A Network Project Course Based on Network Processors - CiteSeer

A Network Project Course Based on Network Processors Peter Steenkiste Computer Science Department and Department of Electrical and Computer Engineering Carnegie Mellon University Pittsburgh, PA 15213 [email protected] Abstract

1

A difficult problem in networking courses is to find hands-on projects that have the right balance between the level of realism and complexity. This is especially true for projects that focus on the internal functionality of routers and other network devices. We developed a capstone course called “Network Design and Evaluation” that uses a network processor-based platform for networking projects. This platform is more realistic than traditional approaches based on software emulation environments or PC-based routers running Unix, but it is significantly less complex to work with than real commercial routers or even PCbased routers. We are currently teaching this course for the third year, and our experience has been extremely positive. Students enjoy the realism of the platform and not only learn a lot about the internal operation of the network, but also about network configuration and management.

Most universities today offer a set of courses on computer networking. The first course is typically an introductory undergraduate course that covers basic concepts such as routing, error control, flow control, … Advanced courses typically study a smaller set of topics in more depth. They can for example focus on wireless and mobile networking,, routing and traffic engineering, or quality of service. An

Categories & Subject Descriptors K.3.2 [Computers and Education]: Computer and Information Science Education – Computer science education, Curriculum. C.2.1 [Computer-Communication Networks]: Network Architecture and Design – Packet-switching networks, Network communications.

General Terms Design, Experimentation, Human Factors.

Keywords Network project, Network internals, Pedagogy.

_____________________ Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. SIGCSE’03, February 19-23, 2003, Reno, Nevada, USA. Copyright 2003 ACM 1-58113-648-X/03/0002…$5.00.

Introduction

important question is how hands-on assignments or projects can be used to complement lectures and exams. Projects can for example teach students how to apply the course material to solve practical problems (e.g., how to deal with packet loss). Projects can also be used to illustrate important concepts, thus improving the students’ understanding of the course material (e.g., the importance of congestion control). In this paper we describe our experience in using a platform based on a network processor (the Intel IXP 1200 [1]) for course projects in computer networking. The projects specifically focus on learning in a hands-on fashion about network internals, e.g., routers, switches, or special-purpose network devices. A network processor-based platform is an attractive vehicle for teaching because it is more realistic than traditional platforms, namely software emulation environments or PC-based routers. For example, the IXP 1200 platform used in our course has a processor architecture and a memory hierarchy that are optimized for use in routers and network devices. These features add a significant level of realism to the platform, and help students in understanding the design and optimization tradeoffs that have to be made when implementing networks. While real commercial routers would be even more realistic, they are typically closed systems that are too complex to be used in a course setting. We use network processor-based projects in the context of “Network Design and Evaluation”, a capstone course taught in the Department of Electrical and Computer Engineering at CMU. As such, the goals of the course include teaching the students how to prepare technical documents (design specifications, status reports, ..), how to give presentations, and how to work in teams. The course typically involves a mix of seniors and masters students. The course has been very successful and it received good course evaluation scores. The remainder of this paper is organized as follows. We first review some of the requirements for computer networking labs. We describe the structure of our course in Section 3 and the project component of the course in Section 4. In Section 5, we

explain how we bring the students up to speed on the IXP platform. We summarize in Section 6.

2

Networking Labs

Hands-on assignments and projects are an essential part of teaching computer networking. They can help improving students’ understanding of the course material or they can teach the student how they can apply the concepts taught in the course [2]. Given that computer networking is a fairly broad area, projects should target a specific topic or skill. Project will typically focus on one of the following aspects of computer networking: •

Application level programming: use tools such as sockets to develop distributed applications [4, 5].

•

Probing the network: use simple applications such as traceroute and ping to gain insight into the internal operation of the network. When using an operational network, it is important to make sure that the experiments are nonintrusive. By providing an isolated network [6], it becomes possible to offer a broader set of experiments. Examples, include snooping packets and congestion control experiments that involve flooding.

