Abstract
Software data planes running on commodity servers are very popular in real deployments. However, to attain top class performance, the software approach requires the adoption of accelerated network I/O frameworks, each of them characterized by its own programming model and API. As a result, network applications are often closely tied to the underlying technology, with obvious issues of portability over different systems. This is especially true in cloud scenarios where different I/O frameworks could be installed depending on the configuration of the physical servers in the infrastructure.
The nethuns library proposes a unified programming abstraction to access and manage network operations over different I/O frameworks. The library is freely available to the community under the BSD license and currently supports AF_XDP and netmap for fast packet handling along with the classic AF_PACKET and the pcap library. Network applications based on nethuns need only to be re-compiled to run over a different network API. The experiments prove that the overhead introduced by nethuns is negligible, hence making it a convenient programming platform that eases the coding process while guaranteeing high performance and portability. As proofs of concept, a handy traffic generator as well as the popular Open vSwitch application have been successfully ported and tested over nethuns.
- 2021. Data Plane Development Kit (DPDK). [Online]. Available: http://dpdk.org. (2021). Accessed on 08/05/2021.Google Scholar
- 2021. Libbpf Stand-Alone Library. [Online]. Available: https://github.com/libbpf/libbpf. (2021). Accessed on 08/05/2021.Google Scholar
- 2021. Rust eBPF Toolchain. [Online]. Available: https://github.com/redsift/redbpf. (2021). Accessed on 08/05/2021.Google Scholar
- Mina Tahmasbi Arashloo, Yaron Koral, Michael Greenberg, Jennifer Rexford, and David Walker. 2016. SNAP: Stateful Network-Wide Abstractions for Packet Processing. In Proceedings of the 2016 ACM SIGCOMM Conference (SIGCOMM '16). Association for Computing Machinery, New York, NY, USA, 29--43. Google ScholarDigital Library
- Nicola Bonelli, Stefano Giordano, and Gregorio Procissi. 2016. Network Traffic Processing With PFQ. IEEE Journal on Selected Areas in Communications (JSAC) 34, 6 (June 2016), 1819--1833. Google ScholarCross Ref
- Kevin Borders, Jonathan Springer, and Matthew Burnside. 2012. Chimera: A Declarative Language for Streaming Network Traffic Analysis. In 21st USENIX Security Symposium (USENIX Security 12). USENIX Association, Bellevue, WA, 365--379. https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/bordersGoogle Scholar
- Pat Bosshart, Dan Daly, Glen Gibb, Martin Izzard, Nick McKeown, Jennifer Rexford, Cole Schlesinger, Dan Talayco, Amin Vahdat, George Varghese, and David Walker. 2014. P4: Programming Protocol-Independent Packet Processors. SIGCOMM Computer Communication Review (CCR) 44, 3 (July 2014), 87--95. Google ScholarDigital Library
- Christian Hopps. 2019. Katran: A high performance layer 4 load balancer. [Online]. Available: https://github.com/facebookincubator/katran. (2019). Accessed on 06/15/2021.Google Scholar
- Chuck Cranor, Theodore Johnson, Oliver Spataschek, and Vladislav Shkapenyuk. 2003. Gigascope: A Stream Database for Network Applications. In Proceedings of the 2003 ACM SIGMOD International Conference on Management of Data (SIGMOD '03). Association for Computing Machinery, New York, NY, USA, 647--651. Google ScholarDigital Library
- Luca Deri. 2021. PF_RING ZC (Zero Copy). [Online]. Available: http://www.ntop.org/products/packet-capture/pf_ring/pf_ring-zc-zero-copy/. (2021). Accessed on 08/05/2021.Google Scholar
- Facebook. 2018. Katran. [Online]. Available: https://engineering.fb.com/2018/05/22/open-source/open-sourcing-katran-a-scalable-network-load-balancer/. (2018). Accessed on 06/15/2021.Google Scholar
- Alireza Farshin, Tom Barbette, Amir Roozbeh, Gerald Q. Maguire Jr., and Dejan Kostić. 2021. PacketMill: Toward per-Core 100-Gbps Networking. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2021). Association for Computing Machinery, New York, NY, USA, 1--17. Google ScholarDigital Library
- Nate Foster, Nick McKeown, Jennifer Rexford, Guru Parulkar, Larry Peterson, and Oguz Sunay. 2020. Using Deep Programmability to Put Network Owners in Control. SIGCOMM Computer Communication Review( CCR) 50, 4 (October 2020), 82--88. Google ScholarDigital Library
- Open Information Security Foundation. 2021. Suricata. [Online]. Available: https://suricata.io/. (2021). Accessed on 06/15/2021.Google Scholar
- Torsten Hoefler, Salvatore Di Girolamo, Konstantin Taranov, Ryan E. Grant, and Ron Brightwell. 2017. sPIN: High-Performance Streaming Processing In the Network. In Proceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis (SC '17). Association for Computing Machinery, New York, NY, USA, Article 59, 16 pages. Google ScholarDigital Library
