-
MTS: Bringing Multi-Tenancy to Virtual Networking
Authors:
Kashyap Thimmaraju,
Saad Hermak,
Gábor Rétvári,
Stefan Schmid
Abstract:
Multi-tenant cloud computing provides great benefits in terms of resource sharing, elastic pricing, and scalability, however, it also changes the security landscape and introduces the need for strong isolation between the tenants, also inside the network. This paper is motivated by the observation that while multi-tenancy is widely used in cloud computing, the virtual switch designs currently used…
▽ More
Multi-tenant cloud computing provides great benefits in terms of resource sharing, elastic pricing, and scalability, however, it also changes the security landscape and introduces the need for strong isolation between the tenants, also inside the network. This paper is motivated by the observation that while multi-tenancy is widely used in cloud computing, the virtual switch designs currently used for network virtualization lack sufficient support for tenant isolation. Hence, we present, implement, and evaluate a virtual switch architecture, MTS, which brings secure design best-practice to the context of multi-tenant virtual networking: compartmentalization of virtual switches, least-privilege execution, complete mediation of all network communication, and reducing the trusted computing base shared between tenants. We build MTS from commodity components, providing an incrementally deployable and inexpensive upgrade path to cloud operators. Our extensive experiments, extending to both micro-benchmarks and cloud applications, show that, depending on the way it is deployed, MTS may produce 1.5-2x the throughput compared to state-of-the-art, with similar or better latency and modest resource overhead (1 extra CPU). MTS is available as open source software.
△ Less
Submitted 4 March, 2024;
originally announced March 2024.
-
Everything Matters in Programmable Packet Scheduling
Authors:
Albert Gran Alcoz,
Balázs Vass,
Gábor Rétvári,
Laurent Vanbever
Abstract:
Programmable packet scheduling allows the deployment of scheduling algorithms into existing switches without need for hardware redesign. Scheduling algorithms are programmed by tagging packets with ranks, indicating their desired priority. Programmable schedulers then execute these algorithms by serving packets in the order described in their ranks.
The ideal programmable scheduler is a Push-In…
▽ More
Programmable packet scheduling allows the deployment of scheduling algorithms into existing switches without need for hardware redesign. Scheduling algorithms are programmed by tagging packets with ranks, indicating their desired priority. Programmable schedulers then execute these algorithms by serving packets in the order described in their ranks.
The ideal programmable scheduler is a Push-In First-Out (PIFO) queue, which achieves perfect packet sorting by pushing packets into arbitrary positions in the queue, while only draining packets from the head. Unfortunately, implementing PIFO queues in hardware is challenging due to the need to arbitrarily sort packets at line rate based on their ranks.
In the last years, various techniques have been proposed, approximating PIFO behaviors using the available resources of existing data planes. While promising, approaches to date only approximate one of the characteristic behaviors of PIFO queues (i.e., its scheduling behavior, or its admission control).
We propose PACKS, the first programmable scheduler that fully approximates PIFO queues on all their behaviors. PACKS does so by smartly using a set of strict-priority queues. It uses packet-rank information and queue-occupancy levels at enqueue to decide: whether to admit packets to the scheduler, and how to map admitted packets to the different queues.
We fully implement PACKS in P4 and evaluate it on real workloads. We show that PACKS: better-approximates PIFO than state-of-the-art approaches and scales. We also show that PACKS runs at line rate on existing hardware (Intel Tofino).
△ Less
Submitted 1 August, 2023;
originally announced August 2023.
-
The Programmable Data Plane: Abstractions, Architectures, Algorithms, and Applications
Authors:
Oliver Michel,
Roberto Bifulco,
Gabor Retvari,
Stefan Schmid
Abstract:
Programmable data plane technology enables the systematic reconfiguration of the low-level processing steps applied to network packets and is a key driver in realizing the next generation of network services and applications. This survey presents recent trends and issues in the design and implementation of programmable network devices, focusing on prominent architectures, abstractions, algorithms,…
▽ More
Programmable data plane technology enables the systematic reconfiguration of the low-level processing steps applied to network packets and is a key driver in realizing the next generation of network services and applications. This survey presents recent trends and issues in the design and implementation of programmable network devices, focusing on prominent architectures, abstractions, algorithms, and applications proposed, debated, and realized over the past years. We elaborate on the trends that led to the emergence of this technology and highlight the most important pointers from the literature, casting different taxonomies for the field and identifying avenues for future research.