•

Network internals: implement protocol stacks or other network functions, such as firewall functionality, network address translation, or quality of service. These projects are often done in the context of an emulation environment [3].

•

Network configuration and management: configure networks to meet specific requirements. One example is VINTLab [7] at the University of Virginia.

Our focus is on the third topic, i.e. gaining experience in implementing and improving internal network functions. The most common way of supporting this type of project is to provide students with a software emulation environment that implements the operating system functionality that is needed by the network, e.g., timer functions, buffer management, and packet-level read/write access to one or more network interfaces. These functions implicitly also model the hardware. The students can then implement protocols and other network functions, calling these built-in functions as needed. The software emulation approach has many advantages. First, students can fairly quickly build and test network protocols, and gain insights in some of the finer points of protocol implementation. This approach also scales well to larger class sizes. We have for example used software emulation-based projects in the CMU Computer Science “Computer Networking” course, a senior-level course with 100+ students. However, there are also some disadvantages. First, the software emulation environment typically does not present a very realistic picture of the internals of routers and network devices. Second, it is sometimes difficult to run real applications on top of emulation environments, further reducing the level of realism. Finally, emulation environments only support certain types of projects, specifically projects that are not sensitive to timing. Projects on topics that are performance-oriented or timing sensitive (e.g. congestion control) cannot easily be done this way. An alternative is to use PC-based routers running Linux or FreeBSD as the platform for course projects. This significantly increases the level of realism (e.g. packets flow over real wires and it is possible to run real applications). However, while a PCbased router is real in the sense that it forwards packets, its

internal design is in fact very different from that of a real router. Another drawback of this approach is that the programming complexity increases significantly since students now have to modify the kernel. This also raises security issues. While the use of downloadable kernel modules can alleviate these problems somewhat, our experience is that this approach only works for smaller, graduate level courses. As an alternative to software emulation and PC-based routers, we have used a network processor-based platform as the basis for networking projects. Network processors have been designed specifically to support high-speed packet processing in routers and network devices. Combined with a suitable software environment, they form a very realistic networking platform. The specific platform we used is an evaluation card for the Intel IXP 1200 network processor. Intel provides both development tools and an open runtime environments for the IXP evaluation card. The idea is that students start with a completely functional IP router, which is one of the sample IXP applications provided by Intel. Projects consist of extending the router functionality and evaluating the extension. Our experience shows that this approach has significant advantages. First, the environment in which students work is quite realistic. For example, the processor architecture and memory hierarchy of the IXP 1200 platform are optimized for use in routers and other network devices. The IXP1200 is a multiCPU processor that includes six microengines for packet processing and one general-purpose CPU (a StrongArm) for control operations. The memory design has separate memories for packets and control information, and the memory hierarchy is optimized for data streaming instead of cache-based memory access. This means that students can learn in a hands-on fashion about the design and optimization tradeoffs for network devices. Second, since they are using real hardware, students can use real application and traffic generators to evaluate their project. Finally, students get to put together and configure their own network, so they learn, for example, how to configure interfaces and the differences between various types of cables and connectors. Commercial routers would, of course, be an even more realistic platform for projects. However, while they may be appropriate for use in labs that focus on network configuration and management, they are not a very practical platform to teach about network internals. First, commercial routers are typically closed systems, i.e. we cannot get access to the code and development tools. Second, even if we had access, we believe that the systems would be too complex to be of practical use in a course setting. We have significant experience in using network processors in a project-oriented course, as we describe in the remainder of this paper. One of challenges is that students have to go through a fairly steep learning curve, although in practice, this is quite manageable (Section 5). However, because of this learning curve, doing smaller scale projects (e.g. one week programming assignments) is much more difficult. One possibility is to use simulators of network processors for smaller programming assignments, thus avoiding the overhead of learning how to set up the hardware.

3

Course Description

We describe the goals and structure of our capstone course.

