NFP: Enabling Network Function Parallelism in NFV

Slides:



Advertisements
Similar presentations
Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
Advertisements

SDN Controller Challenges
Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.
Performance Evaluation of Open Virtual Routers M.Siraj Rathore
Song Han, Xiuming Zhu, Al Mok University of Texas at Austin
Programming Abstractions for Software-Defined Networks Jennifer Rexford Princeton University.
Keith Wiles DPACC vNF Overview and Proposed methods Keith Wiles – v0.5.
Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.
NFVRG Dallas Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI.
Software-Defined Networking
Secure Cloud Computing with Virtualized Network Infrastructure HotCloud 10 By Xuanran Zong.
SIMPLE-fying Middlebox Policy Enforcement Using SDN Zafar Ayyub Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Enabling Innovation Inside the Network Jennifer Rexford Princeton University
Composing Software Defined Networks Jennifer Rexford Princeton University With Joshua Reich, Chris Monsanto, Nate Foster, and.
COLLABORATIVE EXECUTION ENVIRONMENT FOR HETEROGENEOUS PARALLEL SYSTEMS Aleksandar Ili´c, Leonel Sousa 2010 IEEE International Symposium on Parallel & Distributed.
Software-Defined Networks Jennifer Rexford Princeton University.
Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.
MIDeA :A Multi-Parallel Instrusion Detection Architecture Author: Giorgos Vasiliadis, Michalis Polychronakis,Sotiris Ioannidis Publisher: CCS’11, October.
Para-Snort : A Multi-thread Snort on Multi-Core IA Platform Tsinghua University PDCS 2009 November 3, 2009 Xinming Chen, Yiyao Wu, Lianghong Xu, Yibo Xue.
Uncovering the Multicore Processor Bottlenecks Server Design Summit Shay Gal-On Director of Technology, EEMBC.
Extending SDN to Handle Dynamic Middlebox Actions via FlowTags (Full version to appear in NSDI’14) Seyed K. Fayazbakhsh, Luis Chiang, Vyas Sekar, Minlan.
Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.
Para-Snort : A Multi-thread Snort on Multi-Core IA Platform Tsinghua University PDCS 2009 November 3, 2009 Xinming Chen, Yiyao Wu, Lianghong Xu, Yibo Xue.
Parallelization of likelihood functions for data analysis Alfio Lazzaro CERN openlab Forum on Concurrent Programming Models and Frameworks.
SIMPLE-fying Middlebox Policy Enforcement Using SDN
Hardened IDS using IXP Didier Contis, Dr. Wenke Lee, Dr. David Schimmel Chris Clark, Jun Li, Chengai Lu, Weidong Shi, Ashley Thomas, Yi Zhang  Current.
Addressing Data Compatibility on Programmable Network Platforms Ada Gavrilovska, Karsten Schwan College of Computing Georgia Tech.
NEWS: Network Function Virtualization Enablement within SDN Data Plane.
BUZZ: Testing Context-Dependent Policies in Stateful Networks Seyed K. Fayaz, Tianlong Yu, Yoshiaki Tobioka, Sagar Chaki, Vyas Sekar.
Re-evaluating Measurement Algorithms in Software Omid Alipourfard, Masoud Moshref, Minlan Yu {alipourf, moshrefj,
RuleTris: Minimizing Rule Update Latency for TCAM-based SDN Switches Xitao Wen*, Bo Yang #, Yan Chen*, Li Erran Li $, Kai Bu #, Peng Zheng &, Yang Yang*,
THE HEBREW UNIVERSITY OF JERUSALEM OpenBox: A Software-Defined Framework for Developing, Deploying, and Managing Network Functions Yotam Harchol The Hebrew.
Early Adopter of NFV? Mitigate Risk! UKNOF 34 - Manchester Anthony Magee, 21 st April 2016 Global Business Development.
NFP: Enabling Network Function Parallelism in NFV
Shaopeng, Ho Architect of Chinac Group
Ready-to-Deploy Service Function Chaining for Mobile Networks
Xin Li, Chen Qian University of Kentucky
NFV Compute Acceleration APIs and Evaluation
Yotam Harchol The Hebrew University of Jerusalem
Yotam Harchol The Hebrew University of Jerusalem
A Survey of Network Function Placement
BESS: A Virtual Switch Tailored for NFV
vCAT: Dynamic Cache Management using CAT Virtualization
GPUNFV: a GPU-Accelerated NFV System
draft-bernini-nfvrg-vnf-orchestration
University of Maryland College Park
The DPIaaS Controller Prototype
Heitor Moraes, Marcos Vieira, Italo Cunha, Dorgival Guedes
Distributed Network Traffic Feature Extraction for a Real-time IDS
6WIND MWC IPsec Demo Scalable Virtual IPsec Aggregation with DPDK for Road Warriors and Branch Offices Changed original subtitle. Original subtitle:
The Multikernel: A New OS Architecture for Scalable Multicore Systems
15-744: Computer Networking
Yotam Harchol The Hebrew University of Jerusalem
Software Defined Networking
of Dynamic NFV-Policies
P5: Policy-driven optimization of P4 pipeline
Accelerating MapReduce on a Coupled CPU-GPU Architecture
NFP: Enabling Network Function Parallelism in NFV
Northbound API Dan Shmidt | January 2017
GEN: A GPU-Accelerated Elastic Framework for NFV
link level network slicing with DPDK
Exploring New Principals and Use-Cases in Linux XIA
DPDK Accelerated Load Balancer
Yotam Harchol The Hebrew University of Jerusalem
Lecture 21, Computer Networks (198:552)
NetCloud Hong Kong 2017/12/11 NetCloud Hong Kong 2017/12/11 PA-Flow:
NFV and SD-WAN Multi vendor deployment
A Closer Look at NFV Execution Models
Control-Data Plane Separation
Presentation transcript:

