1 / 13

Enabling Fast Dynamic Network Processing with ClickOS: A Software-Based Approach

This paper presents ClickOS, a lightweight Xen-based virtual machine (VM) designed for high-performance network processing. ClickOS addresses the limitations of traditional middleboxes, such as high costs and challenges in scalability and management. We discuss the architecture, boot optimization to 30 milliseconds, and the ability to achieve throughput rates of up to 10Gb/s using commodity hardware. Future work includes performance evaluations of ClickOS middleboxes for applications like firewalls, intrusion detection systems, and carrier-grade NAT.

manjit
Télécharger la présentation

Enabling Fast Dynamic Network Processing with ClickOS: A Software-Based Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enabling Fast, Dynamic Network Processing with ClickOS Joao Martins*, Mohamed Ahmed*, Costin Raiciu§, Felipe Huici* * NEC Europe, Heidelberg, Germany §University Politehnica of Bucharest firstname.lastname@neclab.eu, costin.raiciu@cs.pub.ro

  2. Application Application Transport Transport Network Network Network Datalink Datalink Datalink Datalink Physical Physical Physical Physical The Idealized Network Page 2

  3. ad insertion WAN accelerator BRAS IDS transcoder session border controller carrier-grade NAT load balancer DDoS protection firewall DPI QoE monitor A Middlebox World Page 3

  4. Hardware Middleboxes - Drawbacks • Middleboxes are useful, but… • Expensive • Difficult to add new features, lock-in • Difficult to manage • Cannot be scaled with demand • Cannot share a device among different tenants • Hard for new players to enter market • Clearly shifting middlebox processing to a software-based, multi-tenant platform would address these issues • But can it be built using commodity hardware while still achieving high performance? • ClickOS: tiny Xen-based virtual machine that runs Click Page 4

  5. domU dom0 domU domU domU apps apps apps apps apps guest OS guest OS guest OS guest OS guest OS paravirt paravirt paravirt paravirt paravirt Xen Background - Overview hypervisor dom0 interface hardware Page 5

  6. Xen Background – Split Driver Model Page 6

  7. domU ClickOS apps Click guest OS mini OS paravirt paravirt ClickOS - Contributions • Work consisted of • Build system to create ClickOS images (5 MB in size) • Emulating a Click control plane over MiniOS/Xen • Optimizations to reduce boot times (30 miliseconds) • Optimizations to the data plane (10 Gb/s for larger pkt sizes) Page 7

  8. netback Click Xen bus/store Linux/OVS bridge NW driver Event channel FromNetfront vif ToNetfront Xen ring API (data) 300 Kp/s 350 Kp/s 225 Kp/s Xen I/O Subsystem and Bottlenecks netfront ClickOS Domain Driver Domain (e.g., dom0) Page 8

  9. netback netback Click Xen bus/store VALE Linux/OVS bridge NW driver Xen bus/store Event channel FromNetfront Event channel vif ToNetfront Netmap API (data) Xen ring API (data) Optimized Xen I/O ClickOS Domain Driver Domain (e.g., dom0) netfront Page 9

  10. Throughput – One CPU Core ClickOS rate meter 10Gb/s direct cable Page 10

  11. 30 milliseconds 220 milliseconds Boot times Page 11

  12. Conclusions • Presented ClickOS • Tiny (5MB) Xen VM tailored at network processing • Can be booted in 30 milliseconds • Can run a large number of ClickOSvm concurrently (128) • Can achieve 10Gb/s throughput using only a single core. • Future work • Implementation and performance evaluation of ClickOSmiddleboxes (e.g., firewalls, IDSes, carrier-grade NATs, software BRASes) • Work to adapt Linux netfront to netmap API • Service chaining Page 12

More Related