3.1 Course Goals We have used network processor-based projects in a capstone course on “Network Design and Evaluation” in the CMU ECE department for the last three years. The goals for the course are driven in part by the capstone nature of the course. Specifically: •

Students gain an in-depth understanding of both the functionality and implementation options of a specific networking aspect, such as network QoS, security, … They also learn about other networking topics through presentations on other class projects.

•

Students learn how to take an idea and turn it into a working system by going through a full project definition, design, implementation, and evaluation cycle. The skills developed are not only system building skills but also how to give presentations and write project documents.

•

Students learn how to work in teams and do project management (e.g. set milestones, coordinate with team members).

3.2 Course Structure The course has three components. The main component is of course the capstone project. The second component is a set of lectures, lab sessions, and programming assignments that are designed to bring the students up to speed on the IXP 1200 platform. We describe these two course components in more detail in Sections 4 and 5. The last component is a set of lectures on router architecture and network processors that give students insights in the design and implementation of network devices, other than the IXP-based platform they use for their project. This course segment consists of a set of 3 or 4 lectures that can be given at any time during the semester. The lectures cover architectures for both low-end and high-end routers, network devices (e.g. NATs, firewalls, web front-ends) and also include a survey of network processor architectures.

is that it difficult to adjust the degree of difficulty of the project to the student background, which is an issue in a course that has both seniors and potentially very mature graduate students. However, when using IXP-based projects in a short amount of time as part of a broader course, this option is definitely the way to go. The option we use is to let students define their own projects. This is more work for the instructors and there is a higher risk for “failed” projects, i.e., projects that turn out to be impractical. However, it has the big advantage that students feel like they own their project. As a result, they are more likely to take initiative. A side effect of having teams pick their own projects is that the students are responsible for finding the necessary background information to execute the project. While the instructors can (and should) of course provide pointers to relevant material, it is not possible to have a prepared reading list on every conceivable project topic. Having to decide what material is relevant and what material is not is an important learning experience. The projects proposed by each team of students must consist of three interacting network components. A first component is a data plane component, i.e. a network element that is involved in processing packets that are forwarded by the router. This component will be implemented on the microengine. Examples include a packet scheduler that supports quality of service, or packet filtering for a firewall. The second component is a control plane component that manages and controls the above data plane function. Examples are a signaling protocol that sets up the QoS packet scheduler, or a management interface for a firewall. A third component is one or more applications that stress the new network feature. For example, a video streaming application that uses a connection with a bandwidth guarantee, or an application that tries to break into a network protected by a firewall. It turns out that there are a small number of topics that are obvious candidates for projects. They include: firewalls, NAT, RED and ECN support, and QoS support. However, students sometimes come up with more creative topics, e.g. source-based routing, porting RSVP, or IP traceback to stop denial of service attacks. 4.3 Milestones

4

The Capstone Project

We look in detail at how the course projects are defined and managed. 4.1 Project Structure Small teams of 2-4 students develop a router extension, using an IXP 1200-based router as a starting point. The students have to go through a design, implementation, and evaluation phase, and at each stage they have to write documents and give presentations describing their work. 4.2 Project Definition There are two ways of organizing projects in this type of course. The first option is to have teams execute a predefined project. There might be one project that is executed by all teams or teams can choose from a small number of predefined projects. The advantage of this approach is that it is easier for the instructor to prepare and it is less likely that there will be surprises later in the semester since projects can be tried out beforehand. The drawback is that the project may feel like a large programming assignment and may not engage the students. Another drawback

The goal of the course is not just to implement a project, but also to gain experience in writing documents and giving project presentations. Students get written feedback on both the documents and the presentations. I have observed how for most teams, the quality of the documents and presentations improves throughout the semester. The table below lists the timing of these deliverables. Week 2

One-page project proposals due

Week 4

Project design documents due

Week 5

Design presentations

Week 8

Status presentations Status reports due Status presentations Status reports due Draft final report

