Cleanup caps, write text for stateful NAT64 diagram
This commit is contained in:
Nico Schottelius
parent
ec050a11ae
commit
33963bc681
7 changed files with 71 additions and 53 deletions
|
|
@ -15,10 +15,10 @@ packets are output and deparsing of the parsed data might follow.
|
|||
In the context of NAT64 this is a very important feature: while the
|
||||
parser will read and parse in the ingress pipeline one protocol
|
||||
(f.i. IPv6), the deparser will output a different protocol (f.i. IPv4).
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\includegraphics[scale=0.9]{p4-from-nsg}
|
||||
\centering
|
||||
\caption{P4 protocol independence~\cite{vanbever:_progr_networ_data_planes}}
|
||||
\caption{P4 Protocol Independence~\cite{vanbever:_progr_networ_data_planes}}
|
||||
\label{fig:p4fromnsg}
|
||||
\end{figure}
|
||||
The \textit{target independence} is the second major feature
|
||||
|
|
@ -72,7 +72,7 @@ used prior to establishing a connection and their results are
|
|||
cached, their availability is crucial for operating a switch, because
|
||||
without ARP or NDP no connection will every be established.
|
||||
Figure \ref{fig:arpndp} illustrates a typical address resolution process.
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\includegraphics[scale=0.4]{arp-ndp}
|
||||
\centering
|
||||
\caption{ARP and NDP}
|
||||
|
|
@ -103,10 +103,10 @@ As seen later in this document (compare
|
|||
section \ref{results:netpfga:features}), the requirement to generate checksums
|
||||
over payload poses difficult problems for some hardware targets. Even
|
||||
more difficult is the use of options within ICMP6.
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\includegraphics[scale=0.4]{icmp6ndp}
|
||||
\centering
|
||||
\caption{ICMP6 option fields}
|
||||
\caption{ICMP6 Option Fields}
|
||||
\label{fig:icmp6ndp}
|
||||
\end{figure}
|
||||
The problem arises from the layout of the options, as seen
|
||||
|
|
@ -151,7 +151,7 @@ addresses of different size, but fields have also been changed or
|
|||
removed when the version changed. Depending on the NAT64
|
||||
translation direction, a translator will need to re-arrange fields to
|
||||
a different position, remove fields and add fields.
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\begin{verbatim}
|
||||
0 1 2 3
|
||||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||||
|
|
@ -194,7 +194,7 @@ NAT64 allows translating many IPv6 addresses to one IPv4 address.
|
|||
While the opposite stateful translation, mapping many IPv4 addresses
|
||||
to one IPv6 address, is also technically possible,
|
||||
the differences in address space size don't justify its use in general.
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\begin{verbatim}
|
||||
0 1 2 3
|
||||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||||
|
|
@ -222,7 +222,7 @@ protocols to multiplex connections: Given one IPv4 address and the TCP
|
|||
protocol, outgoing connections from IPv6 hosts can dynamically mapped
|
||||
to the range of possible TCP ports. After a session is closed, the
|
||||
port can be reused again.
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\includegraphics[scale=0.5]{statefulnat64}
|
||||
\centering
|
||||
\caption{Stateful NAT64}
|
||||
|
|
@ -270,7 +270,7 @@ this purpose. One possibility to map
|
|||
an IPv4 address into the prefix is by adding its integer value to the
|
||||
prefix, treating it as an offset. In figure \ref{fig:ipv4embed}
|
||||
we show example python code of how this can be done.
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\begin{verbatim}
|
||||
>>> import ipaddress
|
||||
>>> prefix=ipaddress.IPv6Network("64:ff9b::/96")
|
||||
|
|
@ -283,7 +283,7 @@ we show example python code of how this can be done.
|
|||
IPv6Address('64:ff9b::c000:200')
|
||||
\end{verbatim}
|
||||
\centering
|
||||
\caption{Representing an IPv4 address in an IPv6 prefix}
|
||||
\caption{Representing an IPv4 address in an IPv6 Prefix}
|
||||
\label{fig:ipv4embed}
|
||||
\end{figure}
|
||||
Network administrators can choose to use either the well known prefix
|
||||
|
|
@ -293,7 +293,7 @@ Internet.\footnote{For instance
|
|||
While a /96 prefix seems a natural selection (it provides exactly 32 bit),
|
||||
other prefix lengths are defined in RFC6052 (see figure
|
||||
\ref{fig:prefixlen}) that allow flexible embedding of the IPv4 address.
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\begin{verbatim}
|
||||
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|
||||
|PL| 0-------------32--40--48--56--64--72--80--88--96--104---------|
|
||||
|
|
@ -312,7 +312,7 @@ other prefix lengths are defined in RFC6052 (see figure
|
|||
+--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|
||||
\end{verbatim}
|
||||
\centering
|
||||
\caption{IPv4 embedding depending on the prefix length}
|
||||
\caption{IPv4 Embedding Depending on the Prefix Length}
|
||||
\label{fig:prefixlen}
|
||||
\end{figure}
|
||||
RFC6146, which describes stateful NAT64, states that
|
||||
|
|
@ -359,7 +359,7 @@ level protocols. The pseudo header for upper layer protocols for
|
|||
IPv6 is defined in RFC2460~\cite{rfc2460} and shown in figure
|
||||
\ref{fig:ipv6pseudoheader}, the IPv4 pseudo header for TCP and UDP are
|
||||
defined in RFC768 and RFC793 and are shown in \ref{fig:ipv4pseudoheader}.
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\begin{verbatim}
|
||||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||
| |
|
||||
|
|
@ -392,7 +392,7 @@ adjusted. The checksums for TCP and UDP are calculated not only over the pseudo
|
|||
headers, but also contain the payload of the packet. This is
|
||||
important because some targets (like the NetFPGA) do not allow
|
||||
accessing the payload (see section \ref{design:netpfga}).
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\begin{verbatim}
|
||||
0 7 8 15 16 23 24 31
|
||||
+--------+--------+--------+--------+
|
||||
|
|
@ -490,10 +490,10 @@ a single /96 IPv6 network. IPv6 only networks also allow the operators
|
|||
to focus on one IP stack.
|
||||
% ----------------------------------------------------------------------
|
||||
\section{\label{background:netfpga}NetFPGA}
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\includegraphics[scale=0.4]{sumeboard}
|
||||
\centering
|
||||
\caption{NetFPGA Board, \cite{zilberman:_netfp_sume}}
|
||||
\caption{NetFPGA Board~\cite{zilberman:_netfp_sume}}
|
||||
\label{fig:netfpga}
|
||||
\end{figure}
|
||||
The NetFPGA~\cite{zilberman:_netfp_sume}
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ Lastly we discuss how we verify NAT64 functionality and
|
|||
present the network configurations that we use.
|
||||
% ----------------------------------------------------------------------
|
||||
\section{\label{design:nat64}P4/NAT64}
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\includegraphics[scale=0.5]{switchdesign}
|
||||
\centering
|
||||
\caption{P4 Switch Architecture}
|
||||
|
|
@ -40,10 +40,10 @@ switch tables.
|
|||
The P4 switch can use any protocol to communicate with the controller, as
|
||||
the connection to the controller is implemented as a separate Ethernet
|
||||
port.
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\includegraphics[scale=0.4]{v6-v4-standard}
|
||||
\centering
|
||||
\caption{Standard NAT64 translation}
|
||||
\caption{Standard NAT64 Translation}
|
||||
\label{fig:v6v4standard}
|
||||
\end{figure}
|
||||
|
||||
|
|
@ -59,10 +59,10 @@ P4. This design has multiple advantages: first it reduces the number
|
|||
of devices to pass and thus directly reduces the RTT, secondly it
|
||||
allows translation of IP addresses within the same logic network
|
||||
segment.
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\includegraphics[scale=0.4]{v6-v4-mixed}
|
||||
\centering
|
||||
\caption{In-network NAT64 translation}
|
||||
\caption{In-network NAT64 Translation}
|
||||
\label{fig:v6v4mixed}
|
||||
\end{figure}
|
||||
P4 switches in general look very similar to regular switches, however
|
||||
|
|
@ -77,7 +77,7 @@ implemented and translates packets.
