Showing papers by "Timothy Wood published in 2016"

OpenNetVM: A Platform for High Performance Network Service Chains

Abstract: Network middleboxes are growing in number and diversity. Middleboxes have been deployed widely to complement the basic end-to-end functionality provided by the Internet Protocol suite that depends only on the minimal functionality of a best-effort network layer. The move from purpose-built hardware middleboxes to software appliances running in virtual machines provides much needed deployment flexibility, but significant challenges remain. Just as Software Defined Networking (SDN) research and product development was greatly accelerated with the release of several open source SDN platforms, we believe that Network Function Virtualization (NFV) research can see similar growth with the development of a flexible platform that enables high performance NFV prototypes. Towards this end we have been building OpenNetVM, an efficient packet processing framework that greatly simplifies the development of network functions, as well as research into their management and optimization. OpenNetVM runs network functions in lightweight Docker containers, enabling fast startup and reducing memory overheads. The OpenNetVM platform manager provides load balancing, flexible flow management, and service name abstractions. OpenNetVM efficiently routes packets through dynamically created service chains, achieving throughputs of 10 Gbps even when traversing a chain of 6 NFs. In this paper we describe our architecture and evaluate its performance compared to existing NFV platforms.

Flurries: Countless Fine-Grained NFs for Flexible Per-Flow Customization

Abstract: The combination of Network Function Virtualization (NFV) and Software Defined Networking (SDN) allows flows to be flexibly steered through efficient processing pipelines. As deployment of NFV becomes more prevalent, the need to provide fine-grained customization of service chains and flow-level performance guarantees will increase, even as the diversity of Network Functions (NFs) rises. Existing NFV approaches typically route wide classes of traffic through pre-configured service chains. While this aggregation improves efficiency, it prevents flexibly steering and managing performance of flows at a fine granularity. To provide both efficiency and flexibility, we present Flurries, an NFV platform designed to support large numbers of short-lived lightweight NFs, potentially running a unique NF for each flow. Flurries maintains a pool of Docker container NFs--several thousand on each host--and resets NF memory state between flows for fast reuse. Flurries uses a hybrid of polling and interrupts to improve throughput and latency while allowing multiple NFs to efficiently share CPU cores. By assigning each NF an individual flow or a small set of flows, it becomes possible to dynamically manage the QoS and service chain functionality for flows at a very fine granularity. Our Flurries prototype demonstrates the potential for this approach to run as many as 80,000 Flurry NFs during a one second interval, while forwarding over 30Gbps of traffic, dramatically increasing data plane customizability.

NetAlytics: Cloud-Scale Application Performance Monitoring with SDN and NFV

Abstract: Application performance monitoring in large data centers relies on either deploying expensive and specialized hardware at fixed locations or heavily customizing applications and collecting logs spread across thousands of servers. Such an endeavor makes performance diagnosis a time-consuming task for cloud providers and a problem beyond the control of cloud customers. We address this problem using emerging software defined paradigms such as Software Defined Networking and Network Function Virtualization as well as big data technologies. In this paper, we propose NetAlytics: a non-intrusive distributed performance monitoring system for cloud data centers. NetAlytics deploys customized monitors in the middle of the network which are transparent to end host applications, and leverages a real-time big data framework to analyze application behavior in a timely manner. NetAlytics can scale to packet rates of 40Gbps using only four monitoring cores and fifteen processing cores. Its placement algorithm can be tuned to minimize network bandwidth cost or server resources, and can reduce monitoring traffic overheads by a factor of 4.5. We present experiments that demonstrates how NetAlytics can be used to troubleshoot performance problems in load balancers, present comprehensive performance analysis, and provide metrics that drive automation tools, all while providing both low overhead monitors and scalable analytics.

NetKV: Scalable, Self-Managing, Load Balancing as a Network Function

Abstract: Distributed key-value systems (e.g., memcached) are critical tools to cache popular content in memory, which avoids complex and expensive database queries and file system accesses. To efficiently use cache resources, balancing the load across a cluster of cache servers is important. Current approaches place a proxy at each client that can redirect requests across the cluster, but this requires modification to each client and makes dynamic replication of keys difficult. While a centralized proxy can be used, this traditionally has not been scalable. We design and implement NetKV, a scalable, self-managing, load balancer for memcached clusters. NetKV exploits recent advances in Network Function Virtualization to provide efficient packet processing in software, producing a high performance, centralized proxy that can forward over 10.5 million requests per second. NetKV efficiently and accurately detects hot keys using stream-analytic techniques, then replicates them to meet the allowed load imbalance bound set by administrators. NetKV uses "balls and bins" load analysis to adaptively determine the replication factor and set of hot keys. Our prototype adds minimal latency to each request, and our algorithms effectively balance load in both a 12 server cluster and a large-scale simulation driven by a trace of wikipedia requests.

Toward online virtual network function placement in Software Defined Networks

Abstract: Network function virtualization (NFV) and Software Defined Networks (SDN) separate and abstract network functions from underlying hardware, creating a flexible virtual networking environment that reduces cost and allows policy-based decisions. One of the biggest challenges in NFV-SDN is to map the required virtual network functions (VNFs) to the underlying hardware in substrate networks in a timely manner. In this paper, we formulate the VNF placement problem via Graph Pattern Matching, with an objective function that can be easily adapted to fit various applications. Previous work only considers off-line VNF placement as it is time consuming to find an appropriate mapping path while considering all software and hardware constraints. To reduce this time, we investigate the feasibility and effectiveness of path-precomputing, where paths are calculated prior to placement. Our approach enables online VNF placement in SDNs, allowing VNF requests to be processed as they arrive. An online placement approach (OPA) is proposed to place VNF requests on substrate networks. To the best of our knowledge, this is the first work in the literature that considers the online chaining VNF placement in SDNs. In addition, we present an application of OPA over cost minimization. Simulation results demonstrate that our online approach provides competitive performance compared with off-line algorithms.

Multi-cache: Dynamic, Efficient Partitioning for Multi-tier Caches in Consolidated VM Environments

Abstract: Every physical machine in today's typical datacenter is backed by storage devices with hundreds of Gigabytes to Terabytes in size. Data center vendors usually use hard disk drives for their back-end storage as it is cheap and reliable. However, the increase in the I/O accesses to the back-end storage from one or many of the VMs hosted on a physical machine can reduce its overall accesses time significantly due to contention. This may not be suitable for interactive applications requiring low latency that might be co-located with other I/O intensive applications. In this paper we present Multi-Cache, a multi-layer cache management system that uses a combination of cache devices of varied speed and cost such as solid state drives, non-volatile memories, etc to mitigate this problem. Multi-Cache partitions each device dynamically at runtime according to the workload of each VM and its priority. We use a heuristic optimization technique that ensures maximum utilization of the caches resulting in a high hit rate. We use a weighted partitioning policy that improves latency by up to 72% for individual workloads, and a overall hit rate increase of up to 31% for host running several workloads together in comparison to standard LRU caching algorithms.

SDNFV: Flexible and Dynamic Software Defined Control of an Application- and Flow-Aware Data Plane

Abstract: Software Defined Networking (SDN) promises greater flexibility for directing packet flows, and Network Function Virtualization promises to enable dynamic management of software-based network functions. However, the current divide between an intelligent control plane and an overly simple, stateless data plane results in the inability to exploit the flexibility of a software based network. In this paper we propose SDNFV, a framework that expands the capabilities of network processing-and-forwarding elements to flexibly manage packet flows, while retaining both a high performance data plane and an easily managed control plane. SDNFV proposes a hierarchical control framework where decisions are made across the SDN controller, a host-level manager, and individual VMs to best exploit state available at each level. This increases the network's flexibility compared to existing SDNs where controllers often make decisions solely based on the first packet header of a flow. SDNFV intelligently places network services across hosts and connects them in sequential and parallel chains, giving both the SDN controller and individual network functions the ability to enhance and update flow rules to adapt to changing conditions. Our prototype demonstrates how to efficiently and flexibly reroute flows based on data plane state such as packet payloads and traffic characteristics.

