netbricks: taking the v out of nfv - eecs at uc berkeleyapanda/assets/slides/osdi-talk.pdf ·...
TRANSCRIPT
![Page 1: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/1.jpg)
NetBricks: Taking the V out of NFVAurojit Panda, Sangjin Han, Keon Jang, Melvin Walls, Sylvia Ratnasamy, Scott Shenker
UC Berkeley, Google, ICSI
![Page 2: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/2.jpg)
What the heck is NFV?
![Page 3: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/3.jpg)
A Short Introduction to NFV
![Page 4: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/4.jpg)
A Short Introduction to NFV
Firewall IDS Cache LB
![Page 5: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/5.jpg)
A Short Introduction to NFV
Network Function ChainFirewall IDS Cache LB
![Page 6: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/6.jpg)
Why NFV?
• Simplifies adding new functionality: Deploy new software.
![Page 7: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/7.jpg)
Why NFV?
• Simplifies adding new functionality: Deploy new software.
• Simplifies developing new functionality: Write software vs design hardware
![Page 8: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/8.jpg)
Why NFV?
• Simplifies adding new functionality: Deploy new software.
• Simplifies developing new functionality: Write software vs design hardware
• Reuse management tools from other domains.
![Page 9: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/9.jpg)
Why NFV?
• Simplifies adding new functionality: Deploy new software.
• Simplifies developing new functionality: Write software vs design hardware
• Reuse management tools from other domains.
• Consolidation: Reduce number of hardware boxes in the network.
![Page 10: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/10.jpg)
Challenges for NFV
![Page 11: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/11.jpg)
• Running NFs
• Isolation and Performance
Challenges for NFV
![Page 12: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/12.jpg)
• Running NFs
• Isolation and Performance
• Building NFs
• High-Level Programming and Performance
Challenges for NFV
![Page 13: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/13.jpg)
Running NFs
![Page 14: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/14.jpg)
Isolation
• Memory Isolation: Each NF’s memory cannot be accessed by other NFs.
![Page 15: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/15.jpg)
Isolation
• Memory Isolation: Each NF’s memory cannot be accessed by other NFs.
• Packet Isolation: When chained, each NF processes packets in isolation.
![Page 16: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/16.jpg)
Isolation
• Memory Isolation: Each NF’s memory cannot be accessed by other NFs.
• Packet Isolation: When chained, each NF processes packets in isolation.
![Page 17: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/17.jpg)
Isolation
• Memory Isolation: Each NF’s memory cannot be accessed by other NFs.
• Packet Isolation: When chained, each NF processes packets in isolation.
• Performance Isolation: One NF does not affect another’s performance.
![Page 18: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/18.jpg)
Isolation
• Memory Isolation: Each NF’s memory cannot be accessed by other NFs.
• Packet Isolation: When chained, each NF processes packets in isolation.
• Performance Isolation: One NF does not affect another’s performance.
![Page 19: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/19.jpg)
Current Solution
NIC NIC...
Memory Isolation
Performance
Packet IsolationvSwitch VM/ContainerVM/ContainerVM/Container
![Page 20: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/20.jpg)
Current Solution
NIC NIC...
Memory Isolation
Performance
Packet IsolationvSwitch VM/ContainerVM/ContainerVM/Container
![Page 21: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/21.jpg)
Current Solution
NIC NIC...
Memory Isolation✔
Performance
Packet IsolationvSwitch VM/ContainerVM/ContainerVM/Container
![Page 22: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/22.jpg)
Current Solution
NIC NIC...
Memory Isolation✔
Performance
Packet IsolationvSwitch VM/ContainerVM/ContainerVM/Container
![Page 23: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/23.jpg)
Current Solution
NIC NIC...
Memory Isolation✔
Performance
Packet IsolationvSwitch VM/ContainerVM/ContainerVM/Container
![Page 24: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/24.jpg)
Current Solution
NIC NIC...
Memory Isolation✔
Performance
Packet IsolationvSwitch VM/ContainerVM/ContainerVM/Container
![Page 25: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/25.jpg)
Current Solution
NIC NIC...
Memory Isolation✔
Performance
Packet IsolationvSwitch VM/ContainerVM/ContainerVM/Container
![Page 26: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/26.jpg)
Current Solution
NIC NIC...
Memory Isolation✔
Performance
Packet IsolationvSwitch VM/ContainerVM/ContainerVM/Container
![Page 27: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/27.jpg)
Current Solution
NIC NIC...
