Visible to the public A Userspace Transport Stack Doesn't Have to Mean Losing Linux Processing

Submitted by grigby1 on Tue, 08/17/2021 - 2:58pm
TitleA Userspace Transport Stack Doesn't Have to Mean Losing Linux Processing
Publication TypeConference Paper
Year of Publication2020
AuthorsAbranches, Marcelo, Keller, Eric
Conference Name2020 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)
Date PublishedNov. 2020
PublisherIEEE
ISBN Number978-1-7281-8159-2
Keywordscomposability, Ecosystems, Kernel, Linux, Linux operating system, Linux Operating System Security, Metrics, Middleboxes, pubcrawl, resilience, Resiliency, Resource management, software defined networking, Throughput
AbstractWhile we cannot question the high performance capabilities of the kernel bypass approach in the network functions world, we recognize that the Linux kernel provides a rich ecosystem with an efficient resource management and an effective resource sharing ability that cannot be ignored. In this work we argue that by mixing kernel-bypass and in kernel processing can benefit applications and network function middleboxes. We leverage a high-performance user space TCP stack and recent additions to the Linux kernel to propose a hybrid approach (kernel-user space) to accelerate SDN/NFV deployments leveraging services of the reliable transport layer (i.e., stateful middleboxes, Layer 7 network functions and applications). Our results show that this approach enables highperformance, high CPU efficiency, and enhanced integration with the kernel ecosystem. We build our solution by extending mTCP which is the basis of some state-of-the-art L4-L7 NFV frameworks. By having more efficient CPU usage, NFV applications can have more CPU cycles available to run the network functions and applications logic. We show that for a CPU intense workload, mTCP/AF\_XDP can have up to 64% more throughput than the previous implementation. We also show that by receiving cooperation from the kernel, mTCP/AF\_XDP enables the creation of protection mechanisms for mTCP. We create a simulated DDoS attack and show that mTCP/AF\_XDP can maintain up to 287% more throughput than the unprotected system during the attack.
URLhttps://ieeexplore.ieee.org/document/9289867
DOI10.1109/NFV-SDN50289.2020.9289867
Citation Keyabranches_userspace_2020
Groups: