Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Performance, Isolation and Service Guarantees in Virtualized Network Functions
KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS, Network Systems Laboratory (NS Lab).ORCID iD: 0000-0003-0932-1831
2017 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

A network is generally a collection of different hardware-based network devices carrying out various network functions, (NF). These NF implementations are special purpose and expensive. Network function virtualization (NFV) is an alternative which uses software-based implementation of NFs in inexpensive commodity servers. However, it is challenging to achieve high networking performance due to bottlenecks in software, particularly in a virtualized environment where NFs are implemented inside the virtual machines (VM). The performance isolation is yet another challenge, which means that the load on one VM should not affect the performance of other VMs. However, it is difficult to provide performance isolation due to resource contention in a commodity server. Furthermore, different NFs may require different service guarantees which are difficult to ensure due to the non-deterministic performance behavior of a commodity server.

In this thesis we investigate how the challenges of performance, isolation and service guarantees can be addressed for virtual routers (VR), as an example of a virtualized NF. It is argued that the forwarding path of a VR can be modified in an efficient manner in order to improve the forwarding performance. When it comes to performance isolation, poor isolation is observed due to shared network queues and CPU sharing among VRs. We propose a design with SR-IOV, which allows reserving a network queue and CPU core for each VR. As a result, the resource contention is reduced and strong performance isolation is achieved. Finally, it is investigated how average throughput and bounded packet delay can be guaranteed to VRs. We argue that a classic rate-controlled service discipline can be adapted in a virtual environment to achieve service guarantees. We demonstrate that firm service guarantees can be achieved with little overhead of adding token bucket regulator in the forwarding path of a VR.

Place, publisher, year, edition, pages
KTH Royal Institute of Technology, 2017. , 59 p.
Keyword [en]
NFV, virtual router, service guarantee, scheduling, rate control
National Category
Telecommunications
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kth:diva-206830ISBN: 978-91-7729-380-4 (print)OAI: oai:DiVA.org:kth-206830DiVA: diva2:1094245
Public defence
2017-06-14, Sal C, kistagången 16, Kista, 13:00 (English)
Opponent
Supervisors
Note

QC 20170511

Available from: 2017-05-11 Created: 2017-05-09 Last updated: 2017-06-16Bibliographically approved
List of papers
1. Performance Evaluation of Open Virtual Routers
Open this publication in new window or tab >>Performance Evaluation of Open Virtual Routers
2010 (English)In: 2010 IEEE GLOBECOM WORKSHOPS, IEEE , 2010, 288-293 p.Conference paper, Published paper (Refereed)
Abstract [en]

A major challenge in network virtualization is to virtualize the components constituting the network, in particular the routers. In the work presented here, we focus on how to use open source Linux software in combination with commodity hardware to build open virtual routers. A general approach in open router virtualization is to run multiple virtual operating systems in parallel on the same PC hardware. This means that overhead in terms of additional packet processing is introduced along the data path through the router. In this paper, we investigate these performance penalties and suggest how best to combine software modules to form an open virtual router.

Place, publisher, year, edition, pages
IEEE, 2010
Keyword
network virtualizatoin, virtual router, SoftIRQ, NAPI
National Category
Telecommunications
Research subject
Computer Science
Identifiers
urn:nbn:se:kth:diva-35638 (URN)10.1109/GLOCOMW.2010.5700328 (DOI)000291611300055 ()2-s2.0-79951865927 (Scopus ID)978-1-4244-8865-0 (ISBN)
Conference
IEEE GLOBECOM Workshop on Future Internet, Miami, USA, 2010
Note

QC 20110704

Available from: 2011-07-04 Created: 2011-07-04 Last updated: 2017-05-10Bibliographically approved
2. Data Plane Optimizations in Open Virtual Routers
Open this publication in new window or tab >>Data Plane Optimizations in Open Virtual Routers
2011 (English)In: IFIP Networking 2011, Springer Verlag, Heidelberg , 2011, 379-392 p.Conference paper, Published paper (Refereed)
Abstract [en]

A major challenge in network virtualization is to virtualize the components constituting the network, in particular the routers. In the work presented here, we focus on how to use open source Linux software in combination with commodity hardware to build open virtual routers. A general approach in open router virtualization is to run multiple virtual instances in parallel on the same PC hardware. This means that virtual components are combined in the router’s data plane, which can result in performance penalty. In this paper, we investigate the impact of the design of virtual network devices on router performance in Linux namespace environment. We identify performance bottlenecks along the packet data path. We suggest design changes to improve performance. In particular, we investigate modifications of the ―macvlan‖ device, and analyze the performance improvements in terms of packet forwarding. We also investigate how the number of virtual routers and virtual devices within a physical machine influence performance.

