SDN operators need to measure the performance of OF HW switch on their site. Cause there is 1000 times differences in latency, depends on the specified flow entry. ASIC can forward in several μsecs but the software (CPU) may take msec.
To protect yourself from unexpected performance plunge, monitor your switches healthiness on your site.
You can create and test your OFC with Trema.
You can create tests effectively with test frameworks.
You can run common tests for both environment of a testing network and a real network.
You can create and test your OFC with Trema.
You can create tests effectively with test frameworks.
You can run common tests for both environment of a testing network and a real network.
New Ways to Find Latency in Linux Using TracingScyllaDB
Ftrace is the official tracer of the Linux kernel. It originated from the real-time patch (now known as PREEMPT_RT), as developing an operating system for real-time use requires deep insight and transparency of the happenings of the kernel. Not only was tracing useful for debugging, but it was critical for finding areas in the kernel that was causing unbounded latency. It's no wonder why the ftrace infrastructure has a lot of tooling for seeking out latency. Ftrace was introduced into mainline Linux in 2008, and several talks have been done on how to utilize its tracing features. But a lot has happened in the past few years that makes the tooling for finding latency much simpler. Other talks at P99 will discuss the new ftrace tracers "osnoise" and "timerlat", but this talk will focus more on the new flexible and dynamic aspects of ftrace that facilitates finding latency issues which are more specific to your needs. Some of this work may still be in a proof of concept stage, but this talk will give you the advantage of knowing what tools will be available to you in the coming year.
netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different netfilter modules) and the chains and rules it stores.
Many systems use iptables/netfilter, Linux's native packet filtering/mangling framework since Linux 2.4, be it home routers or sophisticated cloud network stacks.
In this session, we will talk about the netfilter framework and its facilities, explain how basic filtering and mangling use-cases are implemented using iptables, and introduce some less common but powerful extensions of iptables.
Shmulik Ladkani, Chief Architect at Nsof Networks.
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Nsof Networks, where he's been busy architecting network infrastructure as a cloud-based service, gazing at internet routes in astonishment, and playing the chkuku.
New Ways to Find Latency in Linux Using TracingScyllaDB
Ftrace is the official tracer of the Linux kernel. It originated from the real-time patch (now known as PREEMPT_RT), as developing an operating system for real-time use requires deep insight and transparency of the happenings of the kernel. Not only was tracing useful for debugging, but it was critical for finding areas in the kernel that was causing unbounded latency. It's no wonder why the ftrace infrastructure has a lot of tooling for seeking out latency. Ftrace was introduced into mainline Linux in 2008, and several talks have been done on how to utilize its tracing features. But a lot has happened in the past few years that makes the tooling for finding latency much simpler. Other talks at P99 will discuss the new ftrace tracers "osnoise" and "timerlat", but this talk will focus more on the new flexible and dynamic aspects of ftrace that facilitates finding latency issues which are more specific to your needs. Some of this work may still be in a proof of concept stage, but this talk will give you the advantage of knowing what tools will be available to you in the coming year.
netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different netfilter modules) and the chains and rules it stores.
Many systems use iptables/netfilter, Linux's native packet filtering/mangling framework since Linux 2.4, be it home routers or sophisticated cloud network stacks.
In this session, we will talk about the netfilter framework and its facilities, explain how basic filtering and mangling use-cases are implemented using iptables, and introduce some less common but powerful extensions of iptables.
Shmulik Ladkani, Chief Architect at Nsof Networks.
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Nsof Networks, where he's been busy architecting network infrastructure as a cloud-based service, gazing at internet routes in astonishment, and playing the chkuku.
How to run system administrator recruitment process? By creating platform based on open source parts in just 2 nights! I gave this talk in Poland / Kraków OWASP chapter meeting on 17th October 2013 at our local Google for Entrepreneurs site. It's focused on security and also shows how to create recruitment process in CTF / challenge way.
