PISCES: A Programmable,Protocol-Independent Software Switch

Muhammad Shahbaz, Sean Choi, Ben Pfaff, Changhoon Kim,Nick Feamster, Nick McKeown, and Jennifer Rexford

TCP

IPv4

Ethernet

UDP

IPv6 BGP

HTTP

TLS

Fixed-Function Switch ChipFixed Set of Protocols

• Ease of Adding new protocols

• Ease of Removing unused protocols

• Gain greater Visibility into the network

• Fold network functions into the switch

TCP

IPv4

Ethernet

CUSTOM_P

IPv6 BGP

HTTP

TLS

Programmable Switching ChipCustom Protocols

Hypervisor Switch

VM VM

3 Virtual Ports

1 Physical Port

0

20

40

60

2010 2011 2012 2013 2014 2015

Approx. Number of Physical Ports vs. Virtual Ports [1]

Phyical Ports Virtual Ports

[1] Martin Casado, VMWorld 2013

Not really…

It should be EASY to program software switches!

Fast Packet Forwarding

Software Switch

KernelDPDK

Packet Processing Logic

Software Switch

KernelDPDK

Parser Match-Action Pipeline

Requires domain expertise in:

- Network protocol design

- Kernel development

Slow to release changesSpecialized APIs

Software Switch

KernelDPDK

Parser Match-Action Pipeline

Adding TCP Flag in Open vSwitchrequired changes in…

20 Files and 370 Lines of Code![1]

Weeks of Development and Test

[1] https://github.com/openvswitch/ovs/commit/dc235f7fbcff

We can do this in 4 lines and within minutes with PISCES!

header_type tcpv2_t {

fields {

srcPort : 16;

dstPort : 16;

seqNo : 32;

ackNo : 32;

dataOffset : 4;

res : 4;

tcp_flags : 12;

window : 16;

checksum : 16;

urgentPtr : 16;

}

}

parser tcpv2 {

extract(tcpv2);

set_metadata(flow.tcp_flags,

tcpv2.tcp_flags);

return ingress;

}

header_type flow_t {

fields {

...

tcp_flags_pad : 4;

tcp_flags : 12;

...

}

}

KernelDPDK

Software Switch

Parser Match-Action Pipeline

KernelDPDK

Software Switch

Domain-Specific Language (DSL)

Parser Match-Action Pipeline

Compile

Parser Match-Action Pipeline

TCP Header

header_type tcp_t {

fields {

srcPort : 16;

dstPort : 16;

seqNo : 32;

ackNo : 32;

dataOffset : 4;

res : 4;

window : 16;

checksum : 16;

urgentPtr : 16;

}

}

parser tcp {

extract(tcp);

return ingress;

}

...

KernelDPDK

Software Switch

Domain-Specific Language

Parser Match-Action Pipeline

Compile

Parser Match-Action Pipeline

Domain-Specific Language 2

Parser Match-Action Pipeline

KernelDPDK

Switch 2

Parser Match-Action Pipeline

PISCES is an implementation with a

• Specific Domain-Specific Language

• Specific Software Switch Target

KernelDPDK

OVS

Parser Match-Action Pipeline

Compile

Parser Match-Action Pipeline

[1] http://p4.org

P4 is an open-source language.[1]

Easy to express different aspects of a packet processor:- Packet headers and fields- Parser - Actions- Match-Action Tables

P4[1]

KernelDPDK

P4

Parser Match-Action Pipeline

Compile

Parser Match-Action Pipeline

Native OVS Packet Processing Logic

341 lines of code

14,535 lines of code

OVS

Compiler

P4

OVS

parse match action

OVS Executable

header_type tcp_t {

fields {

srcPort : 16;

dstPort : 16;

seqNo : 32;

ackNo : 32;

dataOffset : 4;

res : 4;

window : 16;

checksum : 16;

urgentPtr : 16;

}

}

parser tcp {

extract(tcp);

return ingress;

}

...

header_type tcpv2_t {

fields {

srcPort : 16;

dstPort : 16;

seqNo : 32;

ackNo : 32;

dataOffset : 4;

res : 4;

tcp_flags : 8;

window : 16;

checksum : 16;

urgentPtr : 16;

}

}

parser tcpv2 {

extract(tcpv2);

set_metadata(flow.tcp_flags,

tcpv2.tcp_flags);

return ingress;

}

...

KernelDPDK

OVS

P4

Parser Match-Action Pipeline

Parser Match-Action Pipeline

Performance Overhead?Compile

0

5

10

15

20

25

30

35

40

45

50

64 128 192 256

Thro

ugh

pu

t (G

bp

s)

Packet Size (Bytes)

PISCES v0.1

OVS

Throughput on L2L3-ACL benchmark application

Performance overhead of

~40%

PacketParser

Ingress Match-ActionCache

Match-ActionTables

PacketDeparser

EgressChecksum

VerifyChecksum

Update

CPU Cycles per Packet

Cache Misses

Causes for the Cost on Performance

a. Fully-specified Checksum

b. Parsing unused header fields

and more …

Factors affecting CPU Cycles per Packet

PacketParser

Ingress Match-ActionPipeline

EgressChecksum

VerifyChecksum

Update

Checksum Verify (version, ihl, diffserv, totalLen, identification, flags, fragOffset, ttl, protocol, hdrChecksum, srcAddr, dstAddr)

Checksum Update (version, ihl, diffserv, totalLen, identification, flags, fragOffset, ttl, protocol, hdrChecksum, srcAddr, dstAddr)

PacketParser

IngressDecrement(ttl)

EgressChecksum

VerifyChecksum

Update

Checksum Verify (version, ihl, diffserv, totalLen, identification, flags, fragOffset, ttl, protocol, hdrChecksum, srcAddr, dstAddr)

Incremental Checksum Update (ttl)

Selective Parsing

PacketDeparser

EgressPacketParser

Ingress

Match-ActionPipeline

L2L2 L4

L3

0

2

4

6

8

10

12

14

16

64

Thro

ugh

pu

t (G

bp

s)

Packet Size (Bytes)

PISCES v0.1

incremental Checksum

Header Memory Locality

Selective Parsing

PISCES v1.0

Native OVS

Performance overhead of

< 2%

Throughput on L2L3-ACL benchmark application

Summary

PISCESvSwitch

OVS

P4- Quickly develop and deploy new

packet header format.

- With hardly any performance cost!

Questions?

Learn more and Try PISCES here:

http://pisces.cs.princeton.edu