△ Less
Submitted 1 October, 2021;
originally announced October 2021.
-
Self-Adjusting Packet Classification
Authors:
Maciej Pacut,
Juan Vanerio,
Vamsi Addanki,
Arash Pourdamghani,
Gabor Retvari,
Stefan Schmid
Abstract:
This paper is motivated by the vision of more efficient packet classification mechanisms that self-optimize in a demand-aware manner. At the heart of our approach lies a self-adjusting linear list data structure, where unlike in the classic data structure, there are dependencies, and some items must be in front of the others; for example, to correctly classify packets by rules arranged in a linked…
▽ More
This paper is motivated by the vision of more efficient packet classification mechanisms that self-optimize in a demand-aware manner. At the heart of our approach lies a self-adjusting linear list data structure, where unlike in the classic data structure, there are dependencies, and some items must be in front of the others; for example, to correctly classify packets by rules arranged in a linked list, each rule must be in front of lower priority rules that overlap with it. After each access we can rearrange the list, similarly to Move-To-Front, but dependencies need to be respected.
We present a 4-competitive online rearrangement algorithm, whose cost is at most four times worse than the optimal offline algorithm; no deterministic algorithm can be better than 3-competitive. The algorithm is simple and attractive, especially for memory-limited systems, as it does not require any additional memory (e.g., neither timestamps nor frequency statistics). Our approach can simply be deployed as a drop-in replacement for a static datastructure, potentially benefitting many existing networks.
We evaluate our self-adjusting list packet classifier on realistic ruleset and traffic instances. We find that our classifier performs similarly to a static list for low-locality traffic, but significantly outperforms Efficuts (by a factor 7x), CutSplit (3.6x), and the static list (14x) for high locality and small rulesets. Memory consumption is 10x lower on average compared to Efficuts and CutSplit.
△ Less
Submitted 30 September, 2021;
originally announced September 2021.
-
Dynamic Recompilation of Software Network Services with Morpheus
Authors:
Sebastiano Miano,
Alireza Sanaee,
Fulvio Risso,
Gábor Rétvári,
Gianni Antichi
Abstract:
State-of-the-art approaches to design, develop and optimize software packet-processing programs are based on static compilation: the compiler's input is a description of the forwarding plane semantics and the output is a binary that can accommodate any control plane configuration or input traffic. In this paper, we demonstrate that tracking control plane actions and packet-level traffic dynamics a…
▽ More
State-of-the-art approaches to design, develop and optimize software packet-processing programs are based on static compilation: the compiler's input is a description of the forwarding plane semantics and the output is a binary that can accommodate any control plane configuration or input traffic. In this paper, we demonstrate that tracking control plane actions and packet-level traffic dynamics at run time opens up new opportunities for code specialization. We present Morpheus, a system working alongside static compilers that continuously optimizes the targeted networking code. We introduce a number of new techniques, from static code analysis to adaptive code instrumentation, and we implement a toolbox of domain specific optimizations that are not restricted to a specific data plane framework or programming language. We apply Morpheus to several eBPF and DPDK programs including Katran, Facebook's production-grade load balancer. We compare Morpheus against state-of-the-art optimization frameworks and show that it can bring up to 2x throughput improvement, while halving the 99th percentile latency.
△ Less
Submitted 16 June, 2021;
originally announced June 2021.
