Loading…
Architecture for building hybrid kernel-user space virtual network functions
Network Function Virtualization (NFV) is one of the important aspects of modern network architecture. NFV decouples Network Functions (NFs) from hardware, therefore produces Virtual Network Functions (VNFs) that can run on standard, commodity servers, which in turn mostly run Linux kernel. In this p...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Conference Proceeding |
| Language: | English |
| Subjects: | |
| Online Access: | Request full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | |
| container_end_page | 6 |
| container_issue | |
| container_start_page | 1 |
| container_title | |
| container_volume | |
| creator | Nguyen Van Tu Kyungchan Ko Hong, James Won-Ki |
| description | Network Function Virtualization (NFV) is one of the important aspects of modern network architecture. NFV decouples Network Functions (NFs) from hardware, therefore produces Virtual Network Functions (VNFs) that can run on standard, commodity servers, which in turn mostly run Linux kernel. In this paper, we propose a general architecture for building hybrid kernel-user space VNFs which leverages extended Berkeley Packet Filter (eBPF). eBPF is a framework in Linux kernel that enables network programmability inside kernel for optimal performance. However, the programmability of eBPF is limited due to safety and security of the kernel. Our proposed architecture applies hybrid approach: leave the simple work inside the kernel with eBPF and let complex work be processed in the user space. This architecture allows building complex VNFs to have both speed and flexibility. To demonstrate, we use the proposed architecture to build two VNFs: Dynamic Load Balancer and Deep Packet Inspection with Dynamic Sniffing. The evaluation results show that both VNFs significantly outperform the widely used solutions. |
| doi_str_mv | 10.23919/CNSM.2017.8256051 |
| format | conference_proceeding |
| fullrecord | <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_8256051</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8256051</ieee_id><sourcerecordid>8256051</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-e0959bceb5569e0ae016827d95590f9641e4e4801b885fde5f45f5c432b867ec3</originalsourceid><addsrcrecordid>eNotj8tKxDAUQKMgOIz9Ad3kB1rz6E1zl0PxBaMuVHA3tOmNE6e2Q5oq8_cKzuosDhw4jF1KUSiNEq_rp5fHQglZFVaBESBPWIaV1SiktQqtOmULJQ3kaPT7Ocum6VMIof8kWliw9Sq6bUjk0hyJ-zHydg59F4YPvj20MXR8R3GgPp8ninzaN474d4hpbno-UPoZ4477eXApjMN0wc5800-UHblkb7c3r_V9vn6-e6hX6zzIClJOAgFbRy2AQRINCWmsqjoEQOHRlJJKKq2QrbXgOwJfggdXatVaU5HTS3b13w1EtNnH8NXEw-b4r38Bv4dPvA</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Architecture for building hybrid kernel-user space virtual network functions</title><source>IEEE Xplore All Conference Series</source><creator>Nguyen Van Tu ; Kyungchan Ko ; Hong, James Won-Ki</creator><creatorcontrib>Nguyen Van Tu ; Kyungchan Ko ; Hong, James Won-Ki</creatorcontrib><description>Network Function Virtualization (NFV) is one of the important aspects of modern network architecture. NFV decouples Network Functions (NFs) from hardware, therefore produces Virtual Network Functions (VNFs) that can run on standard, commodity servers, which in turn mostly run Linux kernel. In this paper, we propose a general architecture for building hybrid kernel-user space VNFs which leverages extended Berkeley Packet Filter (eBPF). eBPF is a framework in Linux kernel that enables network programmability inside kernel for optimal performance. However, the programmability of eBPF is limited due to safety and security of the kernel. Our proposed architecture applies hybrid approach: leave the simple work inside the kernel with eBPF and let complex work be processed in the user space. This architecture allows building complex VNFs to have both speed and flexibility. To demonstrate, we use the proposed architecture to build two VNFs: Dynamic Load Balancer and Deep Packet Inspection with Dynamic Sniffing. The evaluation results show that both VNFs significantly outperform the widely used solutions.</description><identifier>EISSN: 2165-963X</identifier><identifier>EISBN: 9783901882982</identifier><identifier>EISBN: 3901882987</identifier><identifier>DOI: 10.23919/CNSM.2017.8256051</identifier><language>eng</language><publisher>IFIP</publisher><subject>Architecture ; Buildings ; Computer architecture ; extended Berkeley Packet Filter ; Hardware ; Kernel ; Network Function Virtualization ; Security ; Virtual Network Functions</subject><ispartof>2017 13th International Conference on Network and Service Management (CNSM), 2017, p.1-6</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8256051$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,27925,54555,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/8256051$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Nguyen Van Tu</creatorcontrib><creatorcontrib>Kyungchan Ko</creatorcontrib><creatorcontrib>Hong, James Won-Ki</creatorcontrib><title>Architecture for building hybrid kernel-user space virtual network functions</title><title>2017 13th International Conference on Network and Service Management (CNSM)</title><addtitle>CNSM</addtitle><description>Network Function Virtualization (NFV) is one of the important aspects of modern network architecture. NFV decouples Network Functions (NFs) from hardware, therefore produces Virtual Network Functions (VNFs) that can run on standard, commodity servers, which in turn mostly run Linux kernel. In this paper, we propose a general architecture for building hybrid kernel-user space VNFs which leverages extended Berkeley Packet Filter (eBPF). eBPF is a framework in Linux kernel that enables network programmability inside kernel for optimal performance. However, the programmability of eBPF is limited due to safety and security of the kernel. Our proposed architecture applies hybrid approach: leave the simple work inside the kernel with eBPF and let complex work be processed in the user space. This architecture allows building complex VNFs to have both speed and flexibility. To demonstrate, we use the proposed architecture to build two VNFs: Dynamic Load Balancer and Deep Packet Inspection with Dynamic Sniffing. The evaluation results show that both VNFs significantly outperform the widely used solutions.