Sagor, visor och lekar

Skyddsengelns röst ; Fjäderholmarna ; Prinsessan Lindagull ; Alanda cantat ; Refanut ; Skolgossarnes segersång ; Matts Lustigs barn ; Tidningssättaren vid sin stilkast ; Fattig-gubben ; Aftonvandring ; Georgs konungariken ; Ångbåtseldaren ; Lasse liten ; Svarta hafvets matros ; Tändstickan ; En vårdag på Finska Viken ; Pehr Matts' sten ; Jernvägskonduktören ; Myran, som for till doktorn ; Telegrafisten ; Lilla Genius ; Vaggvisa för en nordanstorm ; Stjernöga ; Vid postluckan för ankommande bref ; Myreborg och Gråmossa ; Johanna d'Arc ; Sikku ; Berndt Michaels dröm ; Det vissnade löfvet ; Hvar få vi en julgran? ; Måne klara ; Ängens söndagsmorgon

Architecture for programmable network infrastructure

Software networking promises a more flexible network infrastructure, poised to leverage the computational power available in datacenters. Virtual Net- work Functions (VNF) can now run on commodity hardware in datacenters instead of using specialized equipment disposed along the network path. VNFs applications like stateful firewalls, carrier-grade NAT or deep packet inspection that are found “in-the-middle”, and therefore often categorized as middleboxes, are now software functions that can be migrated to reduce costs, consolidate the processing or scale easily. But if not carefully implemented, VNFs won’t achieve high-speed and will barely sustain rates of even small networks and therefore fail to fulfil their promise. As of today, out-of-the-box solutions are far from efficient and cannot handle high rates, especially when combined in a single host, as multiple case studies will show in this thesis. We start by reviewing the current obstacles to high-speed software net- working. We leverage current commodity hardware to achieve what seemed impossible to do in software not long ago and made software solutions be- lieved unworthy and untrusted by network operators. Our work paves the way for building a proper software framework for a programmable network infrastructure that can be used to quickly implement network functions. We built FastClick, a faster version of the Click Modular Router, that allows fast packet processing thanks to a careful integration of fast I/O frame- works and a deep study of interactions of their features. FastClick proposes a revised, easier to use execution model that hides multi-queueing and sim- plifies multithreading using a thread traversal analysis of the configuration. We propose tailored network-specific multi-threaded algorithms that enable parallel high-speed networking. We build a new retro-compatible batching implementation, and avoid system calls “left over” by previous work. We then build MiddleClick, an NFV dataplane built on top of FastClick. It combines VNFs along a service chain to use a common subsystem that implements shared features such as classification and session handling, but makes sure no feature is applied that isn’t absolutely needed by one of the VNFs. E.g., the classification is optimized to be minimal and only needs to be done once for all VNFs. E.g., if no VNF needs TCP reconstruction, that reconstruction won’t happen. We propose an algorithm to enable a per-session, per-VNF “scratchpad”. Only the minimal amount of state is declared and accessible in predictable locations using a per-VNF offset into the “scratchpad” for fast lookups across the chain. MiddleClick also offers new flow abstractions and ways to handle sessions that enable fast and easy development of new middlebox functions that can handle many flows in parallel. Cooperation, consolidation and using the hardware in an appropriate way may not always be enough. This thesis finally explores how to use classi- fication hardware such as smart NICs and SDN switches to accelerate the processing of the combined service chain, removing the need for software classification. While this work mostly relies on known high-level NFV dataplane principles and proposes a few new ones, it is one of the most low-level work in the field, leading to precise implementation considerations yielding very high performance results. Both FastClick and MiddleClick are available as Open Source projects and constitute an important contribution to the state of the art. Multiple leading edge use cases are built to show how the prototype can be used to build fast and efficient solutions quickly.QC 20180918</p

