skip to main content
research-article
Public Access

CoNFV: A Heterogeneous Platform for Scalable Network Function Virtualization

Published:18 August 2020Publication History
Skip Abstract Section

Abstract

Network function virtualization (NFV) is a powerful networking approach that leverages computing resources to perform a time-varying set of network processing functions. Although microprocessors can be used for this purpose, their performance limitations and lack of specialization present implementation challenges. In this article, we describe a new heterogeneous hardware-software NFV platform called CoNFV that provides scalability and programmability while supporting significant hardware-level parallelism and reconfiguration. Our computing platform takes advantage of both field-programmable gate arrays (FPGAs) and microprocessors to implement numerous virtual network functions (VNF) that can be dynamically customized to specific network flow needs. The most distinctive feature of our system is the use of global network state to coordinate NFV operations. Traffic management and hardware reconfiguration functions are performed by a global coordinator that allows for the rapid sharing of network function states and continuous evaluation of network function needs. With the help of state sharing mechanism offered by the coordinator, customer-defined VNF instances can be easily migrated between heterogeneous middleboxes as the network environment changes. A resource allocation and scheduling algorithm dynamically assesses resource deployments as network flows and conditions are updated. We show that our deployment algorithm can successfully reallocate FPGA and microprocessor resources in a fraction of a second in response to changes in network flow capacity and network security threats including intrusion.