Week 12 Week 14 End semester

Demos and final presentations Final reports due

The design document must cover: projects goals, design of extension, related work, project plan including milestones and tasks for each team member, evaluation plan including metrics, and a discussion on risks. The status reports are shorter and cover results obtained so far, plus a discussion of any changes to the original plan (goals, design, …). The final report includes goals, design, a detailed description on the implementation, and evaluation results. It is also useful to schedule regular (roughly once every 2 weeks) one-on-one status meeting with each team, where the instructor meets with the team to go over the project status. These meetings tend to be more useful for talking about problems and open issues than the in-class presentations, where there is typically not enough time for in-depth discussion. Another goal of the course is to teach students about project management, i.e. planning the project execution, working in teams, and dealing with set backs, such as unanticipated platform limitations, design shortcomings). The milestones associated with the above schedule requires the students to plan ahead and their design document must include a project plan that lists milestones and the responsibilities of each team members. Given the structure of the projects, it often makes sense for team members to specialize. For example, one student focuses on the control plane while the other takes charge of the data plane. Breaking up a project is not only a good way of organizing the implementation it also has the advantage that the students only have to learn the details of part of the IXP platform.

Figure 1: lab station 5

5.1 Lectures and lab sessions During the first three weeks of the semester, we use a sequence of lectures and lab sessions to familiarize the students with the platform. Three aspects of the platform are covered: •

The architecture of the microengines that implement the data forwarding path and the programming tools that are used to program the microengines. These tools include a programming environment and a cycle-accurate simulator.

•

The software environment on the StrongArm that supports the router control plane. This includes mechanisms for communication between the microengines and the StrongArm; communication can be based on message passing or shared memory.

•

The design of the router software that is used as the starting point for the projects.

4.4 Lab Setup The specific platform used in the course is an evaluation platform for the IXP, called Bridalveil. It is a PCI card that has an IXP1200 chip, static and dynamic memory, and the necessary buses. It has four 10/100 Ethernet interfaces. We use the L3 Forwarder project, so the card behaves as a small 4x4 router. In our configuration, the StrongArm core runs Linux. The host machine also runs Linux and it uses a PCI driver to manage the IXP device (e.g. download code, monitor card, ..). Each team in the course has its own hardware set up to work with. Figure 1 shows the hardware set up that is used in the beginning of the semester. It consists of a Bridalveil card hosted by a Linux PC. Two other Linux PCs have a second network interface card (NIC) that connect them to the Bridalveil card. As a result, the Bridalveil card is at the heart of a teaching network that is separate from the departmental network. The students can experiment with (configure, break) the teaching network, but not the departmental network. Besides the 3 Linux PCs, each team also has access to a Windows 2000 PC that runs the IXP software development environment. Each machine is connected to the ECE departmental network for access to remote file systems, the Web, .. This simple set up is sufficient to do a lot of development and testing. Later in the semester, more NICs and Bridalveil cards are added to test projects over larger networks. For even larger scale testing, teams can combine their hardware. The configuration of the teaching network is under the control of the students. For example, students can change the network topology, configure the network interfaces, and set up the routing tables. Students do not have root access on the Linux hosts because of CMU rules for teaching labs. Instead, students are given selective use of privileged commands using the “sudo” support provided in Linux.

Bringing students up to speed

One of the challenges in using a realistic platform such as the IXP 1200 evaluation card for course project is that students face a steep learning curve.

The readings for these lectures and lab sessions consist of chapters from the textbook [8] and selected sections of the IXP documentation. The readings have two goals: give the students a high level overview of the IXP system and familiarize them with the organization of the documentation so they can look up information as they need it throughout the semester. Students have access to the full set of documentation both electronically and in the form of hardcopies made available in the teaching lab. 5.2 Programming Assignments The lectures and lab sessions are complemented by a sequence of programming assignments that are designed to make the students feel comfortable with the platform and software tools. The programming assignments are for that reason very simple. As an example, this year (Fall 2002) we are asking student to do some special processing for packets that have a “Type of Service” (TOS) field with a specific value. We use a sequence of three programming assignments: 1.

Modify the data forwarding code on the microengines to identify packets that have their TOS field set to the specific value and to replace the TOS field by a different value. This first assignment must be done in the software development environment, using the IXP simulator for testing, i.e. it does require access to the hardware.

