high-speed; networking; middleclick; fastclick; nfv; sdn; service chaining
Résumé :
[en] To cope with the growing performance needs of appliances in datacenters or the network edge, current middlebox functionalities such as firewalls, NAT, DPI, content-aware optimizers or load-balancers are often implemented on multiple (perhaps virtual) machines.
In this work, we design a system able to run a pipeline of VNFs with a high level of parallelism to handle many flows. We provide the user facilities to define the traffic class of interest for the VNF, a definition of session to group the packets such as the TCP 4-tuples, and the amount of space per sessions. The system will then synthesize the classification and build a unique, efficient flow table. We build an abstract view of flows and use it to implement support for seamless inspection and modification of the content of any flow (such as TCP or HTTP), automatically reflecting a consistent view, across layers, of flows modified on-the-fly. Our prototype gives rise to a user-space software NFV dataplane enabling easy implementation of middlebox functionalities, as well as the deployment of complex scenarios.
Our prototype implementation is able to handle our testbed limit of ~ 34 Gbps of HTTP requests (for 8-KB files) through a service chain of multiples stateful VNFs, on a single Xeon core.
Disciplines :
Sciences informatiques
Auteur, co-auteur :
Barbette, Tom ; Université de Liège - ULiège > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Systèmes informatiques répartis et sécurité
Soldani, Cyril ; Université de Liège - ULiège > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Algorithmique des grands systèmes
Gaillard, Romain
Mathy, Laurent ; Université de Liège - ULiège > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Systèmes informatiques répartis et sécurité
Langue du document :
Anglais
Titre :
Building a chain of high-speed VNFs in no time
Date de publication/diffusion :
18 juin 2018
Nom de la manifestation :
International Conference on High Performance Switching and Routing
Organisateur de la manifestation :
IEEE
Lieu de la manifestation :
Bucharest, Roumanie
Date de la manifestation :
17-20/06/2018
Sur invitation :
Oui
Titre de l'ouvrage principal :
Proceedings of the 2018 IEEE 19th International Conference on High Performance Switching and Routing
Pagination :
1-8
Projet européen :
H2020 - 671566 - SUPERFLUIDITY - Superfluidity: a super-fluid, cloud-native, converged edge system
Organisme subsidiant :
F.R.S.-FNRS - Fonds de la Recherche Scientifique CE - Commission Européenne
J. Sherry, S. Hasan, C. Scott, A. Krishnamurthy, S. Ratnasamy, and V. Sekar, "Making middleboxes someone else's problem: network processing as a cloud service, " ACM SIGCOMM Computer Communication Review, vol. 42, no. 4, pp. 13-24, 2012.
V. Sekar, N. Egi, S. Ratnasamy, M. K. Reiter, and G. Shi, "Design and implementation of a consolidated middlebox architecture, " in Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation. USENIX Association, 2012, pp. 24-24.
Z. Wang, Z. Qian, Q. Xu, Z. Mao, and M. Zhang, "An untold story of middleboxes in cellular networks, " in Proceedings of the ACM SIGCOMM 2011 Conference, ser. SIGCOMM'11. New York, NY, USA: ACM, 2011, pp. 374-385. [Online]. Available: http://doi. acm. org/10. 1145/2018436. 2018479
S. Radhakrishnan, Y. Cheng, J. Chu, A. Jain, and B. Raghavan, "Tcp fast open, " in Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies. ACM, 2011, p. 21.
T. Barbette, C. Soldani, and L. Mathy, "Fast userspace packet processing, " in Proceedings of the Eleventh ACM/IEEE Symposium on Architectures for networking and communications systems. IEEE Computer Society, 2015, pp. 5-16.
E. Kohler, R. Morris, B. Chen, J. Jannotti, and M. F. Kaashoek, "The click modular router, " ACM Trans. Comput. Syst., vol. 18, no. 3, pp. 263-297, Aug. 2000. [Online]. Available: http://doi. acm. org/10. 1145/354871. 354874
J. Novak, S. Sturges, and I. Sourcefire, "Target-based tcp stream reassembly, " Aug, vol. 3, pp. 1-23, 2007.
Open Information Security Foundation, "Suricata | Open source IDS/IPS/NSM engine, " 2017. [Online]. Available: https://suricata-ids. org/
I. Marinos, R. N. Watson, and M. Handley, "Network stack specialization for performance, " in Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks. ACM, 2013, p. 9.
E. Jeong, S. Woo, M. A. Jamshed, H. Jeong, S. Ihm, D. Han, and K. Park, "mtcp: a highly scalable user-level tcp stack for multicore systems. " in NSDI, 2014, pp. 489-502.
R. Laufer, M. Gallo, D. Perino, and A. Nandugudi, "Climb: enabling network function composition with click middleboxes, " ACM SIGCOMM Computer Communication Review, vol. 46, no. 4, pp. 17-22, 2016.
S. Palkar, C. Lan, S. Han, K. Jang, A. Panda, S. Ratnasamy, L. Rizzo, and S. Shenker, "E2: a framework for nfv applications, " in Proceedings of the 25th Symposium on Operating Systems Principles. ACM, 2015, pp. 121-136.
A. Panda, S. Han, K. Jang, M. Walls, S. Ratnasamy, and S. Shenker, "Netbricks: Taking the v out of nfv. " in OSDI, 2016, pp. 203-216.
M. A. Jamshed, Y. Moon, D. Kim, D. Han, and K. Park, "mos: A reusable networking stack for flow monitoring middleboxes. " in NSDI, 2017, pp. 113-129.
J. W. Anderson, R. Braud, R. Kapoor, G. Porter, and A. Vahdat, "xomb: extensible open middleboxes with commodity servers, " in Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems. ACM, 2012, pp. 49-60.
A. Bremler-Barr, Y. Harchol, and D. Hay, "Openbox: a softwaredefined framework for developing, deploying, and managing network functions, " in Proceedings of the 2016 conference on ACM SIGCOMM 2016 Conference. ACM, 2016, pp. 511-524.
G. P. Katsikas, M. Enguehard, M. Kúzniar, G. Q. Maguire Jr, and D. Kostíc, "Snf: synthesizing high performance nfv service chains, " PeerJ Computer Science, vol. 2, p. e98, 2016.
C. Sun, J. Bi, Z. Zheng, H. Yu, and H. Hu, "Nfp: Enabling network function parallelism in nfv, " in Proceedings of the Conference of the ACM Special Interest Group on Data Communication. ACM, 2017, pp. 43-56.
