No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Performance Monitoring with Hˆ2: Hybrid Kernel/eBPF data plane for SRv6 based Hybrid SDN
Abstract
Segment Routing with IPv6 (SRv6) is a leading Hybrid SDN (HSDN) architecture, as it fully exploits standard IP routing and forwarding both in the control plane and in the data plane. In this paper we design, implement and evaluate a programmable data plane solution for Linux routers called HIKE (HybrId Kernel/eBPF forwarding), integrated in an HSDN/SRv6 architecture. HIKE integrates the conventional Linux kernel packet forwarding with custom designed eBPF/XDP (extended Berkeley Packet Filter/eXtreme Data Path) bypass to speed up performance of SRv6 software routers. Thus, in addition to the hybrid IP/SDN forwarding, we foster an additional hybrid approach inside a Linux forwarding engine combining eBPF/XDP and kernel based forwarding, taking the best from both worlds. Therefore, considering the two different conceptual levels of hybridization, we call our overall solution Hybrid squared or Hˆ2.
We have applied the Hˆ2 solution to Performance Monitoring (PM) in Hybrid SDNs, and we show how our HIKE data plane architecture supports SRv6 networking and Performance Monitoring (in particular Loss Monitoring) allowing a significant increase in performance: our implementation results show a remarkable throughput improvement (5x) with respect to a conventional Linux based solution.
... The SDN controller, instead, configures the forwarding rules on SRv6 nodes. The utilization of an SDN controller allows us to decouple the SMF and the network devices, creating a hybrid SDN network wherein different protocols can be employed for device configuration [35]. Following this approach, the SMF is not required to interact with devices directly; instead, it only needs to communicate with the SDN Figure 3. Converged 5G and MEC reference architecture. ...
... The SDN controller, instead, configures the forwarding rules on SRv6 nodes. The utilization of an SDN controller allows us to decouple the SMF and the network devices, creating a hybrid SDN network wherein different protocols can be employed for device configuration [35]. Following this approach, the SMF is not required to interact with devices directly; instead, it only needs to communicate with the SDN controllers using a standard 3GPP interface. ...
Ensuring compliance with the stringent latency requirements of edge services requires close cooperation between the network and computing components. Within mobile 5G networks, the nomadic behavior of users may impact the performance of edge services, prompting the need for workload migration techniques. These techniques allow services to follow users by moving between edge nodes. This paper introduces an innovative approach for edge service continuity by integrating Segment Routing over IPv6 (SRv6) into the 5G core data plane alongside the ETSI multi-access edge computing (MEC) architecture. Our approach maintains compatibility with non-SRv6 5G network components. We use SRv6 for packet steering and Software-Defined Networking (SDN) for dynamic network configuration. Leveraging the SRv6 Network Programming paradigm, we achieve lossless workload migration by implementing a packet buffer as a virtual network function. Our buffer may be dynamically allocated and configured within the network. We test our proposed solution on a small-scale testbed consisting of an Open Network Operating System (ONOS) SDN controller and a core network made of P4 BMv2 switches, emulated using Mininet. A comparison with a non-SRv6 alternative that uses IPv6 routing shows the higher scalability and flexibility of our approach in terms of the number of rules to be installed and time required for configuration.
... We have been inspired by the work [40] where eBPF programs can be chained but our ideas of the HIKe VM and of function calls are missing. ...
With the rise of the Network Softwarization era, eBPF has become a hot technology for efficient packet processing on commodity hardware. However the development of custom eBPF solutions is a challenging process that requires highly qualified human resources. Indeed, in eBPF, it is difficult to devise truly modular applications since the development model does not favour the use of pre-compiled functions and libraries. In addition, for safety purposes, each eBFF program must pass a binary code verifier of the Linux kernel, which may increase the difficulty of the development process. To overcome such difficulties and enable a new development model, in this paper we propose the eCLAT framework with the goal to lower the learning curve of engineers by re-using eBPF code in a programmable way. eCLAT offers a high level programming abstraction to eBPF based network programmability, allowing a developer to create custom application logic with no need of understanding the complex details of regular eBPF programming. A developer can write eCLAT scripts in a python-like language to compose eBPF programs. To support such abstraction at the eBPF level, we created an eBPF framework called HIKe which brings code reuse and modularity in eBPF. The eCLAT/HIKe solution does not require any kernel modification. The new development model is tested through two concrete examples and compared with other proposed frameworks in the eBPF world.