</description><subject>Architecture</subject><subject>Buildings</subject><subject>Computer architecture</subject><subject>extended Berkeley Packet Filter</subject><subject>Hardware</subject><subject>Kernel</subject><subject>Network Function Virtualization</subject><subject>Security</subject><subject>Virtual Network Functions</subject><issn>2165-963X</issn><isbn>9783901882982</isbn><isbn>3901882987</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2017</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotj8tKxDAUQKMgOIz9Ad3kB1rz6E1zl0PxBaMuVHA3tOmNE6e2Q5oq8_cKzuosDhw4jF1KUSiNEq_rp5fHQglZFVaBESBPWIaV1SiktQqtOmULJQ3kaPT7Ocum6VMIof8kWliw9Sq6bUjk0hyJ-zHydg59F4YPvj20MXR8R3GgPp8ninzaN474d4hpbno-UPoZ4477eXApjMN0wc5800-UHblkb7c3r_V9vn6-e6hX6zzIClJOAgFbRy2AQRINCWmsqjoEQOHRlJJKKq2QrbXgOwJfggdXatVaU5HTS3b13w1EtNnH8NXEw-b4r38Bv4dPvA</recordid><startdate>201711</startdate><enddate>201711</enddate><creator>Nguyen Van Tu</creator><creator>Kyungchan Ko</creator><creator>Hong, James Won-Ki</creator><general>IFIP</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201711</creationdate><title>Architecture for building hybrid kernel-user space virtual network functions</title><author>Nguyen Van Tu ; Kyungchan Ko ; Hong, James Won-Ki</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-e0959bceb5569e0ae016827d95590f9641e4e4801b885fde5f45f5c432b867ec3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Architecture</topic><topic>Buildings</topic><topic>Computer architecture</topic><topic>extended Berkeley Packet Filter</topic><topic>Hardware</topic><topic>Kernel</topic><topic>Network Function Virtualization</topic><topic>Security</topic><topic>Virtual Network Functions</topic><toplevel>online_resources</toplevel><creatorcontrib>Nguyen Van Tu</creatorcontrib><creatorcontrib>Kyungchan Ko</creatorcontrib><creatorcontrib>Hong, James Won-Ki</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Xplore</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Nguyen Van Tu</au><au>Kyungchan Ko</au><au>Hong, James Won-Ki</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Architecture for building hybrid kernel-user space virtual network functions</atitle><btitle>2017 13th International Conference on Network and Service Management (CNSM)</btitle><stitle>CNSM</stitle><date>2017-11</date><risdate>2017</risdate><spage>1</spage><epage>6</epage><pages>1-6</pages><eissn>2165-963X</eissn><eisbn>9783901882982</eisbn><eisbn>3901882987</eisbn><abstract>Network Function Virtualization (NFV) is one of the important aspects of modern network architecture. NFV decouples Network Functions (NFs) from hardware, therefore produces Virtual Network Functions (VNFs) that can run on standard, commodity servers, which in turn mostly run Linux kernel. In this paper, we propose a general architecture for building hybrid kernel-user space VNFs which leverages extended Berkeley Packet Filter (eBPF). eBPF is a framework in Linux kernel that enables network programmability inside kernel for optimal performance. However, the programmability of eBPF is limited due to safety and security of the kernel. Our proposed architecture applies hybrid approach: leave the simple work inside the kernel with eBPF and let complex work be processed in the user space. This architecture allows building complex VNFs to have both speed and flexibility. To demonstrate, we use the proposed architecture to build two VNFs: Dynamic Load Balancer and Deep Packet Inspection with Dynamic Sniffing. The evaluation results show that both VNFs significantly outperform the widely used solutions.</abstract><pub>IFIP</pub><doi>10.23919/CNSM.2017.8256051</doi><tpages>6</tpages></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | EISSN: 2165-963X |
| ispartof | 2017 13th International Conference on Network and Service Management (CNSM), 2017, p.1-6 |
| issn | 2165-963X |
| language | eng |
| recordid | cdi_ieee_primary_8256051 |
| source | IEEE Xplore All Conference Series |
| subjects | Architecture Buildings Computer architecture extended Berkeley Packet Filter Hardware Kernel Network Function Virtualization Security Virtual Network Functions |
| title | Architecture for building hybrid kernel-user space virtual network functions |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-27T06%3A48%3A59IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Architecture%20for%20building%20hybrid%20kernel-user%20space%20virtual%20network%20functions&rft.btitle=2017%2013th%20International%20Conference%20on%20Network%20and%20Service%20Management%20(CNSM)&rft.au=Nguyen%20Van%20Tu&rft.date=2017-11&rft.spage=1&rft.epage=6&rft.pages=1-6&rft.eissn=2165-963X&rft_id=info:doi/10.23919/CNSM.2017.8256051&rft.eisbn=9783901882982&rft.eisbn_list=3901882987&rft_dat=%3Cieee_CHZPO%3E8256051%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i175t-e0959bceb5569e0ae016827d95590f9641e4e4801b885fde5f45f5c432b867ec3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=8256051&rfr_iscdi=true |