Memory Isolation✔
Performance
Packet IsolationvSwitch VM/ContainerVM/ContainerVM/ContainerCopy
![Page 28: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/28.jpg)
Current Solution
NIC NIC...
Memory Isolation✔
Performance
Packet IsolationvSwitch VM/ContainerVM/ContainerVM/ContainerCopy
![Page 29: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/29.jpg)
Current Solution
NIC NIC...
Memory Isolation✔
Performance
Packet IsolationvSwitch VM/ContainerVM/ContainerVM/ContainerCopy
![Page 30: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/30.jpg)
Current Solution
NIC NIC...
Memory Isolation✔
Performance
Packet Isolation✔vSwitch VM/ContainerVM/ContainerVM/Container
Copy
![Page 31: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/31.jpg)
Current Solution
NIC NIC...
Memory Isolation✔
Performance✗
Packet Isolation✔vSwitch VM/ContainerVM/ContainerVM/Container
Copy
![Page 32: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/32.jpg)
Isolation Costs Performance
�
�
��
��
��
��
������������
����������
�� ���������
![Page 33: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/33.jpg)
Isolation Costs Performance
�
�
��
��
��
��
������������
����������
�� ������������ ��
![Page 34: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/34.jpg)
Isolation Costs Performance
�
�
��
��
��
��
������������
����������
�� ������������ ������ ��
![Page 35: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/35.jpg)
Isolation Costs Performance
�
�
��
��
��
��
������������
����������
�� ������������ ������ ��
���� ���������
![Page 36: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/36.jpg)
Isolation Costs Performance
�
�
��
��
��
��
������������
����������
�� ������������� �������� ������ ��
���� ���������
![Page 37: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/37.jpg)
Isolation Costs Performance
�
�
��
��
��
��
������������
����������
�� ��������������������� ������ ��
���� ���������
![Page 38: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/38.jpg)
NetBricks Runtime Architecture
NF A
NF B
NF C
NF D
NF X NF X
NF Y
NF Z
NF A
NF B
NF C
NF D
NF X
NF Y
NF Z
ZCSI SchedulerDPDK Poll for I/O DPDK Poll for I/O DPDK Poll for I/O
NICsPoll for I/O
NF Y
NF Z
NF A
NF B
NF C
NF D
Single Process Space
![Page 39: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/39.jpg)
NetBricks Runtime Architecture
NF A
NF B
NF C
NF D
NF X NF X
NF Y
NF Z
NF A
NF B
NF C
NF D
NF X
NF Y
NF Z
ZCSI SchedulerDPDK Poll for I/O DPDK Poll for I/O DPDK Poll for I/O
NICsPoll for I/O
Function CallNF Y
NF Z
NF A
NF B
NF C
NF D
Single Process Space
![Page 40: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/40.jpg)
NetBricks Runtime Architecture
NF A
NF B
NF C
NF D
NF X NF X
NF Y
NF Z
NF A
NF B
NF C
NF D
NF X
NF Y
NF Z
ZCSI SchedulerDPDK Poll for I/O DPDK Poll for I/O DPDK Poll for I/O
NICsPoll for I/O
NF Y
NF Z
NF A
NF B
NF C
NF D
Single Process Space
![Page 41: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/41.jpg)
NetBricks Runtime Architecture
NF A
NF B
NF C
NF D
NF X NF X
NF Y
NF Z
NF A
NF B
NF C
NF D
NF X
NF Y
NF Z
ZCSI SchedulerDPDK Poll for I/O DPDK Poll for I/O DPDK Poll for I/O
NICsPoll for I/O
NF Y
NF Z Run to Completion Scheduling
NF A
NF B
NF C
NF D
Single Process Space
![Page 42: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/42.jpg)
NetBricks Runtime Architecture
NF A
NF B
NF C
NF D
NF X NF X
NF Y
NF Z
NF A
NF B
NF C
NF D
NF X
NF Y
NF Z
ZCSI SchedulerDPDK Poll for I/O DPDK Poll for I/O DPDK Poll for I/O
NICsPoll for I/O
NF Y
NF Z Run to Completion Scheduling
NF A
NF B
NF C
NF D
Single Process Space
What about Isolation?
![Page 43: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/43.jpg)
Provide Isolation through Software
![Page 44: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/44.jpg)
ZCSI: Zero Copy Soft Isolation
• VMs and containers impose cost on packets crossing isolation boundaries.
• Frequent operation for many NFs which must support 10s of MPPS.
![Page 45: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/45.jpg)
ZCSI: Zero Copy Soft Isolation
• VMs and containers impose cost on packets crossing isolation boundaries.
