The second contribution of this dissertation performs whole-stack optimizations on software-based network functions deployed on top of modular packet processing frameworks to further enhance the effectiveness of cache memories. ![]() This is an important achievement as it increases the probability of realizing bounded and predictable latency for Internet services. By doing so, we reduce the tail latencies of such systems running at 100 Gbps. The first contribution of this dissertation takes a step toward optimizing the cache performance of time-critical NFV service chains. The main focus is to improve the performance of packet processing done by the network functions deployed on commodity hardware, known as network functions virtualization (NFV), which is one of the significant sources of latency for Internet services. This doctoral dissertation describes our attempts to reduce the latency of Internet services by carefully studying the multi-hundred-gigabit-per-second commodity hardware, optimizing it, and improving its performance. However, the current cloud infrastructure is unsuitable for these applications since it cannot satisfy these requirements due to many limitations in both hardware and software. Among these modern cloud-based applications, many societal applications require bounded and predictable low-latency responses. Our experimental results show that MiddleNet achieves high performance in such a unified environment.īy virtue of the recent technological developments in cloud computing, more applications are deployed in the cloud. MiddleNet supports flow-dependent packet processing by leveraging Single Root I/O Virtualization (SR-IOV) to dynamically select the packet processing needed (Layers 2 - 7). The overheads for MiddleNet in L4/L7 are strictly load-proportional, without needing the dedicated CPU cores of DPDK-based approaches. MiddleNet fully exploits the event-driven capabilities of the extended Berkeley Packet Filter (eBPF) and seamlessly integrates it with shared memory for high-performance communication in L4/L7 middlebox function chains. To support L4/L7 middlebox functionality, MiddleNet utilizes a consolidated, kernel-based protocol stack for processing, avoiding a dedicated protocol stack for each function. MiddleNet uses the Data Plane Development Kit (DPDK) library for zero-copy packet delivery without interrupt-based processing, to enable the "bump-in-the-wire" L2/元 processing performance required of NFV. ![]() MiddleNet supports function chains that are essential in both NFV and middlebox environments. This paper proposes MiddleNet that develops a unified network resident function framework that supports L2/元 NFs and L4/L7 middleboxes. L2/元 NFs and L4/L7 middleboxes continue to be handled by distinct platforms on different nodes. On the other hand, L4/L7 middleboxes, which have a greater emphasis on functionality, take advantage of a full-fledged kernel-based system. They often use DPDK for zero-copy delivery and high performance. However, L2/元 network functions (NFs) are being implemented on Network Function Virtualization (NFV) platforms that extensively exploit kernel-bypass technology. Traditional network resident functions (e.g., firewalls, network address translation) and middleboxes (caches, load balancers) have moved from purpose-built appliances to software-based components. By comprehensively surveying different approaches toward FGTA, we introduce their input traffic data, elaborate on their operating principles by different use cases, indicate their limitations and countermeasures, and raise several promising future research avenues. To help scholars and developers research and advance this technology, in this survey paper, we examine the literature that deals with FGTA, investigating the frontier developments in this domain. It plays a critical role in intrusion and anomaly detection, quality of experience investigation, user activity inference, website fingerprinting, location estimation, etc. Nowadays, with the increasingly complex Internet architecture, the increasingly frequent transmission of user data, and the widespread use of traffic encryption, FGTA is becoming an essential tool for both network administrators and attackers to gain different levels of visibility over the network. ![]() ![]() Different from traditional TA, FGTA approaches are usually based on sophisticated classification approaches such as machine learning and high-dimensional clustering, enabling them to discover subtle differences between different network traffic sets. Fine-grained traffic analysis (FGTA), as an advanced form of traffic analysis (TA), aims to analyze network traffic to deduce information related to application-layer activities, fine-grained user behaviors, or traffic content, even in the presence of traffic encryption or traffic obfuscation.
0 Comments
Leave a Reply. |