Resilient Edge: A scalable, robust network function backend

Yutaro Hayakawa, Kenichi Yasukata, Jin Nakazawa, Michio Honda

Research output: Contribution to journalArticle

Abstract

Increasing hardware resources, such as multi-core and multi-socket CPUs, memory capacity and high-speed NICs, impose significant challenges on Network Function Virtualization (NFV) backends. They increase the potential numbers of per-server NFs or tenants, which requires a packet switching architecture that is not only scalable to large number of virtual ports, but also robust to attacks on the data plane. This is a real problem; a recent study has reported that Open vSwitch, a widely used software switch, had a buffer-overflow bug in its data plane that results the entire SDN domain to be hijacked by worms propagated in the network. In order to address this problem, we propose REdge. It scales to thousands of virtual ports or NFs (as opposed to hundreds in the current state-of-the art), and protect modular, flexible packet switching logic against various bugs, such as buffer overflow and other unexpected operations using static program checking. When 2048 NFs are active and packets are distributed to them based on the MAC or IP addresses, REdge achieves 3.16 Mpps or higher packet forwarding rates for 60 byte packets and achieves the wire rate for 1500 byte packets in the 25 Gbps link.

Original languageEnglish
Pages (from-to)550-558
Number of pages9
JournalIEICE Transactions on Information and Systems
VolumeE102D
Issue number3
DOIs
Publication statusPublished - 2019 Mar 1

Fingerprint

Packet switching
Program processors
Servers
Switches
Wire
Hardware
Data storage equipment
Network function virtualization
Software defined networking

Keywords

  • NFV
  • Operating system
  • Security
  • Software switch

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Vision and Pattern Recognition
  • Electrical and Electronic Engineering
  • Artificial Intelligence

Cite this

Resilient Edge : A scalable, robust network function backend. / Hayakawa, Yutaro; Yasukata, Kenichi; Nakazawa, Jin; Honda, Michio.

In: IEICE Transactions on Information and Systems, Vol. E102D, No. 3, 01.03.2019, p. 550-558.

Research output: Contribution to journalArticle

Hayakawa, Yutaro ; Yasukata, Kenichi ; Nakazawa, Jin ; Honda, Michio. / Resilient Edge : A scalable, robust network function backend. In: IEICE Transactions on Information and Systems. 2019 ; Vol. E102D, No. 3. pp. 550-558.
@article{94b46a9f004e43d295e4e98d8e21be41,
title = "Resilient Edge: A scalable, robust network function backend",
abstract = "Increasing hardware resources, such as multi-core and multi-socket CPUs, memory capacity and high-speed NICs, impose significant challenges on Network Function Virtualization (NFV) backends. They increase the potential numbers of per-server NFs or tenants, which requires a packet switching architecture that is not only scalable to large number of virtual ports, but also robust to attacks on the data plane. This is a real problem; a recent study has reported that Open vSwitch, a widely used software switch, had a buffer-overflow bug in its data plane that results the entire SDN domain to be hijacked by worms propagated in the network. In order to address this problem, we propose REdge. It scales to thousands of virtual ports or NFs (as opposed to hundreds in the current state-of-the art), and protect modular, flexible packet switching logic against various bugs, such as buffer overflow and other unexpected operations using static program checking. When 2048 NFs are active and packets are distributed to them based on the MAC or IP addresses, REdge achieves 3.16 Mpps or higher packet forwarding rates for 60 byte packets and achieves the wire rate for 1500 byte packets in the 25 Gbps link.",
keywords = "NFV, Operating system, Security, Software switch",
author = "Yutaro Hayakawa and Kenichi Yasukata and Jin Nakazawa and Michio Honda",
year = "2019",
month = "3",
day = "1",
doi = "10.1587/transinf.2018EDP7176",
language = "English",
volume = "E102D",
pages = "550--558",
journal = "IEICE Transactions on Information and Systems",
issn = "0916-8532",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "3",

}

TY - JOUR

T1 - Resilient Edge

T2 - A scalable, robust network function backend

AU - Hayakawa, Yutaro

AU - Yasukata, Kenichi

AU - Nakazawa, Jin

AU - Honda, Michio

PY - 2019/3/1

Y1 - 2019/3/1

N2 - Increasing hardware resources, such as multi-core and multi-socket CPUs, memory capacity and high-speed NICs, impose significant challenges on Network Function Virtualization (NFV) backends. They increase the potential numbers of per-server NFs or tenants, which requires a packet switching architecture that is not only scalable to large number of virtual ports, but also robust to attacks on the data plane. This is a real problem; a recent study has reported that Open vSwitch, a widely used software switch, had a buffer-overflow bug in its data plane that results the entire SDN domain to be hijacked by worms propagated in the network. In order to address this problem, we propose REdge. It scales to thousands of virtual ports or NFs (as opposed to hundreds in the current state-of-the art), and protect modular, flexible packet switching logic against various bugs, such as buffer overflow and other unexpected operations using static program checking. When 2048 NFs are active and packets are distributed to them based on the MAC or IP addresses, REdge achieves 3.16 Mpps or higher packet forwarding rates for 60 byte packets and achieves the wire rate for 1500 byte packets in the 25 Gbps link.

AB - Increasing hardware resources, such as multi-core and multi-socket CPUs, memory capacity and high-speed NICs, impose significant challenges on Network Function Virtualization (NFV) backends. They increase the potential numbers of per-server NFs or tenants, which requires a packet switching architecture that is not only scalable to large number of virtual ports, but also robust to attacks on the data plane. This is a real problem; a recent study has reported that Open vSwitch, a widely used software switch, had a buffer-overflow bug in its data plane that results the entire SDN domain to be hijacked by worms propagated in the network. In order to address this problem, we propose REdge. It scales to thousands of virtual ports or NFs (as opposed to hundreds in the current state-of-the art), and protect modular, flexible packet switching logic against various bugs, such as buffer overflow and other unexpected operations using static program checking. When 2048 NFs are active and packets are distributed to them based on the MAC or IP addresses, REdge achieves 3.16 Mpps or higher packet forwarding rates for 60 byte packets and achieves the wire rate for 1500 byte packets in the 25 Gbps link.

KW - NFV

KW - Operating system

KW - Security

KW - Software switch

UR - http://www.scopus.com/inward/record.url?scp=85064006759&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85064006759&partnerID=8YFLogxK

U2 - 10.1587/transinf.2018EDP7176

DO - 10.1587/transinf.2018EDP7176

M3 - Article

AN - SCOPUS:85064006759

VL - E102D

SP - 550

EP - 558

JO - IEICE Transactions on Information and Systems

JF - IEICE Transactions on Information and Systems

SN - 0916-8532

IS - 3

ER -