Marcelo Abranches

Marcelo Abranches

Ph.D., University of Colorado Boulder, USA. Programmable Networks and Infrastructure

Publications

Synergistic Server-Based Network Processing Stack

Published in Ph.D. defense - University of Colorado Boulder, 2022

Network functions provide the required functionality to interconnect systems while ensuring security, availability, efficiency, and performance. With the recent trend to run network functions in software over commodity servers (instead of using specialized appliances), there is the need to introduce new systems that can provide the required network features while running on top of optimal processing environments. Several software packet processing technologies currently exist (e.g., in-kernel/kernel-bypass, XDP, and SmartNICs) and each of them provide different features in terms of available functionality, processing capabilities, performance, and efficiency. In this thesis, we break down network application processing needs and by characterizing the processing features provided by each technology, we verify that no single technology can cover all network application requirements. With this observation, we provide new systems that often break the boundaries between different technologies, allowing the building of optimal packet processing environments that can meet countless requirements of modern networks. Using this as the foundation of our work, we build systems to address many network function needs – layer 2 to layer 7 processing and monitoring. In our first work, we introduce a new packet I/O subsystem to a high-performance userspace TCP stack. This subsystem is provided by new programmable in-kernel features allowing the TCP stack to have a better resource consumption profile and to build cooperation mechanisms between the kernel and userspace. In our second work, we address the needs of monitoring systems by introducing new primitives that allow for building high-coverage monitoring systems with high performance and efficiency. We optimize those primitives by building an efficient division of work between SmartNIC offloads, XDP on the host, and userspace processing. Finally, in our third work, we rethink the Linux networking stack to address the inneficiencies that prevent it to support the performance requirements of modern applications. We propose to break down its processing in a minimal and efficient fast path and a in a robust and feature-rich slow path provided by the Linux kernel. The fast path is built on demand, based on current processing needs for a given set of services configuration and gets assistance from the slow path for processing completeness. This allows avoiding unnecessary processing inside the kernel, minimizing overheads and increasing performance, while still maintaining Linux’s rich set of features. With these contributions, we believe that we can provide new foundations to help both academia and industry to build optimized systems that can address many modern network needs.

Efficient Network Monitoring Applications in the Kernel with eBPF and XDP (Best Paper Award!!!)

Published in IEEE Conference on Network Functions Virtualization and Software-Defined Networking (IEEE NFV-SDN 2021), 2021

In this paper, we introduce a new framework that intelligently orchestrates the deployment and execution of network monitoring applications. Orchestration is done by new shared network monitoring primitives that collect lightweight high-level metrics that may indicate that a condition of interest may exist. If such a condition is detected, packets go through a deeper analysis that can confirm and get more details about a possible issue. In this way, we reduce the resource footprint of software network analytics as we consolidate the logic that all monitoring applications require, and only execute them when needed. Finally, we show that an efficient division of work between SmartNIC offloads and XDP on the host can ensure a high degree of performance and efficiency to our system.

Recommended citation: M. Abranches, O. Michel, E. Keller and S. Schmid, "Efficient Network Monitoring Applications in the Kernel with eBPF and XDP," 2021 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), 2021, pp. 28-34, doi: 10.1109/NFV-SDN53031.2021.9665095. https://ieeexplore.ieee.org/abstract/document/9665095

Infinity: A Scalable Infrastructure for In-Network Applications

Published in IFIP/IEEE FlexNGIA workshop (co-located with IFIP/IEEE International Symposium on Integrated Network Management (IM)), 2021

In this vision paper, we introduce new primitives to scale in-network applications that allow overcoming resource constraints in programmable switches. By doing so, we envision scaling operation with minimal overhead and delay, improving both capability and performance objectives for in-network processing.

Recommended citation: M. Abranches, K. Olson and E. Keller, "Infinity: A Scalable Infrastructure for In-Network Applications," 2021 IFIP/IEEE International Symposium on Integrated Network Management (IM), 2021, pp. 1050-1053 https://ieeexplore.ieee.org/abstract/document/9464080

A Userspace Transport Stack Doesn’t Have to Mean Losing Linux Processing

Published in IEEE Conference on Network Functions Virtualization and Software-Defined Networking (IEEE NFV-SDN 2020), 2020

In this paper, we introduce a new packet I/O subsystem to a high-performance userspace TCP stack. This allows hybrid kernel/kernel bypass L2-L7 programmability. The userspace TCP stack brings high-performance and flexibility to L4-L7 network functions and applications, while the in-kernel stack ensures efficient resource usage, lower-layer protocol processing, and ACLs. Consequently, our system avoids the need to reimplement countless networking features in userspace, and by having a better resource consumption profile (i.e., CPU), our system makes the userspace TCP stack more suitable to support CPU-intensive applications with high performance.

Recommended citation: M. Abranches and E. Keller, "A Userspace Transport Stack Doesn`t Have to Mean Losing Linux Processing," 2020 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), 2020, pp. 84-90, doi: 10.1109/NFV-SDN50289.2020.9289867. https://ieeexplore.ieee.org/abstract/document/9289867

Shimmy: Shared Memory Channels for High Performance Inter-Container Communication

Published in USENIX Workshop on Hot Topics in Edge Computing (HotEdge),, 2019

With the increasing need for more reactive services, and the need to process large amounts of IoT data, edge clouds are emerging to enable applications to be run close to the users and/or devices. Following the trend in hyperscale clouds, applications are trending toward a microservices architecture where the application is decomposed into smaller pieces that can each run in its own container and communicate with each other over a network through well defined APIs. This improves the development effort and deployability, but also introduces inefficiencies in communication. In this paper, we rethink the communication model, and introduce the ability to create shared memory channels between containers supporting both a pub/sub model and streaming model. Our approach is not only applicable to the edge clouds but also beneficial in core cloud environments. Local communication is made more efficient, and remote communication is efficiently supported through synchronizing shared memory regions via RDMA.

Recommended citation: Abranches, M., Goodarzy, S., Nazari, M., Mishra, S., & Keller, E. (2019). Shimmy: Shared Memory Channels for High Performance {Inter-Container} Communication. In 2nd USENIX Workshop on Hot Topics in Edge Computing (HotEdge 19). https://www.usenix.org/conference/hotedge19/presentation/abranches

An algorithm based on response time and traffic demands to scale containers on a Cloud Computing system

Published in IEEE International Symposium on Network Computing and Applications (NCA), 2016

In this paper, we propose a new auto-scaling mechanism for container platforms (e.g., Kubernetes). Differently from other state-of-the-art mechanisms, in our scaling decisions, we use a metric that impacts the user perception about the system performance (i.e., application response times). By doing so, we ensure good user experience while allocating resources more efficiently than other proposals.

Recommended citation: M. Abranches and P. Solis, "An algorithm based on response time and traffic demands to scale containers on a Cloud Computing system," 2016 IEEE 15th International Symposium on Network Computing and Applications (NCA), 2016, pp. 343-350, doi: 10.1109/NCA.2016.7778639. https://ieeexplore.ieee.org/abstract/document/7778639