Hajime Tazaki, profile picture
Uploaded byHajime Tazaki
PDF, PPTX6,738 views

Network Stack in Userspace (NUSE)

NUSE is a library implementation of a network stack in userspace that allows new protocols and implementations to be added more quickly without modifying the kernel. It works by hijacking system calls related to networking at the library level, running the network stack code in a separate execution context using lightweight virtualization, and connecting to the network interface using options like raw sockets, DPDK, or netmap. This approach avoids the slow evolution of making kernel changes and allows network stacks and applications to be updated and deployed more flexibly on a per-application basis.

Embed presentation

Download as PDF, PPTX
Network Stack in Userspace (NUSE) ! ! Hajime Tazaki 高速PCルーター研究会 2014/9/29
Today’s talk • Userspace version of (Linux) network stack • not intended for high-speed something • but useful for high-speed network I/O 2
I have a new Layer-3/4 protocol! Yey! • I have new, great Layer-3/4 protocol ! It will change the WORLD ! • network stack って、入れかえたいですか? • No: your code will destroy my life ?! (experimental ? not tested ?) • Yes: I wanna be your slave. • VM cloud = OK, no much users/services interfere • multi-user server, PC, phone = Nightmare, my life will have trouble… 3
I have a new Layer-3/4 protocol! Yey! (cont’d) • Kernel programming sucks • LKM ? can cause panic anyway.. • Click ? only router/middlebox, not for end-hosts • Slow evolution • VM ? Hmm, I’m a lazy guy.. 4
costin.raiciu@cs.pub.ro, j.araujo@ucl.ac.uk, rizzo@iet.unipi.it Internet paths that it is still despite the the blame extensions taking placed on end moving protocols deployment optimizations. support for user-level commodity number of host stack, s. our mux/de-mux line rate (up Slow evolution of network stack Honda et al., Rekindling Network Protocol Innovation with User-Level Stacks, ACM SIGCOMM CCR, Vol.44, Num. 2, April 2014 cores, and over a basic same server 1.00 0.75 0.50 0.25 0.00 2007 2008 2009 2010 2011 2012 Date Ratio of flows Option SACK Timestamp Windowscale Direction Inbound Outbound Figure 1: TCP options deployment over time. pen infrequently not only because of slow release cycles, but also due to their cost and potential disruption to existing setups. If protocol stacks were embedded into applications, they could be updated on a case-by-case basis, and deploy-ment would be a lot more timely. For example, Mac OS, Windows XP and FreeBSD still use a traditional Additive Increase Multiplicative Decrease (AIMD) algorithm for TCP congestion control, while Linux
Virtual Machine ? Poll: “When you download and run software, how often do you use a virtual machine (to reduce security risks)?” Jon Howell, Galen Hunt, David Molnar, and Donald E. Porter, Living Dangerously: A Survey of Software Download Practices, no. MSR-TR-2010-51, May 2010 6
Meanwhile in Filesystem world.. • There is, • Filesystem in Userspace (FUSE) • Userspace code can host new filesystem (sshfs, GmailFS, etc) • Performance is bad, but doesn’t matter • Flexibility and functionality do matter 7 http://fuse.sourceforge.net/
Problem Statements • Slow evolution of network stack • Interfere to host OS (which is untouchable) • Too heavy workload of VM 8
What’s NUSE ? • Network stack in Userspace • Userspace as much as possible • like Fuse (Filesystem in Userspace) • Library version of network stack (of monolithic kernel) • kernel bypassed • (UNIX) Process-based virtualization 9
What can do with NUSE ? • Host operating system • Linux (for the moment) • Guest operating systems • Linux (3.17-rc1 based) • FreeBSD (ongoing) • Suitable with kernel-bypass technologies • DPDK/netmap with (full) network stack + (existing) applications • Applications • ping, iperf, nginx (partially worked) 10
FUSE vs NUSE 11 nuse example kernel bypassed TCP/IP ARP/ ndisc libnuse glibc NIC userspace kernel raw sock netmap DPDK (etc) libfuse glibc glibc VFS FUSE ...... NFS ext3 ls -l /tmp/fuse example /tmp/fuse userspace kernel
Design Goals • No modification to userspace apps • No mod to kernel space as well • Transparent • LD_PRELOADable • x1 performance of native OS 12
Application POSIX glue TCP UDP DCCP SCTP ICMP ARP IPv6 IPv4 Qdisc Netfilter Bridging Netlink IPSec Tunneling Kernel layer NUSE core bottom halves/ rcu/timer/ interrupt struct net_device RAW DPDK netmap ... NIC Recipe petit-scheduler 1. (monolithic) kernel source 2. petit-scheduler 3. POSIX glue • redirect system calls (at libc-level) 4. network I/O • raw socket, DPDK, netmap, etc.. 13