This story covers mostly security details of this whole platform. There's great chance, that I will give another talk about this system but this time focusing on technical details. Stay tuned ;)
The technologies and people we are designing experiences for are constantly changing, in most cases they are changing at a rate that is difficult keep up with. When we think about how our teams are structured and the design processes we use in light of this challenge, a new design problem (or problem space) emerges, one that requires us to focus inward. How do we structure our teams and processes to be resilient? What would happen if we looked at our teams and design process as IA’s, Designers, Researchers? What strategies would we put in place to help them be successful? This talk will look at challenges we face leading, supporting, or simply being a part of design teams creating experiences for user groups with changing technological needs.
При підготовці використано матеріали з:
- http://www.lib.kherson.ua/kr_rob-1.htm - Херсонська обласна універсально- наукова бібліотека ім. Олеся Гончара
- http://zounb.zp.ua/node/973 - Запорізька обласна універсально-наукова бібліотека
ім. О.М.Горького
- Семешко В. Г. До духовних витоків народної культури. http://zounb.zp.ua
- Выставочная деятельность публичных библиотек// Шкільна бібліотека плюс. – 2011. – №12. – С.6 – 10
- Олейникова И.Ю. Краеведение, живопись и духовность – рядом// Шкільна бібліотека плюс. – 2011. – №1. – С. 14 – 17
Strata Singapore: GearpumpReal time DAG-Processing with Akka at ScaleSean Zhong
Gearpump is a Akka based realtime streaming engine, it use Actor to model everything. It has super performance and flexibility. It has performance of 18000000 messages/second and latency of 8ms on a cluster of 4 machines.
Anton Moldovan "Building an efficient replication system for thousands of ter...Fwdays
For one of our projects, we needed to improve the current content delivery system for terminals. In this talk, I will share our experience in building an efficient data replication system for thousands of terminals. We will touch on architecture decisions and tradeoffs, technologies that we used, and a bit of load testing.
Spoiler: We didn't use Kafka.
This presentation introduces Data Plane Development Kit overview and basics. It is a part of a Network Programming Series.
First, the presentation focuses on the network performance challenges on the modern systems by comparing modern CPUs with modern 10 Gbps ethernet links. Then it touches memory hierarchy and kernel bottlenecks.
The following part explains the main DPDK techniques, like polling, bursts, hugepages and multicore processing.
DPDK overview explains how is the DPDK application is being initialized and run, touches lockless queues (rte_ring), memory pools (rte_mempool), memory buffers (rte_mbuf), hashes (rte_hash), cuckoo hashing, longest prefix match library (rte_lpm), poll mode drivers (PMDs) and kernel NIC interface (KNI).
At the end, there are few DPDK performance tips.
Tags: access time, burst, cache, dpdk, driver, ethernet, hub, hugepage, ip, kernel, lcore, linux, memory, pmd, polling, rss, softswitch, switch, userspace, xeon
Linux Kernel vs DPDK: HTTP Performance ShowdownScyllaDB
In this session I will use a simple HTTP benchmark to compare the performance of the Linux kernel networking stack with userspace networking powered by DPDK (kernel-bypass).
It is said that kernel-bypass technologies avoid the kernel because it is "slow", but in reality, a lot of the performance advantages that they bring just come from enforcing certain constraints.
As it turns out, many of these constraints can be enforced without bypassing the kernel. If the system is tuned just right, one can achieve performance that approaches kernel-bypass speeds, while still benefiting from the kernel's battle-tested compatibility, and rich ecosystem of tools.
A tour of scalability improvements between Havana and Juno.
The presentation discusses results from an experimental campaign and the various features that enable the scalability improvements
Presentation from Aaron Rose and Salvatore Orlando.
Many applications are network I/O bound, including common database-based applications and service-based architectures. But operating systems and applications are often untuned to deliver high performance. This session uncovers hidden issues that lead to low network performance, and shows you how to overcome them to obtain the best network performance possible.
