM, p 1 (2015)

  27. Ram, K.K., Cox, A.L., Chadha, M., Rixner, S.: Hyper-switch: A scalable software virtual switching architecture. In: Presented as part of the 2013 USENIX Annual Technical Conference (USENIXATC 13), pp 13–24 (2013)

  28. Yoon, C., Park, T., Lee, S., Kang, H., Shin, S., Zhang, Z.: Enabling security functions with sdn: A feasibility study. Comput Networks 85, 19–35 (2015)

    Article  Google Scholar 

  29. Specification OS: 1.4. 0 (2013)

  30. Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., et al.: P4: Programming protocol-independent packet processors. ACM SIGCOMM Computer Communication Review 44(3), 87–95 (2014)

    Article  Google Scholar 

  31. Berde, P., Gerola, M., Hart, J., Higuchi, Y., Kobayashi, M., Koide, T., Lantz, B., O’Connor, B., Radoslavov, P., Snow, W., et al.: Onos: towards an open, distributed sdn os. In: Proceedings of the third workshop on Hot topics in software defined networking, pp 1–6 (2014)

  32. Medved, J., Varga, R., Tkacik, A., Gray, K.: Opendaylight: Towards a model-driven sdn controller architecture. In: Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014, IEEE, pp 1–6 (2014)

  33. P4lang ([Accessed 16-July-2020]) p4c, a reference compiler for the P4 programming language. https://github.com/p4lang/p4c

  34. Pan, H., Guan, H., Liu, J., Ding, W., Lin, C., Xie, G.: The flowadapter: Enable flexible multi-table processing on legacy hardware. In: Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, ACM, pp 85–90 (2013)

  35. Gebert, S., Jarschel, M., Herrnleben, S., Zinner, T., Tran-Gia, P.: Table visor: An emulation layer for multi-table open flow switches. In: 2015 Fourth European Workshop on Software Defined Networks, IEEE, pp 117–118 (2015)

  36. Long, F., Sun, Z., Zhang, Z., Chen, H., Liao, L.: Research on tcam-based openflow switch platform. In: 2012 International Conference on Systems and Informatics (ICSAI2012), IEEE, pp 1218–1221 (2012)

  37. PICA8 ([Accessed 16-July-2020]) PICA8 switch manual. https://docs.pica8.com/display/PicOS36sp/Goto_table

  38. Arista ([Accessed 16-July-2020]) Arista switch manual. https://www.arista.com/assets/data/pdf/user-manual/um-eos/Chapters/OpenFlow.pdf

  39. HP ([Accessed 16-July-2020]) HP switch manual. https://community.hpe.com/hpeb/attachments/hpeb/sdn-discussions/784/1/OpenFlow switch configuration - emr_na-c03991489-1.pdf

  40. Cisco ([Accessed 16-July-2020]) OpenFlow. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960xr/software/15-2_5_e/configuration_guide/b_1525e_consolidated_2960xr_cg/openflow.pdf

  41. Gupta, P.C.: Data communications and computer networks. PHI Learning Pvt. Ltd, Delhi (2013)

    Google Scholar 

  42. Lisa Bechtold ([Accessed 16-July-2020]) Bit rate and frequency in data communications. https://www.cablinginstall.com/connectivity/rj45-utp-shielded/article/16469695/bit-rate-and-frequency-in-data-communications

  43. Sourdis, I., Pnevmatikatos, D.: Fast, large-scale string match for a 10gbps fpga-based network intrusion detection system. In: International Conference on Field Programmable Logic and Applications, Springer, pp 880–889 (2003)

  44. NetFPGA-SUME ([Accessed 16-July-2020]) NetFPGA Reference NIC. https://github.com/NetFPGA/NetFPGA-SUME-public/wiki/NetFPGA-SUME-Reference-NIC

  45. Intel ([Accessed 16-July-2020]) Intel DPDK: Data Plane Development Kit. http://dpdk.org

  46. Nping ([Accessed 16-July-2020]) An Open source network packet generation,. https://nmap.org/nping/

  47. Haupt R (1989) A survey of priority rule-based scheduling. Operations-Research-Spektrum 11(1):3–16

  48. Dragicevic, K., Bauer, D.: A survey of concurrent priority queue algorithms. In: 2008 IEEE International Symposium on Parallel and Distributed Processing, IEEE, pp 1–6 (2008)