|
|||
\end{figure}
|
||||
% ----------------------------------------------------------------------
|
||||
\section{\label{design:bmv2}P4/BMV2}
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\begin{verbatim}
|
||||
/* checksumming for icmp6_na_ns_option */
|
||||
update_checksum_with_payload(meta.chk_icmp6_na_ns == 1,
|
||||
|
|
@ -105,7 +105,7 @@ update_checksum_with_payload(meta.chk_icmp6_na_ns == 1,
|
|||
);
|
||||
\end{verbatim}
|
||||
\centering
|
||||
\caption{P4/BMV2 checksumming}
|
||||
\caption{P4/BMV2 Checksumming}
|
||||
\label{fig:bmv2checksum}
|
||||
\end{figure}
|
||||
The software emulated switch that is implemented using
|
||||
|
|
@ -138,7 +138,7 @@ second option of using the differences is described in section
|
|||
% ok
|
||||
% ----------------------------------------------------------------------
|
||||
\section{\label{design:netpfga}P4/NetFPGA}
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\begin{verbatim}
|
||||
action v4sum() {
|
||||
bit<16> tmp = 0;
|
||||
|
|
@ -176,7 +176,7 @@ action delta_tcp_from_v6_to_v4()
|
|||
}
|
||||
\end{verbatim}
|
||||
\centering
|
||||
\caption{Calculating checksum based on header differences}
|
||||
\caption{Calculating Checksum based on Header Differences}
|
||||
\label{fig:checksumbydiff}
|
||||
\end{figure}
|
||||
While the P4-NetFPGA project~\cite{netfpga:_p4_netpf_public_github}
|
||||
|
|
@ -232,7 +232,7 @@ Jool & LPM (both directions)\\
|
|||
\hline
|
||||
\end{tabular}
|
||||
\end{minipage}
|
||||
\caption{NAT64 match factors}
|
||||
\caption{NAT64 Match Factors}
|
||||
\label{tab:statelessnat64factors}
|
||||
\end{center}
|
||||
\end{table}
|
||||
|
|
@ -251,7 +251,7 @@ highest degree of flexibility, as it provides support for individual
|
|||
entries based on table entries and LPM table entries.
|
||||
% ----------------------------------------------------------------------
|
||||
\section{\label{design:statefulnat64}Stateful NAT64}
|
||||
\begin{figure}[h]
|
||||
\begin{figure}[htbp]
|
||||
\includegraphics[scale=0.5]{p4switch-stateful}
|
||||
\centering
|
||||
\caption{Stateful NAT64 with P4}
|
||||
|
|
@ -268,8 +268,7 @@ to solve this problem:
|
|||
\item For P4/BMV2 and P4/NetPFGA a python controller handles packets
|
||||
that don't have a table entry, sets the table entry in the P4 switch
|
||||
and inserts the original packet afterwards back into the
|
||||
switch. Figure \ref{fig:p4switchstateful} shows the flow of a packet
|
||||
with stateful translation in detail.
|
||||
switch.
|
||||
\item With Tayga we rely on the Linux kernel NAT44 capabilities
|
||||
\item Jool implements its own stateful mechanism based on port
|
||||
ranges
|
||||
|
|
@ -285,6 +284,25 @@ inside the Linux kernel, in case of P4 this decision is based on a
|
|||
session table inside the python controller. While the Jool and Tayga
|
||||
both support cleaning up old session entries,
|
||||
our P4 based solution does not support this feature at the moment.
|
||||
|
||||
In figure \ref{fig:p4switchstateful} we show the flow of a packet for
|
||||
stateful translation in a P4 switch in detail. As can be seen an IPv6
|
||||
host emits a packet that should be translated to IPv4. On a new
|
||||
connection there will be no table entry in the P4 switch to
|
||||
match. Thus the table mismatch causes the P4 switch to forward the
|
||||
packet to the controller. The controller then inspects the packet,
|
||||
creates a table entry for the session and reinjects the packet into
|
||||
the P4 switch. The P4 switch then processes the packet again, however
|
||||
this time it finds a matching table entry. This entry causes
|
||||
translation to happen to a specific IPv4 address, including higher
|
||||
level protocol changes. After processing the IPv6 packet is output as
|
||||
a translated IPv4 packet. A second packet of the same session will
|
||||
directly take the second path via table match, as the session ID will
|
||||
stay the same.\footnote{We use the quintuple (source address,
|
||||
destination address, source port, destination port, protocol) to
|
||||
generate a unique ID.} This is an important feature, because if the
|
||||
controller was involved into processing every packet, the P4
|
||||
controller would become the bottleneck.
|
||||
% ----------------------------------------------------------------------
|
||||
\section{\label{design:tests}NAT64 Verification}
|
||||
We use socat~\cite{rieger:_multip} to verify basic operation of the
|
||||
|
|
@ -296,7 +314,7 @@ commands allow interactive testing on TCP and UDP connections, while
|
|||
the iperf commands fully utilise the available bandwidth with test
|
||||
data.
|
||||
The socat and iperf commands are used to verify all three NAT64
|
||||
implementations (p4, Tayga, Jool).
|
||||
implementations (P4, Tayga, Jool).
