[233] level 2 network programming using packet ngin rtos

Level 2 Network Programming using PacketNgin RTOS 김성민 ㈜구름네트웍스 대표이사

contents 1. Introduction 2. Basic Network Concepts 3. Level 2 Network Applications 4. Wrap-up

I have a dream Source: http://www.embedded.com/print/4008802 http://blogs.it.ox.ac.uk/oxcert/2015/05/13/cve-2015-3456-venom/ S/W H/W

Who am I? 2009 ~ 2012 패킷엔진의 전신인 패킷바이저 개발 한국전자통신연구원 2013 ~ 2014 패킷엔진 프로토타입 개발 창의도전형SW R&D 프로그램/NIPA 2014 ~ 상용화를 위해 ㈜구름네트웍스 설립 창업선도대학/창업진흥원 2015. 9 패킷엔진 오픈소스 공개 글로벌오픈프론티어/NIPA

Network Programming Host and network node (1/4) • Host • PC, smart phone, server • IP address, TCP or UDP port • Network node • Switch, router, gateway • MAC address, interface number Source: https://en.wikipedia.org/wiki/Hop_(networking) https://www.nas.ewi.tudelft.nl/people/Piet/papers/hopcountmeasurementPAM.pdf

Network Programming Host and network node (1/4) Source: https://en.wikipedia.org/wiki/Computer_network

Network Programming Host and network node (3/4) Source address: Konkuk Univ. Destination address: naver.com tcp://203.252.180.180:3087 tcp://202.179.177.22:80 • Host network programming • TCP, UDP • Send data • Receive data

Network Programming Host and network node (4/4) • Network node programming • MAC, ARP ICMP, OSPF • forwarding • multicast • encrypt/decrypt • encapsulate/decapsulate Network nodes

PacketNgin RTOS Concept Network O/S vs General Purpose O/S (1/2) • Ethernet Header • LAN 안에서 Packet을 Switching할 때 사용하는 정보 • IP Header • WAN 에서 Packet을 Routing할 때 사용하는 정보 • TCP/UDP Header • Host 안에서 Packet을 Dispatch할 때 사용하는 부분 • TCP/UDP Payload • Application에서 사용하는 데이터 Ethernet Header IP Header TCP/UDP Header TCP/UDP Payload

PacketNgin RTOS Concept Network O/S vs General Purpose O/S (2/2) Eth IP TCP Payload Ether Block IP Block TCP Block Web Browser Kernel Space User Space NICEth IP TCP Payload IP TCP Payload TCP Payload Payload Eth IP TCP Payload Ether Block Firewall Kernel Space User Space NICEth IP TCP Payload Eth IP TCP Payload General Purpose O/S Network O/S

Programmability Why Network O/S? • Linux는 Host Network Programming 하기에 적합한 O/S • PacketNgin은 Network Node Programming 하기에 적합한 O/S • ARP, ICMP, IPsec 소스 코드의 양이 Linux에 비해 2/3 ~ 1/2 수준

Why Network O/S? + Network H/W depedent code + deliver_skb() + ret = pt_prev->func(skb, skb->dev, pt_prev); + ip_rcv() + nf_hook() + ip_rcv_finish() + ip_route_input() + dst_input()->ip_forward() or ip_input() + ip_input // Remove the IPv4 header + ip_input_finish + ret = ipprot->handler(&skb, &nhoff); + xfrm4_rcv() + xfrm_input() + xfrm4_parse_spi() + xfrm_state_lookup() // lookup IPsec SA + xfrm_beet_input(skb, x) //To change to inner IP header. + nexthdr = x->type->input(x, xfrm.decap, skb) // == esp_input + esp_input() // process ESP based on inner address + returns 0 ; + /* beet handling in xfrm_rcv_spi */ + netif_rx() + // ip_input_finish returns 0 + // netif_receive_skb returns 0 +netif_receive_skb // Now we have an IPv4 packet. So the input flow is for v4 packet. + deliver_skb() + ret = pt_prev->func(skb, skb->dev, pt_prev); + ip_rcv() + nf_hook() //This calls ip_rcv_finish(skb) + ip_rcv_finish() // Here the skb->dst is NULL and so is filled for the input side. + ip6_route_input() + dst_input()->ip_forward() or ip_input() + ip_input // Remove the IPv4 header + ip_input_finish + … + Network H/W depedent code + nic_process_output() + fifo_push() + ni_input() + ipsec_inbound() + sad_get() + ipsec_decrypt() + spd_get() + ni_output()

PacketNgin Network Application APIs • thread_id(): int • thread_barrior(): void • malloc(size_t): void* • free(void*): void • gmalloc(size_t): void* • gfree(void*): void • ni_input(idx): Packet* • ni_output(Packet*): bool • ni_free(Packet*): void • ni_create(size_t): Packet*

1. 0번 Thread인 경우 2. Global memory 초기화 시행 3. 나머지 Thread는 기다림

1. Local memory 초기화 2. 모든 Thread가 초기화를 마칠 때 까지 기다림

1. 할당된 vNIC의 개수를 가져옴 2. vNIC을 round-robin 방식으로 선택

1. i번째 vNIC을 가져옴 2. Packet이 있으면 3. process라는 함수를 실 행

1. vNIC에서 Packet을 가져옴

1. 모든 Packet은 Ehternet이기 때문에 Packet의 payload를 Ether 형태로 casting함

1. Ether Type이 ARP인 경우 2. Ethernet의 payload를 ARP로 casting함 3. 기타등등 ARP 처리

1. Ether Type이 IPv4인 경우 2. Ethernet의 payload를 IP로 casting함

1. IP의 protocol이 ICMP이고, IP 의 목적지가 나 자신인 경우 2. IP의 payload를 ICMP로 casting함 3. 기타등등 ICMP에 관한 처리

1. IP의 protocol이 UDP 경우 2. IP의 payload를 UDP로 casting함 3. 기타등등 UDP에 관한 처리

1. 의미 없는 Packet인 경우 2. Packet을 drop 시킴

2. Basic Network Concepts 2.1 Local Area Network

LAN and WAN Source: http://www.mysecurecyberspace.com/encyclopedia/index/local-area-network-lan.html

