[233] level 2 network programming using packet ngin rtos
TRANSCRIPT
Level 2 Network Programming using PacketNgin RTOS
김성민 ㈜구름네트웍스 대표이사
contents
1. Introduction 2. Basic Network Concepts 3. Level 2 Network Applications 4. Wrap-up
1. Introduction
I have a dream
I have a dream
I have a dream
Source: http://www.embedded.com/print/4008802 http://blogs.it.ox.ac.uk/oxcert/2015/05/13/cve-2015-3456-venom/
S/W
H/W
Who am I?
2009 ~ 2012 패킷엔진의 전신인 패킷바이저 개발 한국전자통신연구원
2013 ~ 2014 패킷엔진 프로토타입 개발 창의도전형SW R&D 프로그램/NIPA
2014 ~ 상용화를 위해 ㈜구름네트웍스 설립 창업선도대학/창업진흥원
2015. 9 패킷엔진 오픈소스 공개 글로벌오픈프론티어/NIPA
Network Programming Host and network node (1/4)
• Host
• PC, smart phone, server
• IP address, TCP or UDP port
• Network node
• Switch, router, gateway
• MAC address, interface number
Source: https://en.wikipedia.org/wiki/Hop_(networking) https://www.nas.ewi.tudelft.nl/people/Piet/papers/hopcountmeasurementPAM.pdf
Network Programming Host and network node (1/4)
Source: https://en.wikipedia.org/wiki/Computer_network
Network Programming Host and network node (3/4)
Source address: Konkuk Univ. Destination address: naver.com
tcp://203.252.180.180:3087
tcp://202.179.177.22:80
• Host network
programming
• TCP, UDP
• Send data
• Receive data
Network Programming Host and network node (4/4)
• Network node
programming
• MAC, ARP
ICMP, OSPF
• forwarding
• multicast
• encrypt/decrypt
• encapsulate/decapsulate
Network nodes
PacketNgin RTOS Concept Network O/S vs General Purpose O/S (1/2)
• Ethernet Header
• LAN 안에서 Packet을 Switching할 때 사용하는 정보
• IP Header
• WAN 에서 Packet을 Routing할 때 사용하는 정보
• TCP/UDP Header
• Host 안에서 Packet을 Dispatch할 때 사용하는 부분
• TCP/UDP Payload
• Application에서 사용하는 데이터
Ethernet Header
IP Header
TCP/UDP Header
TCP/UDP Payload
PacketNgin RTOS Concept Network O/S vs General Purpose O/S (2/2)
Eth IP TCP Payload Ether Block
IP Block
TCP Block
Web Browser
Kernel Space
User Space
NIC Eth IP TCP Payload
IP TCP Payload
TCP Payload
Payload
Eth IP TCP Payload Ether Block
Firewall
Kernel Space
User Space
NIC Eth IP TCP Payload
Eth IP TCP Payload
General Purpose O/S Network O/S
PacketNgin RTOS Concept
Programmability
Why Network O/S?
• Linux는 Host Network Programming 하기에 적합한 O/S
• PacketNgin은 Network Node Programming 하기에 적합한 O/S
• ARP, ICMP, IPsec 소스 코드의 양이 Linux에 비해 2/3 ~ 1/2 수준
Why Network O/S? + Network H/W depedent code + deliver_skb() + ret = pt_prev->func(skb, skb->dev, pt_prev); + ip_rcv() + nf_hook() + ip_rcv_finish() + ip_route_input() + dst_input()->ip_forward() or ip_input() + ip_input // Remove the IPv4 header + ip_input_finish + ret = ipprot->handler(&skb, &nhoff); + xfrm4_rcv() + xfrm_input() + xfrm4_parse_spi() + xfrm_state_lookup() // lookup IPsec SA + xfrm_beet_input(skb, x) //To change to inner IP header. + nexthdr = x->type->input(x, xfrm.decap, skb) // == esp_input + esp_input() // process ESP based on inner address + returns 0 ; + /* beet handling in xfrm_rcv_spi */ + netif_rx() + // ip_input_finish returns 0 + // netif_receive_skb returns 0 +netif_receive_skb // Now we have an IPv4 packet. So the input flow is for v4 packet. + deliver_skb() + ret = pt_prev->func(skb, skb->dev, pt_prev); + ip_rcv() + nf_hook() //This calls ip_rcv_finish(skb) + ip_rcv_finish() // Here the skb->dst is NULL and so is filled for the input side. + ip6_route_input() + dst_input()->ip_forward() or ip_input() + ip_input // Remove the IPv4 header + ip_input_finish + …
+ Network H/W depedent code + nic_process_output() + fifo_push() + ni_input() + ipsec_inbound() + sad_get() + ipsec_decrypt() + spd_get() + ni_output()
Performance
Why Network O/S?
