# A QoS-enabled Packet Scheduling Algorithm for IPSec Multi-Accelerator Based Systems

Alberto Ferrante and Vincenzo Piuri

DTI, University of Milan

{ferrante, piuri}@dti.unimi.it

Fabien Castanier AST, ST Microelectronics fabien.castanier@st.com

### **Presentation Outline**



#### **IPSec**

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

Conclusions and Future Work

### 1. IPSec;

- 2. The scheduling algorithm;
- 3. Model for simulations and results;
- 4. Architectural enhancements;
- 5. Conclusions and Future Work.

### **IPSec**



#### IPSec

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

Conclusions and Future Work

Is a suite of protocols
adding security at IP (network) level;

 makes extensive use of cryptographic functions:
 it is resource consuming.

### **IPSec importance**



#### IPSec

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

- it is included as security mechanism in IPv6;
- it is widely used in present VPNs.

### Goals



#### **IPSec**

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

- To obtain a scheduling algorithm being able to:
  - schedule packet processing between N crytpo-accelerators;
  - schedule packets also to a software implementation of the cryptographic algorithms;
- support QoS;
- minimize latency obtaining high throughput.

### Assumptions



#### **IPSec**

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

Conclusions and Future Work

The scheduling algorithm relies heavily on two facts:

- processing time of each packet is known in advance;
- each packet can be processed independently from the others.

## **Scheduling Algorithm (1)**





CF05, Ischia, May 2005 A. Ferrante – A QoS-enabled Packet Scheduling Algorithm for IPSec Multi-Accelerator Based Systems - p. 7/23

# **Scheduling Algorithm (2)**



#### **IPSec**

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

Conclusions and Future Work

### Each received packet is processed by the scheduler that:

- selects a set of suitable processors;
- computes the finishing time for each of the processors;
- allocates the packet to the processor with lowest finishing time.

### **Packet Processing**



#### **IPSec**

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

Conclusions and Future Work

 Packets in priority queues are processed accordingly to a modifi ed version of the Weighted Fair Queuing (WFQ) policy:
 each packet need to be considered

as an atomic unit.

$$F_p = \frac{p+1}{\sum_{l=1}^{P} l}$$

CF05, Ischia, May 2005 A. Ferrante – A QoS-enabled Packet Scheduling Algorithm for IPSec Multi-Accelerator Based Systems - p. 9/23

# **Finishing Time**



#### **IPSec**

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

- finishing\_time =
  waiting\_time + processing\_time;
- due to priorities the fi nishing time can only be estimated;
- two parameters are added to allow tuning CPU load:
  - $\alpha_0$  is a multiplicative constant;
  - $\beta_0$  is an additive constant.

### **Predictions On Packets**



#### **IPSec**

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

Conclusions and Future Work

### • A *k*-step moving average:

- is used to evaluate:
  - the number of packets that are in each queue;
  - their average processing time;
- values can be computed:
  - each time one of the queues is modified (packet average);
  - each l round robin cycles (round robin average).

### **Scheduler in Practice**



#### **IPSec**

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

- Waiting time for a processor is computed:
  - each time the corresponding queue set is modified;
  - or each *l* round robin cycles;
- finishing time for a processor is computed each time a packet needs to be scheduled;
- In each scheduling operation, at most N + 1 comparisons are needed.

### **Reference Architecture**





# Data transfers to and from the accelerators are performed in DMA mode.

## Model For Simulations (1/2)



#### **IPSec**

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

- It models the main parts of the system;
- in accelerators AES encryption is only considered;
- the only form of synchronization considered is bus contention:
  - accesses to memory are faster;
  - model not done to really measure performance;

## Model For Simulations (2/2)



#### **IPSec**

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

- It has been implemented in functional SystemC;
- Simulation inputs are taken from fi les provided on ITA website:
  - 1mln of packets were considered in each simulation.

# Results (1/3)



### Results (2/3)



#### **IPSec**

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements





# Results (3/3)



#### Average processing latency 2.6 RR average 2.4 Packet average 2.2 2 Processing latency [ms] 1.8 1.6 1.4 1.2 1 0.8 0.6 0.4 0.2 0 2 3 5 0 4 1 Priority level

### Packet distribution among priority levels



#### CF05, Ischia, May 2005 A. Ferrante – A QoS-enabled Packet Scheduling Algorithm for IPSec Multi-Accelerator Based Systems - p. 18/23

### **Architectural Enhancements**



#### **IPSec**

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

Conclusions and Future Work



CF05, Ischia, May 2005 A. Ferrante – A QoS-enabled Packet Scheduling Algorithm for IPSec Multi-Accelerator Based Systems - p. 19/23

### **Architectural Enhancements**





The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements



### **Architectural Enhancements**







### Throughput



- packet average case;
- number of accelerators: 4;
- $\beta_0 = 1.76 * 10^4$

### **Processing Latency**



# **Conclusions (1/2)**



#### **IPSec**

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

- We have obtained an algorithm that:
  - is able to distribute IPSec packet processing over multiple processors;
  - supports QoS;
- We have shown that the algorithm works as desired.

## **Conclusions (2/2)**



#### **IPSec**

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

Conclusions and Future Work

# The scheduling algorithm is only useful when:

- more than one accelerator is present:
  - having multiple accelerators may allow for scalability at "low" price;
- the system is overloaded:
  - QoS support is provided;
  - the CPU can help processing short peaks over the supported bandwidth.

### **Future Work**



#### **IPSec**

The scheduling algorithm

Model For Simulations and Results

Architectural Enhancements

Conclusions and Future Work

### Test the algorithm in a real system.