Towards an OS for the Network Data Plane
暂无分享,去创建一个
Network Function Virtualization (NFV) promises a cloudcomputing-like shared platform for packet processing network functions (NFs). Realizing this vision requires a carefully managed packet processing architecture that ensures multiple tenants can safely and efficiently utilize resources. Recent advancements such as user space I/O have significantly improved the throughput (packets/sec) of x86based packet processing. However, current approaches either rely on VM or container-based isolation between NFs, which incurs high context switch overheads, or run NFs in a shared address space without protection or proper performance guarantees. Our position is that the data plane architecture must play the role of an operating system (OS) for modular NFs run by different tenants, and hence it should provide a number of OS-like capabilities, including: Memory protection: Similar to the abstraction of an OS process, the contents of memory for an NF and a tenant must be protected from others. Resource allocation: Similar to an OS process scheduler, resource allocation should balance the twin goals of high throughput and fairness among tenants. State management: Similar to a file system, state management should enable modules to store processing state, e.g., TCP connection state in a stateful NF. Access control: Similar to the concepts of OS users & permissions, access control should determine the privilege level of tenants and NFs to read or modify architectural components, e.g, processing graph and per-flow state.
[1] Thomas E. Anderson,et al. High Performance Packet Processing with FlexNIC , 2016, ASPLOS.
[2] Scott Shenker,et al. Rollback-Recovery for Middleboxes , 2015, Comput. Commun. Rev..
[3] Aditya Akella,et al. OpenNF , 2014, SIGCOMM.
[4] Dinakar Dhurjati,et al. SAFECode: enforcing alias analysis for weakly typed languages , 2005, PLDI '06.