netkernel making network stack part of the virtualized
play

NetKernel: Making Network Stack Part of the Virtualized - PowerPoint PPT Presentation

Nov 20, 2023 •144 likes •399 views

NetKernel: Making Network Stack Part of the Virtualized Infrastructure Zhixiong Niu , Hong Xu, Peng Cheng, Qiang Su, Yongqiang Xiong, Tao Wang, Dongsu Han, Keith Winstein Current architecture in the cloud VM VM APP APP Guest OS Guest OS

  1. NetKernel: Making Network Stack Part of the Virtualized Infrastructure Zhixiong Niu , Hong Xu, Peng Cheng, Qiang Su, Yongqiang Xiong, Tao Wang, Dongsu Han, Keith Winstein

  2. Current architecture in the cloud VM VM APP APP Guest OS Guest OS Network Stack Network Stack Hypervisor infrastructure DCN Infrastructure 2

  3. What’re the fundamental limitations? 3

  4. Motivation: Tenants Have to deal with the network stack all by myself CTCP BBR MPTCP Buffer TCP parameters net.ipv4.tcp_rmem initcwnd CUBIC PCC DCTCP net.ipv4.tcp_wmem initialRTO (ms) mTCP net.core.rmem_max minRTO (ms) StackMap MegaPipe net.core.wmem_max DelayedAckTimeout (ms) Kernel FlexSC FastSocket 4

  5. Tenants are primarily concerned with performance and functionality, not implementation details. 5

  6. Motivation: Operator I know everything here. I can really help my tenants (and make some money!) NIC NIC NIC RDMA FPGA Kernel Kernel Kernel NIC DPDK Resources 6

  7. Motivation: Operator VM Zero visibility or control Tenant of the network stack Stack Hypervisor Provider Can’t deploy new stacks (DCTCP) Difficult to even define performance SLA Difficult to troubleshoot Difficult to perform management tasks 7

  8. Is there a better way? 8

  9. Making Network Stack Part of the Virtualized Infrastructure Interface unchanged (BSD sockets, etc.) Packets handled in Current architecture the NSM 9 9

  10. Benefits • Better efficiency in management for the operator • Orchestrate the resource provisioning strategies more flexibly • Implement management functions as a part of user’s network stack • Deployment and performance gains for users without efforts • Enforce various kernel stack optimizations • Enforce high-performance userspace stacks • Use advanced hardware 10

  11. Design Challenges • How to transparently redirect socket API calls without changing applications? • How to transmit the socket semantics between the VM and NSM? • How to ensure high performance with semantics transmission (e.g., 100 Gbps)? 11

  12. Transparent socket API redirection • A new sock type, SOCK_NETKERNEL • GuestLib: A complete implementation of BSD socket APIs Tenant VM BSD Socket API socket(), socket_sendmsg(), … socket(), send(), … GuestLib nk_socket(), nk_socket_sendmsg(), … nk_socket(), nk_sendmsg(), … GuestLib 12

  13. A lightweight semantics channel • NQE: NetKernel queue elements for semantics 1B 1B 1B 4B 8B 8B 4B 5B op Queue VM VM ID op_data data pointer size rsved type set ID socket ID • NQE queues for semantics transmission and hugepages for data transmission in NetKernel device Tenant VM BSD Socket API socket(), send(), … (4) return to app (1) NetKernel socket GuestLib nk_bind(), nk_sendmsg(), … (3) response NQE (2) translate to NQE Huge NetKernel NQE 13 Queues pages device

  14. Scalable lockless queues • Per-core queue set, lockless queues • NQE switching via CoreEngine NSM 1 VM1 ServiceLib GuestLib … NK device queue set 2 queue set 1 queue set 1 connection table <VM ID, queue set ID, socket ID> <NSM ID, queue set ID, socket ID> <01, 01, 2A 3E 97 C3> <01, 01, C8 5D 42 6F> <01, 01, FC 68 4E 02> <01, 02, ?> CoreEngine 14

  15. VM based NSM. • Supports existing kernel and userspace stacks from various Oses • Provide good isolation to guarantee the performance • Run stacks independent of the hypervisor 15

  16. NetKernel Tenant VM NSM APP1 APP2 Network Stack BSD Socket Huge pages GuestLib ServiceLib (NetKernel Socket) vNIC Huge Huge NetKernel mmap pages pages device queues queues Virtual Switch or Embedded NetKernel CoreEngine Switch (SR-IOV) stripped area indicates a shared memory region pNICs 16

  17. Implementation • QEMU KVM 2.5.0, Linux Kernel 4.9 • Intel(R) Xeon(R) 16-core CPU @ 2.30GHz x 2 • 256GB DDR4 2133MHz • Mellanox ConnectX-4 100G single port NIC 17

  18. Use Cases #1: Multiplexing Application Gateway (AG): L7 proxy and load balancing services AG1 AG2 AG3 4 core 4 core 4 core 120 AG1 AG2 AG3 Normalized rps performance 100 80 60 40 20 0 0 10 20 30 40 50 60 Time (min) Normalized RPS Performance of a trace from a large cloud 18

  19. Use Cases #1: Multiplexing NetKernel: 9 Cores Baseline: 12 Cores AG1 1 core 14 Baseline Netkernel AG2 Normalized rps per core NSM 12 10 5 cores 1 core 8 6 AG3 4 CoreEngine 1 core 2 1 core 0 0 10 20 30 40 50 60 Time (min) Benefit: NetKernel can help operator perform network management more efficiently 19

  20. Use Case #2: Deploying mTCP without API Change • mTCP doesn't support Nginx yet • mTCP ported as an NSM, fixed a bug in DPDK mlx5_core driver • Unmodified Nginx on mTCP without any tenant effort 400 350 mTCP NSM brings ~1.8x performance gain 300 250 200 150 100 50 0 1 vCPU 2 vCPUs 4 vCPUs Krps Kernel Stack NSM mTCP NSM 20

  21. Use Case #3: Shared Memory Networking • The operator can easily detect the on-host traffic with NetKernel • For on-host traffic, it can use shared memory NSM to avoid TCP and bridge overhead Deployment and performance gains for users Shared memory NSM can achieve >2x performance gain for on-host traffic 120 Baseline 100 1et.ernel w. sKareG mem 160 TKrougKSut (GbSs) 80 60 40 20 0 64 128 256 512 1024 2048 4096 8192 0essage 6ize (B) Benefit: NetKernel can help user achieve deployment and performance gains 21

  22. Microbenchmarks: Throughput • Baseline (a VM) and NetKernel (a VM with a Linux Kernel) using the same setting • 8 TCP connections, 8KB messages 120 120 Baseline Baseline 100 100 1etKeUnel 1etKeUnel 7KUougKput (Gbps) 7KUougKput (Gbps) 80 80 60 60 40 40 20 20 0 0 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 # of vC38s # of vC38s Send Receive Can achieve 100Gbps with 3 cores (send), 8 cores (receive) 22

  23. Microbenchmarks: RPS • Simple epoll server, short TCP conn. • 64B request/response 1200 Baseline 1000 1et.eUnel 5eTuests / sec (x 10 3 ) 1et.eUnel w. P7C3 160 800 mTCP NSM brings 2x performance gain P7C3 600 400 200 0 1 2 3 4 5 6 7 8 # Rf vC38s 23

  24. Discussion and future directions • How can I do Netfilter? • Hard to support for multiple-tenant NSM • What about troubleshooting performance issues? • Operator can easily monitor their NSMs by deploy additional mechanisms in the NSMs • Does NetKernel increase the attack surface? • Own address spaces for NK device • Isolated channel between NSM and VM • Future directions • Performance isolation • Charging policies • FPGA/SoC 24

  25. Recap • Designed and implemented NetKernel • Decouples the network stack from the guest • Making it part of the virtualized infrastructure in the cloud • Enabled several new usecases • Multiplexing, mTCP NSM, Shared mem. NSM • Conducted comprehensive testbed evaluation with commodity 100G NICs • Website • https://netkernel.net 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Building a Fast, Virtualized Building a Fast, Virtualized Data Plane with Data Plane with

Building a Fast, Virtualized Building a Fast, Virtualized Data Plane with Data Plane with

Building a Fast, Virtualized Building a Fast, Virtualized Data Plane with Data Plane with Programmable Hardware Programmable Hardware Bilal Anwer Nick Feamster 1 Network Virtualization Network Virtualization Network virtualization enables

299 views • 27 slides
Virtualized ICN (vICN) Towards a Unified Network Virtualization Framework for ICN Experimentation

Virtualized ICN (vICN) Towards a Unified Network Virtualization Framework for ICN Experimentation

Virtualized ICN (vICN) Towards a Unified Network Virtualization Framework for ICN Experimentation M. Sardara*, L. Muscariello, J. Aug, M. Enguehard* , A. Compagno, G. Carofiglio September 28 th 2017 ACM ICN, Berlin *also with Telecom ParisTech

450 views • 15 slides
THE THINGS NETWORK STACK V3 Johan Stokking ANNOUNCING THE THINGS NETWORK STACK V3 Supports

THE THINGS NETWORK STACK V3 Johan Stokking ANNOUNCING THE THINGS NETWORK STACK V3 Supports

THE THINGS NETWORK STACK V3 Johan Stokking ANNOUNCING THE THINGS NETWORK STACK V3 Supports LoRaWAN versions: 1.1, 1.0.2 and 1.0 Features Gateway Agent, Gateway Server, Network Server, ApplicaEon Server, Join Server, IdenEty Server

