Protocol Wrappers for Layered Network Packet ... - CiteSeerX

Download PDF
11 downloads 5903 Views 67KB Size Report
Comment
network platform called the Field Programmable Port Ex- tender (FPX) ... in St. Louis, a set of hardware and software components for research .... Dispatch. HEC. Figure 4. FPX Cell wrapper the cell processor itself. We will discuss this mecha-.
Protocol Wrappers for Layered Network Packet Processing in Reconfigurable Hardware Florian Braun University of Stuttgart [email protected]

John Lockwood Washington University in St. Louis [email protected]

Abstract A library of layered protocol wrappers has been developed that process Internet packets in reconfigurable hardware. These wrappers can be used with a reprogrammable network platform called the Field Programmable Port Extender (FPX) to rapidly prototype hardware circuits for processing Internet packets. We present a framework to streamline and simplify the development of networking applications that process ATM cells, AAL5 frames, Internet Protocol (IP) packets and UDP datagrams directly in hardware.

1. Introduction In recent years, Field Programmable Gate Arrays (FPGAs) have become sufficiently capable to implement complex networking applications directly in hardware. By using hardware that can be reprogrammed, network equipment can dynamically load new functionality. Such a feature allows, for example, firewalls to add new filters that can run at line speed. The Field Programmable Port Extender has been implemented as a flexible platform for the processing of network data in hardware [11]. The library of wrappers discussed in this paper allows applications to be developed that process data at several layers of the protocol stack. Layers are important for networks because they allow applications to be implemented at a level where the details of a protocol layer can be abstracted from the layers above and below. At the lowest layer, networks modify raw data that passes between interfaces. At higher levels, the applications process variable length frames or Internet Protocol packages. An Internet router or firewall, for example, use the IP, frame and cell wrapper together with a circuit to perform routing lookups. At the user level, a



This research was supported in part by NSF ANI-0096052 and Xilinx Corp. and was conducted while the authors had been at Washington University in St. Louis.

Marcel Waldvogel IBM Zurich Research Laboratory [email protected]

network application may transmit directly or receive User Datagram Protocol messages by instantiating all wrappers discussed in Section 3 and as shown in Figure 1.

2. Background In the Applied Research Lab at Washington University in St. Louis, a set of hardware and software components for research in the field of networking, switching, routing and active networking have been developed. The Field Programmable port extender (FPX) has been developed to enable modular hardware components to be implemented in reprogrammable logic. The modules described in this document are primarily targeted for the FPX, though the design is written in portable VHDL and could be used in any FPGA-based system.

2.1. Switch Fabric The central component of this research environment is the Washington University Gigabit Switch (WUGS) [6]. The WUGS is a fully featured 8-port ATM switch, which is capable of handling up to 20 Gbps of network traffic. Each port is connected through a line card to the switch. The WUGS allows hardware to be inserted in a daisy-chain fashion between the line cards and the backplane. Two extension cards to the WUGS have been developed so far, both providing programmable means for advanced Network Application

UDP Wrapper IP Wrapper

Frame Wrapper Cell Wrapper

Figure 1. Wrapper concept

    

   

021 !/ #3 ( $ ')%$ *&+,'%$+- *./ !   !"#!%$

IPP IPP

OPP

AB6 C 6 8 4 576 8 9 : ;=?@ 6 9

OPP

Data

Data

SDRAM

SDRAM

Data SRAM

Module

021 !/ #3 ( $ ')%$ *&+,'%$+- *./ !   !"#!%$

Module

    

   

Data SRAM

RAD

IPP

OPP

IPP

OPP

VC

VC

RAD Program SRAM VC

Figure 2. WUGS configuration using the FPX EC

cell and/or packet processing. One of them is the Smart Port Card (SPC) [8], a stripped-down, compact PC attached through an Advanced Port InterConnect (APIC) [7] ATM Network Interface Card (NIC). The SPC is used whenever the processing applied to the packets is suited for software implementation.