PacketNgin Network Application APIs
• thread_id(): int
• thread_barrior(): void
• malloc(size_t): void*
• free(void*): void
• gmalloc(size_t): void*
• gfree(void*): void
• ni_input(idx): Packet*
• ni_output(Packet*): bool
• ni_free(Packet*): void
• ni_create(size_t): Packet*
Hello World
1. 0번 Thread인 경우
2. Global memory 초기화 시행
3. 나머지 Thread는 기다림
1. Local memory 초기화
2. 모든 Thread가 초기화를 마칠 때 까지
기다림
1. 할당된 vNIC의 개수를 가져옴
2. vNIC을 round-robin 방식으로 선택
1. i번째 vNIC을 가져옴
2. Packet이 있으면
3. process라는 함수를 실
행
1. vNIC에서 Packet을 가져옴
1. 모든 Packet은 Ehternet이기
때문에 Packet의 payload를
Ether 형태로 casting함
1. Ether Type이 ARP인 경우
2. Ethernet의 payload를 ARP로
casting함
3. 기타등등 ARP 처리
1. Ether Type이 IPv4인 경우
2. Ethernet의 payload를 IP로
casting함
1. IP의 protocol이 ICMP이고, IP
의 목적지가 나 자신인 경우
2. IP의 payload를 ICMP로
casting함
3. 기타등등 ICMP에 관한 처리
1. IP의 protocol이 UDP 경우
2. IP의 payload를 UDP로
casting함
3. 기타등등 UDP에 관한 처리
1. 의미 없는 Packet인 경우
2. Packet을 drop 시킴
2. Basic Network Concepts 2.1 Local Area Network
LAN and WAN
Source: http://www.mysecurecyberspace.com/encyclopedia/index/local-area-network-lan.html
Switch
Source: http://kr.gobizkorea.com/blog/kr_catalog_view.jsp?blog_id=iptime&co_lang=1&group_code=62373&obj_id=944135 http://www.dlink.com/us/en/business-solutions/switching/unmanaged-switches/rackmount/des-1026g-24-port-fast-ethernet-switch-plus-2-gigabit-ports
Router
Source: http://www.cisco.com/en/US/products/ps10537/index.html http://www.cisco.com/en/US/products/ps5862/index.html
Ethernet
Source: https://en.wikipedia.org/wiki/Ethernet_frame
Address Resolution Protocol (1/5)
00:11:22:33:44:01
192.168.0.1
00:11:22:33:44:02
192.168.0.2
00:11:22:33:44:03
192.168.0.3
00:11:22:33:44:06
192.168.0.6
00:11:22:33:44:05
192.168.0.5
00:11:22:33:44:04
192.168.0.4
Address Resolution Protocol (2/5)
00:11:22:33:44:01
192.168.0.1
00:11:22:33:44:02
192.168.0.2
00:11:22:33:44:03
192.168.0.3
00:11:22:33:44:06
192.168.0.6
00:11:22:33:44:05
192.168.0.5
00:11:22:33:44:04
192.168.0.4
Who has 192.168.0.3?