Switch Source: http://kr.gobizkorea.com/blog/kr_catalog_view.jsp?blog_id=iptime&co_lang=1&group_code=62373&obj_id=944135 http://www.dlink.com/us/en/business-solutions/switching/unmanaged-switches/rackmount/des-1026g-24-port-fast-ethernet-switch-plus-2- gigabit-ports

Router Source: http://www.cisco.com/en/US/products/ps10537/index.html http://www.cisco.com/en/US/products/ps5862/index.html

Ethernet Source: https://en.wikipedia.org/wiki/Ethernet_frame

Address Resolution Protocol (1/5) 00:11:22:33:44:01 192.168.0.1 00:11:22:33:44:02 192.168.0.2 00:11:22:33:44:03 192.168.0.3 00:11:22:33:44:06 192.168.0.6 00:11:22:33:44:05 192.168.0.5 00:11:22:33:44:04 192.168.0.4

Address Resolution Protocol (2/5) 00:11:22:33:44:01 192.168.0.1 00:11:22:33:44:02 192.168.0.2 00:11:22:33:44:03 192.168.0.3 00:11:22:33:44:06 192.168.0.6 00:11:22:33:44:05 192.168.0.5 00:11:22:33:44:04 192.168.0.4 Who has 192.168.0.3?

Address Resolution Protocol (3/5) 00:11:22:33:44:01 192.168.0.1 00:11:22:33:44:02 192.168.0.2 00:11:22:33:44:03 192.168.0.3 00:11:22:33:44:06 192.168.0.6 00:11:22:33:44:05 192.168.0.5 00:11:22:33:44:04 192.168.0.4 192.168.0.3 is at 00:11:22:33:44:03

Address Resolution Protocol (4/5)

Address Resolution Protocol (5/5)

1. ARP request이고, 그 대상이 나 자신일 경우

1. Ethernet의 Source와 Destination 주소를 서로 바꾸 어 상대방의 호스트에 패킷을 되 돌림

1. ARP operation을 Response(2)로 바꿈 2. Source Hardware Address를 나의 MAC 주소로 설정함

1. 새로 만든 패킷을 vNIC을 통해 출력함

1. x86_64로 컴파일 함 2. glibc를 사용 안함 3. Stack Pointer를 사용 안함 1. glibc를 사용 안함 1. NewLib (Standard C lib) 2. libcore 3. libTLSF (Memory allocator)

console 유틸리티로 실행 # bin/console run.psh 1. PacketNgin RTOS에 접속함 1. RTVM을 할당 받음 2. Core는 1개 3. Memory는 16MB 4. Storage는 2MB 5. vNIC은 2개 1. 컴파일된 이미지를 전송함 2. VM을 구동함

2. Basic Network Concepts 2.2 Wide Area Network

Wide Area Network 203.252.180.180 8.8.8.8 Source: http://gallery.techarena.in/showphoto.php/photo/21765

IP Routing 203.252.180.180 8.8.8.8 Source: http://gallery.techarena.in/showphoto.php/photo/21765

Internet Protocol Source: http://en.wikipedia.org/wiki/Ipv4

Internet Control Message Protocol Source: http://www.networkuptime.com/nmap/page4-2.shtml • Echo • Destination Unreachable • Redirect Message • Router Advertisement • Router Solicitation • Time Exceed • Bad IP header • Timestamp

Internet Control Message Protocol Source: http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol

Internet Control Message Protocol

2. Basic Network Concepts 2.3 Transmission Control Protocol

Transmission Control Protocol Source: http://en.wikipedia.org/wiki/Transmission_Control_Protocol

Congestion Control Source: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-2/gigabit_tcp.html

3. Level 2 Network Applications

PacketNgin Loadbalancer • Load Balancing Methods • NAT, SNAT, DR, Tunneling • Scheduling Algorithms • Round-Robin, Least-Connection, Hashing, Shortest Expected Delay, Never Queue • Failover • Watchdog, TCP Session Recover 글로벌 오픈프론티어/NIPA

PacketNgin Loadbalancer Throughput VirtualBox + Virt I/O NIC +388%

PacketNgin IPsec • Cryptography Algorithms • DES, 3DES, BlowFish, Cast128, Rijndael, Camelia, AES • Hashing Algorithms • MD5, SHA1/256/384/512, Ripemd160 • Mode • Transport, Tunnel • IKE

PacketNgin IPsec Throughput Core i5 + NetFPGA NIC +420%

PacketNgin Protocol Converter 철도기술연구원, 대아TI

PacketNgin SCPS 군 위성 가속기

PacketNgin IoT Gateway 건국대학교/중소기업청 Source: http://wirelessall.co.kr/goods_detail.php?goodsIdx=10231

Summary • Host network programming vs Network node programming • OSI model level 2 network programming • ARP, ICMP, TCP and DPI • Level 2 Network Applications

What will you do if you can Program the network? semih@gurum.cc packetngin.org

[233] level 2 network programming using packet ngin rtos

More Related Content

What's hot

Viewers also liked

Similar to [233] level 2 network programming using packet ngin rtos

More from NAVER D2

Recently uploaded

[233] level 2 network programming using packet ngin rtos