Architecture for building hybrid kernel-user space virtual network functions
Network Function Virtualization (NFV) is one of the important aspects of modern network architecture. NFV decouples Network Functions (NFs) from hardware, therefore produces Virtual Network Functions (VNFs) that can run on standard, commodity servers, which in turn mostly run Linux kernel. In this p...
Saved in:
| Published in | International Conference on Network and Service Management (Print) pp. 1 - 6 |
|---|---|
| Main Authors | , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IFIP
01.11.2017
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 2165-963X |
| DOI | 10.23919/CNSM.2017.8256051 |
Cover
Loading…
| Abstract | Network Function Virtualization (NFV) is one of the important aspects of modern network architecture. NFV decouples Network Functions (NFs) from hardware, therefore produces Virtual Network Functions (VNFs) that can run on standard, commodity servers, which in turn mostly run Linux kernel. In this paper, we propose a general architecture for building hybrid kernel-user space VNFs which leverages extended Berkeley Packet Filter (eBPF). eBPF is a framework in Linux kernel that enables network programmability inside kernel for optimal performance. However, the programmability of eBPF is limited due to safety and security of the kernel. Our proposed architecture applies hybrid approach: leave the simple work inside the kernel with eBPF and let complex work be processed in the user space. This architecture allows building complex VNFs to have both speed and flexibility. To demonstrate, we use the proposed architecture to build two VNFs: Dynamic Load Balancer and Deep Packet Inspection with Dynamic Sniffing. The evaluation results show that both VNFs significantly outperform the widely used solutions. |
|---|---|
| AbstractList | Network Function Virtualization (NFV) is one of the important aspects of modern network architecture. NFV decouples Network Functions (NFs) from hardware, therefore produces Virtual Network Functions (VNFs) that can run on standard, commodity servers, which in turn mostly run Linux kernel. In this paper, we propose a general architecture for building hybrid kernel-user space VNFs which leverages extended Berkeley Packet Filter (eBPF). eBPF is a framework in Linux kernel that enables network programmability inside kernel for optimal performance. However, the programmability of eBPF is limited due to safety and security of the kernel. Our proposed architecture applies hybrid approach: leave the simple work inside the kernel with eBPF and let complex work be processed in the user space. This architecture allows building complex VNFs to have both speed and flexibility. To demonstrate, we use the proposed architecture to build two VNFs: Dynamic Load Balancer and Deep Packet Inspection with Dynamic Sniffing. The evaluation results show that both VNFs significantly outperform the widely used solutions. |
| Author | Nguyen Van Tu Hong, James Won-Ki Kyungchan Ko |
| Author_xml | – sequence: 1 surname: Nguyen Van Tu fullname: Nguyen Van Tu email: tunguyen@postech.ac.kr organization: Dept. of Comput. Sci. & Eng., POSTECH, Pohang, South Korea – sequence: 2 surname: Kyungchan Ko fullname: Kyungchan Ko email: kkc90@postech.ac.kr organization: Dept. of Comput. Sci. & Eng., POSTECH, Pohang, South Korea – sequence: 3 givenname: James Won-Ki surname: Hong fullname: Hong, James Won-Ki email: jwkhong@postech.ac.kr organization: Dept. of Comput. Sci. & Eng., POSTECH, Pohang, South Korea |