1) kernel build Application POSIX glue TCP UDP DCCP SCTP ICMP ARP IPv6 IPv4 Qdisc Netfilter Bridging Netlink IPSec Tunneling Kernel layer NUSE core bottom halves/ rcu/timer/ interrupt struct net_device RAW DPDK netmap ... NIC petit-scheduler • patch to kernel tree • with new (hw independent) arch (arch/sim) • robust to (frequent) mainstream changes • build kernel source tree w/ the patch • make menuconfig ARCH=sim • make library ARCH=sim • ➔ libnuse-linux-3.17-rc1.so 14
2) petit scheduler • offer alternate context primitives Application POSIX glue TCP UDP DCCP SCTP ICMP ARP IPv6 IPv4 Qdisc Netfilter Bridging Netlink IPSec Tunneling Kernel layer NUSE core bottom halves/ rcu/timer/ interrupt struct net_device RAW DPDK netmap ... NIC petit-scheduler • interrupts, timer, thread, bottom halves (tasklet, workqueue, waiter, etc) ! • Implemented with POSIX thread • easily debuggable • ucontext fiber for low overhead (not yet) 15
3) POSIX glue code Application POSIX glue TCP UDP DCCP SCTP ICMP ARP IPv6 IPv4 Qdisc Netfilter Bridging Netlink IPSec Tunneling Kernel layer NUSE core bottom halves/ rcu/timer/ interrupt struct net_device RAW DPDK netmap ... NIC petit-scheduler • Hijack function calls • socket => nuse_socket • read => nuse_read • libc level hijack • apps not aware of • LD_PRELOAD=libnuse.so .. • can’t catch int 0x80 16
extern int sim_sock_socket (int,int,int, struct socket **); int socket (int family, int type, int proto) { sim_update_jiffies (); struct socket *kernel_socket = sim_malloc (sizeof (struct socket)); memset (kernel_socket, 0, sizeof (struct socket)); int ret = sim_sock_socket (family, type, proto, &kernel_socket); g_fd_table[curfd++] = kernel_socket; sim_softirq_wakeup (); return curfd - 1; } https://github.com/thehajime/net-next-nuse/blob/nuse/arch/sim/nuse-glue.c
4) network I/O Application POSIX glue TCP UDP DCCP SCTP ICMP ARP IPv6 IPv4 Qdisc Netfilter Bridging Netlink IPSec Tunneling Kernel layer NUSE core bottom halves/ rcu/timer/ interrupt struct net_device RAW DPDK netmap ... NIC petit-scheduler • connect NUSE to NIC • options • raw socket (general) • DPDK (if available) • netmap (if available) • Tap ? 18
tatic netdev_tx_t kernel_dev_xmit(struct sk_buff *skb, struct net_device *dev) { netif_stop_queue(dev); sim_dev_xmit ((struct SimDevice *)dev, skb->data, skb->len); dev_kfree_skb(skb); netif_wake_queue(dev); return 0; } static const struct net_device_ops sim_dev_ops = { .ndo_start_xmit = kernel_dev_xmit, .ndo_set_mac_address = eth_mac_addr, }; void sim_dev_rx (struct SimDevice *device, struct SimDevicePacket packet) { struct sk_buff *skb = packet.token; struct net_device *dev = &device->dev; skb->protocol = eth_type_trans(skb, dev); skb->ip_summed = CHECKSUM_PARTIAL; // Do the TCP checksum (FIXME: should be configurable) ! netif_rx (skb); } https://github.com/thehajime/net-next-nuse/blob/nuse/arch/sim/sim-device.c
How to use NUSE ? • download • git clone git://github.com/thehajime/net-next-nuse • compile • make library ARCH=sim NETMAP=yes • execute • sudo ./nuse (application) • success ? : lucky guy ! • fail: add hijack calls 20
Alternatives • Container (LXC, OpenVZ, vimage) • share kernel with host operating system (no flexibility) • virtual machine (KVM,Xen,UML) • flexible/functional, but heavy bootstrap • Library OS • full scratch: mtcp, Mirage, lwIP • Porting: OSv, Sandstorm, libuinet (FreeBSD), Arrakis (lwIP), OpenOnload (lwIP?) • Glue-layer: LKL (Linux-2.6), Rump (NetBSD) 21
Alternatives (cont’d) Rumpkernel • https://github.com/rumpkernel/wiki/wiki • One binary runs on everywhere • Linux,xBSD,Soralis,cygwin Host • Xen Dom-U • Bare metal (hardware, KVM, Virtualbox) • Well-defined API (hypercall) ! • Only NetBSD network stack is available 22
Evaluation • Performance ? • not good so far.. • Generality • Run all applications ? up to POSIX coverage 23
next time..
Ongoings • (efficient) thread scheduling • batch Tx/Rx • fork(2)/exec(2) • multi-processes ! • => migrate to rumpkernel ? 25
Summary • Network Stack in Userspace (NUSE) • network stack library • light virtualization • fast evolution, easy deployments https://github.com/thehajime/net-next-nuse 26
GASPP: A GPU-Accelerated Stateful Packet Processing Framework Giorgos Vasiliadis, Lazaros Koromilas, Michalis Polychronakis, and Sotiris Ioannidis, GASPP: A GPU-Accelerated Stateful Packet Processing Framework, USENIX ATC 2014, June, 2014 28

