#34 “MTPSA: Multi-Tenant Programmable Switches”

Transcript

1. Research Paper Introduction #34 “MTPSA: Multi-Tenant Programmable Switches” ௨ࢉ#93 @cafenero_777

   2022/03/10 1

2. Agenda •ର৅࿦จ •֓ཁͱಡ΋͏ͱͨ͠ཧ༝ 1. INTRODUCTION 2. PDP VIRTUALIZATION 3. DATA

   PLANE ISOLATION 4. ROLES AND PRIVILEGES 5. ARCHITECTURE OF MTPSA 6. IMPLEMENTATION 7. EVALUATION 8. DISCUSSION 9. RELATED WORK 10.CONCLUSION 2

3. ର৅࿦จ •MTPSA: Multi-Tenant Programmable Switches • Radostin Stoyanov, Noa Zilberman

   • University of Cambridge, University of Oxford • P4 Workshop on EuroP4 ‘20 • https://dl.acm.org/doi/10.1145/3426744.3431329 • OxfordͰͷIn-network computingݚڀϦετʢʁʣ • https://eng.ox.ac.uk/computing/projects/in-network-computing/ 3

4. ֓ཁͱಡ΋͏ͱͨ͠ཧ༝ •֓ཁ • ϚϧνςφϯτͳϓϩάϥϚϒϧεΠον • isolation (resource, security, performance)͕ඞཁ •

   MTPSA (Multi-Tenant Portable Switch Architecture)Λ࣮૷ɾධՁ •ಡ΋͏ͱͨ͠ཧ༝ • Alibaba cloudͷcloud-GWͰϚϧνςφϯτ࣮૷͕ؾʹͳͬͯɻ • P4ΞʔΩςΫνϟ͕ؾʹͳΔ 4

5. P4 Architectureͷ෮श •MTPSA = MT + PSA (Multi Tenant +

   Portable Switch Architecture) 5 https://sdn.systemsapproach.org/switch.html PISA (Protocol Independent Switching Architecture) PSA (Portable Switch Architecture) TNA (To fi no Native Architecture) https://github.com/barefootnetworks/Open-To fi no/blob/master/PUBLIC_To fi no-Native-Arch-Document.pdf

6. P4 architecture (͓·͚) •PNA (Portable NIC Architecture) 6 https://p4.org/p4-spec/docs/PNA-v0.5.0.html

7. 1. INTRODUCTION •PDP: Programable Data Plane • ݻఆػೳͳεΠον΍NICͰ͸ͳ͍ɻP4ͳͲͷDSLͰॻ͚Δ • αʔό͔ΒPDPʹΦϑϩʔυ

   -> ޮ཰Խ • Ծ૝Խ (~= isolation)͸ඞཁ • secure execution, performance, resourcesΛ෼཭͠ɺෳ਺P4ϓϩάϥϜΛಉ࣮࣌ߦ (P4HV) •MTPSA (Multi-Tenant Portable Switch Architecture) • P4Ͱ֤छ෼཭ϝΧχζϜͷఏҊ • ςφϯτ෼཭ΞʔΩςΫνϟఏҊ • SWʗHW࣮૷ͱධՁ 7

8. 2. PDP VIRTUALIZATION •ૉ๿ͳPDP & P4 • P4ͰϓϩτίϧϔομͷղੳͱϚονɾΞΫγϣϯ • ୯ҰωοτϫʔΫίϯςΩετͰಈ࡞

   • Ϣʔβ͸PDPͷϦιʔεΛڞ༗ͯ͠͠·͏ •Ծ૝ԽPDP • ෳ਺ϓϩάϥϜΛ഑ஔ͠ɺಠཱͨ͠ίϯςΩετͰಈ࡞ • ػೳͷ੾Γସ͑ʢࠩ͠ସ͑ʣ΋Մೳ (recon fi guration) 8

9. 3. DATA PLANE ISOLATION •Isolation? • Resource: table/entry, register/extern •