465 views • 23 slides
A 5G Convergent Virtualized Radio Access Network Living at the Edge Alain Mourad 1 , Antonio De La

A 5G Convergent Virtualized Radio Access Network Living at the Edge Alain Mourad 1 , Antonio De La

A 5G Convergent Virtualized Radio Access Network Living at the Edge Alain Mourad 1 , Antonio De La Oliva 2 , Shahzoob Bilal 3 1 InterDigital Europe Ltd, 2 University Carlos III of Madrid, 3 ITRI 5G-CORAL in a Nutshell 2 A joint EU-Taiwan bid to

432 views • 24 slides
64-bit Linux stack smashing tutorial: Part 2 Written on April 21, 2015 This is part 2 of my

64-bit Linux stack smashing tutorial: Part 2 Written on April 21, 2015 This is part 2 of my

Techorganic About PGP Disclaimer Vulnerabilities Musings from the brainpan 64-bit Linux stack smashing tutorial: Part 2 Written on April 21, 2015 This is part 2 of my 64-bit Linux Stack Smashing tutorial. In part 1 we exploited a 64- bit

451 views • 9 slides
EPL606 Internetworking Part 2c 1 IP Internet Concatenation of Networks Network 1

EPL606 Internetworking Part 2c 1 IP Internet Concatenation of Networks Network 1

EPL606 Internetworking Part 2c 1 IP Internet Concatenation of Networks Network 1 (Ethernet) H7 R3 H8 H1 H2 H3 Network 4 (point-to-point) Network 2 (Ethernet) R1 R2 H4 Network 3 (FDDI) Protocol Stack H6 H5 H1 H8 TCP

703 views • 38 slides
IP Network Stack in Ada 2012 and the Ravenscar Profile Stphane Carrez Ada Europe 2017 Ada

IP Network Stack in Ada 2012 and the Ravenscar Profile Stphane Carrez Ada Europe 2017 Ada

IP Network Stack in Ada 2012 and the Ravenscar Profile Stphane Carrez Ada Europe 2017 Ada Embedded Network Stack Project Presentation Implementation Details EtherScope use case Difficulties and solutions with Ravenscar profile

227 views • 21 slides
Linux Network Stack Test Automated and Portable Network Tests Red Hat Radek Pazdera February 2,

Linux Network Stack Test Automated and Portable Network Tests Red Hat Radek Pazdera February 2,

Linux Network Stack Test Automated and Portable Network Tests Red Hat Radek Pazdera February 2, 2013 Abstract Introduction of our approach towards effective network testing. Our Goal A library of network tests to easily catch regressions in

408 views • 20 slides
CrossBow: From Hardware Virtualized NICs t\ to Virtualized Networks Sunay Tripathi, Nicolas

CrossBow: From Hardware Virtualized NICs t\ to Virtualized Networks Sunay Tripathi, Nicolas

CrossBow: From Hardware Virtualized NICs t\ to Virtualized Networks Sunay Tripathi, Nicolas Droux, Thirumalai Srinivasan, Kais Belgaied Aug 17 th . 2009 Sigcomm VISA 2009, Barcelona Sunay Tripathi, Distinguished Engineer, Sun Microsystems Inc

289 views • 24 slides
Towards Nirvana Stack: OpenDaylight Network Control Solution with FD.io Data plane Srikanth

Towards Nirvana Stack: OpenDaylight Network Control Solution with FD.io Data plane Srikanth

Towards Nirvana Stack: OpenDaylight Network Control Solution with FD.io Data plane Srikanth Vavilapalli, Ericsson; Andre Fredette, Redhat OpenStack Summit 2017- Boston Nirvana SDN Stack Applicable Projects Neutron (+Gluon Innovations)

696 views • 16 slides
Stack and Queue Stack Overview Stack ADT Basic operations of stack Pushing, popping

Stack and Queue Stack Overview Stack ADT Basic operations of stack Pushing, popping

Stack and Queue Stack Overview Stack ADT Basic operations of stack Pushing, popping etc. Implementations of stacks using array linked list The Stack ADT A stack is a list with the restriction that insertions and

566 views • 44 slides
Lower Network Stack redesign Jos I. lamos (@jia200x) HAW Hamburg September 15, 2020 Jos

Lower Network Stack redesign Jos I. lamos (@jia200x) HAW Hamburg September 15, 2020 Jos

Lower Network Stack redesign Jos I. lamos (@jia200x) HAW Hamburg September 15, 2020 Jos I. lamos (@jia200x) (HAW Hamburg) Lower Network Stack redesign September 15, 2020 1 / 30 Scope Upper layers Sock API Netif API Network Stack

637 views • 30 slides
An open source user space fast path TCP/IP stack Industry network challenges Growth in data

An open source user space fast path TCP/IP stack Industry network challenges Growth in data

An open source user space fast path TCP/IP stack Industry network challenges Growth in data traffic means that even small network nodes needs a fast path The Linux IP stack is slow and does not scale High throughput IP processing

361 views • 20 slides
Internet Protocol Stack Application: supporting network applications application FTP,

Internet Protocol Stack Application: supporting network applications application FTP,

Internet Protocol Stack Application: supporting network applications application FTP, SMTP, HTTP Transport: data transfer between transport processes TCP, UDP network Network: routing of datagrams from source to

1.04k views • 82 slides
Value Stack Calculator Training NYSERDA Thursday June 6, 2019 2 Welcome and Context As

Value Stack Calculator Training NYSERDA Thursday June 6, 2019 2 Welcome and Context As

Value Stack Calculator Training NYSERDA Thursday June 6, 2019 2 Welcome and Context As part of NYSs transition away from net metering, we transitioned to VDER/The Value Stack about 2 years ago The Value Stack is a nuanced tariff

482 views • 19 slides
The Stack Eric McCreath The Stack The stack is a simple but useful data structure in computer

The Stack Eric McCreath The Stack The stack is a simple but useful data structure in computer

The Stack Eric McCreath The Stack The stack is a simple but useful data structure in computer science. The stack is an abstract data type that has two main operations. These are push which adds an element to the top of the stack and pop which

754 views • 8 slides
CloudEx:)A)Financial)Application)in)the)Cloud Balaji)Prabhakar CS)349F)Lec 6@II

CloudEx:)A)Financial)Application)in)the)Cloud Balaji)Prabhakar CS)349F)Lec 6@II

CloudEx:)A)Financial)Application)in)the)Cloud Balaji)Prabhakar CS)349F)Lec 6@II Accurate(Timing(is(Foundational(for(the(Financial(Industry Exchanges)and) Trading)Platforms Ensure(fairness:(in;order(execution(of(transactions (

364 views • 11 slides
Firewalls and intrusion detection systems Markus Peuhkuri 2005-03-22 Lecture topics Firewalls

Firewalls and intrusion detection systems Markus Peuhkuri 2005-03-22 Lecture topics Firewalls

Firewalls and intrusion detection systems Markus Peuhkuri 2005-03-22 Lecture topics Firewalls Security model with firewalls Intrusion detection systems Intrusion prevention systems

644 views • 7 slides
Firewalls Session 20 INST 346 Technologies, Infrastructure and Architecture Review

Firewalls Session 20 INST 346 Technologies, Infrastructure and Architecture Review

Firewalls Session 20 INST 346 Technologies, Infrastructure and Architecture Review Homework 4 Lab 4 2 Muddiest Points CDMA GSM is actually now CDMA (in 3G) Loss reasons other than buffer overflow 3 Goals for Today

303 views • 17 slides
A Simplified Access to Grid Resources for Virtual Research Communities Roberto BARBERA

A Simplified Access to Grid Resources for Virtual Research Communities Roberto BARBERA

Consorzio COMETA - Progetto PI2S2 UNIONE EUROPEA A Simplified Access to Grid Resources for Virtual Research Communities Roberto BARBERA (1-3) , Marco FARGETTA (3,*) and Riccardo ROTONDO (2) (1) Department

362 views • 20 slides
OSGi: Simplifying the IoT Gateway Walt Bowers Technical Solutions Architect - Eurotech Nov 5,

OSGi: Simplifying the IoT Gateway Walt Bowers Technical Solutions Architect - Eurotech Nov 5,

OSGi: Simplifying the IoT Gateway Walt Bowers Technical Solutions Architect - Eurotech Nov 5, 2015 Outline Where we are headed Eurotech Overview IoT Gateway Complexity Making IoT Gateways Simple Use Case Cold Chain

672 views • 29 slides
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential however

Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential however

Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential however it creates a threat Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled

699 views • 34 slides
Recent work in OpenBSD relayd AsiaBSDCon 2013 Reyk

Recent work in OpenBSD relayd AsiaBSDCon 2013 Reyk

Recent work in OpenBSD relayd AsiaBSDCon 2013 Reyk Flter (reyk@openbsd.org) Agenda History &amp; Background Recent work SSL Interception Socket

533 views • 19 slides
Building Web Gateways to Science in Python Shreyas Cholia NERSC/LBL SciPy 2010 Jun 30 th 2010

Building Web Gateways to Science in Python Shreyas Cholia NERSC/LBL SciPy 2010 Jun 30 th 2010

Building Web Gateways to Science in Python Shreyas Cholia NERSC/LBL SciPy 2010 Jun 30 th 2010 Austin TX NERSC National Energy Research Scientific Computing Center (NERSC) Supercomputing facility at Berkeley Lab in Berkeley/Oakland CA

590 views • 16 slides

More recommend