polito.it
Politecnico di Torino (logo)

Building high-speed network functions in the Linux kernel

Kevin Corizi

Building high-speed network functions in the Linux kernel.

Rel. Fulvio Giovanni Ottavio Risso. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2018

[img]
Preview
PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (2MB) | Preview
Abstract:

The ever-growing need for faster, more flexible cloud applications demands for increasingly complex networking architectures. When a virtual infrastructure is set up, virtual networking overlay must be imposed over the physical network. This is expecially true for those infrastructures where several components are continuously deployed: the ability to connect them without changing the physical configuration allows unprecedented scalability and flexibility. This is the realm of network function virtualization, which is used to build arbitrary networking configurations on top of a physical network. Of course such configurations must be complete and working, and therefore need to provide virtualized versions of the most common networking devices, such as routers, firewalls and nats. An emerging network function virtualization framework is Polycube, developed as a research project at Politecnico di Torino. Polycube enables the creation and deployment of arbitrary lightweight and fast network functions, which run in the Linux kernel and can be used to build complex service chains. This technology is based on the eBPF virtual machine . eBPF is the evolution of the Berkeley Packet Filter (BPF), which is the engine that powers tools such as wireshark. With eBPF it is possible to inject code in the Linux kernel at runtime, which is verified for safety and compiled before execution. eBPF programs, which are called cubes in the context of Polycube, can intercept, access, modify and redirect packets. eBPF allows cubes to communicate with each other and share memory areas, called maps. To prove how powerful and complex a cube can be, a proof-of-concept version of iptables was implemented using the eBPF technology in Polycube, which is called pcn-iptables: this piece of software consists of several sub modules, linked together to provide firewalling, packet filtering and connection tracking. An adapter was also created that allows to configure pcn-iptables with the same syntax as the original one. The first part of this thesis project focuses on integrating the network address translation function in pcn-iptables, to get closer to the actual iptables functionality. Polycube also provides a set of services out of the box, such as routers, switches and network address translators: the current version of the NAT cube, called pcn-nat, has several limitations that do not make it ideal to use in practical applications. The second part of this thesis consists of the definition and implementation of a new version of pcn-nat, that could make it suitable for real-life deployment and usage.

Relatori: Fulvio Giovanni Ottavio Risso
Anno accademico: 2018/19
Tipo di pubblicazione: Elettronica
Numero di pagine: 89
Soggetti:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA
Aziende collaboratrici: NON SPECIFICATO
URI: http://webthesis.biblio.polito.it/id/eprint/9047
Modifica (riservato agli operatori) Modifica (riservato agli operatori)