More Related Content

PDF
LibOS as a regression test framework for Linux networking #netdev1.1
byHajime Tazaki
 
PDF
Playing BBR with a userspace network stack
byHajime Tazaki
 
PDF
Direct Code Execution - LinuxCon Japan 2014
byHajime Tazaki
 
PDF
Linux Kernel Library - Reusing Monolithic Kernel
byHajime Tazaki
 
PDF
Network stack personality in Android phone - netdev 2.2
byHajime Tazaki
 
PDF
Library Operating System for Linux #netdev01
byHajime Tazaki
 
PDF
Linux rumpkernel - ABC2018 (AsiaBSDCon 2018)
byHajime Tazaki
 
PDF
Direct Code Execution @ CoNEXT 2013
byHajime Tazaki
 
LibOS as a regression test framework for Linux networking #netdev1.1
byHajime Tazaki
 
Playing BBR with a userspace network stack
byHajime Tazaki
 
Direct Code Execution - LinuxCon Japan 2014
byHajime Tazaki
 
Linux Kernel Library - Reusing Monolithic Kernel
byHajime Tazaki
 
Network stack personality in Android phone - netdev 2.2
byHajime Tazaki
 
Library Operating System for Linux #netdev01
byHajime Tazaki
 
Linux rumpkernel - ABC2018 (AsiaBSDCon 2018)
byHajime Tazaki
 
Direct Code Execution @ CoNEXT 2013
byHajime Tazaki
 

What's hot

PDF
mTCP使ってみた
byHajime Tazaki
 
PDF
NUSE (Network Stack in Userspace) at #osio
byHajime Tazaki
 
PDF
Kernelvm 201312-dlmopen
byHajime Tazaki
 
PDF
Recent advance in netmap/VALE(mSwitch)
bymicchie
 
PDF
How to Speak Intel DPDK KNI for Web Services.
byNaoto MATSUMOTO
 
PPTX
Introduction to DPDK
byKernel TLV
 
PDF
Userspace networking
byStephen Hemminger
 
PPTX
Netmap presentation
byAmir Razmjou
 
PDF
VLANs in the Linux Kernel
byKernel TLV
 
PPTX
Understanding DPDK
byDenys Haryachyy
 
PDF
The 7 Deadly Sins of Packet Processing - Venky Venkatesan and Bruce Richardson
byharryvanhaaren
 
PPTX
DPDK KNI interface
byDenys Haryachyy
 
PDF
Introduction to eBPF and XDP
bylcplcp1
 
PDF
FreeBSD and Drivers
byKernel TLV
 
PDF
mSwitch: A Highly-Scalable, Modular Software Switch
bymicchie
 
PDF
Intel DPDK Step by Step instructions
byHisaki Ohara
 
PPTX
Dpdk applications
byVipin Varghese
 
PDF
Achieving Performance Isolation with Lightweight Co-Kernels
byJiannan Ouyang, PhD
 
