Improving the Safety, Scalability, and Efficiency of Network Function State Transfers Aaron Gember-Jacobson & Aditya Akella 1

NFV: start instances on-demand SDN: re-route flows on-demand NF that is… Dynamic NF deployments Auto-scaledImmediately updated Opportunistically augmented v2 Hypervisor 2

E.g., endpoint metadata, packet payloads, counters Possible solutions – Only re-route new flows – Clone virtual machines NF state management frameworks – E.g., Split/Merge [NSDI’13], OpenNF [SIGCOMM’14] What about NF state? 3

State transfers in OpenNF 4 Control App move(red, IDS 1 →IDS 2 ) getState(red) putState(…) forward (red,IDS 2 ) IDS 2 IDS 1 redirectPkts(red) OpenNF Controller

Problems 5 Control App move(red, Bro 1, Bro 2 ) getState(red) putState(…) forward (red,Bro 2 ) IDS 2 IDS 1 redirectPkts(red) OpenNF Controller 1) Efficiency buffering → output delayed 2) Safety overflow → loss → incomplete analysis 3) Scalability transfer via controller

This talk 6 1) Efficiency buffering → output delayed 3) Scalability transfer via controller 2) Safety overflow → loss → incomplete analysis How do we solve these issues? 1) Efficiency buffering → output delayed

Output delay No packet processing (+ output) during state transfer Live virtual machine migration State is small → memory page is too coarse A B C D E F G H I J K L A B C D E F G H I J K L

Controller Packet reprocessing NF 2 NF 1 P1P2 P1’ move(red, NF 1 →NF 2 ) P2’P2 Process packet Process packet again How do we suppress output? wrappers for network and file I/O functions 8 S1 S2 Recopy? S2 Process packet again; no output

Benefits of reprocessing (1) Buffering does not impact output latency 4x lower latency 9

S1 Controller NF 2 NF 1 Always has up-to-date state Benefits of reprocessing (2) P2P3 P2’P3’ We can safely recover from buffer overflow P2P3 P4 P4’ 10 S1S2S3S4 Recopy

This talk 11 3) Scalability transfer via controller 2) Safety overflow → loss → incomplete analysis 1) Efficiency buffering → output delayed 2) Safety overflow → loss → incomplete analysis 3) Scalability transfer via controller Packet reprocessing

Minimizing controller overhead We don’t want to send state/packets through the controller NF 2 NF 1 OpenNF Controller 12 Peer-to-peer transfer

NF 1 Use virtual Ethernet (veth) interfaces and bridging NF 2 Challenge: injecting packets 13 bridge vethP2Pbr ethIn vethNFin vethNFbr vethP2Pin

Benefits P2P transfer (1) State transfers occur over a direct connection Up to 70% faster 14

Benefits P2P transfer (2) Less work for the controller Near Constant 15

Summary 16 3) Scalability transfer via controller 2) Safety overflow → loss → incomplete analysis 1) Efficiency buffering → output delayed 2) Safety overflow → loss → incomplete analysis 3) Scalability transfer via controller Packet reprocessing P2P transfer