Abstract :
[en] Software networking promises a more flexible network infrastructure, poised
to leverage the computational power available in datacenters. Virtual Net-
work Functions (VNF) can now run on commodity hardware in datacenters
instead of using specialized equipment disposed along the network path.
VNFs applications like stateful firewalls, carrier-grade NAT or deep packet
inspection that are found “in-the-middle”, and therefore often categorized
as middleboxes, are now software functions that can be migrated to reduce
costs, consolidate the processing or scale easily.
But if not carefully implemented, VNFs won’t achieve high-speed and will
barely sustain rates of even small networks and therefore fail to fulfil their
promise. As of today, out-of-the-box solutions are far from efficient and
cannot handle high rates, especially when combined in a single host, as
multiple case studies will show in this thesis.
We start by reviewing the current obstacles to high-speed software net-
working. We leverage current commodity hardware to achieve what seemed
impossible to do in software not long ago and made software solutions be-
lieved unworthy and untrusted by network operators. Our work paves the
way for building a proper software framework for a programmable network
infrastructure that can be used to quickly implement network functions. We
built FastClick, a faster version of the Click Modular Router, that allows
fast packet processing thanks to a careful integration of fast I/O frame-
works and a deep study of interactions of their features. FastClick proposes
a revised, easier to use execution model that hides multi-queueing and sim-
plifies multithreading using a thread traversal analysis of the configuration.
We propose tailored network-specific multi-threaded algorithms that enable
parallel high-speed networking. We build a new retro-compatible batching
implementation, and avoid system calls “left over” by previous work.
We then build MiddleClick, an NFV dataplane built on top of FastClick.
It combines VNFs along a service chain to use a common subsystem that
implements shared features such as classification and session handling, but
makes sure no feature is applied that isn’t absolutely needed by one of the
VNFs. E.g., the classification is optimized to be minimal and only needs
to be done once for all VNFs. E.g., if no VNF needs TCP reconstruction,
that reconstruction won’t happen. We propose an algorithm to enable a
per-session, per-VNF “scratchpad”. Only the minimal amount of state is
declared and accessible in predictable locations using a per-VNF offset into
the “scratchpad” for fast lookups across the chain.
MiddleClick also offers new flow abstractions and ways to handle sessions
that enable fast and easy development of new middlebox functions that can
handle many flows in parallel.
Cooperation, consolidation and using the hardware in an appropriate way
may not always be enough. This thesis finally explores how to use classi-
fication hardware such as smart NICs and SDN switches to accelerate the
processing of the combined service chain, removing the need for software
classification.
While this work mostly relies on known high-level NFV dataplane principles
and proposes a few new ones, it is one of the most low-level work in the
field, leading to precise implementation considerations yielding very high
performance results. Both FastClick and MiddleClick are available as Open
Source projects and constitute an important contribution to the state of the
art.
Multiple leading edge use cases are built to show how the prototype can be
used to build fast and efficient solutions quickly.