-
Online List Access with Precedence Constraints
Authors:
Maciej Pacut,
Juan Vanerio,
Vamsi Addanki,
Arash Pourdamghani,
Gabor Retvari,
Stefan Schmid
Abstract:
This paper considers a natural generalization of the online list access problem in the paid exchange model, where additionally there can be precedence constraints ("dependencies") among the nodes in the list. For example, this generalization is motivated by applications in the context of packet classification. Our main contributions are constant-competitive deterministic and randomized online algo…
▽ More
This paper considers a natural generalization of the online list access problem in the paid exchange model, where additionally there can be precedence constraints ("dependencies") among the nodes in the list. For example, this generalization is motivated by applications in the context of packet classification. Our main contributions are constant-competitive deterministic and randomized online algorithms, designed around a procedure Move-Recursively-Forward, a generalization of Move-To-Front tailored to handle node dependencies. Parts of the analysis build upon ideas of the classic online algorithms Move-To-Front and BIT, and address the challenges of the extended model. We further discuss the challenges related to insertions and deletions.
△ Less
Submitted 18 April, 2021;
originally announced April 2021.
-
Routes Obey Hierarchy in Complex Networks
Authors:
Attila Csoma,
Attila Kőrösi,
Gábor Rétvári,
Zalán Heszberger,
József Bíró,
Mariann Slíz,
Andrea Avena-Koenigsberger,
Alessandra Griffa,
Patric Hagmann,
András Gulyás
Abstract:
Various hypotheses exist about the paths used for communication between the nodes of complex networks. Most studies simply suppose that communication goes via shortest paths, while others have more explicit assumptions about how routing (alternatively navigation or search) works or should work in real networks. However, these assumptions are rarely checked against real data. Here we directly analy…
▽ More
Various hypotheses exist about the paths used for communication between the nodes of complex networks. Most studies simply suppose that communication goes via shortest paths, while others have more explicit assumptions about how routing (alternatively navigation or search) works or should work in real networks. However, these assumptions are rarely checked against real data. Here we directly analyze the structure of operational paths using real measurements. For this purpose we use existing and newly created datasets having both the topology of the network and a sufficient number of empirically-determined paths over it. Such datasets are processed for air transportation networks, the human brain, the Internet and the fit-fat-cat word ladder game. Our results suggest that from the great number of possible paths, nature seems to pick according to some simple rules, which we will refer to as routing policies. First we confirm, that the preference of short paths is an inevitable policy element, however the observed stretch of the paths suggests that there are other policies at work simultaneously. We identify two additional policies common in our networks: the "conform hierarchy", meaning that the paths should obey the structural hierarchy of the network, and the "prefer downstream" policy which promotes avoiding the network core if possible. Building upon these simple policies, we propose a synthetic routing policy which can recover the basic statistical properties of the operational paths in networks. Our results can be helpful in estimating the reaction of complex systems for stress coming from the outside more accurately than the shortest path assumption permits.
△ Less
Submitted 20 February, 2017;
originally announced February 2017.
-
Lying Your Way to Better Traffic Engineering
Authors:
Marco Chiesa,
Gábor Rétvári,
Michael Schapira
Abstract:
To optimize the flow of traffic in IP networks, operators do traffic engineering (TE), i.e., tune routing-protocol parameters in response to traffic demands. TE in IP networks typically involves configuring static link weights and splitting traffic between the resulting shortest-paths via the Equal-Cost-MultiPath (ECMP) mechanism. Unfortunately, ECMP is a notoriously cumbersome and indirect means…
▽ More
To optimize the flow of traffic in IP networks, operators do traffic engineering (TE), i.e., tune routing-protocol parameters in response to traffic demands. TE in IP networks typically involves configuring static link weights and splitting traffic between the resulting shortest-paths via the Equal-Cost-MultiPath (ECMP) mechanism. Unfortunately, ECMP is a notoriously cumbersome and indirect means for optimizing traffic flow, often leading to poor network performance. Also, obtaining accurate knowledge of traffic demands as the input to TE is elusive, and traffic conditions can be highly variable, further complicating TE. We leverage recently proposed schemes for increasing ECMP's expressiveness via carefully disseminated bogus information ("lies") to design COYOTE, a readily deployable TE scheme for robust and efficient network utilization. COYOTE leverages new algorithmic ideas to configure (static) traffic splitting ratios that are optimized with respect to all (even adversarially chosen) traffic scenarios within the operator's "uncertainty bounds". Our experimental analyses show that COYOTE significantly outperforms today's prevalent TE schemes in a manner that is robust to traffic uncertainty and variation. We discuss experiments with a prototype implementation of COYOTE.