Implementing an Home Automation Control System

This paper presents the realization, the context, and the prospects of an automa- tion control interface. The interface is flexible, capable of adapt to all energy and all types of meters. It has been designed for easy use, guiding the user by steps in the configuration of the interface, while allowing a relatively precise definition of the energy envelope of the house. It also responds to performance issues, allowing it to be used on computers but also smartphones and tablets. By combining these characteristics, the interface differs from what is currently being done in this area. This work is also considering some research perspectives related to the interface, such as the use of information provided by the various smart devices in the house to compute approximated consumption data, rather than using real meters, which are often expensive.Ce document présente le fonctionnement, le contexte, et les perspectives de la réalisation d’une interface de contrôle domotique. L’interface est flexible, pouvant s’adapter à toutes les énergies et tous les types de compteurs. Elle a été pensée pour une utilisation facile, guidant l’utilisateur par étape dans la configuration de l’interface, tout en permettant une définition relativement précise de l’enveloppe énergétique de la maison. Elle répond également à un souci de performance devant être utilisable sur les ordinateurs mais aussi sur les smartphones et tablettes. Par la combinaison de ces caractéristiques, l’interface se démarque par rapport à ce qui se fait actuellement en la matière. Ce travail envisage également quelques perspectives de recherche liée à l’interface, comme l’utilisation des informations fournies par les divers appareils intelligents de la maison pour calculer des mesures approximées plutôt que d’utiliser des capteurs physiques, souvent coûteux

Architecture for programmable network infrastructure

Software networking promises a more flexible network infrastructure, poised to leverage the computational power available in datacenters. Virtual Net- work Functions (VNF) can now run on commodity hardware in datacenters instead of using specialized equipment disposed along the network path. VNFs applications like stateful firewalls, carrier-grade NAT or deep packet inspection that are found “in-the-middle”, and therefore often categorized as middleboxes, are now software functions that can be migrated to reduce costs, consolidate the processing or scale easily. But if not carefully implemented, VNFs won’t achieve high-speed and will barely sustain rates of even small networks and therefore fail to fulfil their promise. As of today, out-of-the-box solutions are far from efficient and cannot handle high rates, especially when combined in a single host, as multiple case studies will show in this thesis. We start by reviewing the current obstacles to high-speed software net- working. We leverage current commodity hardware to achieve what seemed impossible to do in software not long ago and made software solutions be- lieved unworthy and untrusted by network operators. Our work paves the way for building a proper software framework for a programmable network infrastructure that can be used to quickly implement network functions. We built FastClick, a faster version of the Click Modular Router, that allows fast packet processing thanks to a careful integration of fast I/O frame- works and a deep study of interactions of their features. FastClick proposes a revised, easier to use execution model that hides multi-queueing and sim- plifies multithreading using a thread traversal analysis of the configuration. We propose tailored network-specific multi-threaded algorithms that enable parallel high-speed networking. We build a new retro-compatible batching implementation, and avoid system calls “left over” by previous work. We then build MiddleClick, an NFV dataplane built on top of FastClick. It combines VNFs along a service chain to use a common subsystem that implements shared features such as classification and session handling, but makes sure no feature is applied that isn’t absolutely needed by one of the VNFs. E.g., the classification is optimized to be minimal and only needs to be done once for all VNFs. E.g., if no VNF needs TCP reconstruction, that reconstruction won’t happen. We propose an algorithm to enable a per-session, per-VNF “scratchpad”. Only the minimal amount of state is declared and accessible in predictable locations using a per-VNF offset into the “scratchpad” for fast lookups across the chain. MiddleClick also offers new flow abstractions and ways to handle sessions that enable fast and easy development of new middlebox functions that can handle many flows in parallel. Cooperation, consolidation and using the hardware in an appropriate way may not always be enough. This thesis finally explores how to use classi- fication hardware such as smart NICs and SDN switches to accelerate the processing of the combined service chain, removing the need for software classification. While this work mostly relies on known high-level NFV dataplane principles and proposes a few new ones, it is one of the most low-level work in the field, leading to precise implementation considerations yielding very high performance results. Both FastClick and MiddleClick are available as Open Source projects and constitute an important contribution to the state of the art. Multiple leading edge use cases are built to show how the prototype can be used to build fast and efficient solutions quickly