NFP: Enabling Network Function Parallelism in NFV Chen Sun Jun Bi Zhilong Zheng Heng Yu Hongxin Hu

NFV — Bright Side vs. Dark Side Dedicated Dedicated Dedicated Dedicated NFV: Commodity Hardware Devices VM VM VM VM Service Chain VPN Monitor Firewall Load Balancer Virtualization Techniques Low Cost High Latency Flexibility 200 μs ~ 1 ms × 7 Scalability ……

Recent Research on Reducing NFV Latency NF Acceleration Packet Delivery Acceleration NF Modularization ClickNP (SIGCOMM’16) NetBricks (OSDI’16) OpenBox (SIGCOMM’16) DPDK ClickOS (NSDI’14) NetVM (NSDI’14) VPN Monitor Firewall Load Balancer Accelerate each component of the chain Horizontally

53.8% NF pairs can work in parallel Key Observations Read Drop? 53.8% NF pairs can work in parallel VPN Monitor Firewall Load Blancer 25% ↓ VPN Firewall Monitor Load Balancer Drop? Vertical Acceleration Read

NFP exploits Network Function Parallelism to reduce NFV latency

Challenge 1: Service Graph Description Service Chain Service Graph VPN Firewall Monitor LB VPN Firewall Monitor LB (1) (2) (3) (4) NF → Position Sequential chaining intent VPN → 1 Monitor → 2 Firewall → 3 LB → 4 Parallel orchestration intent Intuitive and Expressive

Challenge 2: Service Graph Construction Service Chain ① ② Dependency Identification NF Dependency Graph Construction Monitor Firewall

Challenge 3: Resource Overhead Optimization Service Chain VPN Firewall Monitor LB VPN Firewall Monitor Load Balancer Service Graph Extra Packet Copies Resource Overhead

Challenge 4: Infrastructure for Parallelism VPN Firewall Monitor Load Balancer Copy Deliver Merge with minimum overhead massive packet copies final output

Challenge 4: Infrastructure for Parallelism Packet Dropping VPN Firewall Monitor Load Balancer VPN Firewall Monitor LB

NFP Design Overview Policy Specification Scheme Orchestrator C1: Intuitive graph description Orchestrator C2: Service graph construction C3: Resource optimization Infrastructure C4: Infrastructure for parallelism Policies Service Graph NFP Compiler Orchestrator Processing & Delivery In Parallel Infrastructure VPN Firewall Monitor Load Balancer

Policy Specification Scheme Order (NF1, before, NF2) Order (Monitor, before, FW) Priority (NF2 > NF1) Priority (IPS > Firewall) Position (NF, first/last) Position (VPN, first) Position (LB, last) Firewall Monitor Sequential chaining Firewall IPS Parallel orchestration VPN Load Balancer … Position assignment

Orchestrator Design NFP Orchestrator NFP Policy Service Graph Position(VPN, first) Order(FW, before, LB) Order(Monitor, before, LB) C2: Service graph construction C3: Resource overhead optimization 1. NF Dependency Identification 2. Resource Overhead Optimization 3. Service Graph Construction Dependency Identification of Order (NF1, before, NF2) Parallelize NFs with low resource overhead Service graph construction based on step 1 & 2

