



# **Open Packet Processor:** Platform-agnostic Behavioral Forwarding and Stateful Flow Processing at wire speed

Valerio Bruschi, CNIT/University of Rome "Tor Vergata"

Joint work with: G. Bianchi, M. Bonola, S. Pontarelli, A. Capone, C. Cascone, D. Sanvito.

EU support:





# Approach proposed

Stateful data plane

## Background

#### **OpenFlow/SDN (2009)**



#### **OpenState/SDN (2014)**



<u>**Dumb switch**</u>: need to ask controller if something changes <u>Smart switch</u>: can dynamically update flow tables

# Motivations

- OpenFlow's platform-agnostic programmatic interface permits to dynamically update match/action forwarding rules only via the explicit involvement of an external controller
- OpenFlow does not permit to deploy forwarding behaviors directly in the switches, i.e. describe how rules should evolve in time as a consequence of packet-level events
- Such static nature of the OpenFlow forwarding abstraction raises serious concerns regarding:
  - Scalability
  - Latency
  - Security/reliability

Details in G. Bianchi, M. Bonola, A. Capone, C. Cascone,

"OpenState: programming platform-independent stateful OpenFlow applications inside the switch", ACM SIGCOMM Computer Communication Review, vol. 44, no. 2, April 2014.

### Stateless vs. Stateful in SDN



<u>Signalling & latency</u>: O(100 ms) 100ms = 30M packets lost @ 100 gbps Signalling & latency:

update forwarding rules in 1 packet time – 3 **ns** @ 40B x 100 Gbps

## Beyond OpenState

Mealy Machine: nice but insufficient!

State alone is insufficient

#### OpenFlow (forwarding) actions are insufficient

**No** flow processing

**Flow Processing** 

Flow processing <u>requires</u> memory, registries, counters, etc

Flow processing <u>requires</u> operations (compare, add, shift, etc)

#### Processing = CPU! cannot afford any ordinary CPUs at ns time scales wire speed!

# **Open Packet Processor**

- From mealy finite state machines(FSM) to Extended finite state machines(XFSM)
- An EFSM is a finite state machine in which:
  - state transitions depends also on a set of triggering conditions depending on data variables;
  - 2) state transitions **trigger the update** of data variables
- It also allows **cross-flow** state modification.
- <u>Hard parts</u>: use platform agnostic abstractions and make it run at wire speed – *no CPUs*!

Details in G. Bianchi, M. Bonola, S. Pontarelli, D. Sanvito, A. Capone, **"Open Packet Processor: a programmable architecture for wire speed platform-independent stateful in-network processing**", arXiv preprint arXiv:1605.01977, 2016.











# Overall vision: still "SDN"

**Controller still in charge** to 'program' the network But **can 'push' <u>time-critical / localized</u>** stateful control tasks down in the switches



# NetFPGA prototype

HW proof of concept implementation















### TCAM-based packet processing engine!

#### Extreme flexibility!

- XFSM 'programs' almost flexible as ordinary programming language
  - can define variables, store and change values, compute features, etc

#### Guaranteed wire speed!

- Fixed time per-packet computational loop
  - 6 clock cycles in our ongoing HW design

#### □ (currently two tech limitations)

- Only 1 ALU operation per each packet → pipelined ALU arrays possible, but would increase processing time and yield more complex configuration
- ALUs only in update, not in conditions → does not permit conditions such as (R1+R2>100)
  - Solution (not nice, but workaround): compute R1+R2 → R3 during previous packet, then use (R3>100)

# DEMO

LOAD BALANCING, flow-consistent

## Demo high level description



#### Counter: 2

### Demo detailed deployment



# Configuring the NetFPGA

File Modifica Visualizza Terminale Schede Aiuto

Ŧ

Terminale - valerio@PowerEdge-T310-1:~

- + ×

valerio@PowerEdge-T310-1:~\$

#### WEB client 1 get http://www.sosr-demo.eu



#### WEB client 2 get http://www.sosr-demo.eu







Firefox won't remember any history for this window.

That includes browsing history, search history, download history, web form history, cookies, and temporary internet files. However, files you download and bookmarks you make will be kept.

While this computer won't have a record of your browsing history, your employer or internet service provider can still track the pages you visit.

k

Learn More.

# Dumping Flow Context table

| Insert '1' to dump Flow Context table                         |                         |          |                                  |                                  |                                                        |                                                         |                                  |                                                      |                                  |   |
|---------------------------------------------------------------|-------------------------|----------|----------------------------------|----------------------------------|--------------------------------------------------------|---------------------------------------------------------|----------------------------------|------------------------------------------------------|----------------------------------|---|
| searching                                                     | on HT                   | FLOW KEY | ,                                |                                  | IT0                                                    |                                                         |                                  |                                                      | Present stat                     | e |
| 80103440:<br>80103480:<br>801034C0:<br>80105540:<br>80105560: |                         | 00000000 | 5000D2B1<br>5000D3B1<br>D1B15000 | 00000000<br>00000000<br>00000000 |                                                        | 00000001<br>000000000<br>00000000<br>00000000<br>000000 | 00000015<br>00000007<br>000000A7 | 00000000<br>00000000<br>00000000<br>00000000<br>0000 | C00000B2<br>C00000B1<br>C00000AA |   |
| <br>8010BB00:<br>                                             | 0200000A                | 00000000 | D3B15000                         |                                  | і<br>1<br>172                                          |                                                         | 00000006                         | 00000000                                             | C00000AA                         | ' |
|                                                               | SRC IP DST & SR<br>port |          |                                  |                                  | TT3<br>LocalRegister:<br>Number of packet<br>forwarded |                                                         |                                  |                                                      |                                  |   |
| Insert '1' to dump Flow Context table                         |                         |          |                                  |                                  |                                                        |                                                         |                                  |                                                      |                                  |   |

# Thank you!

Contact:

- Valerio.Bruschi@students.uniroma2.eu
- Valerio.Bruschi@cnit.it