BACKGROUND
The present disclosure relates generally to systems and methods for providing a data plane processing tool chain for processing packets using OSI layers?4?and above in the data plane.
With the development of multi-core processors, applications no longer achieve regular performance improvements due to increases in clock speeds. Often, applications fail to take full advantage of the capabilities of system hardware. The Intel? Data Plane Development Kit (DPDK) was developed to take advantage of multi-core processor hardware. Because the data plane must run at such a high speed, however, the functions implemented in the data plane have been limited. For example, the DPDK is limited to lower-layer packet processing (Open Systems Interconnection ("OSI") layers1-3) for performing simple services, such as packet forwarding. The DPDK does not support higher-level packet processing (OSI layers?4+) in the data plane. This is because adding these functions using the same technology will adversely impact packet processing performance.
To provide higher-level packet processing, some systems use a hypervisor (i.e., virtual machine manager) to run an isolated operating system that performs higher level packet processing. These solutions are inefficient, however, because they require the additional complexity, cost, and/or overhead of running a virtualized operating system. These conventional solutions also isolate data between operating system instances, which can cause problems when instances need to share data and/or system resources. Thus, tools for OSI layer?4?and above processing without needing a hypervisor are desirable for achieving greater efficiency and processing speed.
Systems and methods consistent with the present disclosure increase the speed of domain name system ("DNS") packet processing by leveraging the data plane. The present disclosure includes several embodiments. For example, in certain embodiments, systems and methods for providing an extended data plane packet processing tool chain are disclosed.
SUMMARY
Systems, methods, and computer-readable mediums are disclosed for processing packets in a data plane using OSI layer?4?and above. Consistent with exemplary embodiments, a method of processing a packet in the data plane may comprise reading a packet from a queue and processing the packet using OSI layer?4?and above using one or more poll mode drivers.
Consistent with further exemplary embodiments, a method of processing data packets may comprise one or more of filtering a DNS packet, wherein the filtering method may include filtering by source IP address, destination port, or wild card search of packet payload data; resolving a DNS packet; generating a packet in the data plane, wherein the type of packet generated may include a DNS query packet or a response packet; forwarding packets into network packet streams; performing a DNS look up; time-stamping a DNS packet; writing a packet to disk; load-balancing by assigning logical cores to data streams; or protecting against a distributed denial-of-service ("DDOS") attack.
Consistent with further exemplary embodiments, the method of processing data packets occurs without using a hypervisor because it does not run multiple operating systems. An application consistent with the present embodiment may run the method of processing data packets in a loop on an assigned logical core.
DETAILED DESCRIPTION
FIG. 1 depicts a system consistent with an embodiment of the current disclosure. One or more embodiments disclosed herein may be implemented using a computing device, such as network device?101. Exemplary network device?101?may logically be attached or include one or more processors102. In some embodiments, at least some of the processors may have one or more cores of varying core configurations and clock frequencies, such as cores?103A-D. The cores?103A-D may support one or more logical cores (not shown), sometimes called threads. To connect to the network, network device?101?may also include one or more network interfaces, such as network interface?104. Network interface?104?may be implemented using software and/or hardware, and may include a network interface card ("NIC") or may include a physical port. Network interface?104?may have one or more packet queues. For example, network interface?104?may include one or more RX queues and/or TX queues. For example, the network interface?104?may have multiple RX and TX queues for a single network port. The network device?104?may also include one or more memories?105of varying clock frequencies and memory bandwidth. Memories?105?may include any device capable of storing digital data, such as RAMs, ROMs, solid state drives ("SSDs"), hard disk drives ("HDDs"), etc. While a single memory?105?is shown, the network may include multiple memories.
In one embodiment, a data plane packet processing tool chain is disclosed. The tool chain may include a set of libraries or functions for performing data plane packet processing not only on OSI layers?1-3?but also on OSI layers?4?and above. FIG. 4 is a relationship diagram illustrating the tool chain‘s processing capabilities, as illustrated by the outer ring?402-412. Each exemplary capability is explained in further detail through the following descriptions of disclosed embodiments.
In certain embodiments, the tool chain may include libraries that enable applications to perform packet filtering in the data plane. For example, packet filtering may include filtering packets based on a source or destination IP address, source or destination port, and/or a wildcard search of packet headers or payloads. In one embodiment, an application may use the packet filtering to identify DNS packets.
In another embodiment, the tool chain may include functions or libraries for implementing a data recorder. These functions or libraries may include, for example, functions that read up to 7 gigabits (9 million packets), or more, of data per second directly from the network and write the data to memory. In another embodiment, the tool chain may include functions or libraries to divide a single network packet stream into multiple streams, wherein each stream may be directed to a different data file. The tool chain may include functions or libraries that insure that all packets between two servers are directed to the same data stream. The tool chain may include functions or libraries to time-stamp packets with millisecond or greater accuracy. Unique timestamps on the packets may allow for the data files to be reconstituted into a single stream if needed.
The tool chain may include libraries or functions that generate packets in the data plane. In one embodiment, an application may generate DNS query packets. In another embodiment, the application may generate packets that respond to DNS queries. This may take place in OSI layer?6.
In an additional embodiment, the tool chain may include libraries or functions that perform load balancing. FIG. 2 depicts a system consistent with an embodiment of the current disclosure. Load balancing may include assigning one or more logical cores, such as Icore(1) through Icore(n), or RX/TX queue pairs, such as RX Queue(1) through RX Queue(n) and TX Queue(1) through TX Queue(n), per network port, such as RX Port(1) through RX Port(n) and TX Port(1) through TX Port(n). Additionally, the load balancing may include assigning logical cores from different cores?103A-D to the one or more RX/TX queue pairs for a network port.
The memory?105?may store one or more applications that include one or more of the aforementioned functions or libraries, or any combination thereof. For example, an application may perform a DNS look up, as depicted in FIG. 5. A DNS look up may include a run-once routine that initializes a DNS configuration, as in step?501. In step?502, the application may create an array of DNS lookup instances. In step?503, the application may execute a process query method in an assigned DNS lookup instance. These methods may resolve a DNS query by querying one or more databases storing DNS information, as in option?505. The application may also use the packet filtering to identify DNS packets that need to be resolved in option?506. Finally, in step?504, the application may generate a response packet that includes a response to the DNS query. Steps?503through?506?may repeat in a loop without repeating steps?501?or?502. This may take place in OSI layer?6.
In certain embodiments, the applications perform these functions, as well as functions for OSI layer?4?and above, in the data plane. In other words, these applications perform OSI layer?4?and above functions without the need for an operating system or hypervisor. Accordingly, these applications can share memories and information without the need to perform specific globalization functions. Additionally, the applications operate without the overhead of running multiple operating systems.
In certain embodiments, these applications may be operated in a userland mode. FIG. 3 illustrates the functionality of a poll mode driver and an operating system in userland mode as consistent with disclosed embodiments. In userland mode, the applications, such as application?301, may be implemented using one or more poll mode drivers, such as?302, and an operating system, such as?303. By way of example, the operating system may be Microsoft Windows?, Unix?, Linux?, Solaris?, or some other operating system. In this mode, the poll mode drivers may acquire and send packets to and from the data plane. FIG. 3 illustrates an exemplary process consistent with this embodiment where a poll mode driver?302?acquires a packet from an operating system in step?306, processed the packet in step?307, and sends the packet in step?308. The operating system, however, such as operating system?303, may access memory shared with the applications, such as memory?304, including reading from memory in step?309?and writing to memory in step?311. Accordingly, the operating system may be used to monitor the performance of the applications running in the data plane and/or the poll mode drivers, as in step?310. Additionally, as in step?312, the operating system may be able to provide management functions for the applications running in the data plane.
Alternatively, in certain embodiments, an application may be operated in a bare-metal mode. In bare-metal mode, the application may eliminate the need for an operating system by running as an executable byte code. Features like disk-drive support are left to the user to implement.
In another embodiment, the tool chain may include functions or libraries for protecting against a DDOS attack. These functions or libraries may include, for example, functions that identify a DDOS attack and/or establish a pipeline based on the identification of a DDOS attack to protect against it. These functions or libraries may use a single security appliance to read the data once by the data plane and may operate on the packets N number of times. The packets then may continue through the system or exit the system.
SRC=http://www.freepatentsonline.com/y2013/0007880.html
PatentTips - Data Plane Packet Processing Tool Chain