  49. Bosshart, P., Gibb, G., Kim, H.S., Varghese, G., McKeown, N., Izzard, M., Mujica, F., Horowitz, M.: Forwarding metamorphosis: Fast programmable match-action processing in hardware for sdn. ACM SIGCOMM Comput Commun Rev 43(4), 99–110 (2013)

    Article  Google Scholar 

  50. Li, B., Tan, K., Luo, L., Peng, Y., Luo, R., Xu, N., Xiong, Y., Cheng, P., Chen, E.: Clicknp: Highly flexible and high performance network processing with reconfigurable hardware. In: Proceedings of the 2016 ACM SIGCOMM Conference, pp 1–14 (2016)

  51. Yuan, Y., Wang, Y., Wang, R., Huang, J.: Halo: accelerating flow classification for scalable packet processing in nfv. In: 2019 ACM/IEEE 46th Annual International Symposium on Computer Architecture (ISCA), IEEE, pp 601–614 (2019)

  52. Barach, D., Linguaglossa, L., Marion, D., Pfister, P., Pontarelli, S., Rossi, D.: High-speed software data plane via vectorized packet processing. IEEE Commun Magazine 56(12), 97–103 (2018)

    Article  Google Scholar 

  53. Pontarelli, S., Bifulco, R., Bonola, M,. Cascone, C., Spaziani, M., Bruschi, V., Sanvito, D., Siracusano, G., Capone, A., Honda, M., et al.: Flowblaze: Stateful packet processing in hardware. In: NSDI, pp 531–548 (2019)

  54. McLoone, M., McCanny, J.V.: A single-chip ipsec cryptographic processor. In: IEEE Workshop on Signal Processing Systems, IEEE, pp 133–138 (2002)

  55. Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E.P., Ioannidis, S.: Gnort: High performance network intrusion detection using graphics processors. In: International Workshop on Recent Advances in Intrusion Detection, Springer, pp 116–134 (2008)

  56. Jyothi, V., Addepalli, S.K., Karri, R.: Dpfee: A high performance scalable pre-processor for network security systems. IEEE Transact Multi Scale Comput Syst 4(1), 55–68 (2017)

    Article  Google Scholar 

  57. Avudaiammal, R., Swarnalatha, A., Seethalakshmi, P.: Network processor based high speed packet classifier for multimedia applications. Wireless Personal Commun 98(1), 1219–1236 (2018)

    Article  Google Scholar 

  58. Mai, H., Khurshid, A., Agarwal, R., Caesar, M., Godfrey, P., King, S.T. Debugging the data plane with anteater. In: ACM SIGCOMM Computer Communication Review, ACM, vol 41, pp 290–301. (2011)

  59. Khurshid, A., Zou, X., Zhou, W., Caesar, M., Godfrey, P.B.: Veriflow: Verifying network-wide invariants in real time. In: Presented as part of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI 13), pp 15–27 (2013)

  60. Park, T., Kim, Y., Yegneswaran, V., Porras, P., Xu, Z., Park, K., Shin, S.: Dpx: Data-plane extensions for sdn security service instantiation. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, pp 415–437 (2019)

Download references

Author information

Authors and Affiliations

  1. School of Computing, KAIST, 291 Daehak-ro, Yuseong-gu, Daejeon, 34141, Republic of Korea

    Taejune Park

  2. School of Electrical Engineering, KAIST, 291 Daehak-ro, Yuseong-gu, Daejeon, 34141, Republic of Korea

    Seungwon Shin

Authors
  1. Taejune Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Seungwon Shin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Seungwon Shin.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This work was supported by Institute of Civil Military Technology Cooperation Center (ICMTC) funded by the Korea government (MOTIE & DAPA) [18-CM-SW-09], and Korea Electric Power Corporation (Grant number:R18XA05).

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Park, T., Shin, S. Mobius: Packet Re-processing Hardware Architecture for Rich Policy Handling on a Network Processor. J Netw Syst Manage 29, 3 (2021). https://doi.org/10.1007/s10922-020-09568-3

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10922-020-09568-3

Keywords

Search

Navigation