Place, publisher, year, edition, pages
Springer Verlag, Heidelberg, 2011
Keyword
network virtualization, virtual router, SoftIRQ, NAPI, Softnet API
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-49616 (URN)10.1007/978-3-642-20757-0_30 (DOI)2-s2.0-79956037282 (Scopus ID)978-3-642-20756-3 (ISBN)
Conference
10th International IFIP TC 6 Networking Conference Valencia, Spain, May 2011
Note
QC 20120109Available from: 2012-01-09 Created: 2011-11-28 Last updated: 2017-05-09Bibliographically approved
3. PC-based Router Virtualization with Hardware Support
Open this publication in new window or tab >>PC-based Router Virtualization with Hardware Support
2012 (English)In: Proceedings - International Conference on Advanced Information Networking and Applications, AINA, IEEE Computer Society, 2012, 573-580 p.Conference paper, Published paper (Refereed)
Abstract [en]

In this paper we focus on how to use open source Linux software in combination with PC hardware to build high speed virtual routers. Router virtualization means that multiple virtual router instances will run in parallel on the same hardware. To enable this, virtual components are combined in the router's data plane. This can result in performance penalties. Furthermore, an overloaded virtual router can affect the performance of other virtual routers running in parallel. Achieving high performance and strong performance isolation in a virtualized environment is challenging. We investigate how hardware can help to achieve these goals in the Linux Namespaces environment. We propose a forwarding architecture for virtual routers based on multi-core hardware where virtual routers can run in parallel on different CPU cores. This reduces resource contention among virtual routers and results in improved performance and isolation. To enable this architecture, we find that hardware based I/O virtualization support is essential. We demonstrate this by making a comparison with a software based I/O virtualization approach. We also show that hardware assisted virtual routers can achieve better aggregate throughput than a non-virtualized router on a multi-core platform.

Place, publisher, year, edition, pages
IEEE Computer Society, 2012
Series
International Conference on Advanced Information Networking and Applications. Proceedings, ISSN 1550-445X ; 2012
Keyword
I/O virtualization, RSS, SoftIRQ, SR-IOV, virtual router, Aggregate throughput, CPU cores, Data planes, Hardware supports, Hardware-assisted, Multi core, Multi-core platforms, Namespaces, Open sources, PC hardware, PC-based routers, Performance penalties, Resource contention, Running-in, Software-based, Virtual components, Virtualizations, Virtualized environment, Computer operating systems, Hardware, Java programming language, Open systems, Routers, Virtual reality, Computer architecture
National Category
Telecommunications
Identifiers
urn:nbn:se:kth:diva-100061 (URN)10.1109/AINA.2012.96 (DOI)000309071500079 ()2-s2.0-84860735290 (Scopus ID)
Conference
26th IEEE International Conference on Advanced Information Networking and Applications, AINA 2012; Fukuoka; Japan 26 March 2012 through 29 March 2012
Funder
ICT - The Next Generation
Note

QC 20150708

Available from: 2012-08-03 Created: 2012-08-03 Last updated: 2017-05-11Bibliographically approved
4. KVM vs. LXC: Comparing Performance and Isolation of Hardware-assisted Virtual Routers
Open this publication in new window or tab >>KVM vs. LXC: Comparing Performance and Isolation of Hardware-assisted Virtual Routers
2013 (English)In: American Journal of Networks and Communications, ISSN 2326-893X, Vol. 2, no 4, 88-96 p.Article in journal (Refereed) Published
Abstract [en]

Concerns have been raised about the performance of PC-based virtual routers as they do packet processing in software. Furthermore, it becomes challenging to maintain isolation among virtual routers due to resource contention in a shared environment. Hardware vendors recognize this issue and PC hardware with virtualization support (SR-IOV and Intel-VTd) has been introduced in recent years. In this paper, we investigate how such hardware features can be integrated with two different virtualization technologies (LXC and KVM) to enhance performance and isolation of virtual routers on shared environments. We compare LXC and KVM and our results indicate that KVM in combination with hardware support can provide better trade-offs between performance and isolation. We notice that KVM has slightly lower throughput, but has superior isolation properties by providing more explicit control of CPU resources. We demonstrate that KVM allows defining a CPU share for a virtual router, something that is difficult to achieve in LXC, where packet forwarding is done in a kernel shared by all virtual routers.