A proposal of the OpenFlow controller development support tool Yutaka Yasuda
OpenFlow controller programmer does not have any method to confirm how reflected their code to the flow control, directly and intuitively
“This code, how does work on... which flow?”
“This flow, which code does make it?”
This slides shows the basic design of the mechanism for binding code and flow to see them.
It enables cross referencing logic and flow each other and also enable tracing the flow over switches.
It had been presented at the 16th IOT conference of IPSJ, March 2012.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
This 7-second Brain Wave Ritual Attracts Money To You.!
FPGA based 10G Performance Tester for HW OpenFlow Switch
1. FPGA based 10G Performance Tester for HW OpenFlow Switch
Yutaka Yasuda, Kyoto Sangyo University
2. Why (data plane) Performance Test needs for HW OpenFlow switch?
• There are some “Conformance Test” activities
• RYU Certification
• ONF PlugFest
• How about “Performance Test” ?
• Lack of it, you may fall into the pitfall.
• “It works, but too slow”
3. Typical Story : Here is a Flow Entry on the OpenFlow HW Switch…
• 2 possibilities to handle it, by Hardware (ASIC) or Software (CPU).
• It is the same functionally, but 1000 times difference in latency. ( μsec vs msec )
• It is not always documented. (basically, no reason to confess it for vendors)
• Features reply is not enough.
• May be depends on the version of the firmware and NOS of the switch.
• No easy & straight way to know it.
• Imagine, what happen when you update your firmware, NOS or OF App…..
4. Real Example? Here is.
OpenFlow
Controller
Pica8 3290
Spirent
port#1 port#2
Dev. 2 Dev. 3
port#3
#1
#2 #3
1. Spirent sends 64B length packets.
2. Pica8 has a flow entry to forward it from #2 to #3.
3. Spirent checks the latency.
Pica8 + Spirent experiment
5. In Simple and Basic configuration
• Just forwarding here to there (see below)
• Succeed to forward in wire speed. (1Gbps)
• Latency : Avg. 4.26, Min 4.13, Max 4.28 (usec)
cookie=0x0, duration=1379.649s, table=0, n_packets=0, n_bytes=0,
idle_age=1379, in_port=1,dl_src=00:10:94:00:00:05 actions=output:2
Example of the flow entry:
looks fine!
6. Good! and Boom! results
• Good results
• MAC rewrite : no additional latency, no degradation of throughput.
• ToS rewrite : same as above
• Bad and Unexpected result
• IP rewrite : deadly slow. Avg. 140ms, Min 0.8ms, Max 350ms (boom!)
• over 1000 times slow throughput
cookie=0x0, duration=3.402s, table=0, n_packets=0, n_bytes=0, idle_age=3,
ip,in_port=1,nw_src=192.85.1.5 actions=mod_nw_dst:192.85.1.16,output:2
Example of the flow entry:
7. Features Reply?
• It looks only VLAN, MAC treatment are available.
• In fact….
• ToS modification runs on the hardware.
• IP modification will fall back to the software.
• You never know if you never have a go.
root@PicOS-OVS#ovs-ofctl show br0
OFPT_FEATURES_REPLY (xid=0x2): dpid:0000000000000111
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS STP ARP_MATCH_IP
actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP SET_DL_SRC SET_DL_DST ENQUEUE
………
8. You can test by yourself : several options
• Buy Ixia or Spirent : very accurate but super expensive, just overkill
• PC + 10G NIC + Software : cheap but inaccurate
• not easy to tune and calibrate enough. yes you can, but not for everyone.
• FPGA + 10G I/F : not super-cheap but accuracy guaranteed
• time-stamped by hardware, in clock cycle. (8ns currently)
• all time-sensitive components run independently with PC as mothership.
• easy setup. just put the board and run controller app.
9. My project : FPGA based solution
Xilinx Kintex-7, 125MHz
10G (SFP+) x4
Hardware TCP/UDP implement
PCIe gen2 x1 (just for control)
enough external memory
4x10G ports
no need to use
SAS this time
10. test scenario
........
