A Case for Spraying Packets in Software Middleboxes

The standard approach adopted by software middleboxes to use multiple cores has long been to direct packets to cores at flow granularity. This, however, has significant shortcomings. First, it is inefficient, since it cannot use all cores when there is a small number of concurrent flows---which happens frequently. Second, asymmetry in flow distribution causes unfairness even with a larger number of flows. Yet, the current trend of higher-speed links and core-richer CPUs only aggravates these problems. In this paper, we propose a natural alternative: that middleboxes should direct packets to cores at a finer granularity. Our system, Sprayer, solves the fundamental problems of per-flow solutions and addresses the new challenges of handling shared flow state that come with packet spraying. Sprayer builds on the observation that most middleboxes only update flow state when connections start or finish; ensuring that all control packets from the same TCP connection are processed in the same core. We show that, when compared to the per-flow alternative, Sprayer significantly improves fairness and seamlessly uses the entire capacity, even when there is a single flow.

[1]  Amin Vahdat,et al.  Hedera: Dynamic Flow Scheduling for Data Center Networks , 2010, NSDI.

[2]  Wu-chun Feng,et al.  O3FA: A scalable finite automata-based pattern-matching engine for out-of-order deep packet inspection , 2016, 2016 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[3]  Katerina J. Argyraki,et al.  ResQ: Enabling SLOs in Network Function Virtualization , 2018, NSDI.

[4]  Scott Shenker,et al.  E2: a framework for NFV applications , 2015, SOSP.

[5]  Aditya Akella,et al.  OpenNF , 2014, SIGCOMM.

[6]  Scott Shenker,et al.  Rollback-Recovery for Middleboxes , 2015, Comput. Commun. Rev..

[7]  Vyas Sekar,et al.  Design and Implementation of a Consolidated Middlebox Architecture , 2012, NSDI.

[8]  K. K. Ramakrishnan,et al.  NetVM: High Performance and Flexible Networking Using Virtualization on Commodity Platforms , 2014, IEEE Transactions on Network and Service Management.

[9]  EDDIE KOHLER,et al.  The click modular router , 2000, TOCS.

[10]  Eunyoung Jeong,et al.  Comparison of caching strategies in modern cellular backhaul networks , 2013, MobiSys '13.

[11]  Scott Shenker,et al.  NetBricks: Taking the V out of NFV , 2016, OSDI.

[12]  Hong Zhang,et al.  Resilient Datacenter Load Balancing in the Wild , 2017, SIGCOMM.

[13]  Andrew Warfield,et al.  Split/Merge: System Support for Elastic Execution in Virtual Middleboxes , 2013, NSDI.

[14]  Michael Mitzenmacher,et al.  The Power of Two Choices in Randomized Load Balancing , 2001, IEEE Trans. Parallel Distributed Syst..

[15]  Yu Xiaodong,et al.  O3FA: A scalable finite automata-based pattern-matching engine for out-of-order deep packet inspection , 2016 .

[16]  Ramana Rao Kompella,et al.  On the impact of packet spraying in data center networks , 2013, 2013 Proceedings IEEE INFOCOM.

[17]  Chen Sun,et al.  NFP: Enabling Network Function Parallelism in NFV , 2017, SIGCOMM.

[18]  Kushagra Vaid,et al.  Azure Accelerated Networking: SmartNICs in the Public Cloud , 2018, NSDI.

[19]  Nick McKeown,et al.  pFabric: minimal near-optimal datacenter transport , 2013, SIGCOMM.

[20]  Daniel Raumer,et al.  MoonGen: A Scriptable High-Speed Packet Generator , 2014, Internet Measurement Conference.

[21]  Raj Jain,et al.  A Quantitative Measure Of Fairness And Discrimination For Resource Allocation In Shared Computer Systems , 1998, ArXiv.

[22]  Vyas Sekar,et al.  The middlebox manifesto: enabling innovation in middlebox deployment , 2011, HotNets-X.

[23]  Jason Lee,et al.  The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware , 2007, RAID.

[24]  Sylvia Ratnasamy,et al.  SoftNIC: A Software NIC to Augment Hardware , 2015 .

[25]  Fan Yang,et al.  The QUIC Transport Protocol: Design and Internet-Scale Deployment , 2017, SIGCOMM.

[26]  Monia Ghobadi,et al.  HotCocoa: Hardware Congestion Control Abstractions , 2017, HotNets.

[27]  Vyas Sekar,et al.  Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.

[28]  Srikanth Kandula,et al.  Dynamic load balancing without packet reordering , 2007, CCRV.

[29]  Dongsu Han,et al.  mOS: A Reusable Networking Stack for Flow Monitoring Middleboxes , 2017, NSDI.

[30]  Liang Guo,et al.  The war between mice and elephants , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[31]  Eddie Kohler,et al.  The Click modular router , 1999, SOSP.

[32]  Haitao Wu,et al.  Per-packet load-balanced, low-latency routing for clos-based data center networks , 2013, CoNEXT.

[33]  Wei Zhang,et al.  NFVnice: Dynamic Backpressure and Scheduling for NFV Service Chains , 2017, IEEE/ACM Transactions on Networking.

[34]  Mark Handley,et al.  Re-architecting datacenter networks and stacks for low latency and high performance , 2017, SIGCOMM.

[35]  Franck Le,et al.  Stateless Network Functions: Breaking the Tight Coupling of State and Processing , 2017, NSDI.

[36]  Bo Han,et al.  ParaBox: Exploiting Parallelism for Virtual Network Functions in Service Chaining , 2017, SOSR.

[37]  George Varghese,et al.  CONGA: distributed congestion-aware load balancing for datacenters , 2015, SIGCOMM.

[38]  Keqiang He,et al.  Presto: Edge-based Load Balancing for Fast Datacenter Networks , 2015, SIGCOMM.

[39]  Scott Shenker,et al.  Elastic Scaling of Stateful Network Functions , 2018, NSDI.

[40]  Rebecca Steinert,et al.  Metron: NFV Service Chains at the True Speed of the Underlying Hardware , 2018, NSDI.