InKeV: In-Kernel Distributed Network Virtualization for DCN

Zaafar Ahmed, Muhammad Hamad Alizai, Affan A. Syed .

InKeV is a network virtualization platform based on eBPF, an in-kernel execution engine recently upstreamed into linux kernel. InKeV’s key contribution is that it enables in-kernel programmability and configuration of virtualized network functions, allowing to create a distributed virtual network across all edges hosting tenant workloads. Despite high performance demands of production environments, existing virtualization solutions have largely static in-kernel components due to the difficulty of developing and maintaining kernel modules and their years-long feature delivery time. The resulting compromise is either in programmability of network functions that rely on the data plane, such as payload processing, or in performance, due to expensive user-/kernel-space context switching. InKeV addresses these concerns: The use of eBPF allows it to dynamically insert programmable network functions into a running kernel, requiring neither to package a custom kernel nor to hope for acceptance in mainline kernel. Its novel stitching feature allows to flexibly configure complete virtual networks by creating a graph of network functions inside the kernel. Our evaluation reports on the flexibility of InKeV, and in-kernel implementation benefits such as low latency and impressive flow creation rate.



Public review by Katerina Argyraki

The ability to program the data plane — to introduce new packet-processing functionality in the network — is one of the main challenges faced by network operators today, whether in the context of datacenters or Internet service providers. A popular approach is to introduce “network functions” at the edge of the network, in general-purpose machines (not custom network equipment). To maximize performance, we would normally run these network functions inside the kernel, however, the standard ways of doing this, e.g., packaging custom kernels, are impractical. Instead, this paper proposes to leverage the extended Berkeley Packet Filter (eBFP), a way to safely introduce new functionality into the kernel, which is now part of the Linux kernel. The paper contributes a framework for managing network functions that are implemented on top of eBPF, and it shows experimentally that the proposed approach significantly outperforms the current standard approach, represented by OpenStack Neutron (which does not run entire network functions in the kernel). The reviewers appreciated the proposed solution for its simplicity and the clear demonstration of its performance benefits; in a sea of proposals for how to build programmable data planes, this one stands out for its potential for practical impact.

Download the full article

Leave a Reply