eQUIC Gateway: Maximizando a vazão de pacotes do protocolo QUIC através de um serviço de gateway utilizando eBPF + XDP
Resumo
O protocolo QUIC é considerado um ambiente de experimentação e uma evolução do protocolo TCP. Aplicações criadas através do QUIC em substituição a tradicional pilha HTTPS tem demonstrado ganhos em desempenho. A técnica de transferência (offload) de carga computacional para o espaço de núcleo é utilizada como otimização em aplicações modernas e traz consigo desafios arquiteturais e algorítmicos. Esse trabalho apresenta o eQUIC Gateway, um módulo de bloqueio de pacotes em espaço de núcleo que utiliza informações fornecidas por uma aplicação QUIC em espaço de usuário em tempo real. Através da transferência (offload) da carga computacional de bloqueio de pacotes para o espaço de núcleo, o eQUIC Gateway aumentou a vazão de pacotes em 30,9%, reduziu em 65% a duração média em requisições HTTPS sob ataque e reduziu em 26,4% o tempo de CPU para bloquear-se pacotes.
Referências
A. Langley, A. Riddoch, A. Wilk, A. Vicente, C. Krasic, D. Zhang, F. Yang, F. Kouranov, I. Swett, J. Iyengar, J. Bailey, J. Dorfman, J. Roskind, J. Kulik, P. Westin, R. Tenneti, R. Shade, R. Hamilton, V. Vasiliev, W.-T. Chang, and Z. Shi, “The quic transport protocol: Design and internet-scale deployment,” in Proceedings of the Conference of the ACM Special Interest Group on Data Communication, ser. SIGCOMM ’17. New York, NY, USA: Association for Computing Machinery, 2017, p. 183–196. [Online]. Available: https://doi.org/10.1145/3098822.3098842
J. Rüth, I. Poese, C. Dietzel, and O. Hohlfeld, “A first look at quic in the wild,” in Passive and Active Measurement, R. Beverly, G. Smaragdakis, and A. Feldmann, Eds. Cham: Springer International Publishing, 2018, pp. 255–268.
Y. Moon, S. Lee, M. A. Jamshed, and K. Park, “Acceltcp: Accelerating network applications with stateful TCP offloading,” in 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20). Santa Clara, CA: USENIX Association, Feb. 2020, pp. 77–92. [Online]. Available: https://www.usenix.org/conference/nsdi20/presentation/moon
J. Dean and L. A. Barroso, “The tail at scale,” Communications of the ACM, vol. 56, pp. 74–80, 2013. [Online]. Available: http://cacm.acm.org/magazines/2013/2/160173-the-tail-at-scale/fulltext
A. M. Kakhki, S. Jero, D. Choffnes, C. Nita-Rotaru, and A. Mislove, “Taking a long look at quic: An approach for rigorous evaluation of rapidly evolving transport protocols,” in Proceedings of the 2017 Internet Measurement Conference, ser. IMC ’17. New York, NY, USA: Association for Computing Machinery, 2017, p. 290–303. [Online]. Available: https://doi.org/10.1145/3131365.3131368
M. Palmer, T. Krüger, B. Chandrasekaran, and A. Feldmann, “The quic fix for optimal video streaming,” in Proceedings of the Workshop on the Evolution, Performance, and Interoperability of QUIC, ser. EPIQ’18. New York, NY, USA: Association for Computing Machinery, 2018, p. 43–49. [Online]. Available: https://doi.org/10.1145/3284850.3284857
V. Sivakumar, T. Rocktäschel, A. H. Miller, H. Küttler, N. Nardelli, M. Rabbat, J. Pineau, and S. Riedel, “Mvfst-rl: An asynchronous rl framework for congestion control with delayed actions,” NeurIPS Workshop on Machine Learning for Systems, 2019. [Online]. Available: https://arxiv.org/abs/1910.04054
M. A. M. Vieira, M. S. Castanho, R. D. G. Pacífico, E. R. S. Santos, E. P. M. Câmara Júnior, and L. F. M. Vieira, “Processamento Rápido de Pacotes com eBPF e XDP,” in Minicursos do XXXVII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuidos (SBRC). Porto Alegre, RS, Brasil: SBC, May 2019.
eBPF, eBPF - extended Berkeley Packet Filter, 2020. [Online]. Available: https://prototype-kernel.readthedocs.io/en/latest/bpf/
M. A. M. Vieira, M. S. Castanho, R. D. G. Pacífico, E. R. S. Santos, E. P. M. C. Júnior, and L. F. M. Vieira, “Fast packet processing with ebpf and xdp: Concepts, code, challenges, and applications,” ACM Comput. Surv., vol. 53, no. 1, Feb. 2020. [Online]. Available: https://doi.org/10.1145/3371038
T. Høiland-Jørgensen, J. D. Brouer, D. Borkmann, J. Fastabend, T. Herbert, D. Ahern, and D. Miller, “The express data path: Fast programmable packet processing in the operating system kernel,” in Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies, ser. CoNEXT ’18. New York, NY, USA: Association for Computing Machinery, 2018, p. 54–66. [Online]. Available: https://doi.org/10.1145/3281411.3281443
S. McCanne and V. Jacobson, “The bsd packet filter: A new architecture for user-level packet capture,” in Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings, ser. USENIX’93. USA: USENIX Association, 1993, p. 2.