2.2. Field Programmable Port Extender The second card, the FPX, [14, 13], provides reprogrammable logic for user applications. Like the SPC, it can also be inserted between the switch fabric mainboard and any line card, as illustrated in Figure 2. Figure 3 illustrates the major components on an FPX board. The FPX contains two FPGAs: the Network Interface Device (NID) and the Reprogrammable Application Device (RAD). The NID interconnects the WUGS, the line card and the RAD via an on-chip ATM switch core. It also provides the logic to dynamically reprogram the RAD. The RAD can be programmed to hold user-defined modules. This feature enables user-defined network modules to be dynamically loaded into the system. The RAD is also connected to two SRAM and two SDRAM components. The memory modules can be used to cache cell data or hold large tables.

2.3. FPX Modules User applications are implemented on the RAD as modules. Modules are hardware components with a welldefined interface that communicate with the RAD and other infrastructure components. The basic data interface is a 32bit wide Utopia interface. Internet packets enter the module using classical IP over ATM encapsulation and segmentation into ATM cells [16]. The data bus carries header and payload of the cells. The other signals in the module interface are used for congestion control and to connect to mem-

VC EC

Switch

NID

FPX

LineCard

Figure 3. Components on an FPX board ory controllers to access the off-chip memory. The complete module interface is documented in [17]. Usually, there are two application modules on the RAD. Typically, one handles data from the line card to the switch (ingress), and the other handles data from the switch to the line card (egress). As with the Transmutable Telecom System [15], modules can be replaced by reprogramming the FPGA in the system at any time. In the case of the FPX, this functionality occurs via partial reprogramming of the RAD FPGA.

3. Network Wrapper Concept Components have been developed for the FPX that allow applications to handle data on several protocol layers. Similar circuits have been implemented in static systems to implement IP over Ethernet [9]. Unlike systems that offload protocol processing to a coprocessor [1, 18], this library allows all packet processing functions to be implemented in hardware. Translation steps are necessary between layers. A classical approach creates components for each protocol translation. In our approach, we combine these two translation units into one component, which has four interfaces as a consequence: two to support the lower level protocol and two to provide a higher level interface, respectively. Furthermore, some components are connected to each other. This is useful for exchanging additional information or to bypass the application. The latter is done in the cell proces-

sor (section 3.1). When an application module is embedded into a protocol wrapper, the new entity surrounds the user’s logic like the letter U (Figure 1). Regarding the data stream, the application only connects to the translating component, which wraps up the application itself. Therefore we will refer to the surrounding components as wrappers. To support higher levels of abstraction, the wrappers can be nested. As each has a well defined interface for an outer and an inner protocol level, they fit together as shown in Figure 1. As a result, we get a very modular design method to support applications for different protocols and levels of abstraction. Associating each wrapper with a specific protocol, we get a layer model comparable to the well-known OSI/ISO networking reference model. This modularity gives application developers freedom to implement functions at several protocol layers in their designs. They can interface their logic to a wrapper with the level of abstraction appropriate for their specific application. Userlevel applications, for example, can completely ignore handling of complicated protocol issues, like frame boundaries or checksums.

3.1. The Cell Wrapper The wrapper on the lowest level is the cell processor (Figure 4). It performs every necessary step on the cell level that is common to all FPX modules. First, incoming ATM cells are checked against their Header Error Control (HEC) field, which is part of the 5-octet header. An 8-bit CRC (Cyclic Redundancy Code) is used to prevent corrupted cells from being misrouting. If the check fails, the cell is dropped. Accepted cells are then processed according to their VC information. The cell processor distinguishes between three different flows: 1. The cell is on the data VC for this module. In this case, the cell will be forwarded to the inner interface of the wrapper and thus to the application. 2. The cell is on the control-cell VC and is tagged with the correct module ID. Control cells are processed by

