Containers are in great demand because they are lightweight when compared to virtual machines. On the downside, containers oer weaker isolation than VMs, to the point where people run containers in virtual machines to achieve proper isolation. In this paper, we examine whether there is indeed a strict tradeo between isolation (VMs) and eciency (containers). We nd that VMs can be as nimble as containers, as long as they are small and the toolstack is fast enough. We achieve lightweight VMs by using unikernels for specialized applications and with Tinyx, a tool that enables creating tailor-made, trimmed-down Linux virtual machines. By themselves, lightweight virtual machines are not enough to ensure good performance since the virtualization control plane (the toolstack) becomes the performance bottleneck. We present LightVM, a new virtualization solution based on Xen that is optimized to oer fast boot-times regardless of the number of active VMs. LightVM features a complete redesign of Xen's control plane, transforming its centralized operation to a distributed one where interactions with the hypervisor are reduced to a minimum. LightVM can boot a VM in 2.3ms, comparable to fork/exec on Linux (1ms), and two orders of magnitude faster than Docker. LightVM can pack thousands of LightVM guests on modest hardware with memory and CPU usage comparable to that of processes.
Modern commodity hardware architectures, with their multiple multi-core CPUs and high-speed system interconnects, exhibit tremendous power. In this paper, we study performance limitations when building both software routers and software virtual routers on such systems. We show that the fundamental performance bottleneck is currently the memory system, and that through careful mapping of tasks to CPU cores, we can achieve forwarding rates of 7 million minimum-sized packets per second on mid-range server-class systems, thus demonstrating the viability of software routers. We also find that current virtualisation systems, when used to provide forwarding engine virtualisation, yield aggregate performance equivalent to that of a single software router, a tenfold improvement on current virtual router platform performance. Finally, we identify principles for the construction of high-performance software router systems on commodity hardware, including full router virtualisation support.
Middleboxes are both crucial to today's networks and ubiquitous, but embed knowledge of today's protocols and applications to the detriment of those of tomorrow, making the network harder to evolve. SDNs seek to make it easier to extend the network with new functionality, but most of the research effort has focused on the network's control plane, that is, how packets are switched are routed through a SDN.Given the pervasiveness and importance of middleboxes, we believe that a fully programmable network should also be able to dynamically instantiate and quickly move middlebox functionality. In this paper we shift focus towards making the data plane more programmable by introducing ClickOS, a tiny, Xen-based virtual machine that can run a wide range of middleboxes. ClickOS is small (5MB when running), can be instantiated in very small times (roughly 30 milliseconds) and can fill up a 10Gb pipe while concurrently running 128 vms on a low-cost commodity server.
The Internet has seen a proliferation of specialized middlebox devices that carry out crucial network functionality such as load balancing, packet inspection and intrusion detection. Recent advances in CPU power, memory, buses and network connectivity have turned commodity PC hardware into a powerful network platform. Furthermore, commodity switch technologies have recently emerged offering the possibility to control the switching of flows in a fine-grained manner. Exploiting these new technologies, we present a new class of network architectures which enables flow processing and forwarding at unprecedented flexibility and low cost.
Recent studies show that more than 86% of Internet paths\ud allow well-designed TCP extensions, meaning that it is still\ud possible to deploy transport layer improvements despite the\ud existence of middleboxes in the network. Hence, the blame\ud for the slow evolution of protocols (with extensions taking\ud many years to become widely used) should be placed on end\ud systems.\ud In this paper, we revisit the case for moving protocols\ud stacks up into user space in order to ease the deployment\ud of new protocols, extensions, or performance optimizations.\ud We present MultiStack, operating system support for userlevel\ud protocol stacks. MultiStack runs within commodity\ud operating systems, can concurrently host a large number of\ud isolated stacks, has a fall-back path to the legacy host stack,\ud and is able to process packets at rates of 10Gb/s.\ud We validate our design by showing that our mux/demux\ud layer can validate and switch packets at line rate (up\ud to 14.88 Mpps) on a 10 Gbit port using 1-2 cores, and\ud that a proof-of-concept HTTP server running over a basic\ud userspace TCP outperforms by 18–90% both the same\ud server and nginx running over the kernel’s stack
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.