Control and forwarding plane separation on an opensource router
2011 (English)Conference paper (Refereed)
In previous work[1-3] it has been shown how open-source routers on new PC hardware allows for forwarding speeds of 10Gb/s and above. In this work we extend the applicability of the results by showing how the new 10Gb/s interface classification techniques can be used to separate packet forwarding from control plane operation.It is important to isolate the control-plane from forwarding load, since it makes routing protocol and management operation independent of forwarding load. It also increases the resilience against denial-ofservice attacks. In addition, it relates to the forwarding and control element separation proposed by the IETF ForCES work, where we use one CPU core as control element and the remaining cores as forwarding elements.
Many new interface cards have chipsets with advanced classification capabilities motivated by advances in virtualization and multicore architectures. We have chosen to study the Intel 82599 10Gb/s controller and the Linux ixgbe driver. The 82599 has several mechanisms to control packet classification, including Receiver Side Scaling (RSS), Flow director, and N-tuple filters. Other interface cards on the market use generic TCAMs providing similar functionality.
The approach we used was to implicitly configure the Flow director by outgoing control traffic, so that return flows aimed at the control plane were identified and could be directed to a designed control processor. Flows not destined to the control processor were load balanced among the remaining cores using RSS. We found this to be a simple and straight-forward approach, and we present results that verifies this method. However, we have seen some cases in overload scenarios where packet drops are made in hardware before classification which need to be further analyzed.During the project we also explored some of the hardware capabilites new buses (PCIe gen2). We discovered with optimal setting that we could transmit (DMA) 92 Gb/s using 1500 byte packet
Place, publisher, year, edition, pages
IdentifiersURN: urn:nbn:se:kth:diva-66410OAI: oai:DiVA.org:kth-66410DiVA: diva2:483950
Linux Kongress, Nürnberg, Germany
QC 201201302012-01-262012-01-262012-01-30Bibliographically approved