The document discusses challenges in multi-tenancy for function-based data planes, focusing on memory and performance isolation. It presents a solution called FastPass, which utilizes efficient scheduling and memory protection methods to enhance resource management and throughput for different network functions. The evaluation reveals that FastPass achieves significantly higher throughput compared to unprotected modules, with plans for future improvements in scheduling strategies and performance comparison with Rust.

1. Ajay Kharat (2019H1030011G)
BITS-Pilani
Memory and Performance Isolation for a
Multi-tenant Function-based Data-plane

2. Motivation
Current Implementation of software data-plane that uses virtualization eats a
lot of CPU cores.

3. Problem statement
A function-based dataplane, despite its advantages, faces two key challenges in
supporting multi-tenancy:
• Memory isolation
• Performance isolation

4. Approach And Solution
 How performance isolation is achieved through FastPass?
• Multiple process from multiple tenants comes to FastPass
• FastPass controller configures NIC to decide upon resource management and
scheduling decision.
• It uses round-robin scheduling
• In FastPass , processing cost varies depending upon nature and path taken by a
packet, thus it provides fairness to tenants
• FastPaas tracks the CPU consumption of each tenant.
• FastPass contains primitives to calculate the processing cost of individual modules
as well as for a service chain
• NIC controller able to control scheduling of NF’s hence fairness is achieved , initially
it was done by OS which was difficult to manage

5. Fastpass Architecture

6.  How Memory Protection is achieved through FastPass?
3 approaches to memory protection are as follows:
• Memory safe language: Writing modules in memory safe language like Rust
automatically manages memory but already there are NF’s written in C/C++ ,
rewriting them from scratch with Rust will takes lots of effort.
• Hardware-based memory protection(fine-grained approach): overhead of MPX
comes from loading/storing the individual bounds for every pointers in a program
• Coarse-grained hardware protection: Divides memory space into modules based on
tenancy , having 2 advantages:
• Tenants cant access each other modules and reduces the size of bound table thus
reducing lookup overhead.

8. Evaluation of the solution
• We evaluate two NFs with different processing costs per packet
1. macswap(less costly)
2. traffic policer (more costly)
• FastPaas/RW achieve a throughput of 86% for macswap and 82% for the traffic policer compared to
the unprotected module.
• FastPaas/WOnly acheives an even higher throughput of 96% and 98% of the unprotected module.
1.Macswap Preallocated pkts Policer Preallocated pkts Policer real pkts

9. Related Work
 SafeCode provides memory isolation using a combination of static
analysis and minimal runtime but it is unable to protect packets
declared by DPDK in our tests.
 FastPass fairly distribute CPU resources but it does not balance the
CPU usage across cores so we use FlexNIC below FastPass which
automatically compute the load balancing filters based on packet
processing graph specifications and traffic measurements.

10. Future Work
• The weight of a queue is statically defined based on the priority of a
tenant. Further study of scheduling strategies (including strict priority
classes) is ongoing.
• Comparing Rust with FastPaas for policer and other modules is a topic
of our ongoing work