Resources

The following contain some of the key computer science academic papers that helped inspire Nefeli's technologies. Nefeli has since implemented and improved on many of the ideas captured in these research papers but they do provide a foundational understanding of the key principles behind our technology platform.

Research Papers
NetBricks: Taking the V out of NFV

Network Function Virtualization is allowing carriers to replace dedicated middleboxes with Network Functions (NFs) consolidated on shared servers, but the question of how (and even whether) one can achieve performance SLOs with soft- ware packet processing remains open. A key challenge is the high variability and unpredictability in throughput and latency introduced when NFs are consolidated. We show that we can directly enforce a high degree of performance isolation among consolidated NFs. Building on this, we present ResQ, a resource manager for NFV that enforces performance SLOs for multi-tenant NFV clusters in a resource efficient manner.

VIEW RESOURCE
E2: A Framework for NFV Applications

By moving network appliance functionality from propri- etary hardware to software, Network Function Virtualiza- tion promises to bring the advantages of cloud computing to network packet processing. However, the evolution of cloud computing (particularly for data analytics) has greatly bene- fited from application-independent methods for scaling and placement that achieve high efficiency while relieving pro- grammers of these burdens. NFV has no such general man- agement solutions. In this paper, we present a scalable and application-agnostic scheduling framework for packet pro- cessing, and compare its performance to current approaches.

VIEW RESOURCE
Verification in the Age of Microservices

Many large applications are now built using collections of microservices, each of which is deployed in isolated con- tainers and which interact with each other through the use of remote procedure calls (RPCs). The use of microservices improves scalability – each component of an application can be scaled independently – and deployability. However, such applications are inherently distributed and current tools do not provide mechanisms to reason about and ensure their global behavior. In this paper we argue that recent advances in for- mal methods and software packet processing pave the path towards building mechanisms that can ensure correctness for such systems, both when they are being built and at runtime. These techniques impose minimal runtime overheads and are amenable to production deployments.

VIEW RESOURCE
The Berkeley Extensible Software Switch

Modern NICs implement various features in hardware, such as protocol offloading, multicore supports, traffic control, and self virtualization. This approach exposes several issues: protocol dependence, limited hardware resources, and incomplete/buggy/non-compliant implementation. Even worse, the slow evolution of hardware NICs due to increasingly overwhelming design complexity cannot keep up in time with the new protocols and rapidly changing network architectures. We introduce the SoftNIC architecture to fill the gap between hardware capabilities and user demands. Our current SoftNIC prototype implements sophisticated NIC features on a few dedicated processor cores, while assuming only streamlined functionalities in hardware. The preliminary evaluation results show that most NIC features can be implemented in software with minimum performance cost, while the flexibility of software provides further potential benefits.

VIEW RESOURCE
Design and Implementation of a Consolidated Middlebox Architecture

Network deployments handle changing application, workload, and policy requirements via the deployment of specialized network appliances or “middleboxes”. To- day, however, middlebox platforms are expensive and closed systems, with little or no hooks for extensibil- ity. Furthermore, they are acquired from independent vendors and deployed as standalone devices with little cohesiveness in how the ensemble of middleboxes is managed. As network requirements continue to grow in both scale and variety, this bottom-up approach puts middlebox deployments on a trajectory of growing de- vice sprawl with corresponding escalation in capital and management costs.

To address this challenge, we present CoMb, a new architecture for middlebox deployments that systemati- cally explores opportunities for consolidation, both at the level of building individual middleboxes and in manag- ing a network of middleboxes. This paper addresses key resource management and implementation challenges that arise in exploiting the benefits of consolidation in middlebox deployments. Using a prototype implementa- tion in Click, we show that CoMb reduces the network provisioning cost 1.8–2.5× and reduces the load imbal- ance in a network by 2–25×.