PDF
CETH for XDP [Linux Meetup Santa Clara | July 2016]
byIO Visor Project
 
PPTX
Modern Linux Tracing Landscape
byKernel TLV
 
mTCP使ってみた
byHajime Tazaki
 
NUSE (Network Stack in Userspace) at #osio
byHajime Tazaki
 
Kernelvm 201312-dlmopen
byHajime Tazaki
 
Recent advance in netmap/VALE(mSwitch)
bymicchie
 
How to Speak Intel DPDK KNI for Web Services.
byNaoto MATSUMOTO
 
Introduction to DPDK
byKernel TLV
 
Userspace networking
byStephen Hemminger
 
Netmap presentation
byAmir Razmjou
 
VLANs in the Linux Kernel
byKernel TLV
 
Understanding DPDK
byDenys Haryachyy
 
The 7 Deadly Sins of Packet Processing - Venky Venkatesan and Bruce Richardson
byharryvanhaaren
 
DPDK KNI interface
byDenys Haryachyy
 
Introduction to eBPF and XDP
bylcplcp1
 
FreeBSD and Drivers
byKernel TLV
 
mSwitch: A Highly-Scalable, Modular Software Switch
bymicchie
 
Intel DPDK Step by Step instructions
byHisaki Ohara
 
Dpdk applications
byVipin Varghese
 
Achieving Performance Isolation with Lightweight Co-Kernels
byJiannan Ouyang, PhD
 
CETH for XDP [Linux Meetup Santa Clara | July 2016]
byIO Visor Project
 
Modern Linux Tracing Landscape
byKernel TLV
 

Viewers also liked

PDF
XPDS13: Dual-Android on Nexus 10 - Lovene Bhatia, Samsung
byThe Linux Foundation
 
PPTX
Ethernet and TCP optimizations
byJeff Squyres
 
PDF
Cinder Intro@Open Stack China Tour Beijing
byOpenCity Community
 
PPT
Livestock, Land and the Changing Economy of Pastoralism
byfutureagricultures
 
PDF
Big Data: Movement, Warehousing, & Virtualization
bytervela
 
PPT
Атомная энергетика в Казахстане
byАО "Самрук-Казына"
 
PPTX
Articles of Faith
byChristian Emmanuel Muñoz
 
PDF
World2016_T5_S5_SQLServerFunctionalOverview
byFarah Omer
 
PDF
Java swing tips
byTuan Ngo
 
DOC
Danhmuccaccoso kcbkcb2011
byfoxhuong
 
PDF
Third index
byezaz123
 
PPTX
Exceedence PItch
byrayalco
 
PDF
SOP OC COMM
byantiik
 
PPT
Our parents
byAida Kareena
 
PPT
68 avenue Gurgaon 7428424386
byAdore Global Pvt. Ltd
 
PDF
Udział w badaniach w celu walki z miaŝdŝycą
byXplore Health
 
PPTX
Edtc 6340-66 copyright crash course alberto tudon 6th ed
byalbertotudon
 
XPDS13: Dual-Android on Nexus 10 - Lovene Bhatia, Samsung
byThe Linux Foundation
 
Ethernet and TCP optimizations
byJeff Squyres
 
Cinder Intro@Open Stack China Tour Beijing
byOpenCity Community
 
Livestock, Land and the Changing Economy of Pastoralism
byfutureagricultures
 
Big Data: Movement, Warehousing, & Virtualization
bytervela
 
Атомная энергетика в Казахстане
byАО "Самрук-Казына"
 
Articles of Faith
byChristian Emmanuel Muñoz
 
World2016_T5_S5_SQLServerFunctionalOverview
byFarah Omer
 
Java swing tips
byTuan Ngo
 
Danhmuccaccoso kcbkcb2011
byfoxhuong
 
Third index
byezaz123
 
Exceedence PItch
byrayalco
 
SOP OC COMM
byantiik
 
Our parents
byAida Kareena
 
68 avenue Gurgaon 7428424386
byAdore Global Pvt. Ltd
 
Udział w badaniach w celu walki z miaŝdŝycą
byXplore Health
 
Edtc 6340-66 copyright crash course alberto tudon 6th ed
byalbertotudon
 

Similar to Network Stack in Userspace (NUSE)

