Packet classification as a fundamental network primitive

Packet classification is an ubiquitous and key building block of many critical network functions like routing, firewalling, and load balancing. However, classification is currently implemented, deployed and configured in an ad-hoc manner. Reliance on ad-hoc mechanisms make classification hard to configure, inefficient and inflexible. In this thesis, we address the above limitations by elevating packet classification as a fundamental network primitive. We do so by introducing a new classification layer in the network protocol stack, and by defining two control plane protocols—policy-based classifier deployment and generic classification offload. In policy-based classifier deployment, packets are explicitly redirected through the classifiers specified by network policy. Generic classification offload provides a signaling mechanism that enables different entities to collaboratively implement classification. Through prototype implementations, testbed experiments and formal analysis, we demonstrate that our solution simplifies deployment and configuration, and improves flexibility, efficiency and performance of packet classification.

[1]  Richard Gold,et al.  A virtualized link layer with support for indirection , 2004, FDNA '04.

[2]  Randy H. Katz,et al.  COPS: Quality of Service vs. Any Service at All , 2005, IWQoS.

[3]  David E. Taylor Survey and taxonomy of packet classification techniques , 2005, CSUR.

[4]  M. Karsten,et al.  An axiomatic basis for communication , 2007, SIGCOMM '07.

[5]  Randy H. Katz,et al.  IP Options are not an option , 2005 .

[6]  Scott Shenker,et al.  Towards a Modern Communications API , 2007, HotNets.

[7]  Michael Walfish,et al.  Middleboxes No Longer Considered Harmful , 2004, OSDI.

[8]  David L. Black,et al.  The Addition of Explicit Congestion Notification (ECN) to IP , 2001, RFC.

[9]  T. V. Lakshman,et al.  SSA: a power and memory efficient scheme to multi-match packet classification , 2005, ANCS '05.

[10]  Daniel Massey A Proposal for Scalable Internet Routing & Addressing , 2007 .

[11]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[12]  Ion Stoica,et al.  A policy-aware switching layer for data centers , 2008, SIGCOMM '08.

[13]  Alan L. Cox,et al.  On Count-to-Infinity Induced Forwarding Loops Ethernet Networks , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[14]  Paul Francis,et al.  The IP Network Address Translator (NAT) , 1994, RFC.

[15]  Antony I. T. Rowstron,et al.  Network exception handlers: host-network control in enterprise networks , 2008, SIGCOMM '08.

[16]  Nick McKeown,et al.  Packet classification on multiple fields , 1999, SIGCOMM '99.

[17]  John Wroclawski,et al.  The Use of RSVP with IETF Integrated Services , 1997, RFC.

[18]  Zhan Zhang,et al.  Reducing the Size of Rule Set in a Firewall , 2007, 2007 IEEE International Conference on Communications.

[19]  Brian E. Carpenter,et al.  Middleboxes: Taxonomy and Issues , 2002, RFC.

[20]  George Varghese,et al.  Packet classification using multidimensional cutting , 2003, SIGCOMM '03.

[21]  Maurizio Portolani,et al.  Data Center Fundamentals , 2003 .

[22]  Ranveer Chandra,et al.  What's going on?: learning communication rules in edge networks , 2008, SIGCOMM '08.

[23]  Randy H. Katz,et al.  X-Trace: A Pervasive Network Tracing Framework , 2007, NSDI.

[24]  EDDIE KOHLER,et al.  The click modular router , 2000, TOCS.

[25]  Elena Mugellini,et al.  Advances in Intelligent Web Mastering - 2 , 2007 .

[26]  Ion Stoica,et al.  Modeling middleboxes , 2008, IEEE Network.

[27]  Scott Shenker,et al.  A data-oriented (and beyond) network architecture , 2007, SIGCOMM 2007.

[28]  Scott Shenker,et al.  On the characteristics and origins of internet flow rates , 2002, SIGCOMM.

[29]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[30]  Alan L. Cox,et al.  Causeway: Operating System Support for Controlling and Analyzing the Execution of Distributed Programs , 2005, HotOS.

[31]  K. Pagiamtzis,et al.  Content-addressable memory (CAM) circuits and architectures: a tutorial and survey , 2006, IEEE Journal of Solid-State Circuits.

[32]  W. Richard Stevens,et al.  UNIX Network Programming: Networking APIs: Sockets and XTI , 1997 .

[33]  Hong Yan,et al.  A clean slate 4D approach to network control and management , 2005, CCRV.

[34]  Kang G. Shin,et al.  Stateful distributed interposition , 2004, TOCS.

[35]  G.J. Minden,et al.  A survey of active network research , 1997, IEEE Communications Magazine.

[36]  Scott Shenker,et al.  Ethane: taking control of the enterprise , 2007, SIGCOMM.

[37]  Avishai Wool,et al.  A quantitative study of firewall configuration errors , 2004, Computer.

[38]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[39]  Alan L. Cox,et al.  Etherfuse: an ethernet watchdog , 2007, SIGCOMM 2007.

[40]  Albert G. Greenberg,et al.  The cutting EDGE of IP router configuration , 2004, Comput. Commun. Rev..

[41]  Archana Ganapathi,et al.  Why Do Internet Services Fail, and What Can Be Done About It? , 2002, USENIX Symposium on Internet Technologies and Systems.

[42]  H. Zimmermann,et al.  OSI Reference Model - The ISO Model of Architecture for Open Systems Interconnection , 1980, IEEE Transactions on Communications.

[43]  Scott Shenker,et al.  Internet indirection infrastructure , 2002, SIGCOMM 2002.

[44]  Chandra Kopparapu,et al.  Load Balancing Servers, Firewalls, and Caches , 2002 .

[45]  Xiaowei Yang,et al.  A DoS-limiting network architecture , 2005, SIGCOMM '05.

[46]  Timothy Roscoe,et al.  Predicate routing: enabling controlled networking , 2003, CCRV.

[47]  Scott Shenker,et al.  Core-stateless fair queueing: a scalable architecture to approximate fair bandwidth allocations in high-speed networks , 2003, TNET.

[48]  Albert G. Greenberg,et al.  Towards a next generation data center architecture: scalability and commoditization , 2008, PRESTO '08.

[49]  Mark Allman On the performance of middleboxes , 2003, IMC '03.

[50]  Eric C. Rosen,et al.  Multiprotocol Label Switching Architecture , 2001, RFC.

[51]  Catherine Rosenberg,et al.  Cyber defense technology networking and evaluation , 2004, CACM.

[52]  Vitaly Shmatikov,et al.  dFence: Transparent Network-based Denial of Service Mitigation , 2007, NSDI.

[53]  Nick Feamster,et al.  Design and implementation of a routing control platform , 2005, NSDI.

[54]  Lixia Zhang,et al.  Report from the IAB Workshop on Routing and Addressing , 2007, RFC.

[55]  David L. Black,et al.  An Architecture for Differentiated Service , 1998 .

[56]  Karthik Kalambur Lakshminarayanan,et al.  Design of a Resilient and Customizable Routing Architecture , 2007 .

[57]  Michalis Faloutsos,et al.  On routing asymmetry in the Internet , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[58]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.