HEC

Dispatch

Check

HEC Set

the cell processor itself. We will discuss this mechanism later in this section. 3. None of the above, i.e., this cell is not destined for this module. These cells are forwarded around the inner layers of the module. and bypass processing by the higher-level protocol processors. The cell processor provides three FIFOs to buffer cells from either of the three paths. A multiplexer combines them and forwards the cells to their final stop. Just before they leave the cell processor, a new HEC is computed. The behavior of an FPX module can be modified via control cells. Control cells are ATM cells with a well-defined structure and provide a communication path between an external controller (e.g., software) and the on-chip modules. A standard control cell format has been developed to transmit information between software that controls the FPX and hardware modules. Control cells to the RAD contain a module ID field to address the application module. Some standard opcodes are understood by all FPX modules. Commands to change the VPI/VCI registers, for example, allow a module to dynamically change the flow which will be processed. The control-cell handling function inside the cell processor is designed to be very flexible, thus making it easy for application developers to extend its functionality to fit the needs of their modules. User applications typically support more control cell opcodes than the standard codes. This feature is usually used to configure the module or to interact with software components, so extendibility was an important goal in the design of the cell processor. A control-cell processing framework takes care of CRC check and generation functions, buffering of common data structures, and implements a mechanism to share common information. A master state machine waits for control cells destined for this module and then stores opcodes, user data, and a sequence number. At the same time it also checks the control cell CRC. Every opcode has its own state machine. So adding a new command does not interfere with existing ones. Every state machine polls the master state to check if a control cell with a valid CRC has been read and becomes active on its opcode. For any incoming control cell (request), a response cell should be sent, if the command has been processed successfully. As every opcode is handled by an independent state machine, each generating their own response cells, a multiplexer will merge the response cells at the output port, after its CRC has been set.

Control Cells

3.2. The Frame Wrapper Figure 4. FPX Cell wrapper

To handle data with arbitrary length over ATM networks, data is organized in frames, which are sent as multiple cells.

0 ATM Header ATM Cell Payload

0 AAL5 Payload

1

Padding AAL5 Trailer

Options

Length

CRC−32

tual frame contents. The End-of-Frame signal is asserted with the last valid payload word being sent. Applications thus have enough time to start appending data to a frame, if necessary. After the EOF signal, two more words are sent. These 8 octets represent the AAL5 trailer, including some additional information for this wrapper, that is used to recreate the length and CRC fields. It is essential that applications copy and forward these two additional words, even if they do not want to inspect or modify them. We would have liked to apply the techniques developed in [4] to improve the efficiency of the CRC calculation, especially in an Internet environment. Due to our modular approach, this was not possible, as the frame processor is not (and in fact should not be) aware of the modifications done at higher processing layers.

Figure 5. AAL5 frame segmentation

3.3. The IP Packet Wrapper Several adaption layers have been specified [5] with various properties. ATM Adaption Layer 5 (AAL5) is widely used for IP networks [16]), as it allows packets longer than a single ATM cell to be efficiently transmitted over ATM links. The higher layer packet to be encapsulated in AAL5 gets padding and an 8-byte trailer appended (see Figure 5. The amount of padding chosen fills the resulting frame to an even multiple of 48 bytes (the size of a single ATM cell). The trailer contains the length (16 bits), a 16-bit wide field available to higher protocol layers, and a CRC-32 for integrity checks. To enable decapsulation, a special bit is set in the header of the last cell. The length field and this “last cell” bit enable the decoder to identify the start and end of the payload. The length field and the CRC field serve to identify lost, inserted, and corrupted cells in the stream. The frame wrapper module for the FPX handles AAL5 frame data. Its interface is designed to provide application modules with the ability to transmit and receive variable length frames. The frame processor replaces the Startof-Cell signal with three signals, namely Start-of-Frame (SOF), End-of-Frame (EOF) and Data-Enable (DataEn). As the name indicates, SOF indicates the transmission of a new frame. Note that no HEC support is available with this wrapper, as it assumes that only valid ATM cells are passed to this wrapper and that valid HECs are generated for outgoing cells by the cell processor. DataEn indicates valid payload data. It can be seen as an enable signal for the data-processing application. It is completely independent from the cell structure. Applications can therefore resize frames or append data very easily. Also, generating new frames thus becomes simple and convenient. Note that DataEn is not asserted when padding is being sent, because it is not considered to be part of the ac-