PPT
Processes and Threads in Windows Vista
byTrinh Phuc Tho
 
PDF
PASTE: A Network Programming Interface for Non-Volatile Main Memory
bymicchie
 
ODP
Linux26 New Features
byguest491c69
 
PDF
Geep networking stack-linuxkernel
byKiran Divekar
 
PPTX
UNIT II DIS.pptx
byPremkumar R
 
PDF
FUSE and beyond: bridging filesystems paper by Emmanuel Dreyfus
byeurobsdcon
 
PDF
Architecture Of The Linux Kernel
byDom Cimafranca
 
PDF
Architecture Of The Linux Kernel
byguest547d74
 
PPTX
Realtime traffic analyser
byAlex Moskvin
 
PDF
Introduction to NetBSD kernel
byMahendra M
 
PDF
An Introduction to User Space Filesystem Development
byMatt Turner
 
PDF
NetBSD and Linux for Embedded Systems
byMahendra M
 
PPTX
Linux@assignment ppt
byRama .
 
PDF
Деградация производительности при использовании FUSE
byAnatol Alizar
 
PPT
4.Process.ppt
byAkfeteAssefa
 
PDF
FUSE and beyond: bridging filesystems slides by Emmanuel Dreyfus
byeurobsdcon
 
ODP
Sockets and Socket-Buffer
bySourav Punoriyar
 
PDF
Userspace RCU library : what linear multiprocessor scalability means for your...
byAlexey Ivanov
 
ODP
guadec_rlove_fuse_2006
bywebuploader
 
PPT
Threads Advance in System Administration with Linux
bySoumen Santra
 
Processes and Threads in Windows Vista
byTrinh Phuc Tho
 
PASTE: A Network Programming Interface for Non-Volatile Main Memory
bymicchie
 
Linux26 New Features
byguest491c69
 
Geep networking stack-linuxkernel
byKiran Divekar
 
UNIT II DIS.pptx
byPremkumar R
 
FUSE and beyond: bridging filesystems paper by Emmanuel Dreyfus
byeurobsdcon
 
Architecture Of The Linux Kernel
byDom Cimafranca
 
Architecture Of The Linux Kernel
byguest547d74
 
Realtime traffic analyser
byAlex Moskvin
 
Introduction to NetBSD kernel
byMahendra M
 
An Introduction to User Space Filesystem Development
byMatt Turner
 
NetBSD and Linux for Embedded Systems
byMahendra M
 
Linux@assignment ppt
byRama .
 
Деградация производительности при использовании FUSE
byAnatol Alizar
 
4.Process.ppt
byAkfeteAssefa
 
FUSE and beyond: bridging filesystems slides by Emmanuel Dreyfus
byeurobsdcon
 
Sockets and Socket-Buffer
bySourav Punoriyar
 
Userspace RCU library : what linear multiprocessor scalability means for your...
byAlexey Ivanov
 
guadec_rlove_fuse_2006
bywebuploader
 
Threads Advance in System Administration with Linux
bySoumen Santra
 

Recently uploaded

PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
apidays New York 2025 | AI in Application Security
byapidays
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 

Network Stack in Userspace (NUSE)