SDNFV: Flexible and Dynamic Software Defined Control of an Application- and Flow-Aware Data Plane

Abstract: Software Defined Networking (SDN) promises greater flexibility for directing packet flows, and Network Function Virtualization promises to enable dynamic management of software-based network functions. However, the current divide between an intelligent control plane and an overly simple, stateless data plane results in the inability to exploit the flexibility of a software based network. In this paper we propose SDNFV, a framework that expands the capabilities of network processing-and-forwarding elements to flexibly manage packet flows, while retaining both a high performance data plane and an easily managed control plane.SDNFV proposes a hierarchical control framework where decisions are made across the SDN controller, a host-level manager, and individual VMs to best exploit state available at each level. This increases the network's flexibility compared to existing SDNs where controllers often make decisions solely based on the first packet header of a flow. SDNFV intelligently places network services across hosts and connects them in sequential and parallel chains, giving both the SDN controller and individual network functions the ability to enhance and update flow rules to adapt to changing conditions. Our prototype demonstrates how to efficiently and flexibly reroute flows based on data plane state such as packet payloads and traffic characteristics.

Performance management challenges for virtual network functions

Abstract: Networks increasingly incorporate complex functionality, going beyond simple forwarding. Packet flows require processing through a complex set of services, that may often be provided in the cloud or on commercial off the shelf (COTS) hardware. This paper investigates the problem of scheduling network functions in different service chains, on a single physical host. Stock operating system (OS) schedulers are ill-equipped to handle the strict performance required — high throughput AND low latency across multiple functions — by network function virtualization (NFV) platforms. Our experimental results show that the standard Linux scheduler can cause a 50% drop in throughput when subjected to diverse NFV workloads. We argue that the OS scheduler needs to be enhanced to be NFV-aware in order to handle service chains, while maintaining line-rate performance. We describe the challenges in designing a network function service chain friendly scheduler and present some early results based on our ongoing research in this area.

Scalable cloud security via asynchronous virtual machine introspection

Abstract: Software will always be vulnerable to attacks. Although techniques exist that could prevent or limit the risk of exploits, performance overhead blocks their adoption. Services deployed into the cloud are typically customer facing, leaving them even more exposed to attacks from malicious users. However, the use of virtual machines, and the economy of scale found in cloud platforms, provides an opportunity to offer strong security guarantees to tenants at low cost to the cloud provider. We present ScaaS, a security Scanning as a Service framework for cloud platforms that uses frequent virtual machine checkpointing coupled with memory introspection techniques to detect bugs and malicious behavior in real time. By buffering VM outputs (i.e., outgoing network packets and disk writes) until a scan has been completed, ScaaS gives strong guarantees about the amount of damage an attack can do, while minimizing overheads.

OpenNetVM: Flexible, high performance NFV (Demo)

Abstract: Network Function Virtualization (NFV) promises to fundamentally change how we think of networks-changing them from pipes that transport data to processing pipelines that can efficiently transform that data as it moves between end points. This demo will present OpenNetVM, a highly efficient packet processing framework that greatly simplifies the development of network functions, as well as their management and optimization. OpenNetVM runs network functions in lightweight Docker containers that start in less than a second. The OpenNetVM platform manager provides load balancing, flexible flow management, and service name abstractions. OpenNetVM uses DPDK for high performance I/O, and efficiently routes packets through dynamically created service chains. We will demonstrate how the research community can easily build new network functions and rapdily deploy them to see their effectiveness in high performance network environments.

OpenNetVM: Flexible, high performance NFV (Demo)

Abstract: Network Function Virtualization promises to enable dynamic management of software-based network functions. We envision a dynamic and flexible network that can support a smarter data plane than just simple switches that forward packets. This network architecture supports complex stateful rourtng of flows where processing by network functions (NFs) can transform packet data, customized on a per-flow basis, as it moves between end points. This demo will present OpenNetVM, a highly efficient packet processing framework that greatly simplifies the development of network functions, as well as their management and optimization. OpenNetVM runs network functions in lightweight Docker containers that start in less than a second. The OpenNetVM platform manager provides load balancing, flexible flow management, and service name abstractions. OpenNetVM uses DPDK for high performance I/O, and efficiently routes packets through dynamically created service chains. We will demonstrate how the research community can easily build new network functions and rapidly deploy them to see their effectiveness in high performance network environments.