Programming Network Stack for Middleboxes with Rubik

Middleboxes are becoming indispensable in modern networks. However, programming the network stack of middleboxes to support emerging transport protocols and flexible stack hierarchy is still a daunting task. To this end, we propose Rubik, a language that greatly facilitates the task of middlebox stack programming. Different from existing hand-written approaches, Rubik offers various high-level constructs for relieving the operators from dealing with massive native code, so that they can focus on specifying their processing intents. We show that using Rubik one can program the middlebox stack with minor effort, e.g., 250 lines of code for a complete TCP/IP stack, which is a reduction of 2 orders of magnitude compared to the hand-written versions. To maintain a high performance, we conduct extensive optimizations at the middleand back-end of the compiler. Experiments show that the stacks generated by Rubik outperform the mature hand-written stacks by at least 30% in throughput.

[1]  Charles N. Fischer,et al.  Crafting a Compiler , 1988 .

[2]  Aditya Akella,et al.  Paving the Way for NFV: Simplifying Middlebox Modifications Using StateAlyzr , 2016, NSDI.

[3]  Harry Chang,et al.  Hyperscan: A Fast Multi-pattern Regex Matcher for Modern CPUs , 2019, NSDI.

[4]  Anat Bremler-Barr,et al.  OpenBox: A Software-Defined Framework for Developing, Deploying, and Managing Network Functions , 2016, SIGCOMM.

[5]  Bin Liu,et al.  NetShield: massive semantics-based vulnerability signature matching for high-speed networks , 2010, SIGCOMM '10.

[6]  Scott Shenker,et al.  NetBricks: Taking the V out of NFV , 2016, OSDI.

[7]  Scott Shenker,et al.  Elastic Scaling of Stateful Network Functions , 2018, NSDI.

[8]  Eunyoung Jeong,et al.  mTCP: a Highly Scalable User-level TCP Stack for Multicore Systems , 2014, NSDI.

[9]  Ryan Hamilton,et al.  QUIC: A UDP-Based Secure and Reliable Transport for HTTP/2 , 2016 .

[10]  Eunyoung Jeong,et al.  Comparison of caching strategies in modern cellular backhaul networks , 2013, MobiSys '13.

[11]  Sally Floyd,et al.  Measuring the evolution of transport protocols in the internet , 2005, CCRV.

[12]  Sylvia Ratnasamy,et al.  BlindBox: Deep Packet Inspection over Encrypted Traffic , 2015, SIGCOMM.

[13]  Eric Torng,et al.  FlowSifter: A counting automata approach to layer 7 field extraction for deep flow inspection , 2012, 2012 Proceedings IEEE INFOCOM.

[14]  Katerina J. Argyraki,et al.  ResQ: Enabling SLOs in Network Function Virtualization , 2018, NSDI.

[15]  Minlan Yu,et al.  SIMPLE-fying middlebox policy enforcement using SDN , 2013, SIGCOMM.

[16]  Ming Zhang,et al.  An untold story of middleboxes in cellular networks , 2011, SIGCOMM.

[17]  Zhi Liu,et al.  Embark: Securely Outsourcing Middleboxes to the Cloud , 2016, NSDI.

[18]  K. K. Ramakrishnan,et al.  Microboxes: high performance NFV with customizable, asynchronous TCP stacks and dynamic subscriptions , 2018, SIGCOMM.

[19]  Benoit Donnet,et al.  Towards a middlebox policy taxonomy: Path impairments , 2015, 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[20]  Rebecca Steinert,et al.  Metron: NFV Service Chains at the True Speed of the Underlying Hardware , 2018, NSDI.

[21]  Larry L. Peterson,et al.  binpac: a yacc for writing application protocol parsers , 2006, IMC '06.

[22]  George Varghese,et al.  Design principles for packet parsers , 2013, Architectures for Networking and Communications Systems.

[23]  Massimo Gallo,et al.  ClickNF: a Modular Stack for Custom Network Functions , 2018, USENIX Annual Technical Conference.

[24]  Muhammad Shahbaz,et al.  Elastic RSS: Co-Scheduling Packets and Cores Using Programmable NICs , 2019, APNet.

[25]  Grenville J. Armitage,et al.  Issues with network address translation for SCTP , 2008, CCRV.

[26]  Fan Yang,et al.  The QUIC Transport Protocol: Design and Internet-Scale Deployment , 2017, SIGCOMM.

[27]  Gerald Q. Maguire,et al.  RSS++: load and state-aware receive side scaling , 2019, CoNEXT.

[28]  Olivier Bonaventure,et al.  Are TCP extensions middlebox-proof? , 2013, HotMiddlebox '13.

[29]  AllmanMark,et al.  A middlebox-cooperative TCP for a non end-to-end internet , 2014 .

[30]  Eddie Kohler,et al.  The Click modular router , 1999, SOSP.

[31]  Scott Shenker,et al.  E2: a framework for NFV applications , 2015, SOSP.

[32]  Gorry Fairhurst,et al.  De-Ossifying the Internet Transport Layer: A Survey and Future Perspectives , 2017, IEEE Communications Surveys & Tutorials.

[33]  Vivek S. Pai,et al.  ModNet: A Modular Approach to Network Stack Extension , 2015, NSDI.

[34]  Vyas Sekar,et al.  Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.

[35]  Hao Li,et al.  Parsing application layer protocol with commodity hardware for SDN , 2015, 2015 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[36]  Bo Chen,et al.  Measurement-based, practical techniques to improve 802.11ac performance , 2017, Internet Measurement Conference.

[37]  Vyas Sekar,et al.  The middlebox manifesto: enabling innovation in middlebox deployment , 2011, HotNets-X.

[38]  Karan Gupta,et al.  Offloading distributed applications onto smartNICs using iPipe , 2019, SIGCOMM.

[39]  Mark Handley,et al.  Is it still possible to extend TCP? , 2011, IMC '11.

[40]  Mark Handley,et al.  How Hard Can It Be? Designing and Implementing a Deployable Multipath TCP , 2012, NSDI.

[41]  Dongsu Han,et al.  SGX-Box: Enabling Visibility on Encrypted Traffic using a Secure Middlebox Module , 2017, APNet.

[42]  Sylvia Ratnasamy,et al.  BlindBox: Deep Packet Inspection over Encrypted Traffic , 2015, SIGCOMM.

[43]  Dongsu Han,et al.  mOS: A Reusable Networking Stack for Flow Monitoring Middleboxes , 2017, NSDI.

[44]  Laurent Mathy,et al.  Building a chain of high-speed VNFs in no time: Invited Paper , 2018, 2018 IEEE 19th International Conference on High Performance Switching and Routing (HPSR).