Keyword
Network Virtualization, Virtual Router (VR), SR-IOV, Virtual Function (VF), SoftIRQ, NAPI
National Category
Computer Systems
Identifiers
urn:nbn:se:kth:diva-136604 (URN)10.11648/j.ajnc.20130204.11 (DOI)
Note

QC 20140303

Available from: 2013-12-06 Created: 2013-12-06 Last updated: 2017-05-11Bibliographically approved
5. Resilient Communication through Multihoming for Remote Healthcare Applications
Open this publication in new window or tab >>Resilient Communication through Multihoming for Remote Healthcare Applications
2013 (English)In: 2013 IEEE Global Communications Conference (GLOBECOM), IEEE , 2013, 1335-1341 p.Conference paper, Published paper (Refereed)
Abstract [en]

Advancements in today's technologies make it possible to offer competitive home-based healthcare services using software routers based on open source software combined with Commodity-Off-The-Shelf (COTS) hardware. In this paper, we propose resilient communication through multihoming for remote healthcare applications. The solution is based on Bidirectional Forwarding Detection (BFD) for fast failure detection and a customized rerouting operation. We investigate the tradeoff between short reaction times for rerouting and low probability of false alarms. This is challenging to achieve under high traffic loads since the load affects the BFD session which is formed to monitor the bidirectional forwarding capabilities. We propose a simple mechanism that provides fast failover and meanwhile maintains a very low probability of generating false alarms and unwanted rerouting decisions. The mechanism is based on allocation of system resources for processing BFD control messages, and we demonstrate through empirical results that BFD then can be used in software routers to provide average failover times within 200 ms.

Place, publisher, year, edition, pages
IEEE, 2013
Keyword
Errors, Health care, Open source software, Software engineering, Commodity off the shelves, Control messages, Failure detection, Health care application, Home-based healthcares, Resilient communications, Short reaction time, System resources
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-136364 (URN)10.1109/GLOCOM.2013.6831259 (DOI)2-s2.0-84904123229 (Scopus ID)978-147991353-4 (ISBN)
Conference
2013 IEEE Global Communications Conference, GLOBECOM 2013; Atlanta, GA; United States; 9 December 2013 through 13 December 2013
Note

QC 20140416

Available from: 2013-12-04 Created: 2013-12-04 Last updated: 2017-05-09Bibliographically approved
6. Towards Performance Guarantees for Virtualized Network Functions
Open this publication in new window or tab >>Towards Performance Guarantees for Virtualized Network Functions
2017 (English)Article in journal (Refereed) Submitted
Abstract [en]

The trend of consolidating network functions from specialized hardware to software running on virtualization servers brings significant advantages for reducing costs and simplifying service deployment.  However, virtualization techniques have significant limitations when it comes to networking as there is no support for guaranteeing that network functions meet their service requirements. In this paper, we present a design for providing service guarantees to virtualized network functions based on rate control. The design is a combination of rate regulation through token bucket filters and the regular scheduling mechanisms in operating systems.  It has the attractive property that traffic profiles are maintained throughout a series of network functions, which makes it well suited for service function chaining.

We discuss implementation alternatives for the design, and demonstrated how it can be implemented on two virtualization platforms: LXC containers and with the KVM hypervisor. To evaluate the design, we conduct experiments where we measure throughput and latency using IP forwarders as virtual network functions. Two significant factors for performance are investigated: the design of token buckets and the packet clustering effect that comes from scheduling. We implement a token bucket filter at the network device level, which is found to give better performance than the regular token bucket in Linux traffic control. The clustering effect adds burstiness, which in turn increases latency and limits the traffic profiles that can be supported. The effect is significant with KVM, but not with LXC. Finally, we demonstrate how performance guarantees are achieved for multiple virtual routers under different scenarios.

National Category
Telecommunications
Research subject
Computer Science
Identifiers
urn:nbn:se:kth:diva-206862 (URN)
Note

QC 20170510

Available from: 2017-05-09 Created: 2017-05-09 Last updated: 2017-05-10Bibliographically approved

Open Access in DiVA

fulltext(1626 kB)72 downloads
File information
File name FULLTEXT02.pdfFile size 1626 kBChecksum SHA-512
99f280f3ea85b8ba6980012009a7dd9d7c65dc6c74e7bcdb9f4c15f9a7c1fb0ac295cd6275321b97b43edfa2010ba7d742cff90d642030199dde69290f4d1fee
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Rathore, Muhammad Siraj
By organisation
Network Systems Laboratory (NS Lab)
Telecommunications

Search outside of DiVA

GoogleGoogle Scholar
Total: 81 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 338 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf