NetBricks: Taking the V out of NFV
Abstract
The move from hardware middleboxes to software network
functions, as advocated by NFV, has proven more challenging
than expected. Developing new NFs remains a tedious
process, requiring that developers repeatedly rediscover
and reapply the same set of optimizations, while current
techniques for providing isolation between NFs (using
VMs or containers) incur high performance overheads. In
this paper we describe NetBricks, a new NFV framework
that tackles both these problems. For building NFs we take
inspiration from modern data analytics frameworks (e.g.,
Spark and Dryad) and build a small set of customizable network
processing elements. We also embrace type checking
and safe runtimes to provide isolation in software, rather
than rely on hardware isolation. NetBricks provides the
same memory isolation as containers and VMs, without
incurring the same performance penalties. To improve I/O
efficiency, we introduce a novel technique called zero-copy
software isolation.
functions, as advocated by NFV, has proven more challenging
than expected. Developing new NFs remains a tedious
process, requiring that developers repeatedly rediscover
and reapply the same set of optimizations, while current
techniques for providing isolation between NFs (using
VMs or containers) incur high performance overheads. In
this paper we describe NetBricks, a new NFV framework
that tackles both these problems. For building NFs we take
inspiration from modern data analytics frameworks (e.g.,
Spark and Dryad) and build a small set of customizable network
processing elements. We also embrace type checking
and safe runtimes to provide isolation in software, rather
than rely on hardware isolation. NetBricks provides the
same memory isolation as containers and VMs, without
incurring the same performance penalties. To improve I/O
efficiency, we introduce a novel technique called zero-copy
software isolation.
Research Areas
