NetBricks: Taking the V out of NFV

TitleNetBricks: Taking the V out of NFV
Publication TypeConference Paper
Year of Publication2016
AuthorsPanda, A., Han S., Walls M., Ratnasamy S., & Shenker S. J.
Published inProceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI ’16)
Date Published11/2016
Abstract

The move from hardware middleboxes to software network functions, as advocated by NFV, has proven more challenging than expected. Developing new NFs remains a tedious process, requiring that developers repeatedly rediscover and reapply the same set of optimizations, while current techniques for providing isolation between NFs (using VMs or containers) incur high performance overheads. In this paper we describe NetBricks, a new NFV framework that tackles both these problems. For building NFs we take inspiration from modern data analytics frameworks (e.g., Spark and Dryad) and build a small set of customizable network processing elements. We also embrace type checking and safe runtimes to provide isolation in software, rather than rely on hardware isolation. NetBricks provides the same memory isolation as containers and VMs, without incurring the same performance penalties. To improve I/O efficiency, we introduce a novel technique called zero-copy software isolation.

Acknowledgment

We thank our shepherd George Porter and the anonymous
reviewers for their comments. We also thank Ion Stoica,
Amin Tootoonchian and Shivaram Venkatraman for their
helpful feedback, which influenced both the design of
our system and the contents of this paper. This work was
funded in part by a grant from Intel Corporation, and by
NSF awards 1216073 and 1420064.
 

URLhttps://www.usenix.org/system/files/conference/osdi16/osdi16-panda.pdf
ICSI Research Group

Research Initiatives