2.

Extend the first assignment to count the number of packets that are modified and to make that count available to the control plane code running on the StrongArm so it can be printed out. This requires the use of microengine-StrongArm communication based on shared memory.

3.

Execute the result of programming assignment 2 on the hardware and verify its functionality. The Linux hosts are used to send packets with different TOS fields through the IXP router running the students’ projects. The receiving host can check the TOS fields in the received packets, while the number of modified packets can be monitored from the command shell executing on the StrongArm.

The starting point for the assignment is the router project code, which is also the basis for the capstone projects.

work with than real commercial routers or even PC-based routers. We are currently teaching this course for the third year, and our experience has been extremely positive. Students enjoy the level of realism of the platform and not only learn a lot about the internal operation of the network, but also about network configuration and management.

Acknowledgements The development of this course was made possible in part by support from Intel. I would also like to thank Petcharat

Suriyachai and Haoyu Zhou, who were my teaching assistants in the first two years, Nimit Sawhney, and Dirk Brandewie for all their help.

5.3 Discussion

References

While the learning curve initially looked like a major issue, it has not been a stumbling block in practice. One reason is that the students have to become familiar with only a limited number of features of the platform. For example, a team working on a routing project can largely ignore the details of how packets are queued on the outgoing interfaces. On the other hand, a team working on quality of service does not have to understand how the routing table is organized. Some of the more complex modules of the system, such as the modules that manage the network interfaces, can be ignored by everybody. Another reason why the complexity of the platform is manageable is that once the project designs have been completed, team members can focus on their part of the project.

[1] The Intel IXP1200 Processor Family. Available at: http://www.intel.com/design/network/products/npfamily/ixp 1200.htm

The complexity of the platform may in fact add some value to the course. My experience in working with junior graduate students and programmers is that for many systems, the problem when starting to use a new system is often not lack of documentation but abundance of documentation. Being able to figure out what part of the documentation is relevant to completing a specific task is an important skill. Many students, however, never have to deal with this problem since courses typically provide very specific reading lists. The complexity of the platform does however create a problem for shorter term programming assignment that are given, for example, as part of an introductory networking course. For such courses, it is probably preferable to use programming assignments that use the simulation environment. A more significant challenge is bringing teaching assistants up to speed. First, students expect TAs to be very knowledgeable about the platform. Moreover, since the TAs support a diverse set of projects, they must deal with a wider range of system features than the students. The best solution is of course to use TAs that have taken the course in a previous year.

6

Conclusion

In this paper we described our experience in using a network processor-based platform for capstone projects that focus on implementing or extending the internal functionality of routers and other network devices. We believe that this approach provides the right balance between the level of realism and complexity. This platform is more realistic than traditional approaches based on software emulation environments or PCbased routers running Unix, but it is significantly less complex to

[2] Comer, D.E. Hands-On Networking Technologies, Prentice Hall, 2002.

with

Internet

[3] Carniani, E., and Davoli, R. The Netwire Emulator: A Tool for Teaching and Understanding Networks, The 6th Annual SIGCSE/SIGCUE Conference on Innovation and Technology in Computer Science Education (ITiCSE 2001), June 25-27, 2001. [4] Shay, W. A Multiplatform/Multilanguage Client/Server Project, The 33rd Technical Symposium on Computer Science Education, February 27-March 3, 2002. [5] Mitchener, W., and Vahdat, A. A Chat Room Assignment for Teaching Network Security, The 32rd Technical Symposium on Computer Science Education, February 2125, 2001. [6] Hill, J., Carver, C., Humphries, J., and Pooch, U. Using an Isolated Network Laboratory to Teach Advanced Networking, The 32rd Technical Symposium on Computer Science Education, February 21-25, 2001. [7] Liebeherr, J. VINTLab, description available at http://www.cs.virginia.edu/wintlab/index.html. [8] Johnson, E.J., and Kunze, A.R. Intel Press, 2002.

IXP1200 Programming.