Article

Symerton--using virtualization to accelerate packet processing

Authors:

Aaron R. Kunze,

Stephen D. Goglin,

Erik J. JohnsonAuthors Info & Claims

ANCS '06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems

Pages 133 - 142

https://doi.org/10.1145/1185347.1185365

Published: 03 December 2006 Publication History

Abstract

The complexity of packet-processing applications continues to grow, with encryption, compression, and XML processing becoming common on packet-processing devices at the edge of enterprise and service provider networks. While performance remains a key differentiator for these devices, the complexity and rate of change in the supported applications has made general-purpose platforms an attractive alternative to ASICs and network processors. General-purpose platforms offer excellent programmability and a wealth of existing software, in the form of operating systems, libraries, and applications that can be used to build a packet-processing system; however, the performance of general-purpose operating systems is unacceptable for many environments. This has driven developers to either make derivative versions of existing operating systems or to use special-purpose operating systems with a less comprehensive and familiar library of existing software.As part of the Symerton project, we propose using virtualization to address these issues. We have designed a system that has a virtual machine dedicated to high-performance networking, and a virtual machine dedicated to hosting non-performance critical tasks in a general-purpose operating system. Using a proof-of-concept implementation, we show that the resulting system outperforms a general-purpose operating system by an average of 22% for a real networking application. We also discuss tradeoffs that will need to be considered in further development of systems using this design.

References

[1]

D. Abramson, et al. Intel Virtualization Technology for Directed I/O. Intel Technology Journal. 10(3):179--191, August 2006.

[2]

E. Abrossimov, M. Rozier, and M. Shapiro, "Generic virtual memory management for operating system kernels." in Proceedings of the twelfth ACM symposium on Operating systems principles, 1989, pp. 123--136.

Digital Library

[3]

S. Axelsson. Intrusion detection systems: A survey and taxonomy. Technical Report 99-15, Department of Computer Engineering, Chalmers University, March 2000.

[4]

P. Barham, et al. Xen and the art of virtualization. In Proceedings of the nineteenth ACM symposium on Operating systems principles, pp. 164--177, 2003.

Digital Library

[5]

H. Bryhni, E. Klovning, O. Kure. A comparison of load balancing techniques for scalable Web servers. IEEE Network. 14(4):58--64. Jul/Aug 2000.

Digital Library

[6]

C. Dovrolis, B. Thayer, P. Ramanathan. HIP: hybrid interrupt-polling for the network interface. ACM SIGOPS Operating Systems Review. 35(4):50--60, October 2001.

Digital Library

[7]

A. Foong, et al. TCP performance re-visited. In Proceedings of 2003 IEEE International Symposium on Performance Analysis of Systems and Software. pp. 70--79, 2003.

Digital Library

[8]

M. Gouda, X. Liu. Firewall design: consistency, completeness, and compactness. In Proceedings of the 24th International Conference on Distributed Computing Systems, 2004. pp. 320--327, 2004.

Digital Library

[9]

Jaluna. http://www.jaluna.com.

[10]

National Laboratory for Applied Network Research (NLANR). http://nlanr.net.

[11]

D. Neumann, et al. Intel Virtualization Technology in Embedded and Communications Infrastructure Applications. Intel Technology Journal. 10(3):217-226, August 2006.

[12]

E. Rescorla, A. Cain, B. Korver. SSLACC: A Clustered SSL Accelerator. In Proceedings of the 11th USENIX Security Symposium, August, 2002.

Digital Library

[13]

Snort. http://www.snort.org/

[14]

R. Tewari, M. Dahlin, H. Vin, J. Kay. Design Considerations for Distributed Caching on the Internet. In 19th IEEE International Conference on Distributed Computing Systems (ICDCS'99), p. 273, 1999.

Digital Library

[15]

R. Uhlig, et al. Intel virtualization technology. IEEE Computer. 38(5):48--56, May 2005.

Digital Library

[16]

VMware. http://www.vmware.com.