- Toke Høiland-Jørgensen, Jesper Dangaard Brouer, Daniel Borkmann, John Fastabend, Tom Herbert, David Ahern, and David Miller. 2018. The eXpress Data Path: Fast Programmable Packet Processing in the Operating System Kernel. In Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies (CoNEXT '18). Association for Computing Machinery, New York, NY, USA, 54--66. Google ScholarDigital Library
- Intel White Paper. 2007. Improving Network Performance in Multi-Core Systems. (2007). http://www.intel.it/content/dam/doc/white-paper/improving-network-performance-in-multi-core-systems-paper.pdfGoogle Scholar
- Magnus Karlsson and Björn Töpel. 2018. The Path to DPDK Speeds for AF_XDP. In Linux Plumbers Conference, Vancouver, 2018. http://vger.kernel.org/lpc_net2018_talks/lpc18_paper_af_xdp_perf-v2.pdfGoogle Scholar
- Akshay Narayan, Aurojit Panda, Mohammad Alizadeh, Hari Balakrishnan, Arvind Krishnamurthy, and Scott Shenker. 2020. Bertha: Tunneling through the Network API. In Proceedings of the 19th ACM Workshop on Hot Topics in Networks (HotNets '20). Association for Computing Machinery, New York, NY, USA, 53--59. Google ScholarDigital Library
- Aurojit Panda, Sangjin Han, Keon Jang, Melvin Walls, Sylvia Ratnasamy, and Scott Shenker. 2016. NetBricks: Taking the V out of NFV. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI '16). USENIX Association, Savannah, GA, 203--216. https://www.usenix.org/conference/osdi16/technical-sessions/presentation/pandaGoogle Scholar
- Cilium Project. 2021. eBPF Go Library. [Online]. Available: https://github.com/cilium/ebpf. (2021). Accessed on 08/05/2021.Google Scholar
- IO Visor Project. 2021. BPF Compiler Collection (BCC). [Online]. Available: https://github.com/iovisor/bcc. (2021). Accessed on 08/05/2021.Google Scholar
- IO Visor Project. 2021. GoBPF CGo-based Library. [Online]. Available: https://github.com/iovisor/gobpf. (2021). Accessed on 08/05/2021.Google Scholar
- Luigi Rizzo. 2012. Netmap: A Novel Framework for Fast Packet I/O. In Proceedings of the 2012 USENIX Annual Technical Conference (ATC '12). USENIX Association, USA, 1--12. https://www.usenix.org/system/files/conference/atc12/atc12-final186.pdfGoogle Scholar
- Hugo Sadok, Zhipeng Zhao, Valerie Choung, Nirav Atre, Daniel S. Berger, James C. Hoe, Aurojit Panda, and Justine Sherry. 2021. We Need Kernel Interposition over the Network Dataplane. In Proceedings of the Workshop on Hot Topics in Operating Systems (HotOS '21). Association for Computing Machinery, New York, NY, USA, 152--158. Google ScholarDigital Library
- Muhammad Shahbaz, Sean Choi, Ben Pfaff, Changhoon Kim, Nick Feamster, Nick McKeown, and Jennifer Rexford. 2016. PISCES: A Programmable, Protocol-Independent Software Switch. In Proceedings of the 2016 ACM SIGCOMM Conference (SIGCOMM '16). Association for Computing Machinery, New York, NY, USA, 525--538. Google ScholarDigital Library
- Sivasothy Shanmugalingam, Adlen Ksentini, and Philippe Bertin. 2016. DPDK Open vSwitch performance validation with mirroring feature. In 2016 23rd International Conference on Telecommunications (ICT). 1--6. Google ScholarCross Ref
- Sourcefire. 2021. Snort. [Online]. Available: https://www.snort.org/. (2021). Accessed on 06/15/2021.Google Scholar
- The Linux Foundation. 2018. Open vSwitch. [Online]. Available: https://www.openvswitch.org/. (2018). Accessed on 06/15/2021.Google Scholar
- The Tcpdump Group. 2021. Tcpdump & Libpcap. [Online]. Available: https://www.tcpdump.org/. (2021). Accessed on 08/05/2021.Google Scholar
- William Tu, Joe Stringer, Yifeng Sun, and Yi-Hung Wei. 2018. Bringing the Power of eBPF to Open vSwitch. In Linux Plumbers Conference, Vancouver, 2018. http://vger.kernel.org/lpc_net2018_talks/ovs-ebpf-afxdp.pdfGoogle Scholar
- William Tu, Yi-Hung Wei, Gianni Antichi, and Ben Pfaff. 2021. Revisiting the Open VSwitch Dataplane Ten Years Later. In Proceedings of the 2021 ACM SIGCOMM Conference (SIGCOMM '21). Association for Computing Machinery, New York, NY, USA, 245--257. Google ScholarDigital Library
- Péter Vörös, Dániel Horpácsi, Róbert Kitlei, Dániel Leskó, Máté Tejfel, and Sándor Laki. 2018. T4P4S: A Target-independent Compiler for Protocol-independent Packet Processors. In 2018 IEEE 19th International Conference on High Performance Switching and Routing (HPSR). 1--8. Google ScholarCross Ref
- Minlan Yu. 2019. Network Telemetry: Towards a Top-down Approach. SIGCOMM Computer Communication Review (CCR) 49, 1 (February 2019), 11--17. Google ScholarDigital Library
- Yifei Yuan, Dong Lin, Ankit Mishra, Sajal Marwaha, Rajeev Alur, and Boon Thau Loo. 2017. Quantitative Network Monitoring with NetQRE. In Proceedings of the 2017 ACM SIGCOMM Conference (SIGCOMM '17). Association for Computing Machinery, New York, NY, USA, 99--112. Google ScholarDigital Library
Index Terms
- Programming socket-independent network functions with nethuns
Recommendations
The secure socket API: TLS as an operating system service
SEC'18: Proceedings of the 27th USENIX Conference on Security SymposiumSSL/TLS libraries are notoriously hard for developers to use, leaving system administrators at the mercy of buggy and vulnerable applications. We explore the use of the standard POSIX socket API as a vehicle for a simplified TLS API, while also giving ...
Comments