[233] level 2 network programming using packet ngin rtos

Level 2 Network Programming using PacketNgin RTOS

김성민 ㈜구름네트웍스 대표이사

contents

1. Introduction 2. Basic Network Concepts 3. Level 2 Network Applications 4. Wrap-up

1. Introduction

I have a dream

I have a dream

I have a dream

Source: http://www.embedded.com/print/4008802 http://blogs.it.ox.ac.uk/oxcert/2015/05/13/cve-2015-3456-venom/

S/W

H/W

Who am I?

2009 ~ 2012 패킷엔진의 전신인 패킷바이저 개발 한국전자통신연구원

2013 ~ 2014 패킷엔진 프로토타입 개발 창의도전형SW R&D 프로그램/NIPA

2014 ~ 상용화를 위해 ㈜구름네트웍스 설립 창업선도대학/창업진흥원

2015. 9 패킷엔진 오픈소스 공개 글로벌오픈프론티어/NIPA

Network Programming Host and network node (1/4)

• Host

• PC, smart phone, server

• IP address, TCP or UDP port

• Network node

• Switch, router, gateway

• MAC address, interface number

Source: https://en.wikipedia.org/wiki/Hop_(networking) https://www.nas.ewi.tudelft.nl/people/Piet/papers/hopcountmeasurementPAM.pdf

Network Programming Host and network node (1/4)

Source: https://en.wikipedia.org/wiki/Computer_network

Network Programming Host and network node (3/4)

Source address: Konkuk Univ. Destination address: naver.com

tcp://203.252.180.180:3087

tcp://202.179.177.22:80

• Host network

programming

• TCP, UDP

• Send data

• Receive data

Network Programming Host and network node (4/4)

• Network node

programming

• MAC, ARP

ICMP, OSPF

• forwarding

• multicast

• encrypt/decrypt

• encapsulate/decapsulate

Network nodes

PacketNgin RTOS Concept Network O/S vs General Purpose O/S (1/2)

• Ethernet Header

• LAN 안에서 Packet을 Switching할 때 사용하는 정보

• IP Header

• WAN 에서 Packet을 Routing할 때 사용하는 정보

• TCP/UDP Header

• Host 안에서 Packet을 Dispatch할 때 사용하는 부분

• TCP/UDP Payload

• Application에서 사용하는 데이터

Ethernet Header

IP Header

TCP/UDP Header

TCP/UDP Payload

PacketNgin RTOS Concept Network O/S vs General Purpose O/S (2/2)

Eth IP TCP Payload Ether Block

IP Block

TCP Block

Web Browser

Kernel Space

User Space

NIC Eth IP TCP Payload

IP TCP Payload

TCP Payload

Payload

Eth IP TCP Payload Ether Block

Firewall

Kernel Space

User Space

NIC Eth IP TCP Payload

Eth IP TCP Payload

General Purpose O/S Network O/S

PacketNgin RTOS Concept

Programmability

Why Network O/S?

• Linux는 Host Network Programming 하기에 적합한 O/S

• PacketNgin은 Network Node Programming 하기에 적합한 O/S

• ARP, ICMP, IPsec 소스 코드의 양이 Linux에 비해 2/3 ~ 1/2 수준

Why Network O/S? + Network H/W depedent code + deliver_skb() + ret = pt_prev->func(skb, skb->dev, pt_prev); + ip_rcv() + nf_hook() + ip_rcv_finish() + ip_route_input() + dst_input()->ip_forward() or ip_input() + ip_input // Remove the IPv4 header + ip_input_finish + ret = ipprot->handler(&skb, &nhoff); + xfrm4_rcv() + xfrm_input() + xfrm4_parse_spi() + xfrm_state_lookup() // lookup IPsec SA + xfrm_beet_input(skb, x) //To change to inner IP header. + nexthdr = x->type->input(x, xfrm.decap, skb) // == esp_input + esp_input() // process ESP based on inner address + returns 0 ; + /* beet handling in xfrm_rcv_spi */ + netif_rx() + // ip_input_finish returns 0 + // netif_receive_skb returns 0 +netif_receive_skb // Now we have an IPv4 packet. So the input flow is for v4 packet. + deliver_skb() + ret = pt_prev->func(skb, skb->dev, pt_prev); + ip_rcv() + nf_hook() //This calls ip_rcv_finish(skb) + ip_rcv_finish() // Here the skb->dst is NULL and so is filled for the input side. + ip6_route_input() + dst_input()->ip_forward() or ip_input() + ip_input // Remove the IPv4 header + ip_input_finish + …

