MiddleNet: A Unified, High-Performance NFV and Middlebox Framework with eBPF and DPDK
Traditional network resident functions (e.g., firewalls, network address translation) and middleboxes (caches, load balancers) have moved from purpose-built appliances to software-based components. However, L2/L3 network functions (NFs) are being implemented on Network Function Virtualization (NFV)...
Gespeichert in:
Hauptverfasser: | , , , |
---|---|
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | Traditional network resident functions (e.g., firewalls, network address
translation) and middleboxes (caches, load balancers) have moved from
purpose-built appliances to software-based components. However, L2/L3 network
functions (NFs) are being implemented on Network Function Virtualization (NFV)
platforms that extensively exploit kernel-bypass technology. They often use
DPDK for zero-copy delivery and high performance. On the other hand, L4/L7
middleboxes, which have a greater emphasis on functionality, take advantage of
a full-fledged kernel-based system.
L2/L3 NFs and L4/L7 middleboxes continue to be handled by distinct platforms
on different nodes. This paper proposes MiddleNet that develops a unified
network resident function framework that supports L2/L3 NFs and L4/L7
middleboxes. MiddleNet supports function chains that are essential in both NFV
and middlebox environments. MiddleNet uses the Data Plane Development Kit
(DPDK) library for zero-copy packet delivery without interrupt-based
processing, to enable the "bump-in-the-wire" L2/L3 processing performance
required of NFV. To support L4/L7 middlebox functionality, MiddleNet utilizes a
consolidated, kernel-based protocol stack for processing, avoiding a dedicated
protocol stack for each function. MiddleNet fully exploits the event-driven
capabilities of the extended Berkeley Packet Filter (eBPF) and seamlessly
integrates it with shared memory for high-performance communication in L4/L7
middlebox function chains. The overheads for MiddleNet in L4/L7 are strictly
load-proportional, without needing the dedicated CPU cores of DPDK-based
approaches. MiddleNet supports flow-dependent packet processing by leveraging
Single Root I/O Virtualization (SR-IOV) to dynamically select the packet
processing needed (Layers 2 - 7). Our experimental results show that MiddleNet
achieves high performance in such a unified environment. |
---|---|
DOI: | 10.48550/arxiv.2303.04404 |