Presentation is loading. Please wait.

Presentation is loading. Please wait.

NFP: Enabling Network Function Parallelism in NFV

Published byKelley Powers Modified over 6 years ago

Similar presentations

Presentation on theme: "NFP: Enabling Network Function Parallelism in NFV"— Presentation transcript:

1 NFP: Enabling Network Function Parallelism in NFV
Chen Sun Jun Bi Zhilong Zheng Heng Yu Hongxin Hu

2 NFV — Bright Side vs. Dark Side
Dedicated Dedicated Dedicated Dedicated NFV: Commodity Hardware Devices VM VM VM VM Service Chain VPN Monitor Firewall Load Balancer Virtualization Techniques Low Cost High Latency Flexibility 200 μs ~ 1 ms × 7 Scalability ……

3 Recent Research on Reducing NFV Latency
NF Acceleration Packet Delivery Acceleration NF Modularization ClickNP (SIGCOMM’16) NetBricks (OSDI’16) OpenBox (SIGCOMM’16) DPDK ClickOS (NSDI’14) NetVM (NSDI’14) VPN Monitor Firewall Load Balancer Accelerate each component of the chain Horizontally

4 53.8% NF pairs can work in parallel
Key Observations Read Drop? 53.8% NF pairs can work in parallel VPN Monitor Firewall Load Blancer 25% ↓ VPN Firewall Monitor Load Balancer Drop? Vertical Acceleration Read

5 NFP exploits Network Function Parallelism to reduce NFV latency

6 Challenge 1: Service Graph Description
Service Chain Service Graph VPN Firewall Monitor LB VPN Firewall Monitor LB (1) (2) (3) (4) NF → Position Sequential chaining intent VPN → 1 Monitor → 2 Firewall → 3 LB → 4 Parallel orchestration intent Intuitive and Expressive

7 Challenge 2: Service Graph Construction
Service Chain Dependency Identification NF Dependency Graph Construction Monitor Firewall

8 Challenge 3: Resource Overhead Optimization
Service Chain VPN Firewall Monitor LB VPN Firewall Monitor Load Balancer Service Graph Extra Packet Copies Resource Overhead

9 Challenge 4: Infrastructure for Parallelism
VPN Firewall Monitor Load Balancer Copy Deliver Merge with minimum overhead massive packet copies final output

10 Challenge 4: Infrastructure for Parallelism
Packet Dropping VPN Firewall Monitor Load Balancer VPN Firewall Monitor LB

11 NFP Design Overview Policy Specification Scheme Orchestrator
C1: Intuitive graph description Orchestrator C2: Service graph construction C3: Resource optimization Infrastructure C4: Infrastructure for parallelism Policies Service Graph NFP Compiler Orchestrator Processing & Delivery In Parallel Infrastructure VPN Firewall Monitor Load Balancer

12 Policy Specification Scheme
Order (NF1, before, NF2) Order (Monitor, before, FW) Priority (NF2 > NF1) Priority (IPS > Firewall) Position (NF, first/last) Position (VPN, first) Position (LB, last) Firewall Monitor Sequential chaining Firewall IPS Parallel orchestration VPN Load Balancer Position assignment

13 Orchestrator Design NFP Orchestrator NFP Policy Service Graph
Position(VPN, first) Order(FW, before, LB) Order(Monitor, before, LB) C2: Service graph construction C3: Resource overhead optimization 1. NF Dependency Identification 2. Resource Overhead Optimization 3. Service Graph Construction Dependency Identification of Order (NF1, before, NF2) Parallelize NFs with low resource overhead Service graph construction based on step 1 & 2

14 1. NF Dependency Identification
Action Dependency Read (R) Write (W) Add/Remove Drop NF % SIP DIP Payload Add/Rm Drop Firewall 26% R NIDS 20% Gateway (Conf /Voice/Media) 19% Load Balance 10% R/W Caching VPN 7% Add / Rm NAT Compression

15 1. Action Dependency Analysis
Packet Result correctness principle Action1 Action2 State Read Write Independent Read Write Dependent Write Read

16 1. Action Dependency Analysis
Result correctness principle Action 2 Read Write Add/Rm Drop Action 1 Parallelizable Not parallelizable Actions_NF1 [ ] Action Dependency NF Dependency Order (NF1, before, NF2) Actions_NF2 [ ]

17 2. Resource Overhead Optimization
Dirty Memory Reusing Header Only Copying Very few (7%) NFs operate on payload Packet header: 64 ÷ 724 = 8.8% Reduce Copying Necessity Read (SIP) Write (DIP) Read (SIP) Write (DIP) Reduce Copying Overhead

18 3. Service Graph Construction
Position (NF1, first) Individual NF1 NF2 NF3 Sequential NF3 NF2 Order (NF2, before, NF3) (NF2, before, NF4) NF5 NF4 NF4 NF1 Parallel NF6 NF5 Priority (NF5 > NF6) (NF6 > NF7) NF6 NF7 NF7 Compile Dependency & Copying Necessity Merge Policy Final Graph 18

19 Infrastructure Design Challenges
Solutions Orchestrator Packet Copying Resource Overhead Optimization Packet Delivery Infrastructure NF Runtime Packet Merging Merger Packet Dropping

20 NF Runtime for Packet Delivery
Centralized vSwitch Distributed Packet Delivery VNF 1 NF Runtime R T Container VNF 2 VM vSwitch VM VNF 1 VNF 2 VNF 3 NF Runtime R T Container VNF 4 Performance Bottleneck

21 Packet Dropping in NF Runtime
Merger …… nil nil

22 Packet Merging Packet Merging Packet Dropping nil Output Dropped c1 c2

23 Implementation and Evaluation
14,000 LoC for the NFP framework prototype L3 Forwarder, Load Balancer, Firewall, IDS, VPN, Monitor Evaluation target: OpenNetVM (HotMiddlebox’16) Evaluation Setup Linux kernel DPDK version 16.11 Intel(R) Xeon(R) E v2 CPUs, 256G RAM, 2×10G NICs DPDK-based Packet Generator NFP or OpenNetVM

24 1. Sequential Service Chain Performance
…… * Slightly higher latency: no separate CPU core for delivery * Improved rate: distributed packet delivery avoids bottleneck

25 2. Optimization Effect wrt NF Complexity
Latency Benefit NF Complexity

26 3. Optimization Effect wrt Parallelism Degree
Latency Benefit …… Parallelism Degree

27 4. Optimization Effect wrt Graph Structure
(1) (2) Equivalent chain length (3) (4) (5) (6)

28 5. Real World Service Chain Performance
Service chain for north-south DC traffic VPN Firewall Monitor LB 241μs → 210μs (-12.9%) Resource Overhead: 0% VPN Firewall Monitor LB Service chain for west-east DC traffic 220μs → 141μs (-35.9%) Resource Overhead: 8.8% Monitor LB copy IDS Monitor LB IDS

29 Related Work Orthogonal to NFP: Similar motivation:
Batch processing (e.g. NetVM [NSDI’14], Intel DPDK) Parallel processing of NF building blocks (e.g. ClickNP [SIGCOMM’16]) Parallelism between match-action tables (e.g. P4, RMT [SIGCOMM’13]) Module composition in parallel in SDN (e.g. Pyretic [NSDI’13]) Similar motivation: Parabox [SOSR’17]: direct NF dependency analysis, mirror & merge function Only NFP provides a complete framework for NF parallelism in NFV Policy Specification Scheme for service graph description Orchestrator for action based NF dependency analysis and resource optimization Infrastructure for light-weight copying, efficient delivery and merging

30 Conclusion NFP: exploiting Network Function Parallelism to accelerate NFV Policy Specification Scheme Orchestrator Infrastructure 35.9% Latency Reduction for real world service chains At most 8.8% resource overhead Future work: inter-server parallelism policy conflict detection and resolution Orchestrator Infrastructure Processing & Delivery In Parallel Service Graph NFP Compiler Policies VPN Firewall Monitor Load Balancer

31 netarchlab.tsinghua.edu.cn c-sun14@mails.tsinghua.edu.cn
Thank you! netarchlab.tsinghua.edu.cn

Download ppt "NFP: Enabling Network Function Parallelism in NFV"

Similar presentations

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
SDN Controller Challenges

SDN Controller Challenges
Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.