... It tackles multiple aspects of the SRv6 technology, including the Data Plane, Control Plane, SRv6 host networking stack, integration with applications, and integration with Cloud/Data Center Infrastructures. ROSE comprises several sub-projects, including SRPerf [21] (a performance evaluation framework for SRv6 implementations), SRv6-PM [22] (a loss monitoring solution for SRv6 networks), and HIKe [23] (a solution that combines the advantages of Linux kernel networking and custom-designed eBPF programs to speed up the performance of SRv6 software routers). In [24], the authors proposed a solution to efficiently represent the SIDs, called Micro SID. ...
Typical enterprises have multiple geographically dispersed branch offices. These branches host the users that need to access the applications hosted in data centers. A Software-Defined Wide Area Network (SD-WAN) interconnects the branch offices with the data centers. We focus on SD-WAN services based on the Segment Routing over IPv6 (SRv6) technology. Performance Monitoring solutions are strongly required to detect performance degradation and outages, and optimize networks. In this paper, we describe a high performance solution for end-to-end delay monitoring for SRv6 based SD-WAN services. The presented solution leverages the Simple Two-way Active Measurement Protocol (STAMP) and its extensions to monitor the delay of an SRv6 path between two nodes called STAMP Session-Sender and Session-Reflector. We describe three implementations of the STAMP Session-Sender and Session-Reflector, two are based on user space processing and one based on eBPF. We compare the performance of our implementations. The results show that the eBPF-based implementation outperforms the user space implementations and has a negligible impact on user traffic.
... Ĥ2 [18], proposed by Mayer et al., designs, implements and evaluates a programmable data plane solution for Linux routers that support Segment Routing [9] with IPv6 (SRv6) in hybrid IP/SDN networks. Additionally, the solution exploits extended Berkeley Packet Filter/eXtreme Data Path (eBPF/XDP) technologies [29] to speed up the performance of software-based SRv6 routers. ...
This Editorial summarizes the Special Issue entitled Challenges and Solutions for hybrid SDN (Chal. & sol. HSDN) published in Elsevier’s Computer Networks during 2021. We first provide the motivation and context for such a Special Issue, followed by a short explanation and classification of the articles accepted for publication, and concluded with some envisioned future research directions.
In today’s era of development we always come across situations where we are actually running our application and it suddenly crashes. At that point K8trics come into picture. K8trics (Ketrics) will be a Kubernetes (K8s) native metrics aggregator which will leverage Linux Kernel’s eBPF capabilities to efficiently capture the data from the kernel space. Collect environment and service aware metrics from a distributed system. Network Metrics like SYN timeouts, TCP retransmissions, DNS misses, Req/sec, and request latencies (p. 50, 75, 90, 95, 99, 99.9). Application Level Metrics like dynamic logging, USDT, resource usage, and CPU profiling. Service aware policy enforcement Network policies: K8trics in conjunction with Hyperion can support extremely complex network policies but the goal would be to be able to present a POC firewall. Application Level policies: K8trics in conjunction with Hyperion can support extremely complex application level policies but the goal would be to be able to present a POC socket blocker.
Rainfall prediction is the highest research priority in flood-prone areas across the world. This work assesses the abilities of the Decision Tree (DT), Distributed Decision Tree (DDT), Naïve Bayes (NB), Random Forest (RF), Support Vector Machine (SVM), K Nearest Neighbour (KNN), and Fuzzy Logic Decision Tree (FDTs) machine learning algorithms for the rainfall prediction across the Kashmir province of the Union Territory of Jammu & Kashmir. On application of Machine learning algorithms on geographical datasets gave performance accuracy varying from (78.61–81.53)%. Further again machine learning algorithms were reapplied on the dataset without season variable yet again performance ranged in between (77.5–81)%. Vigorous analysis has established that these machine learning models are robust and our study has established that the dataset reaches performance stagnation and thus resulting in performance capping. The stagnation is irrespective of the choice of algorithm and the performance shall not improvise beyond a specific value irrespective of the choice of the machine learning algorithm.
Software defined networking (SDN) with OpenFlow-enabled switches operate alongside traditional switches has become a matter of fact in ISP network paradigms which are known as a hybrid SDN (H-SDN) network. When the centralized controller of SDN introduced into an existing network, significant improvement in network use as well as reducing packet losses and delays are expected. However, monitoring such networks is the main concern for better traffic management decision making which can lead to a maximum throughput performance. There is, to our knowledge, only one actual article proposed for H-SDN monitoring scheme so far. Thus, this paper surveys several monitoring methods/techniques for both networks, then propose taxonomy criteria to evaluate the various monitoring methods. The survey includes discussing the design concepts, accuracy and limitations for each, eventually summarize the future research directions for integrated perspective of monitoring in H-SDN networks.