   Performance: ҰఆͷεϧʔϓοτΛୡ੒ʢଞͷϓϩάϥϜ͕ಈ͍͍ͯͯ΋ʣ • Security: Ϧιʔε΁ͷΞΫηε੍ݶ • લஈɾޙஈͰACLΛ͔͚͓ͯ͘ • ෳ੡ύέοτͰϦιʔεރׇͤ͞ΔDDoS -> ෳ੡΍ύΠϓϥΠϯ࠶॥؀ॲཧճ਺ͷ੍ݶͰ؇࿨ • ॳظԽ࣌ͷϦιʔε࠶ར༻ͷѱ༻ (PacketHeaderVector pool෼཭) 9

10. 4. ROLES AND PRIVILEGES •OSͷ֓೦Λಋೖ • Role: ϩʔϧ, root/administratorͱPrivileges: ಛݖ

    • superuser: PDPͷશͯͷϦιʔεʹΞΫηεՄ • user: PDP಺ͰͷϦιʔεΞΫηεʢςʔϒϧɺ֎෦ΞΫηεɺύέοτʣ΍ૢ࡞੍ݶʢϛϥʔϦϯάɺ࠶॥؀ʣ • ϔομͷread/writeݖݶɺϝλσʔλͷread/writeݖݶ • ϚονʢςʔϒϧʣΛ࢖ͬͯྑ͍͔ -> ࣮ߦݖݶͱ੍ͯ͠ݶɻ • ΞΫγϣϯ΋࣮ߦݖݶͱ੍ͯ͠ݶʢϛϥʔϦϯάɾ࠶॥؀ɾC-plane΁ͷ௨஌ͳͲʣ •ྫɿ • E: ΩϡʔαΠζΛ͍͡Δ͜ͱͰAΛόάΒͤΔɻA: ϝλσʔλ্ͷΩϡʔαΠζΛݟͯʢҙਤ͠ͳ͍ʣ᫔᫓੍ޚ͞Εͯ͠·͏ • ϝλσʔλ΁ͷΞΫηεݖݶΛ੍ݶ͢Ε͹๷͛Δ • E: ToSͳͲϔομΛมߋͯ͠ߴ༏ઌͤ͞ΔɻA͸drop͞Εͯ͠·͏ɻ • ϔομʔϑΟʔϧυૢ࡞ݖݶΛແޮʹ͢Δ 10

11. 5. ARCHITECTURE OF MTPSA •PSAͷ֦ு • superuser P4: ingress/egressॲཧ, Ϣʔβׂ౰ɺݖݶׂ౰ɺϝλσʔλׂ౰

    • ྫɿouter IP/UDP/VxLANͷॲཧͱϢʔβׂ౰ॲཧɺॲཧ݁ՌͷϝλσʔλԽ • user P4: Ϟδϡʔϧͱͯ͠ಈ࡞ɺಠཱͯ͠ίϯύΠϧɾςετͰ͖Δ • ࣗ਎ͷύέοτͷΈͷૢ࡞อূɺ॥؀ճ਺ɺϔομ૿Ճྔͷ੍ݶʢ256B·ͰͳͲʣ 11 •࣮ߦϞσϧɿNWࣄۀऀͱϢʔβ • ࣗ෼ͷύέοτ͔͠ݟΕͳ͍ʢྫɿVxLANʣ • ύϑΥʔϚϯεͷ෼཭ͱ࠶॥؀ͷ੍ݶʢϢʔβϓϩά ϥϜͷ෼཭ʣ • Ϧιʔεͷ෼཭ʢίϯύΠϧ࣌ʹϦιʔεܾఆʣ

12. 6. IMPLEMENTATION •target • SW൛ɿPSA on BMv2 • HW൛ɿP4/NetFPGAʢ࣮ͨͩ͠૷্ͷ੍ݶ͋Γʣ •

    https://github.com/mtpsa •ෳ਺P4ϢʔβϓϩάϥϜΛಠཱɾฒྻʹϩʔυʢͨͩ͠ʣ • ύϑΥʔϚϯε෼཭ • Ϧιʔε෼཭ʢྫɿPHVʣ, recon fi guration (BMv2ͷΈ) •ϥϯλΠϜ੍ޚɿ • APIܦ༝ͰಛఆϢʔβͷςʔϒϧΤϯτϦߋ৽ͳͲ •MTPSAίϯύΠϥ • BMv2: όοΫΤϯυͱͯ͠mtpsa_swichΛಋೖ • NetFPGA: 2ͭͷP4(suIngress/suEgress)ͱͦͷόεؒͰϢʔβP4͕ಈ࡞ 12 user_id user_permissions via metadata