[17]

VxWorks. http://www.windriver.com Intel and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

Cited By

Zhang KWang JHua BTang X(2011)Building High-Performance Application Protocol Parsers on Multi-core ArchitecturesProceedings of the 2011 IEEE 17th International Conference on Parallel and Distributed Systems10.1109/ICPADS.2011.37(188-195)Online publication date: 7-Dec-2011
https://dl.acm.org/doi/10.1109/ICPADS.2011.37
Wang JCheng HHua BTang XGschwind MNicolau ASalapura VMoreira J(2009)Practice of parallelizing network applications on multi-core architecturesProceedings of the 23rd international conference on Supercomputing10.1145/1542275.1542307(204-213)Online publication date: 8-Jun-2009
https://dl.acm.org/doi/10.1145/1542275.1542307
Liu FSu XLiu WShi M(2009)The Design and Application of Xen-based Host System Firewall and its ExtensionProceedings of the 2009 International Conference on Electronic Computer Technology10.1109/ICECT.2009.83(392-395)Online publication date: 20-Feb-2009
https://dl.acm.org/doi/10.1109/ICECT.2009.83

Index Terms

Symerton--using virtualization to accelerate packet processing
1. Computer systems organization
  1. Embedded and cyber-physical systems
  2. Real-time systems
2. Networks
  1. Network protocols

Recommendations

Shrinking the hypervisor one subsystem at a time: a userspace packet switch for virtual machines
VEE '14

Efficient and secure networking between virtual machines is crucial in a time where a large share of the services on the Internet and in private datacenters run in virtual machines. To achieve this efficiency, virtualization solutions, such as Qemu/KVM, ...
Improving compute node performance using virtualization

Modified variants of Linux are likely to be the underlying operating systems (OSs) for future exascale platforms. Despite the many advantages of this approach, a subset of applications exist in which a lightweight kernel (LWK)-based OS is needed and/or ...
Shrinking the hypervisor one subsystem at a time: a userspace packet switch for virtual machines
VEE '14: Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

Efficient and secure networking between virtual machines is crucial in a time where a large share of the services on the Internet and in private datacenters run in virtual machines. To achieve this efficiency, virtualization solutions, such as Qemu/KVM, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ANCS '06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems

December 2006

202 pages

ISBN:1595935800

DOI:10.1145/1185347

General Chair:
Laxmi N. Bhuyan
University of California, Riverside, USA
,
Program Chairs:
Michel Dubois
University of Southern California, USA
,
Will Eatherton
Cisco, USA

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 December 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

ANCS06

Sponsor:

ANCS06: Symposium on Architecture for Networking and Communications Systems

December 3 - 5, 2006

California, San Jose, USA

Acceptance Rates

Overall Acceptance Rate 88 of 314 submissions, 28%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
521
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhang KWang JHua BTang X(2011)Building High-Performance Application Protocol Parsers on Multi-core ArchitecturesProceedings of the 2011 IEEE 17th International Conference on Parallel and Distributed Systems10.1109/ICPADS.2011.37(188-195)Online publication date: 7-Dec-2011
https://dl.acm.org/doi/10.1109/ICPADS.2011.37
Wang JCheng HHua BTang XGschwind MNicolau ASalapura VMoreira J(2009)Practice of parallelizing network applications on multi-core architecturesProceedings of the 23rd international conference on Supercomputing10.1145/1542275.1542307(204-213)Online publication date: 8-Jun-2009
https://dl.acm.org/doi/10.1145/1542275.1542307
Liu FSu XLiu WShi M(2009)The Design and Application of Xen-based Host System Firewall and its ExtensionProceedings of the 2009 International Conference on Electronic Computer Technology10.1109/ICECT.2009.83(392-395)Online publication date: 20-Feb-2009
https://dl.acm.org/doi/10.1109/ICECT.2009.83

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents