Abstract
Network function virtualization (NFV) is a powerful networking approach that leverages computing resources to perform a time-varying set of network processing functions. Although microprocessors can be used for this purpose, their performance limitations and lack of specialization present implementation challenges. In this article, we describe a new heterogeneous hardware-software NFV platform called CoNFV that provides scalability and programmability while supporting significant hardware-level parallelism and reconfiguration. Our computing platform takes advantage of both field-programmable gate arrays (FPGAs) and microprocessors to implement numerous virtual network functions (VNF) that can be dynamically customized to specific network flow needs. The most distinctive feature of our system is the use of global network state to coordinate NFV operations. Traffic management and hardware reconfiguration functions are performed by a global coordinator that allows for the rapid sharing of network function states and continuous evaluation of network function needs. With the help of state sharing mechanism offered by the coordinator, customer-defined VNF instances can be easily migrated between heterogeneous middleboxes as the network environment changes. A resource allocation and scheduling algorithm dynamically assesses resource deployments as network flows and conditions are updated. We show that our deployment algorithm can successfully reallocate FPGA and microprocessor resources in a fraction of a second in response to changes in network flow capacity and network security threats including intrusion.
- Zachary Baker and Viktor Prasanna. 2006. Automatic synthesis of efficient intrusion detection systems on FPGAs. IEEE Trans. Sec. Depend. Comput. 3, 4 (Oct. 2006), 289--300Google Scholar
Digital Library
- Stuart Byma, J. Gregory Steffan, Hadi Bannazadeh, Alberto Leon-Garcia, and Paul Chow. 2014. FPGAs in the cloud: Booting virtualized hardware accelerators with OpenStack. In Proceedings of the International Symposium on Field-Programmable Custom Computing Machines. 109--116.Google Scholar
Cross Ref
- Sarang Dharmapurikar and John Lockwood. 2004. Deep packet inspection using parallel bloom filters. IEEE Micro 24, 1 (2004), 52--61.Google Scholar
Digital Library
- Xiongzi Ge, Yi Liu, David H. C. Du, Liang Zhang, Hongguang Guan, Jian Chen, Yuping Zhao, and Xinyu Hu. 2014. OpenANFV: Accelerating network function virtualization with a consolidated framework in OpenStack. In Proceedings of the ACM Conference on SIGCOMM. 353--354.Google Scholar
Digital Library
- Aaron Gember-Jacobson, Raajay Viswanathan, Chaithan Prakash, Robert Grandl, Junaid Khalid, Sourav Das, and Aditya Akella. 2014. OpenNF: Enabling innovation in network function control. In Proceedings of the ACM Conference on SIGCOMM. 163--174.Google Scholar
Digital Library
- Maya Gokhale, Dave Dubois, Andy Dubois, Mike Boorman, Steve Poole, and Vic Hogsett. 2002. Granidt: Towards gigabit rate network intrusion detection technology. In Proceedings of the International Conference on Field Programmable Logic and Applications. 404--413.Google Scholar
Cross Ref
- Hamid Gholam Hosseini and Kang Li. 2012. Implementation of transient signal detection algorithms on FPGA. Int. J. Comput. Applic. 975 (2012), 8887.Google Scholar
- Murad Kablan, Blake Caldwell, Richard Han, Hani Jamjoon, and Eric Keller. 2015. Stateless network functions. In Proceedings of the HotMiddleBox Conference. 49--54.Google Scholar
Digital Library
- Christoforos Kachris, Georgios Sirakoulis, and Dimitrios Soudris. 2014. Network function virtualization based on FPGAs: A framework for all-programmable network devices. Retrieved from https://arxiv.org/abs/1406.0309.Google Scholar
- John W. Lockwood, James Moscola, Matthew Kulig, David Reddick, and Tim Brooks. 2003. Internet worm and virus protection in dynamically reconfigurable hardware. In Proceedings of the Military and Aerospace Programmable Logic Device Workshop. 10.Google Scholar
- Kejie Lu, Dapeng Wu, Jieyan Fan, Sinisa Todorovic, and Antonio Nucci. 2007. Robust and efficient detection of DDoS attacks for large-scale internet. Comput. Netw. 51, 18 (Dec. 2007), 5036--5056.Google Scholar
Digital Library
- Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, and Jonathan Turner. 2008. OpenFlow: Enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38, 2 (2008), 69--74.Google Scholar
Digital Library
- Leonhard Nobach, Benedikt Rudolph, and David Hausheer. 2017. Benefits of conditional FPGA provisioning for virtualized network functions. In Proceedings of the International Conference on Networked Systems. 1--6.Google Scholar
Cross Ref
- Vladimir Olteanu, Felipe Huici, and Costin Raiciu. 2015. Lost in network address translation: Lessons from scaling the world’s simplest middlebox. In Proceedings of the HotMiddleBox Conference. 19--24.Google Scholar
Digital Library
- Manuel Peuster and Holger Karl. 2016. E-State: Distributed state management in elastic network function deployments. In Proceedings of the IEEE NetSoft Conference and Workshops. 6--10.Google Scholar
Cross Ref
- Salvatore Pontarelli, Giuseppe Bianchi, and Simone Teofili. 2013. Traffic-aware design of a high-speed FPGA network intrusion detection system. IEEE Trans. Comput. 62, 11 (Nov. 2013), 2322--2334.Google Scholar
Digital Library
- Andrew Putnam, Adrian M. Caulfield, Eric S. Chung, Derek Chiou, Kypros Constantinides, John Demme, Hadi Esmaeilzadeh, Jeremy Fowers, Gopi Prashanth Gopal, Jan Gray, et al. 2014. A reconfigurable fabric for accelerating large-scale datacenter services. In Proceedings of the ACM/IEEE 41st International Symposium on Computer Architecture (ISCA’14). IEEE, 13--24.Google Scholar
Digital Library
- Shriram Rajagopalan, Dan Williams, Hani Jamjoom, and Andrew Warfield. 2013. Split/Merge: System support for elastic execution in virtual middleboxes. In Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation. 227--240.Google Scholar
- Chen Sun, Jun Bi, Zhilong Zheng, and Hongxin Hu. 2017. HYPER: A hybrid high-performance framework for network function virtualization. IEEE J. Select. Areas Commun. 35, 11 (Nov. 2017), 2490--2500.Google Scholar
Cross Ref
- Naif Tarafdar, Thomas Lin, Nariman Eskandari, David Lion, Alberto Leon-Garcia, and Paul Chow. 2017. Heterogeneous virtualized network function framework for the data center. In Proceedings of the International Conference on Field Programmable Logic and Applications. 1--8.Google Scholar
Cross Ref
- Naif Tarafdar, Thomas Lin, Eric Fukuda, Hadi Bannazadeh, Alberto Leon-Garcia, and Paul Chow. 2017. Enabling flexible network FPGA clusters in a heterogeneous cloud data center. In Proceedings of the International Symposium on Field-programmable Gate Arrays. 237--246.Google Scholar
Digital Library
- Jonathan S. Turner, Patrick Crowley, John DeHart, Amy Freestone, Brandon Heller, Fred Kuhns, Sailesh Kumar, John Lockwood, Jing Lu, Michael Wilson, Charles Wiseman, and David Zar. 2007. Supercharging PlanetLab: A high performance, multi-application, overlay network platform. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. 85--96.Google Scholar
Digital Library
- Deepak Unnikrishnan, Ramakrishna Vadlamani, Yong Liao, Jérémie Crenne, Lixin Gao, and Russell Tessier. 2013. Reconfigurable data planes for scalable network virtualization. IEEE Trans. Comput. 62, 12 (Dec. 2013), 2476--2488.Google Scholar
Digital Library
- Haining Wang, Danlu Zhang, and Kang G. Shin. 2004. Change-point monitoring for the detection of DoS attacks. IEEE Trans. Depend. Sec. Comput. 1, 4 (2004), 193--208.Google Scholar
Digital Library
- Yi-Hua Edward Yang, Weirong Jiang, and Viktor K. Prasanna. 2008. Compact architecture for high-throughput regular expression matching on FPGA. In Proceedings of the ACM/IEEE Symposium on Architectures for Networking and Communications Systems. 30--39.Google Scholar
- Xuzhi Zhang, Xiaozhe Shao, George Provelengios, Naveen Kumar Dumpala, Lixin Gao, and Russell Tessier. 2017. Scalable network function virtualization for heterogeneous middleboxes. In Proceedings of the IEEE 25th Annual International Symposium on Field-programmable Custom Computing Machines (FCCM’17). IEEE, 219--226.Google Scholar
Cross Ref
Index Terms
CoNFV: A Heterogeneous Platform for Scalable Network Function Virtualization
Recommendations
OpenANFV: accelerating network function virtualization with a consolidated framework in openstack
SIGCOMM '14: Proceedings of the 2014 ACM conference on SIGCOMMThe resources of dedicated accelerators (e.g. FPGA) are still required to bridge the gap between software-based Middleboxs(MBs) and the commodity hardware. To consolidate various hardware resources in an elastic, programmable and reconfigurable manner, ...
OpenANFV: accelerating network function virtualization with a consolidated framework in openstack
SIGCOMM'14The resources of dedicated accelerators (e.g. FPGA) are still required to bridge the gap between software-based Middleboxs(MBs) and the commodity hardware. To consolidate various hardware resources in an elastic, programmable and reconfigurable manner, ...
Integrated NFV/SDN Architectures: A Systematic Literature Review
Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) are new paradigms in the move towards open software and network hardware. While NFV aims to virtualize network functions and deploy them into general purpose hardware, SDN ...






Comments