Software network functions (NFs) trade-off flexibility and ease of deployment for an increased challenge of performance. The traditional way to increase NF performance is by distributing traffic to multiple CPU cores, but this poses a significant challenge: how to parallelize an NF without breaking its semantics? We propose Maestro, a tool that analyzes a sequential implementation of an NF and automatically generates an enhanced parallel version that carefully configures the NIC’s Receive Side Scaling mechanism to distribute traffic across cores, while preserving semantics. When possible, Maestro orchestrates a shared-nothing architecture, with each core operating independently without shared memory coordination, maximizing performance. Otherwise, Maestro choreographs a fine-grained read-write locking mechanism that optimizes operation for typical Internet traffic. We parallelized 8 software NFs and show that they generally scale-up linearly until bottlenecked by PCIe when using small packets or by 100 Gbps line-rate with typical Internet traffic. Maestro further outperforms modern hardware-based transactional memory mechanisms, even for challenging parallel-unfriendly workloads.
@inproceedings{maestro-nsdi24,author={Pereira, Francisco and Ramos, Fernando M. V. and Pedrosa, Luis},title={Automatic Parallelization of Software Network Functions},booktitle={21st USENIX Symposium on Networked Systems Design and Implementation (NSDI 24)},year={2024},address={Santa Clara, CA},url={https://www.usenix.org/conference/nsdi24/presentation/pereira},publisher={USENIX Association},month=apr,abbr={article},selected={true},code={https://github.com/snaplab-dpss/maestro},eval={https://github.com/snaplab-dpss/maestro-eval},talk={https://www.youtube.com/watch?v=6BtquCNQv_M},pdf={pereira-nsdi24-maestro.pdf},slides={pereira-nsdi24-maestro-slides.pdf},website={https://maestro.inesc-id.pt/},bibtex_show={true}}
2023
poster
Poster: In-Network ML Feature Computation for Malicious Traffic Detection
We present Peregrine, a malicious traffic detector that offloads part of its computation to a programmable switch. The idea is to partition detection, by moving the ML feature computation module from a middlebox server to a switch data plane. The key innovation unlocked—computing the ML input features over all traffic—results in a significant improvement in detection performance: in our evaluation, up to 5.7x over the state of the art.
@inproceedings{amado-sigcomm23,author={Romeiras Amado, Jo\~{a}o and Pereira, Francisco and Signorello, Salvatore and Correia, Miguel and Ramos, Fernando M. V.},title={Poster: In-Network ML Feature Computation for Malicious Traffic Detection},year={2023},isbn={9798400702365},publisher={Association for Computing Machinery},address={New York, NY, USA},url={https://doi.org/10.1145/3603269.3610866},doi={10.1145/3603269.3610866},booktitle={Proceedings of the ACM SIGCOMM 2023 Conference},pages={1105–1107},numpages={3},location={New York, NY, USA},series={ACM SIGCOMM '23},pdf={amado-sigcomm23-poster.pdf},abbr={poster},selected={false},bibtex_show={true}}
2022
article
Automatic Generation of Network Function Accelerators Using Component-Based Synthesis
Designing networked systems that take best advantage of heterogeneous dataplanes - e.g., dividing packet processing across both a PISA switch and an x86 CPU - can improve performance, efficiency, and resource consumption. However, programming for multiple hardware targets remains challenging because developers must learn platform-specific languages and skills. While some ’write-once, run-anywhere’ compilers exist, they are unable to consider a range of implementation options to tune the NF to meet performance objectives. In this short paper, we explore preliminary ideas towards a compiler that explores a large search space of different mappings of functionality to hardware. This exploration can be tuned for a programmer-specified objective, such as minimizing memory consumption or maximizing network throughput. Our initial prototype, SyNAPSE, is based on a methodology called component-based synthesis and supports deployments across x86 and Tofino platforms. Relative to a baseline compiler which only generates one deployment decision, SyNAPSE uncovers thousands of deployment options - including a deployment which reduces the amount of controller traffic by an order of magnitude, and another deployment which halves memory usage.
@inproceedings{synapse-sosr22,author={Pereira, Francisco and Matos, Gonçalo and Sadok, Hugo and Kim, Daehyeok and Martins, Ruben and Sherry, Justine and Ramos, Fernando M. V. and Pedrosa, Luis},title={Automatic Generation of Network Function Accelerators Using Component-Based Synthesis},year={2022},isbn={9781450398923},publisher={Association for Computing Machinery},address={New York, NY, USA},url={https://doi.org/10.1145/3563647.3563656},doi={10.1145/3563647.3563656},booktitle={Proceedings of the Symposium on SDN Research},pages={89–97},numpages={9},keywords={in-network compute, programming abstraction, network function virtualization},location={Virtual Event},series={SOSR~'22},month=oct,abbr={article},pdf={synapse-sosr22.pdf},selected={true},bibtex_show={true},website={https://synapse.inesc-id.pt/},code={https://github.com/synapse-nfs/synapse-sosr22},talk={https://www.youtube.com/watch?v=zEn3Jn2LS48}}