The processing of Internet Protocol (IP) is a critical feature of the wrappers. IP dictates how packets are formatted on the Internet. Sub-protocols, such as UDP or TCP, are used to send connectionless datagrams or establish reliable connections, respectively within IP packets. The IP processor was developed to support IP-based applications. It inherits the signaling interface from the frame processor, and adds a Start-of-Payload (SOP) signal, to indicate the payload after the IP header, which can be of variable length. This wrapper serves three purposes: 1. It checks the IP header integrity to verify the correctness of the header checksum. Corrupted packets are dropped. 2. It decrements the Time To Live (TTL) field. As of RFC 1812 [2], all IP processing entities are required to decrement this field. Once this field reaches zero, the packet should no longer be forwarded. This is to prevent packets from looping in networks owing to misconfigured routers. 3. It recomputes the length and the header checksum on outgoing IP packets. An IP header usually has a length of 20 bytes, or 5 words, but can be longer in the extremely rare case of containing IP options. The entire header has to have passed before any decision about its integrity can be made. The IP processor computes and then compares the header checksum. On a failure, the IP packet is dropped by not propagating any signal to the application. If the Time-To-Live field of an incoming packet is already zero, the packet is also dropped and an ICMP error packet is returned instead. Otherwise the TTL field is decremented. Outgoing IP packets are buffered

Wrapper/Module



Cell Processor Frame Processor IP Processor UDP Processor

Table 1. Implementation results of the wrappers Space Speed Delay(short) Delay(long) Throughput(short) LUTs rel MHz in out in out rel. Gbps 781 3% 125 4 6 4 6 100% 3.5 1251 5% 116 21 22 10 31 84% 2.7 1009 4% 109 36 39 D 24 197 D 84% 2.6 550 2% 114 39 44 D 27 202 D 84% 2.6

Throughput(long) rel. Gbps 100% 3.5 93% 3.0 93% 2.9 93% 2.9

Depending on packet size (see text)

so that the actual length can be determined. The corresponding field in the header and the header checksum are set accordingly. Therefore a whole packet has to be buffered, before it can be sent out. To save and share resources with other wrappers, the IP wrapper understands a protocol to update the contents of bytes earlier in the packet. The IP processor can apply changes to the packet payload for fields, such as a header, that were set when the packet originally streamed through the hardware. Update commands are optional and are inserted between the last payload word (EOF signal asserted hi) and the AAL5 trailer. An unused bit (15) in the AAL5 length field is used to indicate update words or the start of the trailer. The length field is also used to hold an error code, so that packets can be dropped before they are sent out. Update words contain a 16 bit update field and a 15 bit update offset address. The 16 bit word at the offset address in the buffer is replaced by the update field.

3.4. The UDP Datagram Wrapper The UDP processor is a wrapper that supports connectionless communication between user level applications using the UDP/IP protocol. This wrapper computes and generates the UDP checksum and the length field in the header for outgoing datagrams. Incoming datagrams are also checked for the checksum, but the result is only available after the whole packet has passed through the wrapper. The UDP processor uses similar signals as the IP processor. It replaces the SOP signal with the Start-of-Datagram (SOD) signal. Applications can simply process datagrams or even generate new ones without the need to interpret or generate UDP headers. To determine the correct checksum for outgoing datagrams, the whole packet must be buffered. Since the IP processor already buffers a full IP packet, performing the same function in the UDP processor would be a waste of on-chip resources. Instead, the UDP processor informs the IP processor about incremental updates in the packet and leaves the buffering to that wrapper.