1. NF Dependency Identification Action Dependency Read (R) Write (W) Add/Remove Drop NF % SIP DIP Payload Add/Rm Drop Firewall 26% R NIDS 20% Gateway (Conf /Voice/Media) 19% Load Balance 10% R/W Caching VPN 7% Add / Rm NAT Compression

1. Action Dependency Analysis Packet Result correctness principle Action1 Action2 State Read Write Independent Read Write Dependent Write Read

1. Action Dependency Analysis Result correctness principle Action 2 Read Write Add/Rm Drop Action 1 Parallelizable Not parallelizable Actions_NF1 [ ] Action Dependency NF Dependency Order (NF1, before, NF2) Actions_NF2 [ ]

2. Resource Overhead Optimization Dirty Memory Reusing Header Only Copying Very few (7%) NFs operate on payload Packet header: 64 ÷ 724 = 8.8% Reduce Copying Necessity Read (SIP) Write (DIP) Read (SIP) Write (DIP) Reduce Copying Overhead

3. Service Graph Construction Position (NF1, first) Individual NF1 NF2 NF3 Sequential NF3 NF2 Order (NF2, before, NF3) (NF2, before, NF4) NF5 NF4 NF4 NF1 Parallel NF6 NF5 Priority (NF5 > NF6) (NF6 > NF7) NF6 NF7 NF7 Compile Dependency & Copying Necessity Merge Policy Final Graph 18

Infrastructure Design Challenges Solutions Orchestrator Packet Copying Resource Overhead Optimization Packet Delivery Infrastructure NF Runtime Packet Merging Merger Packet Dropping

NF Runtime for Packet Delivery Centralized vSwitch Distributed Packet Delivery VNF 1 NF Runtime R T Container VNF 2 VM vSwitch VM VNF 1 VNF 2 VNF 3 NF Runtime R T Container VNF 4 Performance Bottleneck

Packet Dropping in NF Runtime Merger …… nil nil

Packet Merging Packet Merging Packet Dropping nil Output Dropped c1 c2

Implementation and Evaluation 14,000 LoC for the NFP framework prototype L3 Forwarder, Load Balancer, Firewall, IDS, VPN, Monitor Evaluation target: OpenNetVM (HotMiddlebox’16) Evaluation Setup Linux kernel 4.4.0-31 DPDK version 16.11 Intel(R) Xeon(R) E5-2690 v2 CPUs, 256G RAM, 2×10G NICs DPDK-based Packet Generator NFP or OpenNetVM

1. Sequential Service Chain Performance …… * Slightly higher latency: no separate CPU core for delivery * Improved rate: distributed packet delivery avoids bottleneck

2. Optimization Effect wrt NF Complexity Latency Benefit NF Complexity

3. Optimization Effect wrt Parallelism Degree Latency Benefit …… Parallelism Degree

4. Optimization Effect wrt Graph Structure (1) (2) Equivalent chain length (3) (4) (5) (6)

5. Real World Service Chain Performance Service chain for north-south DC traffic VPN Firewall Monitor LB 241μs → 210μs (-12.9%) Resource Overhead: 0% VPN Firewall Monitor LB Service chain for west-east DC traffic 220μs → 141μs (-35.9%) Resource Overhead: 8.8% Monitor LB copy IDS Monitor LB IDS

Related Work Orthogonal to NFP: Similar motivation: Batch processing (e.g. NetVM [NSDI’14], Intel DPDK) Parallel processing of NF building blocks (e.g. ClickNP [SIGCOMM’16]) Parallelism between match-action tables (e.g. P4, RMT [SIGCOMM’13]) Module composition in parallel in SDN (e.g. Pyretic [NSDI’13]) Similar motivation: Parabox [SOSR’17]: direct NF dependency analysis, mirror & merge function Only NFP provides a complete framework for NF parallelism in NFV Policy Specification Scheme for service graph description Orchestrator for action based NF dependency analysis and resource optimization Infrastructure for light-weight copying, efficient delivery and merging

Conclusion NFP: exploiting Network Function Parallelism to accelerate NFV Policy Specification Scheme Orchestrator Infrastructure 35.9% Latency Reduction for real world service chains At most 8.8% resource overhead Future work: inter-server parallelism policy conflict detection and resolution Orchestrator Infrastructure Processing & Delivery In Parallel Service Graph NFP Compiler Policies VPN Firewall Monitor Load Balancer

netarchlab.tsinghua.edu.cn c-sun14@mails.tsinghua.edu.cn Thank you! netarchlab.tsinghua.edu.cn c-sun14@mails.tsinghua.edu.cn

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.