| BookMark | eNotj8tKw0AUQEdRsNb-gG7mBxLnkTuZuyzFF0RdqOCuJJM7dmyclEmi9O8V7OosDhw45-wk9pEYu5QiVxolXq-eXh5zJWSZWwVGgDxiCyytRiGtVWjVMZspaSBDo9_P2GIYPoUQ-k-ihRmrlsltwkhunBJx3yfeTKFrQ_zgm32TQsu3lCJ12TRQ4sOudsS_QxqnuuORxp8-bbmfohtDH4cLdurrbqDFgXP2dnvzurrPque7h9WyyoIsYcxIIGDjqAEwSKImIY1VZYsAKDyaQlJBhRWysRZ8S-AL8OAKrRprSnJ6zq7-u4GI1rsUvuq0Xx_-9S-2kFF6 |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.23919/CNSM.2017.8256051 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Architecture Engineering |
| EISBN | 9783901882982 3901882987 |
| EISSN | 2165-963X |
| EndPage | 6 |
| ExternalDocumentID | 8256051 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IK 6IL 6IN AAJGR AAWTH ABLEC ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IPLJI OCL RIE RIL |
| ID | FETCH-LOGICAL-i175t-e0959bceb5569e0ae016827d95590f9641e4e4801b885fde5f45f5c432b867ec3 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 02:51:20 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i175t-e0959bceb5569e0ae016827d95590f9641e4e4801b885fde5f45f5c432b867ec3 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_8256051 |
| PublicationCentury | 2000 |
| PublicationDate | 2017-Nov. |
| PublicationDateYYYYMMDD | 2017-11-01 |
| PublicationDate_xml | – month: 11 year: 2017 text: 2017-Nov. |
| PublicationDecade | 2010 |
| PublicationTitle | International Conference on Network and Service Management (Print) |
| PublicationTitleAbbrev | CNSM |
| PublicationYear | 2017 |
| Publisher | IFIP |
| Publisher_xml | – name: IFIP |
| SSID | ssj0003188985 |
| Score | 1.6769099 |
| Snippet | Network Function Virtualization (NFV) is one of the important aspects of modern network architecture. NFV decouples Network Functions (NFs) from hardware,... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Architecture Buildings Computer architecture extended Berkeley Packet Filter Hardware Kernel Network Function Virtualization Security Virtual Network Functions |
| Title | Architecture for building hybrid kernel-user space virtual network functions |
| URI | https://ieeexplore.ieee.org/document/8256051 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3PS8MwFH7MndSDuk38TQ4eTdd1SZoeZShD3BB0sNtY0hcck05GJ-hfb15b5xQP3kJCk5CEfi8v7_sewGXoOsoqNeWhNYKLSGhudGq5SXUYJ_HUSSQ28mCo-iNxN5bjGlytuTCIWASfYUDF4i0_XdgVucramvCZ-NJb_uJWcrXW_hR_NnWiZcmLibpJJ2n3ho8DCt6Kg-rDHxlUCgC53YPB19Bl3Mg8WOUmsB-_VBn_O7d9aH1T9djDGoQOoIZZA3avN54HGrCzITrYhPvNRuZtVmaq1Njs-Z34W2yOywxfOPkvmP_h-BHeZkvimbCsDBpnhIbFgW3B6PbmqdfnVU4FPvOGQs6R_H7GopFSJRhO0Zt8OopTEqILXaJEBwWSpIzRWroUpRPSSSu6kdEqRts9hHq2yPAIWOyMwQiTImGJM8p34ULtjEi7zhtW4TE0aZkmr6VsxqRaoZO_q09hm7aqpPmdQT1frvDc431uLoqN_gTj66xR |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjZ3PS8MwFMfD0IM_Duo28bc5eDRd1yVpepThmLoOwQ12G0v6gmPSyegE_evNa-uc4sFbSUkTktD3eHmf7yPkyrdNaaScMN9oznjAFdMqMUwnyg-jcGIFII0c92V3yO9HYlQh1ysWBgDy5DPw8DG_y0_mZomhsoZC-4y89KZAGLegtVYRFXc6VaREQcYEragZNdr9pxjTt0Kv7PqjhkpuQjp7JP4avMgcmXnLTHvm45cu439nt0_q37AefVyZoQNSgbRKdm_WLgiqZGdNdrBGeusvqfNaqS6LY9PndyS46AwWKbwwjGBQ98txI7xNF0ia0LRIG6doD_MjWyfDzu2g3WVlVQU2da5CxgAjf9qAFkJG4E_AOX0qCBOUovNtJHkTOKCojFZK2ASE5cIKw1uBVjIE0zokG-k8hSNCQ6s1BBDlJUuslu4T1ldW86RlnWvlH5MaLtP4tRDOGJcrdPJ38yXZ6g7i3rh31384Jdu4bQX0d0Y2ssUSzp31z_RFvumfDeSvmQ |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=International+Conference+on+Network+and+Service+Management+%28Print%29&rft.atitle=Architecture+for+building+hybrid+kernel-user+space+virtual+network+functions&rft.au=Nguyen+Van+Tu&rft.au=Kyungchan+Ko&rft.au=Hong%2C+James+Won-Ki&rft.date=2017-11-01&rft.pub=IFIP&rft.eissn=2165-963X&rft.spage=1&rft.epage=6&rft_id=info:doi/10.23919%2FCNSM.2017.8256051&rft.externalDocID=8256051 |