P. Bosshart, D. Daly, G. Gibb, M. Izzard, N. McKeown, J. Rexford, C. Schlesinger, D. Talayco, A. Vahdat, G. Varghese, and D. Walker, “P4: Programming protocol-independent packet processors,” SIGCOMM Comput. Commun. Rev., vol. 44, no. 3, p. 87–95, Jul. 2014. [Online]. Available: https://doi.org/10.1145/2656877.2656890
X. Yang, L. Eggert, J. Ott, S. Uhlig, Z. Sun, and G. Antichi, “Making quic quicker with nic offload,” in Proceedings of the Workshop on the Evolution, Performance, and Interoperability of QUIC, ser. EPIQ ’20. New York, NY, USA: Association for Computing Machinery, 2020, p. 21–27. [Online]. Available: https://doi.org/10.1145/3405796.3405827
P. Wang, C. Bianco, J. Riihijärvi, and M. Petrova, “Implementation and performance evaluation of the quic protocol in linux kernel,” in Proceedings of the 21st ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems, ser. MSWIM ’18. New York, NY, USA: Association for Computing Machinery, 2018, p. 227–234. [Online]. Available: https://doi.org/10.1145/3242102.3242106
Q. De Coninck, F. Michel, M. Piraux, F. Rochet, T. Given-Wilson, A. Legay, O. Pereira, and O. Bonaventure, “Pluginizing quic,” in Proceedings of the ACM Special Interest Group on Data Communication, ser. SIGCOMM ’19. New York, NY, USA: Association for Computing Machinery, 2019, p. 59–74. [Online]. Available: https://doi.org/10.1145/3341302.3342078
uBPF, uBPF - User-space Berkeley Packet Filter, 2020. [Online]. Available: https://github.com/iovisor/ubpf
S. Peter, J. Li, I. Zhang, D. R. K. Ports, D. Woos, A. Krishnamurthy, T. Anderson, and T. Roscoe, “Arrakis: The operating system is the control plane,” ACM Trans. Comput. Syst., vol. 33, no. 4, Nov. 2015. [Online]. Available: https://doi.org/10.1145/2812806
DPDK, Data Plane Development Kit, 2021. [Online]. Available: https://www.dpdk.org/
A. Ousterhout, J. Fried, J. Behrens, A. Belay, and H. Balakrishnan, “Shenango: Achieving high CPU efficiency for latency-sensitive datacenter workloads,” in 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19). Boston, MA: USENIX Association, Feb. 2019, pp. 361–378. [Online]. Available: https://www.usenix.org/conference/nsdi19/presentation/ousterhout
J. Fried, Z. Ruan, A. Ousterhout, and A. Belay, “Caladan: Mitigating interference at microsecond timescales,” in 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20). USENIX Association, Nov. 2020, pp. 281–297. [Online]. Available: https://www.usenix.org/conference/osdi20/presentation/fried
R. Pacífico, L. Duarte, M. Castanho, J. Miranda Nacif, and M. A. M. Vieira, “Sistema de processamento de pacotes serverless,” in Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuidos (SBRC), 12 2020, pp. 183–196.
A. G. Vieira, G. Pantuza, J. H. F. Freire, L. F. S. Duarte, R. D. G. Pacífico, G. H. A. Pereira, M. A. M. Vieira, L. F. M. Vieira, and J. A. M. Nacif, “Computação Serverless: Conceitos, Aplicações e Desafios,” in Minicursos do XXXVIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuidos (SBRC). Rio de Janeiro, RJ, Brasil: SBC, May 2020.
LiteSpeed, LiteSpeed QUIC (LSQUIC) Library, 2021. [Online]. Available: https://github.com/litespeedtech/lsquic
Docker, Containerization of applications with Docker, 2021. [Online]. Available: https://github.com/docker
L. Kernel, Kernel TLS documentation, https://www.kernel.org/doc/html/latest/networking/tls.html#kernel-tls, 2020.
D. Watson, “Ktls: Linux kernel transport layer security,” Proposal by Facebook Engineer, 2016.
——, TLS in the kernel, 2015. [Online]. Available: https://lwn.net/Articles/666509/
G. Pantuza, F. Sampaio, L. F. M. Vieira, D. Guedes, and M. A. M. Vieira, “Network management through graphs in software defined networks,” in 10th International Conference on Network and Service Management (CNSM) and Workshop, 2014, pp. 400–405.
G. Pantuza, eQUIC source code, 2021. [Online]. Available: https://github.com/pantuza/eq