13. 7. EVALUATION •SW: P4C/BMv2, mininet on intel i5, standalone or

    8node+3SW, Fedora5.6 •HW: NetFPGA SUME, Xilinx Vivid 2018.2 + SDNet 2018.2, Ubuntu 16.04 •τϥϑΟοΫδΣωϨʔλɿOSNT (NetFPGA) 4*10Gbps •user_id: TCPϙʔτ൪߸ •ϢʔβϓϩάϥϜɿL2FWD •ൺֱɿP4->NetFPGAϦϑΝϨϯεɾσβΠϯɺMTPSA0,1,2,3,4,8 13

14. 7. EVALUATION •ػೳ • suଆ: ether, IPv4/v6, TCP/UDP, VxLAN/VLAN (=ID)

    • userଆɿL2FWD, L4LB • ແޮͳuser_idͷύέοτഁغɺexternؔ਺ͷ࢖༻੍ݶͷ֬ೝ •ੑೳ • Ϧιʔεফඅɿ 4~6%ఔ౓ͷϦιʔεΦʔόʔϔου • ஗ԆɿྼԽͤͣεέʔϧΛ֬ೝ • εϧʔϓοτɿϢʔβϓϩάϥϜʹτϥϑΟοΫ͕ภͬͯ΋wire-rateग़Δ 14 https://www.youtube.com/watch?v=rERCMt95wro

15. 8. DISCUSSION •PSA/NetFPGA΁࣮૷͢Δ͜ͱͰ࣮ݱՄೳɺطଘࢿ࢈΋࢖͑Δ •PSA-base: ιϑτ΢ΣΞతͳઃܭɻHW (target)͕มΘΔͱ”ઃܭͷ஫ҙ఺”΋มΘΔɾɾɾ •ϢʔβΞϓϦͱͯ͠͸͞ΊΔɻόοϑΝΛڬΉͨΊɺTC (queue)͸޲͍͍ͯͳ͍ •ϚϧνίΞʢϚϧνύΠϓϥΠϯԽʣ •Ծ૝ύΠϓϥΠϯ

    15

16. 9. RELATED WORK •P4Visor, P4Bricks • ෳ਺P̐ϓϩάϥϜΛ1ͭͷϓϩάϥϜͰಈ͔͢ • ෼཭͸໨ࢦ͍ͯ͠ͳ͍ •HyPer4,

    HyperVDP • P4ΤϛϡϨʔγϣϯʹΑΔԾ૝ԽɻϦιʔε࢖͏ •Switch ASICΛར༻ͨ͠chaining • ߴੑೳ͕ͩηΩϡϦςΟ෼཭͕ͳ͍ •P4VBox • P4ϕʔε͕ͩtarget͕FPGAͷΈ 16

17. 10. CONCLUSION •MTPSA • ϢʔβϓϩάϥϜͷϦιʔεɾύϑΥʔϚϯεɾηΩϡϦςΟ෼཭ • PSA (P4)ίϯύΠϥͰNetFPGA্ʹ࣮૷ • ػೳɾੑೳͷධՁ

    • OSSͱͯ͠ެ։ 17

18. Key takeaways •P4ΞʔΩςΫνϟͱͯ͠ϚϧνςφϯτΛఏҊ •PoCͱͯ͠ػೳɾੑೳͱ΋ʹ֬ೝ •OSSͱͯ͠ެ։ɺ֤HWͰಈ࡞Λظ଴ 18

19. ׬૸ͨ͠ײ૝ •पลௐࠪɾҾ༻ݩ͕໾ʹཱͪͦ͏ • https://sdn.systemsapproach.org/switch.html • P4Ҏ֎΋͓͢͢Ί • https://ieeexplore.ieee.org/document/9078127 • ਤͰൺֱ

    • https://p4.org/p4-spec/docs/PSA.html • spec • https://github.com/barefootnetworks/Open-To fi no/blob/master/PUBLIC_To fi no-Native-Arch-Document.pdf • ࣮ࡍͷHW 19

20. EoP 20