Architecture for programmable network infrastructure

Software networking promises a more flexible network infrastructure, poised to leverage the computational power available in datacenters. Virtual Net- work Functions (VNF) can now run on commodity hardware in datacenters instead of using specialized equipment disposed along the network path. VNFs applications like stateful firewalls, carrier-grade NAT or deep packet inspection that are found “in-the-middle”, and therefore often categorized as middleboxes, are now software functions that can be migrated to reduce costs, consolidate the processing or scale easily. But if not carefully implemented, VNFs won’t achieve high-speed and will barely sustain rates of even small networks and therefore fail to fulfil their promise. As of today, out-of-the-box solutions are far from efficient and cannot handle high rates, especially when combined in a single host, as multiple case studies will show in this thesis. We start by reviewing the current obstacles to high-speed software net- working. We leverage current commodity hardware to achieve what seemed impossible to do in software not long ago and made software solutions be- lieved unworthy and untrusted by network operators. Our work paves the way for building a proper software framework for a programmable network infrastructure that can be used to quickly implement network functions. We built FastClick, a faster version of the Click Modular Router, that allows fast packet processing thanks to a careful integration of fast I/O frame- works and a deep study of interactions of their features. FastClick proposes a revised, easier to use execution model that hides multi-queueing and sim- plifies multithreading using a thread traversal analysis of the configuration. We propose tailored network-specific multi-threaded algorithms that enable parallel high-speed networking. We build a new retro-compatible batching implementation, and avoid system calls “left over” by previous work. We then build MiddleClick, an NFV dataplane built on top of FastClick. It combines VNFs along a service chain to use a common subsystem that implements shared features such as classification and session handling, but makes sure no feature is applied that isn’t absolutely needed by one of the VNFs. E.g., the classification is optimized to be minimal and only needs to be done once for all VNFs. E.g., if no VNF needs TCP reconstruction, that reconstruction won’t happen. We propose an algorithm to enable a per-session, per-VNF “scratchpad”. Only the minimal amount of state is declared and accessible in predictable locations using a per-VNF offset into the “scratchpad” for fast lookups across the chain. MiddleClick also offers new flow abstractions and ways to handle sessions that enable fast and easy development of new middlebox functions that can handle many flows in parallel. Cooperation, consolidation and using the hardware in an appropriate way may not always be enough. This thesis finally explores how to use classi- fication hardware such as smart NICs and SDN switches to accelerate the processing of the combined service chain, removing the need for software classification. While this work mostly relies on known high-level NFV dataplane principles and proposes a few new ones, it is one of the most low-level work in the field, leading to precise implementation considerations yielding very high performance results. Both FastClick and MiddleClick are available as Open Source projects and constitute an important contribution to the state of the art. Multiple leading edge use cases are built to show how the prototype can be used to build fast and efficient solutions quickly.QC 20180918</p

