The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
O aumento dos recursos de hardware, como CPUs com vários núcleos e vários soquetes, capacidade de memória e NICs de alta velocidade, impõe desafios significativos aos back-ends de virtualização de funções de rede (NFV). Eles aumentam o número potencial de NFs ou locatários por servidor, o que requer uma arquitetura de comutação de pacotes que não seja apenas escalável para um grande número de portas virtuais, mas também robusta a ataques no plano de dados. Esse é um problema real; um estudo recente relatou que o Open vSwitch, um switch de software amplamente utilizado, tinha um bug de buffer overflow em seu plano de dados que fazia com que todo o domínio SDN fosse sequestrado por worms propagados na rede. Para resolver este problema, propomos o REdge. Ele é dimensionado para milhares de portas virtuais ou NFs (em oposição a centenas no estado da arte atual) e protege a lógica de comutação de pacotes modular e flexível contra vários bugs, como buffer overflow e outras operações inesperadas usando verificação estática de programa. Quando 2048 NFs estão ativos e os pacotes são distribuídos a eles com base nos endereços MAC ou IP, o REdge atinge taxas de encaminhamento de pacotes de 3.16 Mpps ou mais para pacotes de 60 bytes e atinge a taxa de transferência para pacotes de 1500 bytes no link de 25 Gbps.
Yutaro HAYAKAWA
Keio University
Kenichi YASUKATA
University of Liege
Jin NAKAZAWA
Keio University
Michio HONDA
NEC Labs Europe
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Yutaro HAYAKAWA, Kenichi YASUKATA, Jin NAKAZAWA, Michio HONDA, "Resilient Edge: A Scalable, Robust Network Function Backend" in IEICE TRANSACTIONS on Information,
vol. E102-D, no. 3, pp. 550-558, March 2019, doi: 10.1587/transinf.2018EDP7176.
Abstract: Increasing hardware resources, such as multi-core and multi-socket CPUs, memory capacity and high-speed NICs, impose significant challenges on Network Function Virtualization (NFV) backends. They increase the potential numbers of per-server NFs or tenants, which requires a packet switching architecture that is not only scalable to large number of virtual ports, but also robust to attacks on the data plane. This is a real problem; a recent study has reported that Open vSwitch, a widely used software switch, had a buffer-overflow bug in its data plane that results the entire SDN domain to be hijacked by worms propagated in the network. In order to address this problem, we propose REdge. It scales to thousands of virtual ports or NFs (as opposed to hundreds in the current state-of-the art), and protect modular, flexible packet switching logic against various bugs, such as buffer overflow and other unexpected operations using static program checking. When 2048 NFs are active and packets are distributed to them based on the MAC or IP addresses, REdge achieves 3.16 Mpps or higher packet forwarding rates for 60 byte packets and achieves the wire rate for 1500 byte packets in the 25 Gbps link.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2018EDP7176/_p
Copiar
@ARTICLE{e102-d_3_550,
author={Yutaro HAYAKAWA, Kenichi YASUKATA, Jin NAKAZAWA, Michio HONDA, },
journal={IEICE TRANSACTIONS on Information},
title={Resilient Edge: A Scalable, Robust Network Function Backend},
year={2019},
volume={E102-D},
number={3},
pages={550-558},
abstract={Increasing hardware resources, such as multi-core and multi-socket CPUs, memory capacity and high-speed NICs, impose significant challenges on Network Function Virtualization (NFV) backends. They increase the potential numbers of per-server NFs or tenants, which requires a packet switching architecture that is not only scalable to large number of virtual ports, but also robust to attacks on the data plane. This is a real problem; a recent study has reported that Open vSwitch, a widely used software switch, had a buffer-overflow bug in its data plane that results the entire SDN domain to be hijacked by worms propagated in the network. In order to address this problem, we propose REdge. It scales to thousands of virtual ports or NFs (as opposed to hundreds in the current state-of-the art), and protect modular, flexible packet switching logic against various bugs, such as buffer overflow and other unexpected operations using static program checking. When 2048 NFs are active and packets are distributed to them based on the MAC or IP addresses, REdge achieves 3.16 Mpps or higher packet forwarding rates for 60 byte packets and achieves the wire rate for 1500 byte packets in the 25 Gbps link.},
keywords={},
doi={10.1587/transinf.2018EDP7176},
ISSN={1745-1361},
month={March},}
Copiar
TY - JOUR
TI - Resilient Edge: A Scalable, Robust Network Function Backend
T2 - IEICE TRANSACTIONS on Information
SP - 550
EP - 558
AU - Yutaro HAYAKAWA
AU - Kenichi YASUKATA
AU - Jin NAKAZAWA
AU - Michio HONDA
PY - 2019
DO - 10.1587/transinf.2018EDP7176
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E102-D
IS - 3
JA - IEICE TRANSACTIONS on Information
Y1 - March 2019
AB - Increasing hardware resources, such as multi-core and multi-socket CPUs, memory capacity and high-speed NICs, impose significant challenges on Network Function Virtualization (NFV) backends. They increase the potential numbers of per-server NFs or tenants, which requires a packet switching architecture that is not only scalable to large number of virtual ports, but also robust to attacks on the data plane. This is a real problem; a recent study has reported that Open vSwitch, a widely used software switch, had a buffer-overflow bug in its data plane that results the entire SDN domain to be hijacked by worms propagated in the network. In order to address this problem, we propose REdge. It scales to thousands of virtual ports or NFs (as opposed to hundreds in the current state-of-the art), and protect modular, flexible packet switching logic against various bugs, such as buffer overflow and other unexpected operations using static program checking. When 2048 NFs are active and packets are distributed to them based on the MAC or IP addresses, REdge achieves 3.16 Mpps or higher packet forwarding rates for 60 byte packets and achieves the wire rate for 1500 byte packets in the 25 Gbps link.
ER -