Towards a Scalable Modular QUIC Server

QUIC has been recently proposed as an alternative transport protocol for web services requiring both low latency and end-to-end encryption. In a different direction, recent kernel-bypass techniques enabling high-speed packet I/O have fostered the development of scalable middleboxes and servers with the introduction of user-space network stacks. Attempting to join the best of both solutions, we introduce in this paper a modular L2--L7 network stack in user space based on QUIC. Our modular and scalable QUIC transport protocol called cQUIC is implemented in Click and uses Intel® DPDK for high-speed packet I/O. We prototype cQUIC and show at least an order of magnitude improvement over the Google QUIC server. We also show that cQUIC scalability is CPU (and not I/O) bounded due to the high cost of cryptographic operations. From real-world traffic traces, we observe that up to 18% of QUIC connections are established using the expensive 2-RTT handshake, limiting scalability further.

[1]  Massimo Gallo,et al.  CliMB: Enabling Network Function Composition with Click Middleboxes , 2016, CCRV.

[2]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[3]  Dan S. Wallach,et al.  Performance analysis of TLS Web servers , 2006, TOCS.

[4]  Roberto Bifulco,et al.  ClickOS and the Art of Network Function Virtualization , 2014, NSDI.

[5]  Quirin Scheitle,et al.  QUIC-Quick UDP Internet Connections , 2017 .

[6]  Eunyoung Jeong,et al.  Comparison of caching strategies in modern cellular backhaul networks , 2013, MobiSys '13.

[7]  Gene Tsudik,et al.  Improving secure server performance by re-balancing SSL/TLS handshakes , 2006, ASIACCS '06.

[8]  Seungyeop Han,et al.  SSLShader: Cheap SSL Acceleration with Commodity Processors , 2011, NSDI.

[9]  Sotiris Ioannidis,et al.  PixelVault: Using GPUs for Securing Cryptographic Operations , 2014, CCS.

[10]  Luigi Rizzo,et al.  netmap: A Novel Framework for Fast Packet I/O , 2012, USENIX ATC.

[11]  T. V. Lakshman,et al.  Multilayer Packet Classification With Graphics Processing Units , 2016, IEEE/ACM Transactions on Networking.

[12]  Debanjan Saha,et al.  Transport layer security: how much does it really cost? , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[13]  Eddie Kohler,et al.  The Click modular router , 1999, SOSP.

[14]  Cristina Nita-Rotaru,et al.  How Secure and Quick is QUIC? Provable Security and Performance Analyses , 2015, 2015 IEEE Symposium on Security and Privacy.

[15]  Ian Swett,et al.  QUIC Loss Recovery And Congestion Control , 2015 .

[16]  Christoforos E. Kozyrakis,et al.  IX: A Protected Dataplane Operating System for High Throughput and Low Latency , 2014, OSDI.

[17]  Eunyoung Jeong,et al.  mTCP: a Highly Scalable User-level TCP Stack for Multicore Systems , 2014, NSDI.

[18]  Laurent Mathy,et al.  Fast userspace packet processing , 2015, 2015 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[19]  Mark Handley,et al.  Network stack specialization for performance , 2013, HotNets.

[20]  Ryan Hamilton,et al.  QUIC: A UDP-Based Secure and Reliable Transport for HTTP/2 , 2016 .

[21]  Dario Rossi,et al.  Experiences of Internet traffic monitoring with tstat , 2011, IEEE Network.