+ Network H/W depedent code + nic_process_output() + fifo_push() + ni_input() + ipsec_inbound() + sad_get() + ipsec_decrypt() + spd_get() + ni_output()

Performance

Why Network O/S?

PacketNgin Network Application APIs

• thread_id(): int

• thread_barrior(): void

• malloc(size_t): void*

• free(void*): void

• gmalloc(size_t): void*

• gfree(void*): void

• ni_input(idx): Packet*

• ni_output(Packet*): bool

• ni_free(Packet*): void

• ni_create(size_t): Packet*

Hello World

1. 0번 Thread인 경우

2. Global memory 초기화 시행

3. 나머지 Thread는 기다림

1. Local memory 초기화

2. 모든 Thread가 초기화를 마칠 때 까지

기다림

1. 할당된 vNIC의 개수를 가져옴

2. vNIC을 round-robin 방식으로 선택

1. i번째 vNIC을 가져옴

2. Packet이 있으면

3. process라는 함수를 실

행

1. vNIC에서 Packet을 가져옴

1. 모든 Packet은 Ehternet이기

때문에 Packet의 payload를

Ether 형태로 casting함

1. Ether Type이 ARP인 경우

2. Ethernet의 payload를 ARP로

casting함

3. 기타등등 ARP 처리

1. Ether Type이 IPv4인 경우

2. Ethernet의 payload를 IP로

casting함

1. IP의 protocol이 ICMP이고, IP

의 목적지가 나 자신인 경우

2. IP의 payload를 ICMP로

casting함

3. 기타등등 ICMP에 관한 처리

1. IP의 protocol이 UDP 경우

2. IP의 payload를 UDP로

casting함

3. 기타등등 UDP에 관한 처리

1. 의미 없는 Packet인 경우

2. Packet을 drop 시킴

2. Basic Network Concepts 2.1 Local Area Network

LAN and WAN

Source: http://www.mysecurecyberspace.com/encyclopedia/index/local-area-network-lan.html

Switch

Source: http://kr.gobizkorea.com/blog/kr_catalog_view.jsp?blog_id=iptime&co_lang=1&group_code=62373&obj_id=944135 http://www.dlink.com/us/en/business-solutions/switching/unmanaged-switches/rackmount/des-1026g-24-port-fast-ethernet-switch-plus-2-gigabit-ports

Router

Source: http://www.cisco.com/en/US/products/ps10537/index.html http://www.cisco.com/en/US/products/ps5862/index.html

Ethernet

Source: https://en.wikipedia.org/wiki/Ethernet_frame

Address Resolution Protocol (1/5)

00:11:22:33:44:01

192.168.0.1

00:11:22:33:44:02

192.168.0.2

00:11:22:33:44:03

192.168.0.3

00:11:22:33:44:06

192.168.0.6

00:11:22:33:44:05

192.168.0.5

00:11:22:33:44:04

192.168.0.4

Address Resolution Protocol (2/5)

00:11:22:33:44:01

192.168.0.1

00:11:22:33:44:02

192.168.0.2

00:11:22:33:44:03

192.168.0.3

00:11:22:33:44:06

192.168.0.6

00:11:22:33:44:05

192.168.0.5

00:11:22:33:44:04

192.168.0.4

Who has 192.168.0.3?