|
||||
\begin{table}[htbp]
|
||||
\begin{center}\begin{minipage}{\textwidth}
|
||||
\begin{tabular}{| c | c | c |}
|
||||
|
|
@ -348,7 +366,7 @@ with 20 sessions\\
|
|||
\hline
|
||||
\end{tabular}
|
||||
\end{minipage}
|
||||
\caption{NAT64 verification commands}
|
||||
\caption{NAT64 Verification Commands}
|
||||
\label{tab:nat64verification}
|
||||
\end{center}
|
||||
\end{table}
|
||||
|
|
@ -383,7 +401,7 @@ networks and IPv6 addresses are used:
|
|||
\hline
|
||||
\end{tabular}
|
||||
\end{minipage}
|
||||
\caption{IPv6 address and network overview}
|
||||
\caption{IPv6 Address and Network Overview}
|
||||
\label{tab:ipv6address}
|
||||
\end{center}
|
||||
\end{table}
|
||||
|
|
@ -411,7 +429,7 @@ from the 10.0.0.0/8 range as follows:
|
|||
\hline
|
||||
\end{tabular}
|
||||
\end{minipage}
|
||||
\caption{IPv4 address and network overview}
|
||||
\caption{IPv4 Address and Network Overview}
|
||||
\label{tab:ipv4address}
|
||||
\end{center}
|
||||
\end{table}
|
||||
|
|
|
|||
|
|
@ -36,13 +36,13 @@ in figure \ref{fig:lacnicexhaust}.
|
|||
\begin{figure}[h]
|
||||
\includegraphics[scale=0.5]{rir-ipv4-rundown}
|
||||
\centering
|
||||
\caption{RIR IPv4 rundown projection~\cite{huston:_ipv4_addres_repor}}
|
||||
\caption{RIR IPv4 Rundown Projection~\cite{huston:_ipv4_addres_repor}}
|
||||
\label{fig:riripv4rundown}
|
||||
\end{figure}
|
||||
\begin{figure}[h]
|
||||
\includegraphics[scale=0.7]{lacnicdepletion}
|
||||
\centering
|
||||
\caption{LACNIC Exhaustion projection~\cite{lacnic:_ipv4_deplet_phases}}
|
||||
\caption{LACNIC Exhaustion Projection~\cite{lacnic:_ipv4_deplet_phases}}
|
||||
\label{fig:lacnicexhaust}
|
||||
\end{figure}
|
||||
|
||||
|
|
@ -63,7 +63,7 @@ with legacy IPv4 devices still needs to be provided.
|
|||
\begin{figure}[h]
|
||||
\includegraphics[scale=0.2]{googlev6}
|
||||
\centering
|
||||
\caption{Google IPv6 Statistics from~\cite{google:_ipv6_googl}}
|
||||
\caption{Google IPv6 Statistics~\cite{google:_ipv6_googl}}
|
||||
\label{fig:googlev6}
|
||||
\end{figure}
|
||||
IPv6 hosts and IPv4 hosts cannot directly connect to each other,
|
||||
|
|
@ -74,7 +74,7 @@ proposed~\cite{wikipedia:_ipv6},~\cite{rfc4213}.
|
|||
\begin{figure}[h]
|
||||
\includegraphics[scale=0.4]{v6-v6-separated}
|
||||
\centering
|
||||
\caption{Separated IPv6 and IPv4 network segments}
|
||||
\caption{Separated IPv6 and IPv4 Network Segments}
|
||||
\label{fig:v6v4separated}
|
||||
\end{figure}
|
||||
However installation and configuration of the transition mechanism
|
||||
|
|
|
|||
|
|
@ -131,7 +131,7 @@ fully implemented\footnote{Source code: \texttt{checksum\_bmv2.p4}}\\
|
|||
\hline
|
||||
\end{tabular}
|
||||
\end{minipage}
|
||||
\caption{P4/BMV2 feature list}
|
||||
\caption{P4/BMV2 Feature List}
|
||||
\label{tab:p4bmv2features}
|
||||
\end{center}
|
||||
\end{table}
|
||||
|
|
@ -226,7 +226,7 @@ unsupported\footnote{To support creating payload checksums, either an
|
|||
\hline
|
||||
\end{tabular}
|
||||
\end{minipage}
|
||||
\caption{P4/NetFPGA feature list}
|
||||
\caption{P4/NetFPGA Feature List}
|
||||
\label{tab:p4netpfgafeatures}
|
||||
\end{center}
|
||||
\end{table}
|
||||
|
|
@ -244,13 +244,13 @@ on the first NetFPGA card.
