Isolation mechanisms for high-speed packet-processing pipelines

by   PetsTime, et al.

Data-plane programmability is now mainstream, both in the form of programmable switches and smart network-interface cards (SmartNICs). As the number of use cases for programmable network devices grows, each device will need to support multiple packet-processing modules simultaneously. These modules are likely to be independently developed, e.g., measurement and security modules developed by different teams, or cloud tenants offloading packet processing to a NIC. Hence, we need isolation mechanisms to ensure that modules on the same device do not interfere with each other. This paper presents a system, Menshen, for inter-module isolation on programmable packet-processing pipelines similar to the RMT/PISA architecture. Menshen consists of a set of lightweight hardware primitives that can be added to an RMT pipeline and a compiler to take advantage of these primitives. We prototype the Menshen hardware using the NetFPGA switch and Corundum FPGA NIC platforms and the Menshen software using the open-source P4-16 reference compiler. We show that Menshen supports multiple modules simultaneously, allows one module to be quickly updated without disrupting other modules, and consumes a modest amount of additional hardware resources relative to an RMT pipeline. We have open sourced the code for Menshen's hardware and software at Although we do not have an ASIC implementation of Menshen, we believe its primitives are simple enough that they can be added to an ASIC realization of RMT as well.



There are no comments yet.


page 1

page 2

page 3

page 4


Gauntlet: Finding Bugs in Compilers for Programmable Packet Processing

Programmable packet-processing devices such as programmable switches and...

Testing Compilers for Programmable Switches Through Switch Hardware Simulation

Programmable switches have emerged as powerful and flexible alternatives...

Programmable Switch as a Parallel Computing Device

Modern switches have packet processing capacity of up to multi-tera bits...

Network Coding for Critical Infrastructure Networks

The applications in the critical infrastructure systems pose simultaneou...

The UniNAS framework: combining modules in arbitrarily complex configurations with argument trees

Designing code to be simplistic yet to offer choice is a tightrope walk....

P4-CoDel: Experiences on Programmable Data Plane Hardware

Fixed buffer sizing in computer networks, especially the Internet, is a ...

Galleon: Reshaping the Square Peg of NFV

Software is often used for Network Functions (NFs) – such as firewalls, ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.