........
test scenario
........
........
Host PC
Target Switch
FPGA +
10G I/Fs
monitor
controller
RYU+
custom App
set packet
pattern to FPGA
Operator's Browser
test scenario
........
........
HTTP POST
result
oputput
includes :
packet generate pattern
+ flow entries configuration
REST API
10G Ethernet
OpenFlow 1.x protocol
System Console
(JavaScript App)
load
OF Controller
System Structure
packet generation/send/
receive/counting will be
done in FPGA board
detail data
send packets
&
observe latency
11. Experiment #1 : 10G/1G stable forwarding measurement
IP DST mod
Match pattern Action
In-port X
Figure 1. 2. shows "ASIC" powered result. Every switch has different
distributions, but all done in sub-micro seconds. Switch A did around 2.7μ in
very steep. C has 9μ or around cause it is 1G switch.
0
20
40
60
80
100
120
140
160
180
200
2728
2736
2744
2752
2760
2768
2776
2784
2792
2800
2808
2816
2824
2832
2840
2848
2856
2864
2872
2880
packets
latency (ns)
Figure 1. Switch A (10G) latency distribution
0"
20"
40"
60"
80"
100"
120"
8448"
8576"
8704"
8832"
8960"
9088"
9216"
9344"
9472"
9600"
9728"
9856"
9984"
packets(
latency((ns)(
Figure 2. Switch B (1G) latency distribution.
(as a proof of the accuracy)
12. Experiment #2 : Unexpected show forwarding (software fallback)
IP DST mod
Match pattern Action
IP SRC
Only add an IP SRC matching added, the Switch did "software fallback". (Fig
3) Around 350-500μ. But still 2.7% packets exist on the outside of the graph,
far right. The slowest one over 10ms. And this case, 1000 times slower
forwarding.
0
20
40
60
80
100
120
362496
372736
382976
393216
403456
413696
423936
434176
444416
454656
464896
475136
485376
495616
505856
516096
526336
536576
546816
557056
567296
577536
587776
598016
608256
618496
628736
638976
649216
659456
669696
679936
690176
700416
710656
720896
731136
741376
751616
761856
772096
782336
792576
packets
latency (ns)
Figure 3. Switch B (1G) latency distribution, in software fallback situation
continue to right more...
In this case, the maximum throughput is only 16Kpps.
As 100Byte length packets, it means 12.8Mbps.
13. Experiment #3 : When it will go slow?
In switch B case;
IP matching and IP mod are able to handle by ASIC separately.
But if you specify them at once, it will be slow.
BUT IP matching and ToS mod are able to specify both at once!
Totally unexpected.... (sigh)
14. Use Case #1
Hunt the “killer entry” - unexpected slow processing order you may have
• OF Apps set the flow entries as their needs, but they don’t care about the performance.
• When your service has performance degradation, you need to make sure that “no killer
entry” exists.
OF switch
flow entries
OF switch
flow entries
OF switch
flow entries
OF switch
flow entries
Your OpenFlow Network
flow entries
testbed switch
packet pattern
packet generator
observe latency
Performance Tester
send packets
set
visualize
collect
(w counter info)
15. Use Case #2
Comparison “before & after” about the update of SW driver or NOS
• Need to check the performance degradation BEFORE you apply the update to
REAL network.
• For the future, need to see what happen if the flow entries and traffic will go double.
OF switch
flow entries
OF switch
flow entries
OF switch
flow entries
OF switch
flow entries
Your OpenFlow Network
flow entries X
flow entries Y
collect
before the update
after the update
flow entries
testbed switch
packet pattern
packet generator
observe latency
Performance Tester
send packets
set
result X
result Y
test & record
compare
16. Watch the “Killer Entry”.
To protect yourself from unexpected performance plunge,
monitor your switches healthiness on your site.