|
|||
\begin{figure}[h]
|
||||
\includegraphics[scale=1.4]{hwtestnico}
|
||||
\centering
|
||||
\caption{Hardware Test NetPFGA card 1}
|
||||
\caption{Hardware Test NetPFGA Card 1}
|
||||
\label{fig:hwtestnico}
|
||||
\end{figure}
|
||||
\begin{figure}[h]
|
||||
\includegraphics[scale=0.2]{hwtesthendrik}
|
||||
\centering
|
||||
\caption{Hardware Test NetPFGA card 2, ~\cite{hendrik:_p4_progr_fpga_semes_thesis_sa}}
|
||||
\caption{Hardware Test NetPFGA Card 2~\cite{hendrik:_p4_progr_fpga_semes_thesis_sa}}
|
||||
\label{fig:hwtesthendrik}
|
||||
\end{figure}
|
||||
During the development and benchmarking, the second NetFPGA card stopped to
|
||||
|
|
@ -402,7 +402,7 @@ and summarise the benchmarking results.
|
|||
\begin{figure}[h]
|
||||
\includegraphics[scale=0.6]{softwarenat64design}
|
||||
\centering
|
||||
\caption{Benchmark design for NAT64 in software implementations}
|
||||
\caption{Benchmark Design for NAT64 in Software Implementations}
|
||||
\label{fig:softwarenat64design}
|
||||
\end{figure}
|
||||
We use two hosts for performing benchmarks: a load generator and a
|
||||
|
|
@ -423,7 +423,7 @@ warm up phase.\footnote{iperf -O 10 parameter, see section \ref{design:tests}.}
|
|||
\begin{figure}[h]
|
||||
\includegraphics[scale=0.5]{netpfgadesign}
|
||||
\centering
|
||||
\caption{NAT64 with NetFPGA benchmark}
|
||||
\caption{NAT64 with NetFPGA Benchmark}
|
||||
\label{fig:netpfgadesign}
|
||||
\end{figure}
|
||||
% ok
|
||||
|
|
|
|||
BIN
doc/Thesis.pdf
BIN
doc/Thesis.pdf
Binary file not shown.
|
|
@ -1462,12 +1462,12 @@ nico@ESPRIMO-P956:~/master-thesis/iperf$
|
|||
\end{verbatim}
|
||||
%---------------------------------------------------------------------------------------------------------
|
||||
|
||||
\abbrev{ARP}{Address resolution protocol}
|
||||
\abbrev{ASIC}{Application-specific integrated circuit}
|
||||
\abbrev{DAC}{Direct attach cable}
|
||||
\abbrev{FGPA}{Field-programmable gate array}
|
||||
\abbrev{LPM}{Longes prefix matching}
|
||||
\abbrev{MTU}{Maximum transfer unit}
|
||||
\abbrev{ARP}{Address Resolution Protocol}
|
||||
\abbrev{ASIC}{Application-Specific Integrated Circuit}
|
||||
\abbrev{DAC}{Direct Attach Cable}
|
||||
\abbrev{FGPA}{Field-Programmable Gate Array}
|
||||
\abbrev{LPM}{Longes Prefix Matching}
|
||||
\abbrev{MTU}{Maximum Transfer Unit}
|
||||
\abbrev{NDP}{Neighbor Discovery Protocol}
|
||||
\abbrev{NAT}{Network Address Translation}
|
||||
\abbrev{NAT64}{Network Address Translation from / to IPv6 to / from IPv4}
|
||||
|
|
|
|||
|
|
@ -9,15 +9,15 @@ digraph G {
|
|||
parser [ label="Parser"];
|
||||
deparser [ label="Deparser"];
|
||||
translation [ label="Translation"];
|
||||
mismatch [ label="Table mismatch"];
|
||||
mismatch [ label="Table Mismatch"];
|
||||
v4packet [ label="IPv6 Packet"];
|
||||
v4packet2 [ label="IPv4 Packet"];
|
||||
v6packet [ label="IPv6 Packet"];
|
||||
tableentry [ label="Create table entry" ];
|
||||
tablematch [ label="Table match" ];
|
||||
tableentry [ label="Create Table Entry" ];
|
||||
tablematch [ label="Table Match" ];
|
||||
|
||||
reinject [ label="Reinject packet" ];
|
||||
controller [ label="Controller reads packet" ]
|
||||
controller [ label="Controller Reads Packet" ]
|
||||
|
||||
deparser [ label="Deparser"];
|
||||
deparser2 [ label="Deparser"];
|
||||
|
|
|
|||
Loading…
Reference in a new issue