  • 1.
    Network Stack in Userspace (NUSE) ! ! Hajime Tazaki 高速PCルーター研究会 2014/9/29
  • 2.
    Today’s talk •Userspace version of (Linux) network stack • not intended for high-speed something • but useful for high-speed network I/O 2
  • 3.
    I have anew Layer-3/4 protocol! Yey! • I have new, great Layer-3/4 protocol ! It will change the WORLD ! • network stack って、入れかえたいですか? • No: your code will destroy my life ?! (experimental ? not tested ?) • Yes: I wanna be your slave. • VM cloud = OK, no much users/services interfere • multi-user server, PC, phone = Nightmare, my life will have trouble… 3
  • 4.
    I have anew Layer-3/4 protocol! Yey! (cont’d) • Kernel programming sucks • LKM ? can cause panic anyway.. • Click ? only router/middlebox, not for end-hosts • Slow evolution • VM ? Hmm, I’m a lazy guy.. 4
  • 5.
    costin.raiciu@cs.pub.ro, j.araujo@ucl.ac.uk, rizzo@iet.unipi.it Internet paths that it is still despite the the blame extensions taking placed on end moving protocols deployment optimizations. support for user-level commodity number of host stack, s. our mux/de-mux line rate (up Slow evolution of network stack Honda et al., Rekindling Network Protocol Innovation with User-Level Stacks, ACM SIGCOMM CCR, Vol.44, Num. 2, April 2014 cores, and over a basic same server 1.00 0.75 0.50 0.25 0.00 2007 2008 2009 2010 2011 2012 Date Ratio of flows Option SACK Timestamp Windowscale Direction Inbound Outbound Figure 1: TCP options deployment over time. pen infrequently not only because of slow release cycles, but also due to their cost and potential disruption to existing setups. If protocol stacks were embedded into applications, they could be updated on a case-by-case basis, and deploy-ment would be a lot more timely. For example, Mac OS, Windows XP and FreeBSD still use a traditional Additive Increase Multiplicative Decrease (AIMD) algorithm for TCP congestion control, while Linux
  • 6.
    Virtual Machine ? Poll: “When you download and run software, how often do you use a virtual machine (to reduce security risks)?” Jon Howell, Galen Hunt, David Molnar, and Donald E. Porter, Living Dangerously: A Survey of Software Download Practices, no. MSR-TR-2010-51, May 2010 6
  • 7.
    Meanwhile in Filesystemworld.. • There is, • Filesystem in Userspace (FUSE) • Userspace code can host new filesystem (sshfs, GmailFS, etc) • Performance is bad, but doesn’t matter • Flexibility and functionality do matter 7 http://fuse.sourceforge.net/
  • 8.
    Problem Statements •Slow evolution of network stack • Interfere to host OS (which is untouchable) • Too heavy workload of VM 8
  • 9.
    What’s NUSE ? • Network stack in Userspace • Userspace as much as possible • like Fuse (Filesystem in Userspace) • Library version of network stack (of monolithic kernel) • kernel bypassed • (UNIX) Process-based virtualization 9
  • 10.
    What can dowith NUSE ? • Host operating system • Linux (for the moment) • Guest operating systems • Linux (3.17-rc1 based) • FreeBSD (ongoing) • Suitable with kernel-bypass technologies • DPDK/netmap with (full) network stack + (existing) applications • Applications • ping, iperf, nginx (partially worked) 10
  • 11.
    FUSE vs NUSE 11 nuse example kernel bypassed TCP/IP ARP/ ndisc libnuse glibc NIC userspace kernel raw sock netmap DPDK (etc) libfuse glibc glibc VFS FUSE ...... NFS ext3 ls -l /tmp/fuse example /tmp/fuse userspace kernel
  • 12.
    Design Goals •No modification to userspace apps • No mod to kernel space as well • Transparent • LD_PRELOADable • x1 performance of native OS 12
  • 13.
    Application POSIX glue TCP UDP DCCP SCTP ICMP ARP IPv6 IPv4 Qdisc Netfilter Bridging Netlink IPSec Tunneling Kernel layer NUSE core bottom halves/ rcu/timer/ interrupt struct net_device RAW DPDK netmap ... NIC Recipe petit-scheduler 1. (monolithic) kernel source 2. petit-scheduler 3. POSIX glue • redirect system calls (at libc-level) 4. network I/O • raw socket, DPDK, netmap, etc.. 13
  • 14.
    1) kernel build Application POSIX glue TCP UDP DCCP SCTP ICMP ARP IPv6 IPv4 Qdisc Netfilter Bridging Netlink IPSec Tunneling Kernel layer NUSE core bottom halves/ rcu/timer/ interrupt struct net_device RAW DPDK netmap ... NIC petit-scheduler • patch to kernel tree • with new (hw independent) arch (arch/sim) • robust to (frequent) mainstream changes • build kernel source tree w/ the patch • make menuconfig ARCH=sim • make library ARCH=sim • ➔ libnuse-linux-3.17-rc1.so 14
