Optimizing the Linux kernel network stack

Publié le
Equipe
Date de début de thèse (si connue)
Octobre 2023
Lieu
Rennes
Unité de recherche
IRISA - UMR 6074
Description du sujet de la thèse

Context.

More and more applications requiring fast packet processing on multicore processors bypass the kernel and use dedicated libraries in user space such as DPDK. This trend is due to the bottlenecks in kernel modules. However, bypassing the kernel does not solve its inherent problems.

Objectives.

The first key aim of the Phd is: (i) identifying the bottlenecks in the kernel space(ii) understanding why user-based libraries are more efficient that the standard packet processing available in the kernel. As a case study, we are interested in the first instance in the Wireguard kernel module that allows to implement a VPN. Wireguard is known for not scaling, which has led to several alternative implementations in the user space only. In a second time, it will be necessary to verify the generalization of bottlenecks for other commonly used kernel modules. The second aim of the PhD is to provide solutions to the identified bottlenecks. We are particularly interested in leveraging on the Intel’s Data Streaming Accelerator instructions (DSA) and Intel's Dynamic Load Balancer to promote a hardware-software codesign approach. Accordingly, the objective is to find an adequate solution on the latest Sapphire Rapids (SPR), the next-generation Xeon Processor, that comes to market in 2023, which implements the DSA and DLB instructions.

 

Bibliographie

[1] Alexandru Agache et al. “Firecracker : Lightweight Virtualization for Serverless Applications”.
In : 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20).
Santa Clara, CA : USENIX Association, fév. 2020, p. 419-434. isbn : 978-1-939133-13-7. url :
https://www.usenix.org/conference/nsdi20/presentation/agache.
[2] Anjali, Tyler Caraza-Harter et Michael M. Swift. “Blending containers and virtual ma-
chines : a study of firecracker and gVisor”. In : VEE ’20 : 16th ACM SIGPLAN/SIGOPS Inter-
national Conference on Virtual Execution Environments, virtual event [Lausanne, Switzerland],
March 17, 2020. Sous la dir. de Santosh Nagarakatte, Andrew Baumann et Baris Kasikci.
ACM, 2020, p. 101-113. doi : 10.1145/3381052.3381315. url : https://doi.org/10.1145/
3381052.3381315.
[3] Steven Mackey et al. “A Performance Comparison of WireGuard and OpenVPN”. In : Procee-
dings of the Tenth ACM Conference on Data and Application Security and Privacy. CODASPY
’20. New Orleans, LA, USA : Association for Computing Machinery, 2020, p. 162-164. isbn :
9781450371070. doi : 10.1145/3374664.3379532. url : https://doi.org/10.1145/3374664.
3379532.
[4] Samantha Miller et al. “High Velocity Kernel File Systems with Bento”. In : 19th USE-
NIX Conference on File and Storage Technologies (FAST 21). USENIX Association, fév. 2021,
p. 65-79. isbn : 978-1-939133-20-5. url : https : / / www . usenix . org / conference / fast21 /
presentation/miller.
[5] A p2p VPN in Rust. https://github.com/changlan/kytan. (Accessed on 09/11/2022).
[6] Cloudflare implementation of Wireguard in Rust in userpace. https://github.com/cloudflare/
boringtun. (Accessed on 09/11/2022).
[7] Official port of Wireguard in Rust in userspace. https://github.com/WireGuard/wireguard-
rs. (Accessed on 09/11/2022).

Liste des encadrants et encadrantes de thèse

Nom, Prénom
Bromberg David
Type d'encadrement
Directeur.trice de thèse
Unité de recherche
IRISA
Equipe

Nom, Prénom
MVONDO Djob
Type d'encadrement
Co-encadrant.e
Unité de recherche
IRISA
Equipe
Contact·s
Nom
Bromberg David
Email
david.bromberg@irisa.fr
Nom
MVONDO Djob
Email
barbe-thystere.mvondodjob@univ-rennes1.fr
Mots-clés
OS, Linux, Kernel, Intel, CPU, system programing