Address Resolution Protocol (3/5)
00:11:22:33:44:01
192.168.0.1
00:11:22:33:44:02
192.168.0.2
00:11:22:33:44:03
192.168.0.3
00:11:22:33:44:06
192.168.0.6
00:11:22:33:44:05
192.168.0.5
00:11:22:33:44:04
192.168.0.4
192.168.0.3 is at 00:11:22:33:44:03
Address Resolution Protocol (4/5)
Address Resolution Protocol (5/5)
Run PacketNgin RTOS
1. ARP request이고, 그 대상이 나
자신일 경우
1. Ethernet의 Source와
Destination 주소를 서로 바꾸
어 상대방의 호스트에 패킷을 되
돌림
1. ARP operation을 Response(2)로 바꿈
2. Source Hardware Address를 나의 MAC 주소로 설정함
1. 새로 만든 패킷을 vNIC을 통해 출력함
1. x86_64로 컴파일 함 2. glibc를 사용 안함 3. Stack Pointer를 사용 안함
1. glibc를 사용 안함
1. NewLib (Standard C lib) 2. libcore 3. libTLSF (Memory allocator)
console 유틸리티로 실행
# bin/console run.psh
1. PacketNgin RTOS에 접속함
1. RTVM을 할당 받음 2. Core는 1개 3. Memory는 16MB 4. Storage는 2MB 5. vNIC은 2개
1. 컴파일된 이미지를 전송함 2. VM을 구동함
Deploy Net App (Console)
Deploy Net App (RTOS)
ARPing
2. Basic Network Concepts 2.2 Wide Area Network
Wide Area Network
Wide Area Network
203.252.180.180
8.8.8.8
Source: http://gallery.techarena.in/showphoto.php/photo/21765
IP Routing
203.252.180.180
8.8.8.8
Source: http://gallery.techarena.in/showphoto.php/photo/21765
Internet Protocol
Source: http://en.wikipedia.org/wiki/Ipv4
Internet Control Message Protocol
Source: http://www.networkuptime.com/nmap/page4-2.shtml
• Echo
• Destination Unreachable
• Redirect Message
• Router Advertisement
• Router Solicitation
• Time Exceed
• Bad IP header
• Timestamp
Internet Control Message Protocol
Source: http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
Internet Control Message Protocol
Debug
2. Basic Network Concepts 2.3 Transmission Control Protocol
Transmission Control Protocol
Source: http://en.wikipedia.org/wiki/Transmission_Control_Protocol
Connection (3 way handshake)
Transmission
Sliding Window
Congestion Control
Congestion Control
Source: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-2/gigabit_tcp.html
Implement
Run
3. Level 2 Network Applications
PacketNgin Loadbalancer • Load Balancing Methods
• NAT, SNAT, DR, Tunneling
• Scheduling Algorithms
• Round-Robin, Least-Connection,
Hashing, Shortest Expected Delay,
Never Queue
• Failover
• Watchdog, TCP Session Recover
글로벌 오픈프론티어/NIPA
PacketNgin Loadbalancer
PacketNgin Loadbalancer Throughput
VirtualBox + Virt I/O NIC +388%
PacketNgin IPsec • Cryptography Algorithms
• DES, 3DES, BlowFish, Cast128,
Rijndael, Camelia, AES
• Hashing Algorithms
• MD5, SHA1/256/384/512,
Ripemd160
• Mode
• Transport, Tunnel
• IKE
PacketNgin IPsec
PacketNgin IPsec Throughput
Core i5 + NetFPGA NIC +420%
PacketNgin Protocol Converter
철도기술연구원, 대아TI
PacketNgin SCPS
군 위성 가속기
PacketNgin IoT Gateway
건국대학교/중소기업청 Source: http://wirelessall.co.kr/goods_detail.php?goodsIdx=10231
4. Wrap-up
Summary
• Host network programming vs Network node programming
• OSI model level 2 network programming
• ARP, ICMP, TCP and DPI
• Level 2 Network Applications
4.1 Summary