  • 15.
    2) petit scheduler • offer alternate context primitives Application POSIX glue TCP UDP DCCP SCTP ICMP ARP IPv6 IPv4 Qdisc Netfilter Bridging Netlink IPSec Tunneling Kernel layer NUSE core bottom halves/ rcu/timer/ interrupt struct net_device RAW DPDK netmap ... NIC petit-scheduler • interrupts, timer, thread, bottom halves (tasklet, workqueue, waiter, etc) ! • Implemented with POSIX thread • easily debuggable • ucontext fiber for low overhead (not yet) 15
  • 16.
    3) POSIX gluecode Application POSIX glue TCP UDP DCCP SCTP ICMP ARP IPv6 IPv4 Qdisc Netfilter Bridging Netlink IPSec Tunneling Kernel layer NUSE core bottom halves/ rcu/timer/ interrupt struct net_device RAW DPDK netmap ... NIC petit-scheduler • Hijack function calls • socket => nuse_socket • read => nuse_read • libc level hijack • apps not aware of • LD_PRELOAD=libnuse.so .. • can’t catch int 0x80 16
  • 17.
    extern int sim_sock_socket(int,int,int, struct socket **); int socket (int family, int type, int proto) { sim_update_jiffies (); struct socket *kernel_socket = sim_malloc (sizeof (struct socket)); memset (kernel_socket, 0, sizeof (struct socket)); int ret = sim_sock_socket (family, type, proto, &kernel_socket); g_fd_table[curfd++] = kernel_socket; sim_softirq_wakeup (); return curfd - 1; } https://github.com/thehajime/net-next-nuse/blob/nuse/arch/sim/nuse-glue.c
  • 18.
    4) network I/O Application POSIX glue TCP UDP DCCP SCTP ICMP ARP IPv6 IPv4 Qdisc Netfilter Bridging Netlink IPSec Tunneling Kernel layer NUSE core bottom halves/ rcu/timer/ interrupt struct net_device RAW DPDK netmap ... NIC petit-scheduler • connect NUSE to NIC • options • raw socket (general) • DPDK (if available) • netmap (if available) • Tap ? 18
  • 19.
    tatic netdev_tx_t kernel_dev_xmit(structsk_buff *skb, struct net_device *dev) { netif_stop_queue(dev); sim_dev_xmit ((struct SimDevice *)dev, skb->data, skb->len); dev_kfree_skb(skb); netif_wake_queue(dev); return 0; } static const struct net_device_ops sim_dev_ops = { .ndo_start_xmit = kernel_dev_xmit, .ndo_set_mac_address = eth_mac_addr, }; void sim_dev_rx (struct SimDevice *device, struct SimDevicePacket packet) { struct sk_buff *skb = packet.token; struct net_device *dev = &device->dev; skb->protocol = eth_type_trans(skb, dev); skb->ip_summed = CHECKSUM_PARTIAL; // Do the TCP checksum (FIXME: should be configurable) ! netif_rx (skb); } https://github.com/thehajime/net-next-nuse/blob/nuse/arch/sim/sim-device.c
  • 20.
    How to useNUSE ? • download • git clone git://github.com/thehajime/net-next-nuse • compile • make library ARCH=sim NETMAP=yes • execute • sudo ./nuse (application) • success ? : lucky guy ! • fail: add hijack calls 20
  • 21.
    Alternatives • Container(LXC, OpenVZ, vimage) • share kernel with host operating system (no flexibility) • virtual machine (KVM,Xen,UML) • flexible/functional, but heavy bootstrap • Library OS • full scratch: mtcp, Mirage, lwIP • Porting: OSv, Sandstorm, libuinet (FreeBSD), Arrakis (lwIP), OpenOnload (lwIP?) • Glue-layer: LKL (Linux-2.6), Rump (NetBSD) 21
  • 22.
    Alternatives (cont’d) Rumpkernel • https://github.com/rumpkernel/wiki/wiki • One binary runs on everywhere • Linux,xBSD,Soralis,cygwin Host • Xen Dom-U • Bare metal (hardware, KVM, Virtualbox) • Well-defined API (hypercall) ! • Only NetBSD network stack is available 22
  • 23.
    Evaluation • Performance? • not good so far.. • Generality • Run all applications ? up to POSIX coverage 23
  • 24.
  • 25.
    Ongoings • (efficient)thread scheduling • batch Tx/Rx • fork(2)/exec(2) • multi-processes ! • => migrate to rumpkernel ? 25
  • 26.
    Summary • NetworkStack in Userspace (NUSE) • network stack library • light virtualization • fast evolution, easy deployments https://github.com/thehajime/net-next-nuse 26
  • 27.
    GASPP: A GPU-AcceleratedStateful Packet Processing Framework Giorgos Vasiliadis, Lazaros Koromilas, Michalis Polychronakis, and Sotiris Ioannidis, GASPP: A GPU-Accelerated Stateful Packet Processing Framework, USENIX ATC 2014, June, 2014 28