References

  1. Zachary Baker and Viktor Prasanna. 2006. Automatic synthesis of efficient intrusion detection systems on FPGAs. IEEE Trans. Sec. Depend. Comput. 3, 4 (Oct. 2006), 289--300Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Stuart Byma, J. Gregory Steffan, Hadi Bannazadeh, Alberto Leon-Garcia, and Paul Chow. 2014. FPGAs in the cloud: Booting virtualized hardware accelerators with OpenStack. In Proceedings of the International Symposium on Field-Programmable Custom Computing Machines. 109--116.Google ScholarGoogle ScholarCross RefCross Ref
  3. Sarang Dharmapurikar and John Lockwood. 2004. Deep packet inspection using parallel bloom filters. IEEE Micro 24, 1 (2004), 52--61.Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Xiongzi Ge, Yi Liu, David H. C. Du, Liang Zhang, Hongguang Guan, Jian Chen, Yuping Zhao, and Xinyu Hu. 2014. OpenANFV: Accelerating network function virtualization with a consolidated framework in OpenStack. In Proceedings of the ACM Conference on SIGCOMM. 353--354.Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Aaron Gember-Jacobson, Raajay Viswanathan, Chaithan Prakash, Robert Grandl, Junaid Khalid, Sourav Das, and Aditya Akella. 2014. OpenNF: Enabling innovation in network function control. In Proceedings of the ACM Conference on SIGCOMM. 163--174.Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Maya Gokhale, Dave Dubois, Andy Dubois, Mike Boorman, Steve Poole, and Vic Hogsett. 2002. Granidt: Towards gigabit rate network intrusion detection technology. In Proceedings of the International Conference on Field Programmable Logic and Applications. 404--413.Google ScholarGoogle ScholarCross RefCross Ref
  7. Hamid Gholam Hosseini and Kang Li. 2012. Implementation of transient signal detection algorithms on FPGA. Int. J. Comput. Applic. 975 (2012), 8887.Google ScholarGoogle Scholar
  8. Murad Kablan, Blake Caldwell, Richard Han, Hani Jamjoon, and Eric Keller. 2015. Stateless network functions. In Proceedings of the HotMiddleBox Conference. 49--54.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Christoforos Kachris, Georgios Sirakoulis, and Dimitrios Soudris. 2014. Network function virtualization based on FPGAs: A framework for all-programmable network devices. Retrieved from https://arxiv.org/abs/1406.0309.Google ScholarGoogle Scholar
  10. John W. Lockwood, James Moscola, Matthew Kulig, David Reddick, and Tim Brooks. 2003. Internet worm and virus protection in dynamically reconfigurable hardware. In Proceedings of the Military and Aerospace Programmable Logic Device Workshop. 10.Google ScholarGoogle Scholar
  11. Kejie Lu, Dapeng Wu, Jieyan Fan, Sinisa Todorovic, and Antonio Nucci. 2007. Robust and efficient detection of DDoS attacks for large-scale internet. Comput. Netw. 51, 18 (Dec. 2007), 5036--5056.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, and Jonathan Turner. 2008. OpenFlow: Enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38, 2 (2008), 69--74.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Leonhard Nobach, Benedikt Rudolph, and David Hausheer. 2017. Benefits of conditional FPGA provisioning for virtualized network functions. In Proceedings of the International Conference on Networked Systems. 1--6.Google ScholarGoogle ScholarCross RefCross Ref
  14. Vladimir Olteanu, Felipe Huici, and Costin Raiciu. 2015. Lost in network address translation: Lessons from scaling the world’s simplest middlebox. In Proceedings of the HotMiddleBox Conference. 19--24.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Manuel Peuster and Holger Karl. 2016. E-State: Distributed state management in elastic network function deployments. In Proceedings of the IEEE NetSoft Conference and Workshops. 6--10.Google ScholarGoogle ScholarCross RefCross Ref
  16. Salvatore Pontarelli, Giuseppe Bianchi, and Simone Teofili. 2013. Traffic-aware design of a high-speed FPGA network intrusion detection system. IEEE Trans. Comput. 62, 11 (Nov. 2013), 2322--2334.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Andrew Putnam, Adrian M. Caulfield, Eric S. Chung, Derek Chiou, Kypros Constantinides, John Demme, Hadi Esmaeilzadeh, Jeremy Fowers, Gopi Prashanth Gopal, Jan Gray, et al. 2014. A reconfigurable fabric for accelerating large-scale datacenter services. In Proceedings of the ACM/IEEE 41st International Symposium on Computer Architecture (ISCA’14). IEEE, 13--24.Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Shriram Rajagopalan, Dan Williams, Hani Jamjoom, and Andrew Warfield. 2013. Split/Merge: System support for elastic execution in virtual middleboxes. In Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation. 227--240.Google ScholarGoogle Scholar
  19. Chen Sun, Jun Bi, Zhilong Zheng, and Hongxin Hu. 2017. HYPER: A hybrid high-performance framework for network function virtualization. IEEE J. Select. Areas Commun. 35, 11 (Nov. 2017), 2490--2500.Google ScholarGoogle ScholarCross RefCross Ref
  20. Naif Tarafdar, Thomas Lin, Nariman Eskandari, David Lion, Alberto Leon-Garcia, and Paul Chow. 2017. Heterogeneous virtualized network function framework for the data center. In Proceedings of the International Conference on Field Programmable Logic and Applications. 1--8.Google ScholarGoogle ScholarCross RefCross Ref
  21. Naif Tarafdar, Thomas Lin, Eric Fukuda, Hadi Bannazadeh, Alberto Leon-Garcia, and Paul Chow. 2017. Enabling flexible network FPGA clusters in a heterogeneous cloud data center. In Proceedings of the International Symposium on Field-programmable Gate Arrays. 237--246.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Jonathan S. Turner, Patrick Crowley, John DeHart, Amy Freestone, Brandon Heller, Fred Kuhns, Sailesh Kumar, John Lockwood, Jing Lu, Michael Wilson, Charles Wiseman, and David Zar. 2007. Supercharging PlanetLab: A high performance, multi-application, overlay network platform. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. 85--96.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Deepak Unnikrishnan, Ramakrishna Vadlamani, Yong Liao, Jérémie Crenne, Lixin Gao, and Russell Tessier. 2013. Reconfigurable data planes for scalable network virtualization. IEEE Trans. Comput. 62, 12 (Dec. 2013), 2476--2488.Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Haining Wang, Danlu Zhang, and Kang G. Shin. 2004. Change-point monitoring for the detection of DoS attacks. IEEE Trans. Depend. Sec. Comput. 1, 4 (2004), 193--208.Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Yi-Hua Edward Yang, Weirong Jiang, and Viktor K. Prasanna. 2008. Compact architecture for high-throughput regular expression matching on FPGA. In Proceedings of the ACM/IEEE Symposium on Architectures for Networking and Communications Systems. 30--39.Google ScholarGoogle Scholar
  26. Xuzhi Zhang, Xiaozhe Shao, George Provelengios, Naveen Kumar Dumpala, Lixin Gao, and Russell Tessier. 2017. Scalable network function virtualization for heterogeneous middleboxes. In Proceedings of the IEEE 25th Annual International Symposium on Field-programmable Custom Computing Machines (FCCM’17). IEEE, 219--226.Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. CoNFV: A Heterogeneous Platform for Scalable Network Function Virtualization

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader

            HTML Format

            View this article in HTML Format .

            View HTML Format
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!