[en] To cope with the growing performance needs of security appliances in datacenters or the network edge, current middlebox functionalities such as stateful firewalls, NATs, DPI, content-aware optimizers or load-balancers are self-contained software. They avoid OS services as those are not tailored for NFV and use most of the time RAW sockets, or specific I/O frameworks (DPDK, Netmap, ...) to receive raw packets.
In this work, we present a system specifically designed to run a pipeline of VNFs. The system combines the classification and sessions needs of the VNFs. We build an abstract view of flows and use it to implement support for seamless inspection and modification of the content of any flows (such as TCP or HTTP), automatically reflecting a consistent view, across layers, of flows modified on-the-fly. This brings together the advantage of reusing software components with the performance provided by state-of-the-art high-speed NFV frameworks that force reimplementing protocol specifics in each application.
We show unique considerations about factorizing session management and multi-protocol support for high-speed in-the-middle inspection and modification of flows. The system also offers automatic, session-aware parallelism to handle a large number of flows.
Disciplines :
Computer science
Author, co-author :
Barbette, Tom ; Université de Liège - ULiège > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Systèmes informatiques répartis et sécurité
Soldani, Cyril ; Université de Liège - ULiège > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Algorithmique des grands systèmes
Gaillard, Romain
Mathy, Laurent ; Université de Liège - ULiège > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Systèmes informatiques répartis et sécurité
Language :
English
Title :
A low-level dive into building a high-speed NFV dataplane for service chaining
Publication date :
24 April 2018
Event name :
EuroSys'18
Event organizer :
ACM
Event place :
Porto, Portugal
Event date :
23-26/04/2018
Audience :
International
European Projects :
H2020 - 671566 - SUPERFLUIDITY - Superfluidity: a super-fluid, cloud-native, converged edge system
Funders :
F.R.S.-FNRS - Fonds de la Recherche Scientifique UE - Union Européenne CE - Commission Européenne
This website uses cookies to improve user experience. Read more
Save & Close
Accept all
Decline all
Show detailsHide details
Cookie declaration
About cookies
Strictly necessary
Performance
Strictly necessary cookies allow core website functionality such as user login and account management. The website cannot be used properly without strictly necessary cookies.
This cookie is used by Cookie-Script.com service to remember visitor cookie consent preferences. It is necessary for Cookie-Script.com cookie banner to work properly.
Performance cookies are used to see how visitors use the website, eg. analytics cookies. Those cookies cannot be used to directly identify a certain visitor.
Used to store the attribution information, the referrer initially used to visit the website
Cookies are small text files that are placed on your computer by websites that you visit. Websites use cookies to help users navigate efficiently and perform certain functions. Cookies that are required for the website to operate properly are allowed to be set without your permission. All other cookies need to be approved before they can be set in the browser.
You can change your consent to cookie usage at any time on our Privacy Policy page.
