performance-enhancing proxy ▪ Improve end-to-end performance ▪ Pretends to be the opposite endpoint of the connection in each direction ▪ Typical system used in satellite system ▪ High latency ▪ Different protocol 3 TCP Split Proxy
reconstruct TCP byte stream ▪ For those who needs to know complete information which scatter in many packets ▪ Often used in middlebox, like web proxy ▪ Analysis, compress, forward, etc. 4 TCP Splicing
technology used in NIC ▪ To offload the processing of TCP/IP stack from OS to NIC ▪ E.g., checksum calculation, IP fragmentation, TCP segmentation ▪ Similar concept ▪ Large receive offload (LRO) ▪ Generic segmentation offload (GSO) ▪ TCP Offload Engine (TOE), TCP segmentation offload (TSO) 5 Large Send Offload (LSO)
in NIC ▪ Distribute received packet processing across multiple CPU cores ▪ Use hash mechanism (like 5-tuple) ▪ Increase cache hit ratio 6 Receive Side Scaling (RSS)
in software architecture ▪ Includes publisher, subscriber, broker ▪ Famous project ▪ Apache Kafka ▪ RabbitMQ 7 BTW, famous NFV project Open Source MANO also uses Kafka Publish–Subscribe Pattern
▪ Low latency (since only func call) ▪ Cons: ▪ Not easy to accelerate specific NF ▪ Security, privacy issue ▪ Example: ▪ BESS, mOS ▪ Pros: ▪ Each NF runs in single process or container ▪ NFs of different provider can chain together easily ▪ Cons: ▪ High latency with long chain ▪ Example: ▪ Microboxes, OpenNetVM, ClickOS Focus on packet forwarding, not higher level protocol stack
protocol stack or NF ▪ To trigger needed protocol, application layer to process packets ▪ Transmitted by Microboxes event management system ▪ Microboxes Controller is in charge of publish, subscribe ▪ Can be categorized by flow ▪ Each Event is based on another event (apart from the base: EVENT) 18 μEvents
format accelerates communication ▪ Event/PKT inherits the data structure of EVENT ▪ Event/FLOW is for those who only need to be notified the start/end of a flow (don’t care about other packet) ▪ Each event has an unique event ID 19 μEvents - Base Event Types
starts, it subscribe needed event and provides callback function ▪ If NF subscribe X, it can also parse the information of X/Y (Subscription/load balancing flexibility) 20 μEvents - Base Event Types
▪ Cache needs full TCP endpoint termination (It could be the full cache record is finish) ▪ IDS doesn’t need any TCP processing 21 μStacks - Base Event Types
modular design, μStack must be built upon existing μStack (To prevent duplicated operation) ▪ When NF finishes processing, it sends corresponding message back to μStack 22 μStacks vs μEvents
registry of NFs and the event types ▪ High level logic specifying how publishers and subscribers are interconnected (like SDN controller) ▪ Each NF, μStack module register its message type to controller ▪ When NF modifies the packet or μStack state, it specifies the change in publication ▪ This enables controller to determine which NF can run in parallel 23 Controller
snapshot ▪ Add snapshot of stack in event message ▪ Almost each header in snapshot, but byte stream uses pointer with append-only ▪ Parallel Events ▪ Controller links several NF’s subscription to splitter like NF ▪ After splitter collects all the response and merge them, it propagates result to next stage ▪ Modifying Packets and Stack State ▪ Event-based API for NF to modify (via μStack), which prevents race condition ▪ Parallel Stacks 25 Asynchronous, Parallel Processing
need different μStack ▪ Some stacks allow to be adjusted on each flow ▪ μStacks build on each other to provide progressively more complex processing ▪ The Microboxes TCP stack is broken into the following μStack: ▪ Network Layer ▪ Layer 2/3 determine what flow the arriving packets are, where to go ▪ Maintains minimal state flow stats (e.g., packet count, flow status tracking) ▪ Publish PKT, FLOW event 26 Customizing μStack Modules
▪ Seek to track the TCP state at both client & server side ▪ Allow monitor NF to 1. Reconstruct a bidirectional bytestream 2. Observe TCP state transitions ▪ Ex: stateful firewall doesn’t allow full termination or arbitrary transformation ▪ Subscribe to PKT event from the Network Layer ▪ Produce events including DATA_RDY (when TCP state change) 27 Customizing μStack Modules
▪ For proxy-type middlebox ▪ Redirect a TCP connection after handshake has been established ▪ Ex: HTTP proxy might observe the contents of a GET request ▪ before selecting a server and forwarding the request ▪ By extending the TCP Monitor stack, without requiring full TCP endpoint ▪ Subscribe to PKT/TCP of TCP Monitor to know connection initialization ▪ Splicer responds with a SYN-ACK to finish 3-way handshake with client ▪ Then publish FLOW_REQ event to NF ▪ NF responds with FLOW_DEST contains new destination IP ▪ Splicer initiates a new TCP connection with destination IP 28 Customizing μStack Modules
▪ Export events similar to a socket API ▪ By extending TCP Monitor to contain full TCP logic ▪ E.g., congestion control, retransmission ▪ It’s a new opportunity to deploy many types of NF ▪ E.g, cache server, IoT analysis server at edge cloud 29 Customizing μStack Modules
Proxy and Bytestream NFs: ▪ Most complex NF types perform transformations on the bytestreams ▪ The author calls this Bytestream NF ▪ Requires 2 TCP connection (for client, server) ▪ Allow redirection (like TCP Splicer stack), and byte stream transformation ▪ By extending 2 TCP Endpoint stack ▪ DATA_RDY message type is used when incoming or outgoing data ready ▪ Used by Proxy μStack and Bytestream NF 30 Customizing μStack Modules
▪ Provide shared-memory based communication ▪ NFs run as separate process or container ▪ An IO management layer for starting/stopping NFs ▪ Use RSS (Receive Side Scaling) ▪ To prevent any concurrent updates to shared cache lines 31
redundant processing across service function chain ▪ Make management more flexible ▪ Method ▪ Use publish/subscribe-based API for NFs ▪ Result ▪ Improve latency, throughput, flexibility ▪ Get at least 30% improvement against HAProxy ▪ Compare to mOS, Microboxes has better performance isolation and security level 39
jackkuo
chriscoyier
cherdarchuk
colly
frogandcode
kneath
gr2m
michaelherold
aki_iinuma
keathley
shpigford
andyhume
mclloyd