Address Resolution Protocol (3/5)

00:11:22:33:44:01

192.168.0.1

00:11:22:33:44:02

192.168.0.2

00:11:22:33:44:03

192.168.0.3

00:11:22:33:44:06

192.168.0.6

00:11:22:33:44:05

192.168.0.5

00:11:22:33:44:04

192.168.0.4

192.168.0.3 is at 00:11:22:33:44:03

Address Resolution Protocol (4/5)

Address Resolution Protocol (5/5)

Run PacketNgin RTOS

1. ARP request이고, 그 대상이 나

자신일 경우

1. Ethernet의 Source와

Destination 주소를 서로 바꾸

어 상대방의 호스트에 패킷을 되

돌림

1. ARP operation을 Response(2)로 바꿈

2. Source Hardware Address를 나의 MAC 주소로 설정함

1. 새로 만든 패킷을 vNIC을 통해 출력함

1. x86_64로 컴파일 함 2. glibc를 사용 안함 3. Stack Pointer를 사용 안함

1. glibc를 사용 안함

1. NewLib (Standard C lib) 2. libcore 3. libTLSF (Memory allocator)

console 유틸리티로 실행

# bin/console run.psh

1. PacketNgin RTOS에 접속함

1. RTVM을 할당 받음 2. Core는 1개 3. Memory는 16MB 4. Storage는 2MB 5. vNIC은 2개

1. 컴파일된 이미지를 전송함 2. VM을 구동함

Deploy Net App (Console)

Deploy Net App (RTOS)

ARPing

2. Basic Network Concepts 2.2 Wide Area Network

Wide Area Network

Wide Area Network

203.252.180.180

8.8.8.8

Source: http://gallery.techarena.in/showphoto.php/photo/21765

IP Routing

203.252.180.180

8.8.8.8

Source: http://gallery.techarena.in/showphoto.php/photo/21765

Internet Protocol

Source: http://en.wikipedia.org/wiki/Ipv4

Internet Control Message Protocol

Source: http://www.networkuptime.com/nmap/page4-2.shtml

• Echo

• Destination Unreachable

• Redirect Message

• Router Advertisement

• Router Solicitation

• Time Exceed

• Bad IP header

• Timestamp

Internet Control Message Protocol

Source: http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol

Internet Control Message Protocol

Debug

2. Basic Network Concepts 2.3 Transmission Control Protocol

Transmission Control Protocol

Source: http://en.wikipedia.org/wiki/Transmission_Control_Protocol

Connection (3 way handshake)

Transmission

Sliding Window

Congestion Control

Congestion Control

Source: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-2/gigabit_tcp.html

Implement

Run

3. Level 2 Network Applications

PacketNgin Loadbalancer • Load Balancing Methods

• NAT, SNAT, DR, Tunneling

• Scheduling Algorithms

• Round-Robin, Least-Connection,

Hashing, Shortest Expected Delay,

Never Queue

• Failover

• Watchdog, TCP Session Recover

글로벌 오픈프론티어/NIPA

PacketNgin Loadbalancer

PacketNgin Loadbalancer Throughput

VirtualBox + Virt I/O NIC +388%

PacketNgin IPsec • Cryptography Algorithms

• DES, 3DES, BlowFish, Cast128,

Rijndael, Camelia, AES

• Hashing Algorithms

• MD5, SHA1/256/384/512,

Ripemd160

• Mode

• Transport, Tunnel

• IKE

PacketNgin IPsec

PacketNgin IPsec Throughput

Core i5 + NetFPGA NIC +420%

PacketNgin Protocol Converter

철도기술연구원, 대아TI

PacketNgin SCPS

군 위성 가속기

PacketNgin IoT Gateway

건국대학교/중소기업청 Source: http://wirelessall.co.kr/goods_detail.php?goodsIdx=10231

4. Wrap-up

Summary

• Host network programming vs Network node programming

• OSI model level 2 network programming

• ARP, ICMP, TCP and DPI

• Level 2 Network Applications

4.1 Summary

What will you do if you can Program the network?

semih@gurum.cc

packetngin.org