4. Implementation Results Wrappers have been synthesized to operate on the RAD FPGA on the FPX. The system clock on the FPX is 100 MHz and the RAD is a Xilinx Virtex XCV1000E-7. Table 1 summarizes the results of our framework. The first column gives the number of lookup tables used to implement each function and the relative fraction of the chip required to hold the logic. The second column specifies the maximum frequency of each synthesized wrapper. The third and the fourth columns give information about delays in clock cycles of data passing through the wrappers and are split into delays before (in) and after (out) an embedded application. The delays have been measured by sending ATM cells back to back, containing UDP packets. UDP packets with only one word (short) and packets with 512 bytes of payload (long) have been sent. The short datagrams fit into a single cell and therefore have the highest protocol overhead, representing the worst case scenario. The longer datagrams represent a common size, giving an average delay. Note that the delays marked with an asterisk ( D ) depend on the IP packet length, because the IP wrapper performs a storeand-forward operation. The last two columns show the theoretical relative and absolute maximum throughput in gigabits per second for each wrapper and for both the short and the long UDP packets.

5. Wrapper Example Applications The layered protocol wrapper library has been used to implement several applications that include encryption, compression, routing and active processing functions with low overhead in reprogrammable hardware. For each of these applications, the protocol wrapper library was used to process UDP, IP, AAL5, and ATM headers, while the remaining gates on the FPGA were used to process the payloads of the packets [12]. To implement the compression circuit, a Run Length Encoder (RLE) was built to shorten the length of payloads

that contain repeated bytes. The circuit replaces runs of repeating bytes with a single byte and a count that indicates the length of that run. For the encryption circuit, an encoder was built to scramble the data in each byte in the payload. For both of these circuits, throughput exceeding 2.4 Gbps was achieved for all packet sizes using the Virtex XCV1000E-7 FPGA on the FPX. The high throughput for large packets came as a result of performing parallel computation on the FPGA using multiple instances of hardware components. The high throughput for small packets came as a result of the low overhead of the protocol library. For routing of Internet Protocol packets, an IP lookup engine has been implemented on top of the IP wrapper [3]. The router has been designed to run at the 2.4 Gbps rate of the line card (OC-48), i.e., it handles 6.25 million IP packets per second. The circuit, including the necessary wrappers, occupies only 17% of the chip space. In addition to data-intensive processing applications listed above, a reprogrammable, active processing module was implemented on the FPX that included the protocol wrapper library and a soft-core processor called the KCPSM [10]. The FPX KCPSM module was implemented so that the program memory of processor could by dynamically reprogrammed over the Internet via a single UDP Datagram. Once a new program is loaded into the module, the processor swaps context and implements a new processing function on the payload of the subsequent data packets. By using the layered protocol library, the cycles of the processor were available exclusively for the application and spared from the overhead of processing protocol functions.

6. Conclusions We have presented a framework for IP packet processing applications in hardware. Although our current implementation was created for use in the Field Programmable Port Extender, the framework is very general and can easily be adapted to other platforms. A library of Layered Protocol wrappers has been implemented. Each handles a particular protocol level. By using an entity that surrounds an application module (a U-shape wrapper), the related logic to convert to and from a protocol are linked, increasing the flexibility and reducing the number of cross-dependencies. The common interface between layers simplifies development of hardware at all levels of the protocol stack. The framework is useful for developers of networking hardware components. The entire IP processing framework only utilizes 14% of the RAD FPGA on the FPX, leaving sufficient space to implement user-defined logic. To show the power of the framework, we also implemented several applications on top, including IP forwarding logic and a programmable packet processor. Additionally, many students have been implementing simpler functions as part of

their coursework, indicating that the framework is easy to use.

References [1] E. A. Arnould, F. J. Bitz, E. C. Cooper, H. T. Kung, R. D. Sansom, and P. A. Steenkiste. The design of Nectar: A network backplane for heterogeneous multicomputers. In Proceedings of the Third International conference on Architectural support for Programming Languages and Operating systems (ASPLOS-III), pages 205–216, Apr. 1989. Also available as Technical Report CMU-CS-89-101, School of Computer Science, Carnegie Mellon University, Pittsburgh. [2] F. Baker. Requirements for IP version 4 routers. Internet RFC 1812, June 1995. [3] F. Braun, J. Lockwood, and M. Waldvogel. Reconfigurable router modules using network protocol wrappers. In Proceedings of Field-Programmable Logic and Applications, pages 254–263, Belfast, Northern Ireland, Aug. 2001. [4] F. Braun and M. Waldvogel. Fast incremental CRC updates for IP over ATM networks. In Proceedings of 2001 IEEE Workshop on High Performance Switching and Routing, May 2001. [5] B-ISDN ATM adaptional layer AAL Specification. CCITT: Recommendation I.363, 1991. [6] T. Chaney, J. A. Fingerhut, M. Flucke, and J. S. Turner. Design of a gigabit ATM switch. Technical Report WU-CS-9607, Washington University in St. Louis, 1996. [7] Z. Dittia, G. Parulkar, and J. Cox. The APIC approach to high performance network interface design: Protected DMA and other techniques. In Proceedings of IEEE Infocom ’97, Kobe, Japan, Apr. 1997. [8] W. N. Eatherton and T. Aramaki. SPC specification. Working Note ARL-WN-98-01, Applied Research Laboratory, Washington University in St. Louis, 1998. http:// www.arl.wustl.edu/arl/TechRpts/WN/ps/98 01.ps. [9] H. Fallside and M. J. S. Smith. Internet connected FPGAs. In Proceedings of Field-Programmable Logic and Applications (FPL), pages 48–57, Villach, Austria, Aug. 2000. [10] H. Fu and J. W. Lockwood. The FPX KCPSM module: An embedded, reconfigurable processing module for the field programmable port extender (FPX). Technical Report wucs01-14, Washington University in Saint Louis, July 2001. [11] J. W. Lockwood. An open platform for development of network processing modules in reprogrammable hardware. In IEC DesignCon’01, pages WB–19, Santa Clara, CA, Jan. 2001. [12] J. W. Lockwood. Platform and methodology for teaching design of hardware modules in Internet routers and firewalls. In International Conference on Microelectronic Systems Education (MSE 2001), Las Vegas, NV, June 2001. [13] J. W. Lockwood, N. Naufel, J. S. Turner, and D. E. Taylor. Reprogrammable network packet processing on the field programmable port extender (FPX). In Proceedings of FPGA 2001, Monterey, CA, USA, Feb. 2001. [14] J. W. Lockwood, J. S. Turner, and D. E. Taylor. Field programmable port extender (FPX) for distributed routing and queuing. In Proceedings of FPGA 2000, pages 137–144, Monterey, CA, USA, Feb. 2000.

[15] T. Miyazaki, K. Shirakawa, M. Katayama, T. Murooka, and A. Takahara. A transmutable telecom system. In Proceedings of Field-Programmable Logic and Applications, pages 366–375, Tallinn, Estonia, Aug. 1998. [16] P. Newman et al. Transmission of flow labelled IPv4 on ATM data links. Internet RFC 1954, May 1996. [17] D. E. Taylor, J. W. Lockwood, and S. Dharmapurikar. Generalized RAD module interface specification on the field programmable port extender (FPX). http:// www.arl.wustl.edu/arl/projects/fpx/references, Jan. 2001. [18] M. Zitterbart, T. Harbaum, D. Meier, and D. Br¨okelmann. HeaRT: high performance routing table look up. In Proceedings of IEEE HPCS ’97, 1997.