Architecture for programmable network infrastructure

Software networking promises a more flexible network infrastructure, poised to leverage the computational power available in datacenters. Virtual Net- work Functions (VNF) can now run on commodity hardware in datacenters instead of using specialized equipment disposed along the network path. VNFs applications like stateful firewalls, carrier-grade NAT or deep packet inspection that are found “in-the-middle”, and therefore often categorized as middleboxes, are now software functions that can be migrated to reduce costs, consolidate the processing or scale easily. But if not carefully implemented, VNFs won’t achieve high-speed and will barely sustain rates of even small networks and therefore fail to fulfil their promise. As of today, out-of-the-box solutions are far from efficient and cannot handle high rates, especially when combined in a single host, as multiple case studies will show in this thesis. We start by reviewing the current obstacles to high-speed software net- working. We leverage current commodity hardware to achieve what seemed impossible to do in software not long ago and made software solutions be- lieved unworthy and untrusted by network operators. Our work paves the way for building a proper software framework for a programmable network infrastructure that can be used to quickly implement network functions. We built FastClick, a faster version of the Click Modular Router, that allows fast packet processing thanks to a careful integration of fast I/O frame- works and a deep study of interactions of their features. FastClick proposes a revised, easier to use execution model that hides multi-queueing and sim- plifies multithreading using a thread traversal analysis of the configuration. We propose tailored network-specific multi-threaded algorithms that enable parallel high-speed networking. We build a new retro-compatible batching implementation, and avoid system calls “left over” by previous work. We then build MiddleClick, an NFV dataplane built on top of FastClick. It combines VNFs along a service chain to use a common subsystem that implements shared features such as classification and session handling, but makes sure no feature is applied that isn’t absolutely needed by one of the VNFs. E.g., the classification is optimized to be minimal and only needs to be done once for all VNFs. E.g., if no VNF needs TCP reconstruction, that reconstruction won’t happen. We propose an algorithm to enable a per-session, per-VNF “scratchpad”. Only the minimal amount of state is declared and accessible in predictable locations using a per-VNF offset into the “scratchpad” for fast lookups across the chain. MiddleClick also offers new flow abstractions and ways to handle sessions that enable fast and easy development of new middlebox functions that can handle many flows in parallel. Cooperation, consolidation and using the hardware in an appropriate way may not always be enough. This thesis finally explores how to use classi- fication hardware such as smart NICs and SDN switches to accelerate the processing of the combined service chain, removing the need for software classification. While this work mostly relies on known high-level NFV dataplane principles and proposes a few new ones, it is one of the most low-level work in the field, leading to precise implementation considerations yielding very high performance results. Both FastClick and MiddleClick are available as Open Source projects and constitute an important contribution to the state of the art. Multiple leading edge use cases are built to show how the prototype can be used to build fast and efficient solutions quickly.QC 20180918</p

A low-level dive into building a high-speed NFV dataplane for service chaining

To cope with the growing performance needs of security appliances in datacenters or the network edge, current middlebox functionalities such as stateful firewalls, NATs, DPI, content-aware optimizers or load-balancers are self-contained software. They avoid OS services as those are not tailored for NFV and use most of the time RAW sockets, or specific I/O frameworks (DPDK, Netmap, ...) to receive raw packets. In this work, we present a system specifically designed to run a pipeline of VNFs. The system combines the classification and sessions needs of the VNFs. We build an abstract view of flows and use it to implement support for seamless inspection and modification of the content of any flows (such as TCP or HTTP), automatically reflecting a consistent view, across layers, of flows modified on-the-fly. This brings together the advantage of reusing software components with the performance provided by state-of-the-art high-speed NFV frameworks that force reimplementing protocol specifics in each application. We show unique considerations about factorizing session management and multi-protocol support for high-speed in-the-middle inspection and modification of flows. The system also offers automatic, session-aware parallelism to handle a large number of flows

Combined stateful classification and session splicing for high-speed NFV service chaining

Network functions such as firewalls, NAT, DPI, content-aware optimizers, and load-balancers are increasingly realized as software to reduce costs and enable outsourcing. To meet performance requirements these virtual network functions (VNFs) often bypass the kernel and use their own user-space networking stack. A naïve realization of a chain of VNFs will exchange raw packets, leading to many redundant operations, wasting resources. In this work, we design a system to execute a pipeline of VNFs. We provide the user facilities to define (i) a traffic class of interest for the VNF, (ii) a session to group the packets (such as the TCP 4-tuple), and (iii) the amount of space per session. The system synthesizes a classifier and builds an efficient flow table that when possible will automatically be partially offloaded and accelerated by the network interface. We utilize an abstract view of flows to support seamless inspection and modification of the content of any flow (such as TCP or HTTP). By applying only surgical modifications to the protocol headers, we avoid the need for a complex, hard-to-maintain user-space TCP stack and can chain multiple VNFs without re-constructing the stream multiple times, allowing up to 5x improvement over standard approaches.QC 20220112ePIULTR

Fast userspace packet processing

QC 20180820</p