Showing papers by "Timothy Wood published in 2017"

NFVnice: Dynamic Backpressure and Scheduling for NFV Service Chains

Abstract: Managing Network Function (NF) service chains requires careful system resource management. We propose NFVnice, a user space NF scheduling and service chain management framework to provide fair, efficient and dynamic resource scheduling capabilities on Network Function Virtualization (NFV) platforms. The NFVnice framework monitors load on a service chain at high frequency (1000Hz) and employs backpressure to shed load early in the service chain, thereby preventing wasted work. Borrowing concepts such as rate proportional scheduling from hardware packet schedulers, CPU shares are computed by accounting for heterogeneous packet processing costs of NFs, I/O, and traffic arrival characteristics. By leveraging cgroups, a user space process scheduling abstraction exposed by the operating system, NFVnice is capable of controlling when network functions should be scheduled. NFVnice improves NF performance by complementing the capabilities of the OS scheduler but without requiring changes to the OS's scheduling mechanisms. Our controlled experiments show that NFVnice provides the appropriate rate-cost proportional fair share of CPU to NFs and significantly improves NF performance (throughput and loss) by reducing wasted work across an NF chain, compared to using the default OS scheduler. NFVnice achieves this even for heterogeneous NFs with vastly different computational costs and for heterogeneous workloads.

Into the Storm: Descrying Optimal Configurations Using Genetic Algorithms and Bayesian Optimization

Abstract: Finding an optimal configuration for the number of worker processes and executors for a Storm topology is imperative for maximizing its performance. However, this process is both tedious and time-consuming due to the vast number of parameters to tune, their intertwined relationship with each other, and the temporal overhead of simply rebalancing a topology with a new set of configuration parameters. Without a thorough understanding of the data, the topology, and the framework itself, this endeavor quickly becomes intractable. In order to facilitate the discovery of these parameters, we explore automatic parameter tuners based on either Bayesian optimization or genetic algorithms. To help guide these optimization algorithms, we incorporate both Storm performance data and JMX profiler information. Utilizing a benchmark suite of Storm topologies encompassing a diverse set of performance characteristics, we show that the genetic algorithm approach in particular can quickly find a parameter configuration that nearly doubles performance compared to a common "rule of thumb" baseline.

Design Challenges for High Performance, Scalable NFV Interconnects

Abstract: Software-based network functions (NFs) have seen growing interest. Increasingly complex functionality is achieved by having multiple functions chained together to support the required network-resident services. Network Function Virtualization (NFV) platforms need to scale and achieve high performance, potentially utilizing multiple hosts in a cluster. Efficient data movement is crucial, a cornerstone of kernel bypass. Moving packet data involves delivering the packet from the network interface to an NF, moving it across functions on the same host, and finally across yet another network to NFs running on other hosts in a cluster/data center. In this paper we measure the performance characteristics of different approaches for moving data at each of these levels. We also introduce a new high performance inter-host interconnect using InfiniBand. We evaluate the performance of Open vSwitch and the Open Net VM NFV platform, considering a simple forwarding function and Snort, a popular intrusion detection system.

Active network middleware with opennetVM

Abstract: Communication Networks are no longer just pipes that move data from place to place. They are becoming powerful, software-based infrastructures capable of transforming and inspecting data as it moves between hosts. Two trends reflect this: the use of Software Defined Networks (SDN) to dynamically manage the network control plane (i.e., routing), and Network Function Virtualization (NFV) to provide a high-performance network data plane (e.g., middleboxes - services like firewalls, proxies, etc.). NFV promises to enable a vast array of in-network software functions running efficiently in virtualized environments. This is a paradigm shift from traditional networks that relied on purpose-built, costly and inflexible hardware middleboxes. To accelerate research and development of network middleware, we have developed OpenNetVM, an open-source (BSD license) software infrastructure for high speed packet processing.

Towards an OS for the Network Data Plane

Abstract: Network Function Virtualization (NFV) promises a cloudcomputing-like shared platform for packet processing network functions (NFs). Realizing this vision requires a carefully managed packet processing architecture that ensures multiple tenants can safely and efficiently utilize resources. Recent advancements such as user space I/O have significantly improved the throughput (packets/sec) of x86based packet processing. However, current approaches either rely on VM or container-based isolation between NFs, which incurs high context switch overheads, or run NFs in a shared address space without protection or proper performance guarantees. Our position is that the data plane architecture must play the role of an operating system (OS) for modular NFs run by different tenants, and hence it should provide a number of OS-like capabilities, including: Memory protection: Similar to the abstraction of an OS process, the contents of memory for an NF and a tenant must be protected from others. Resource allocation: Similar to an OS process scheduler, resource allocation should balance the twin goals of high throughput and fairness among tenants. State management: Similar to a file system, state management should enable modules to store processing state, e.g., TCP connection state in a stateful NF. Access control: Similar to the concepts of OS users & permissions, access control should determine the privilege level of tenants and NFs to read or modify architectural components, e.g, processing graph and per-flow state.