Uma arquitetura para o offload parcial de funções virtualizadas de rede em plano de dados programável

Abstract

The increase of users and devices connected to the Internet has brought increasing challenges for service providers. The Network Functions Virtualization paradigm, whose objective is to decouple network functions from the underlying hardware and executing them on virtualization servers allows for greater flexibility and better use of infrastructure resources. However, there is few aspects which hinders the adoption of this new paradigm, such as performance, which is not yet comparable of middleboxes, as well as security concerns on the execution of the functions. Thus, techniques to mitigate this loss of performance are emerging. One of the techniques is the offloading of network functions where a part of the function runs on a programmable device before or after the main CPU, pre-processing the packets sent to the VNF. Besides the better performance, offload also brings benefits related to the flexibility on the execution of the function, which can run on more devices, as well as security, reducing the attack surface of the function. Although this represents clear benefits, its implementation is complex, so that currently there is no architecture capable of performing the offload of elements of a virtualized network function into programmable devices. In this dissertation an architecture is proposed for the offload of virtualized network functions into the programmable data plan. This architecture is composed of two components, a network function platform capable of supporting offload, and a manager that configures the infrastructures to carry out the process. A prototype of the proposed architecture was also implemented and evaluated, demonstrating the operation of the architecture and the offload proposal.