△ Less
Submitted 1 November, 2016; v1 submitted 9 October, 2016;
originally announced October 2016.
-
Navigable Networks as Nash Equilibria of Navigation Games
Authors:
András Gulyás,
József Bíró,
Attila Kőrösi,
Gábor Rétvári,
Dmitri Krioukov
Abstract:
The common sense suggests that networks are not random mazes of purposeless connections, but that these connections are organised so that networks can perform their functions well. One function common to many networks is targeted transport or navigation. Using game theory, here we show that minimalistic networks designed to maximise the navigation efficiency at minimal cost share basic structural…
▽ More
The common sense suggests that networks are not random mazes of purposeless connections, but that these connections are organised so that networks can perform their functions well. One function common to many networks is targeted transport or navigation. Using game theory, here we show that minimalistic networks designed to maximise the navigation efficiency at minimal cost share basic structural properties with real networks. These idealistic networks are Nash equilibria of a network construction game whose purpose is to find an optimal trade-off between the network cost and navigability. We show that these skeletons are present in the Internet, metabolic, English word, US airport, Hungarian road networks, and in a structural network of the human brain. The knowledge of these skeletons allows one to identify the minimal number of edges by altering which one can efficiently improve or paralyse navigation in the network.
△ Less
Submitted 22 July, 2015; v1 submitted 22 December, 2014;
originally announced December 2014.
-
Compressing IP Forwarding Tables: Towards Entropy Bounds and Beyond
Authors:
Gábor Rétvári,
János Tapolcai,
Attila Kőrösi,
András Majdán,
Zalán Heszberger
Abstract:
Lately, there has been an upsurge of interest in compressed data structures, aiming to pack ever larger quantities of information into constrained memory without sacrificing the efficiency of standard operations, like random access, search, or update. The main goal of this paper is to demonstrate how data compression can benefit the networking community, by showing how to squeeze the IP Forwarding…
▽ More
Lately, there has been an upsurge of interest in compressed data structures, aiming to pack ever larger quantities of information into constrained memory without sacrificing the efficiency of standard operations, like random access, search, or update. The main goal of this paper is to demonstrate how data compression can benefit the networking community, by showing how to squeeze the IP Forwarding Information Base (FIB), the giant table consulted by IP routers to make forwarding decisions, into information-theoretical entropy bounds, with essentially zero cost on longest prefix match and FIB update. First, we adopt the state-of-the-art in compressed data structures, yielding a static entropy-compressed FIB representation with asymptotically optimal lookup. Then, we re-design the venerable prefix tree, used commonly for IP lookup for at least 20 years in IP routers, to also admit entropy bounds and support lookup in optimal time and update in nearly optimal time. Evaluations on a Linux kernel prototype indicate that our compressors encode a FIB comprising more than 440K prefixes to just about 100--400 KBytes of memory, with a threefold increase in lookup throughput and no penalty on FIB updates.
This technical report contains a number of important corrections and revisions to the original manuscript.
△ Less
Submitted 5 February, 2014;
originally announced February 2014.
-
Memory size bounds of prefix DAGs
Authors:
János Tapolcai,
Gábor Rétvári,
Attila Kőrösi
Abstract:
In this report an entropy bound on the memory size is given for a compression method of leaf-labeled trees. The compression converts the tree into a Directed Acyclic Graph (DAG) by merging isomorphic subtrees.
In this report an entropy bound on the memory size is given for a compression method of leaf-labeled trees. The compression converts the tree into a Directed Acyclic Graph (DAG) by merging isomorphic subtrees.
△ Less
Submitted 24 May, 2013;
originally announced May 2013.
