Networking stack abstraction for high-performance flow-processing middleboxes

Abstract

(ii) it parallelizes pattern matching workloads on CPU and GPU cores

The rise of network function virtualization (NFV) frameworks, along with the introduction of hardware innovations in commodity systems have made software-based middleboxes much more relevant than hardware-based solutions. Software-based middleboxes are generally more flexible, in terms of reconfigurability, and easily adapt to the changes observed in the network traffic over time. However, building a high performance, stateful software-based middlebox remains challenging. This is because it is usually difficult to develop a networking system that can derive optimal performance from a system equipped with state-of-the-art commodity hardware (including multi-queue NICs, many-core programmable GPUs, and processors based on non-uniform memory architectures). In short, there is still considerable room, in the research domain, for introducing novel abstractions that can help create efficient, flow-processing software middleboxes on commodity computing hardware.

This dissertation first discusses how a commodity heterogeneous system is used to build a highly scalable software-based middlebox appliance: a network intrusion detection system (NIDS) called Kargus. Kargus is a stateful NIDS capable of monitoring network traffic at multi-10 Gbps networks. It employs multi-queue NICs, multi-core CPU processors and many-core graphics processing units (GPUs) for highly parallelizeable operations. More specifically: (i) it batch processes workload items from the network device layer all the way up to the application layer

and $(iii)$ it implements an adaptive resource usage algorithm that saves power consumption on low input traffic rates. As a result of these optimizations Kargus performs $1.9 \times$ to $4.3 \times$ faster than the prior state-of-the-art system.

The second half of the dissertation discusses the lessons we learn while we develop Kargus with respect to high-speed network traffic flow management. First, designing a stateful middlebox (such as a NIDS) with efficient flow processing is challenging because it requires a deep understanding of TCP flow state management. Second, existing networking APIs only offer abstractions to develop endpoint applications and therefore lack proper flow-based programming constructs for stateful middlebox processing. Based on these lessons, we design and implement a networking stack that provides intuitive and elegant abstractions for building new middlebox applications. Our stack provides an API that allows developers to focus only on the core middlebox application logic (such as intrusion detection and firewalling) instead of dealing with implementing low-level TCP flow processing. The core stack, under the hood, implements an efficient event-based system that is derived from mTCP, a high-performance user-level TCP/IP stack. We evaluate our stack and show that middlebox applications built on our subsystem reduce development efforts significantly and induce negligible performance overhead.