• Frequent operation for many NFs which must support 10s of MPPS.
• Insight: Use type checking (compile time) and runtime checks for isolation.
• Isolation costs largely paid at compile time (small runtime costs).
![Page 46: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/46.jpg)
Our Approach• Disallow pointer arithmetic in NF code: use safe subset of languages.
![Page 47: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/47.jpg)
Our Approach• Disallow pointer arithmetic in NF code: use safe subset of languages.
• Type checks + array bounds checking provide memory isolation.
![Page 48: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/48.jpg)
Our Approach• Disallow pointer arithmetic in NF code: use safe subset of languages.
• Type checks + array bounds checking provide memory isolation.
• Build on unique types for packet isolation.
![Page 49: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/49.jpg)
Our Approach• Disallow pointer arithmetic in NF code: use safe subset of languages.
• Type checks + array bounds checking provide memory isolation.
• Build on unique types for packet isolation.
• Unique types ensure references destroyed after certain calls.
![Page 50: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/50.jpg)
Our Approach• Disallow pointer arithmetic in NF code: use safe subset of languages.
• Type checks + array bounds checking provide memory isolation.
• Build on unique types for packet isolation.
• Unique types ensure references destroyed after certain calls.
• Ensure only one NF has a reference to a packet.
![Page 51: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/51.jpg)
Our Approach• Disallow pointer arithmetic in NF code: use safe subset of languages.
• Type checks + array bounds checking provide memory isolation.
• Build on unique types for packet isolation.
• Unique types ensure references destroyed after certain calls.
• Ensure only one NF has a reference to a packet.
• Enables zero copy packet I/O.
![Page 52: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/52.jpg)
Our Approach• Disallow pointer arithmetic in NF code: use safe subset of languages.
• Type checks + array bounds checking provide memory isolation.
• Build on unique types for packet isolation.
• Unique types ensure references destroyed after certain calls.
• Ensure only one NF has a reference to a packet.
• Enables zero copy packet I/O.
• All of these features implemented on top of Rust.
![Page 53: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/53.jpg)
Software can provide both Memory and Packet Isolation
![Page 54: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/54.jpg)
Benefits of Software Isolation
• Enable better consolidation: multiple NFs can share a core.
![Page 55: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/55.jpg)
Benefits of Software Isolation
• Enable better consolidation: multiple NFs can share a core.
• Normally hard because of context switch costs (~1µs).
![Page 56: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/56.jpg)
Benefits of Software Isolation
• Enable better consolidation: multiple NFs can share a core.
• Normally hard because of context switch costs (~1µs).
• In our case just a function call (a few cycles at most).
![Page 57: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/57.jpg)
Benefits of Software Isolation
• Enable better consolidation: multiple NFs can share a core.
• Normally hard because of context switch costs (~1µs).
• In our case just a function call (a few cycles at most).
• Reduce memory and cache pressure for NFV deployments.
![Page 58: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/58.jpg)
Benefits of Software Isolation
• Enable better consolidation: multiple NFs can share a core.
• Normally hard because of context switch costs (~1µs).
• In our case just a function call (a few cycles at most).
• Reduce memory and cache pressure for NFV deployments.
• Zero copy I/O => do not need to copy packets around.
![Page 59: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/59.jpg)
• Running NFs
• Isolation and Performance
• Building NFs
• High-Level Programming and Performance
Challenges for NFV
![Page 60: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/60.jpg)
How to write NFs?• Current: NF writers concerned about meeting performance targets
![Page 61: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/61.jpg)
How to write NFs?• Current: NF writers concerned about meeting performance targets
• Low level abstractions (I/O, cache aware data structures) and low level code.
![Page 62: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/62.jpg)
How to write NFs?• Current: NF writers concerned about meeting performance targets
• Low level abstractions (I/O, cache aware data structures) and low level code.
• Spend lots of time optimizing how abstractions are used to get performance.
![Page 63: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/63.jpg)
How to write NFs?• Current: NF writers concerned about meeting performance targets
• Low level abstractions (I/O, cache aware data structures) and low level code.
• Spend lots of time optimizing how abstractions are used to get performance.
• Observation: NFs exhibit common patterns: abstract and optimize these.
![Page 64: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/64.jpg)
How to write NFs?• Current: NF writers concerned about meeting performance targets
• Low level abstractions (I/O, cache aware data structures) and low level code.
• Spend lots of time optimizing how abstractions are used to get performance.
• Observation: NFs exhibit common patterns: abstract and optimize these.
• What happened in other areas
![Page 65: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/65.jpg)
How to write NFs?• Current: NF writers concerned about meeting performance targets
• Low level abstractions (I/O, cache aware data structures) and low level code.
• Spend lots of time optimizing how abstractions are used to get performance.
• Observation: NFs exhibit common patterns: abstract and optimize these.
• What happened in other areas
• MPI to Map Reduce, etc.
![Page 66: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/66.jpg)
AbstractionsPacket Processing Abstractions
Parse/Deparse Parse (or undo parsing for) a header from the packet.
Transform Operate on the packet header and payload.
Filter Drop packet whose header or payload meet some criterion.
Byte Stream Processing Abstractions
Window Use a sliding window to gather packet payload and call a function.
Packetize Segment a byte array into a sequence of packets,
Control Flow
Group By Branch control flow between abstractions.
Shuffle Shuffle packets across processing cores.
Merge Merge control from branches.
State Abstractions
Bounded Consistency State State store with tunable consistency specification.
Schedulabe Abstractions
Invoke Periodically execute a function.
![Page 67: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/67.jpg)
Shuffle Abstraction
Input
Core 1
Core 2
Core 3
Core 4
OutputDemuxCounter
Counters
+
+
+
+
Mux
Spread packets across cores for scaling
![Page 68: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/68.jpg)
Shuffle Abstraction
Input
Core 1
Core 2
Core 3
Core 4
OutputDemuxCounter
Counters
+
+
+
+
Mux
Spread packets across cores for scaling
Might even use hardware for this.
![Page 69: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/69.jpg)
Example NF: Maglev
• Maglev: Load balancer from Google (NSDI’16).
• Main contribution: a novel consistent hashing algorithm.
• Most of the work in common optimization: batching, scaling cross core.
• NetBricks implementation: 105 lines, 2 hours of grad student time.
• Comparable performance to optimized code
![Page 70: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/70.jpg)
Managing NFs Building and Running NFs
![Page 71: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/71.jpg)
E2 (SOSP’15)
Stratos
FTMB (SIGCOMM ’15)
FlowTags (NSDI ’14)
Managing NFs Building and Running NFs
![Page 72: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/72.jpg)
E2 (SOSP’15)
Stratos
FTMB (SIGCOMM ’15)
FlowTags (NSDI ’14)
Managing NFs Building and Running NFs
xOMB (ANCS’12)CoMB (NSDI’12)
No Isolation
![Page 73: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/73.jpg)
E2 (SOSP’15)
Stratos
FTMB (SIGCOMM ’15)
FlowTags (NSDI ’14)
Managing NFs Building and Running NFs
xOMB (ANCS’12)CoMB (NSDI’12)
No Isolation
NetVM (IEEE TNSM)ClickOS (NSDI’14)
HyperSwitch (ATC’13)mSwitch (SOSR’15)
VM Isolation
![Page 74: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/74.jpg)
E2 (SOSP’15)
Stratos
FTMB (SIGCOMM ’15)
FlowTags (NSDI ’14)
Managing NFs Building and Running NFs
xOMB (ANCS’12)CoMB (NSDI’12)
No Isolation
NetVM (IEEE TNSM)ClickOS (NSDI’14)
HyperSwitch (ATC’13)mSwitch (SOSR’15)
VM IsolationNo Packet Isol.
![Page 75: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/75.jpg)
• Performance demands for NFV require forwarding 10-100 MPPS.
• Requires isolation for consolidation.
• Software isolation is necessary to meet performance requirements.
• Requires low level optimization, slowing down NF development.
• Abstract operators + UDF can simplify development without sacrificing performance.
Conclusion
![Page 76: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/76.jpg)
• Performance demands for NFV require forwarding 10-100 MPPS.
• Requires isolation for consolidation.
• Software isolation is necessary to meet performance requirements.
• Requires low level optimization, slowing down NF development.
• Abstract operators + UDF can simplify development without sacrificing performance.
Conclusion
Code available at http://netbricks.io/
![Page 77: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/77.jpg)
Backup
![Page 78: NetBricks: Taking the V out of NFV - EECS at UC Berkeleyapanda/assets/slides/osdi-talk.pdf · NetBricks: Taking the V out of NFV Aurojit Panda, Sangjin Han, Keon Jang, ... DPDK Poll](https://reader034.vdocument.in/reader034/viewer/2022051406/5ab748057f8b9a86428e9b18/html5/thumbnails/78.jpg)
Both Memory Isolation and I/O Induce Overheads
�
�
��
��
��
��
������������
����������
�� ��������������� ������������� ���������