The extended Berkeley Packet Filter (eBPF) is a recent technology available in the Linux kernel that enables flexible data processing. However, so far the eBPF was mainly used for monitoring tasks such as memory, CPU, page faults, traffic, and more, with a few examples of traditional network services, e.g., that modify the data in transit. In fact, the creation of complex network functions that go beyond simple proof-of-concept data plane applications has proven to be challenging due to the several limitations of this technology, but at the same time very promising due to some characteristics (e.g., dynamic recompilation of the source code) that are not available elsewhere. Based on our experience, this paper presents the most promising characteristics of this technology and the main encountered limitations, and we envision some solutions that can mitigate the latter. We also summarize the most important lessons learned while exploiting eBPF to create complex network functions and, finally, we provide a quantitative characterization of the most significant aspects of this technology.
This document describes a method to perform packet loss, delay, and jitter measurements on live traffic. This method is based on an Alternate-Marking (coloring) technique. A report is provided in order to explain an example and show the method applicability. This technology can be applied in various situations, as detailed in this document, and could be considered Passive or Hybrid depending on the application.
The fast evolution of high-speed networks has raised the need for accurate and scalable network measurement. Thus, in the last few years several new methods to collect network state information have been pursued by network operators and vendors across the board. This article focuses on the AM-PM approach, which allows accurate measurement of performance metrics, including packet loss and delay, using two bits or less in the header of each packet. This method was documented and recently published as an RFC by the IETF [RFC 8321]. This article provides an overview of AM-PM and how it can be applied in practice. The article also shares operational experience from a large-scale deployment and presents experimental results from an implementation of the AM-PM method.
Programmable packet processing is increasingly implemented using kernel bypass techniques, where a userspace application takes complete control of the networking hardware to avoid expensive context switches between kernel and userspace. However, as the operating system is bypassed, so are its application isolation and security mechanisms; and well-tested configuration, deployment and management tools cease to function.
To overcome this limitation, we present the design of a novel approach to programmable packet processing, called the eXpress Data Path (XDP). In XDP, the operating system kernel itself provides a safe execution environment for custom packet processing applications, executed in device driver context. XDP is part of the mainline Linux kernel and provides a fully integrated solution working in concert with the kernel's networking stack. Applications are written in higher level languages such as C and compiled into custom byte code which the kernel statically analyses for safety, and translates into native instructions.
We show that XDP achieves single-core packet processing performance as high as 24 million packets per second, and illustrate the flexibility of the programming model through three example use cases: layer-3 routing, inline DDoS protection and layer-4 load balancing.
The SRv6 architecture (Segment Routing based on IPv6 data plane) is a promising solution to support services like Traffic Engineering, Service Function Chaining and Virtual Private Networks in IPv6 backbones and datacenters. The SRv6 architecture has interesting scalability properties as it reduces the amount of state information that needs to be configured in the nodes to support the network services. In this paper, we describe the advantages of complementing the SRv6 technology with an SDN based approach in backbone networks. We discuss the architecture of a SRv6 enabled network based on Linux nodes. In addition, we present the design and implementation of the Southbound API between the SDN controller and the SRv6 device. We have defined a data-model and four different implementations of the API, respectively based on gRPC, REST, NETCONF and remote Command Line Interface (CLI). Since it is important to support both the development and testing aspects we have realized an Intent based emulation system to build realistic and reproducible experiments. This collection of tools automate most of the configuration aspects relieving the experimenter from a significant effort. Finally, we have realized an evaluation of some performance aspects of our architecture and of the different variants of the Southbound APIs and we have analyzed the effects of the configuration updates in the SRv6 enabled nodes.
Hybrid software defined network (SDN) is a network where legacy routers and SDN routers coexist during the incremental deployment of SDNs. Existing SDN router placement methods mainly focus on maximizing the traffic engineering performance under a limited budget. Traffic engineering requires real-time link load information. However, the latency for collecting the global link load information can be prohibitively long in a wide area network due to the long IGP convergence time. Inspired by the sparsity of link load, we propose a novel compressive traffic monitoring method for collecting real-time load information of all links. In this method, the controller only needs to collect the load of a small subset of important links and then estimates the link load of the rest. The minimal number of SDN routers are placed to cover these important links. We use real-world topologies and traffic matrices to evaluate our method. Experiment results show that our method can quickly estimate the global link load at an error rate of 5% within sub-second. Compared with state-of-theart methods, our method has better adaptability to the dynamic traffic changes and can reduce the maximal link usage by 39%.
Many versions of Unix provide facilities for user-level packetcapture, making possible the use of general purpose workstationsfor network monitoring. Because network monitorsrun as user-level processes, packets must be copied across thekernel/user-space protection boundary. This copying can beminimized by deploying a kernel agent called a packet filter,which discards unwanted packets as early as possible. Theoriginal Unix packet filter was designed around a stack-basedfilter evaluator...
Performance of IPv6 segment routing in Linux kernel
- A Abdelsalam
A. Abdelsalam, et al., Performance of IPv6 segment routing in Linux kernel,
90
in: 1st Workshop on Segment Routing and Service Function Chaining (SR+SFC
91
Introducing cloudlab: Scientific infrastructure for advancing cloud architectures and applications
- Ricci
Building hybrid virtual network functions with express data path
- VanTu
Leveraging eBPF for programmable network functions with IPv6 segment routing
- Xhonneux
Flexible failure detection and fast reroute using eBPF and SRv6
- Xhonneux
Segment Routing Architecture
- S Previdi
S. Previdi, et al., Segment Routing Architecture, IETF RFC 8402, RFC Editor,
20
2018, URL https://tools.ietf.org/html/rfc8402/.
Segment routing with the MPLS data plane
- A Bashandy
A. Bashandy, et al., Segment routing with the MPLS data plane, 2019, RFC 8660.
- Rfc Editor
RFC Editor, 2020, http://dx.doi.org/10.17487/RFC8754, URL https://tools.ietf.
27
org/html/rfc8754.
Internet 29 Engineering Task Force, 2020, Internet-Draft draft-matsushima-spring-srv6-30 deployment-status. Work in Progress
- S Matsushima
S. Matsushima, et al., SRv6 Implementation and Deployment Status, Internet
29
Engineering Task Force, 2020, Internet-Draft draft-matsushima-spring-srv6-30
deployment-status. Work in Progress. URL https://tools.ietf.org/html/draft-31
matsushima-spring-srv6-deployment-status.
Internet-Draft draft-dukes-spring-sr-for-sdwan
- Ing Task Force
ing Task Force, 2019, Internet-Draft draft-dukes-spring-sr-for-sdwan. Work in
35
Progress https://tools.ietf.org/html/draft-dukes-spring-sr-for-sdwan.
Internet-Draft draft-ietf-44 spring-srv6-network-programming-16. Work in Progress
- Programming
Programming, Internet Engineering Task Force, 2020, Internet-Draft draft-ietf-44
spring-srv6-network-programming-16. Work in Progress. URL https://datatracker.
45
ietf.org/doc/html/draft-ietf-spring-srv6-network-programming.
SRv6-PM: Performance Monitoring of SRv6 Networks with a 50
- P Loreti
P. Loreti, et al., SRv6-PM: Performance Monitoring of SRv6 Networks with a
50
Performance Measure-53 ment Using TWAMP Light for Segment Routing Networks
- R Gandhi
- C Filsfils
- D Voyer
- M Chen
- B Janssens
R. Gandhi, C. Filsfils, D. Voyer, M. Chen, B. Janssens, Performance Measure-53
ment Using TWAMP Light for Segment Routing Networks, Internet Engineering
54
the CloudLab Team, Introducing cloudlab: Scientific infrastruc-85
- R Ricci
- E Eide
R. Ricci, E. Eide, the CloudLab Team, Introducing cloudlab: Scientific infrastruc-85
Internet-Draft draft-ietf-ippm-ioam-data-10
- Gineering Task Force
gineering Task Force, 2020, Internet-Draft draft-ietf-ippm-ioam-data-10. Work in
102
The rise of eBPF for non-intrusive 119
- C Cassagnes
- L Trestioreanu
- C Joly
- R State
C. Cassagnes, L. Trestioreanu, C. Joly, R. State, The rise of eBPF for non-intrusive
119
Leveraging eBPF for programmable 122 network functions with IPv6 segment routing
- M Xhonneux
- F Duchene
- O Bonaventure
M. Xhonneux, F. Duchene, O. Bonaventure, Leveraging eBPF for programmable
122
network functions with IPv6 segment routing, in: Proceedings of the 14th In-123
Flexible failure detection and fast reroute using 126
- M Xhonneux
- O Bonaventure
M. Xhonneux, O. Bonaventure, Flexible failure detection and fast reroute using
126