VIEW RESOURCE
The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment

Most network deployments respond to changing application, workload, and policy requirements via the deployment of specialized network appliances or “middleboxes”. Despite the critical role that middleboxes play in introducing new network functionality, they have been surprisingly ignored in recent efforts for designing networks that are amenable to innovation. We make the case that enabling innovation in middleboxes is at least as important, if not more important, as that for traditional switches and routers. To this end, our vision is a world with software-centric middlebox implementations running on general-purpose hardware platforms that are managed via open and extensible management APIs. While these principles have been applied in other contexts, they introduce unique opportunities and challenges in the context of middleboxes that we highlight in this paper.

VIEW RESOURCE
Network Processing as a Cloud Service

Modern enterprises almost ubiquitously deploy middlebox process- ing services to improve security and performance in their networks. Despite this, we find that today’s middlebox infrastructure is ex- pensive, complex to manage, and creates new failure modes for the networks that use them. Given the promise of cloud computing to decrease costs, ease management, and provide elasticity and fault- tolerance, we argue that middlebox processing can benefit from outsourcing the cloud. Arriving at a feasible implementation, how- ever, is challenging due to the need to achieve functional equiva- lence with traditional middlebox deployments without sacrificing performance or increasing network complexity.

In this paper, we motivate, design, and implement APLOMB, a practical service for outsourcing enterprise middlebox processing to the cloud. Our discussion of APLOMB is data-driven, guided by a survey of 57 enterprise networks, the first large-scale academic study of middlebox deployment. We show that APLOMB solves real problems faced by network administrators, can outsource over 90% of middlebox hardware in a typical large enterprise network, and, in a case study of a real enterprise, imposes an average latency penalty of 1.1ms and median bandwidth inflation of 3.8%.

VIEW RESOURCE
Fault-Tolerant Middleboxes

Network middleboxes must offer high availability, with au- tomatic failover when a device fails. Achieving high avail- ability is challenging because failover must correctly restore lost state (e.g., activity logs, port mappings) but must do so quickly (e.g., in less than typical transport timeout values to minimize disruption to applications) and with little overhead to failure-free operation (e.g., additional per-packet laten- cies of 10-100s of μs). No existing middlebox design pro- vides failover that is correct, fast to recover, and imposes little increased latency on failure-free operations.

We present a new design for fault-tolerance in middle- boxes that achieves these three goals. Our system, FTMB (for Fault-Tolerant MiddleBox), adopts the classical ap- proach of “rollback recovery” in which a system uses in- formation logged during normal operation to correctly re- construct state after a failure. However, traditional rollback recovery cannot maintain high throughput given the frequent output rate of middleboxes. Hence, we design a novel solu- tion to record middlebox state which relies on two mech- anisms: (1) ‘ordered logging’, which provides lightweight logging of the information needed after recovery, and (2) a ‘parallel release’ algorithm which, when coupled with or- dered logging, ensures that recovery is always correct. We implement ordered logging and parallel release in Click and show that for our test applications our design adds only 30μs of latency to median per packet latencies. Our system introduces moderate throughput overheads (5-30%) and can reconstruct lost state in 40-275ms for practical systems.

VIEW RESOURCE
Enabling SLOs in NFV

Network Function Virtualization is allowing carriers to replace dedicated middleboxes with Network Functions (NFs) consolidated on shared servers, but the question of how (and even whether) one can achieve performance SLOs with software packet processing remains open. A key challenge is the high variability and unpredictability in throughput and latency introduced when NFs are consolidated. We show that, using processor cache isolation and with careful sizing of I/O buffers, we can directly enforce a high degree of performance isolation among consolidated NFs – for a wide range of NFs, our technique caps the maximum throughput degradation to 2.9% (compared to 44.3%), and the 95th percentile latency degradation to 2.5% (compared to 24.5%). Building on this, we present ResQ, a resource manager for NFV that enforces performance SLOs for multi-tenant NFV clusters in a resource efficient manner. ResQ achieves 60%-236% better resource efficiency for enforcing SLOs that contain contention-sensitive NFs compared to previous work.

VIEW RESOURCE