A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.
Performance Evaluation of Open Virtual Routers M.Siraj Rathore

Performance Evaluation of Open Virtual Routers M.Siraj Rathore
Song Han, Xiuming Zhu, Al Mok University of Texas at Austin

Song Han, Xiuming Zhu, Al Mok University of Texas at Austin
Programming Abstractions for Software-Defined Networks Jennifer Rexford Princeton University.

Programming Abstractions for Software-Defined Networks Jennifer Rexford Princeton University.
Keith Wiles Keith.Wiles@Intel.com DPACC vNF Overview and Proposed methods Keith Wiles Keith.Wiles@Intel.com 2015.04.03 – v0.5.

Keith Wiles DPACC vNF Overview and Proposed methods Keith Wiles – v0.5.
Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.

Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.
NFVRG Meeting@IETF92, Dallas Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI.

NFVRG Dallas Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI.
Software-Defined Networking

Software-Defined Networking
Secure Cloud Computing with Virtualized Network Infrastructure HotCloud 10 By Xuanran Zong.

Secure Cloud Computing with Virtualized Network Infrastructure HotCloud 10 By Xuanran Zong.
SIMPLE-fying Middlebox Policy Enforcement Using SDN Zafar Ayyub Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

SIMPLE-fying Middlebox Policy Enforcement Using SDN Zafar Ayyub Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Enabling Innovation Inside the Network Jennifer Rexford Princeton University

Enabling Innovation Inside the Network Jennifer Rexford Princeton University
Composing Software Defined Networks Jennifer Rexford Princeton University With Joshua Reich, Chris Monsanto, Nate Foster, and.

Composing Software Defined Networks Jennifer Rexford Princeton University With Joshua Reich, Chris Monsanto, Nate Foster, and.
COLLABORATIVE EXECUTION ENVIRONMENT FOR HETEROGENEOUS PARALLEL SYSTEMS Aleksandar Ili´c, Leonel Sousa 2010 IEEE International Symposium on Parallel & Distributed.

COLLABORATIVE EXECUTION ENVIRONMENT FOR HETEROGENEOUS PARALLEL SYSTEMS Aleksandar Ili´c, Leonel Sousa 2010 IEEE International Symposium on Parallel & Distributed.
Software-Defined Networks Jennifer Rexford Princeton University.

Software-Defined Networks Jennifer Rexford Princeton University.
Eric Keller, Evan Green Princeton University PRESTO 2008 8/22/08 Virtualizing the Data Plane Through Source Code Merging.

Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.
MIDeA :A Multi-Parallel Instrusion Detection Architecture Author: Giorgos Vasiliadis, Michalis Polychronakis,Sotiris Ioannidis Publisher: CCS’11, October.

MIDeA :A Multi-Parallel Instrusion Detection Architecture Author: Giorgos Vasiliadis, Michalis Polychronakis,Sotiris Ioannidis Publisher: CCS’11, October.
Para-Snort : A Multi-thread Snort on Multi-Core IA Platform Tsinghua University PDCS 2009 November 3, 2009 Xinming Chen, Yiyao Wu, Lianghong Xu, Yibo Xue.

Para-Snort : A Multi-thread Snort on Multi-Core IA Platform Tsinghua University PDCS 2009 November 3, 2009 Xinming Chen, Yiyao Wu, Lianghong Xu, Yibo Xue.

Similar presentations

Ads by Google