Network function virtualization (NFV) allows network services, such as firewalls and routing, to be deployed into a virtual environment and run on commodity hardware. Recently service providers and developers can deploy their network functions (NF) prototypes on a shared infrastructure, and all the NFs are being controlled by the manager of the platform. NFV platforms run these NFs together, and share the system resources to optimize the utilization. This means that limited resources such as CPU cores or memory have to be shared. Several recent NFV systems run network services with one shared memory region, so that they can achieve high performance with zero-copy I/O. This resource sharing brings security problems since it allows malicious NFs to easily modify data from other NFs. To enhance the security of NFV, we are designing a platform to provide stronger memory isolation between different NFs. Our approach is based on the architecture developed for our OpenNetVM platform, which supports lightweight NFs, flexible management, but assumes a single shared memory pool for all NFs.
[1]
Vyas Sekar,et al.
Making middleboxes someone else's problem: network processing as a cloud service
,
2012,
SIGCOMM '12.
[2]
Sylvia Ratnasamy,et al.
SoftNIC: A Software NIC to Augment Hardware
,
2015
.
[3]
Wei Yang,et al.
A survey on security in network functions virtualization
,
2016,
2016 IEEE NetSoft Conference and Workshops (NetSoft).
[4]
Xiang Zhang,et al.
Network function virtualization in the multi-tenant cloud
,
2015,
IEEE Network.
[5]
K. K. Ramakrishnan,et al.
OpenNetVM: A Platform for High Performance Network Service Chains
,
2016,
HotMiddlebox@SIGCOMM.