A Transparent Highway for inter-Virtual Network Function Communication with Open vSwitch

This paper presents a software architecture that can dynamically and transparently establish direct communication paths between DPDK-based virtual network functions executed in virtual machines, by recognizing new point-to-point connections in traffic steering rules. We demonstrate the huge advantages of this architecture in terms of performance and the possibility to implement it with localized modifications in Open vSwitch and DPDK, without touching the VNFs

A Framework for eBPF-Based Network Functions in an Era of Microservices

By moving network functionality from dedicated hardware to software running on end-hosts, Network Functions Virtualization (NFV) pledges the benefits of cloud computing to packet processing. While most of the NFV frameworks today rely on kernel-bypass approaches, no attention has been given to kernel packet processing, which has always proved hard to evolve and to program. In this article, we present Polycube, a software framework whose main goal is to bring the power of NFV to in-kernel packet processing applications, enabling a level of flexibility and customization that was unthinkable before. Polycube enables the creation of arbitrary and complex network function chains, where each function can include an efficient in-kernel data plane and a flexible user-space control plane with strong characteristics of isolation, persistence, and composability. Polycube network functions, called Cubes, can be dynamically generated and injected into the kernel networking stack, without requiring custom kernels or specific kernel modules, simplifying the debugging and introspection, which are two fundamental properties in recent cloud environments. We validate the framework by showing significant improvements over existing applications, and we prove the generality of the Polycube programming model through the implementation of complex use cases such as a network provider for Kubernetes

Creating Complex Network Services with eBPF: Experience and Lessons Learned

The extended Berkeley Packet Filter (eBPF) is a recent technology available in the Linux kernel that enables flexible data processing. However, so far the eBPF was mainly used for monitoring tasks such as memory, CPU, page faults, traffic, and more, with a few examples of traditional network services, e.g., that modify the data in transit. In fact, the creation of complex network functions that go beyond simple proof-of-concept data plane applications has proven to be challenging due to the several limitations of this technology, but at the same time very promising due to some characteristics (e.g., dynamic recompilation of the source code) that are not available elsewhere. Based on our experience, this paper presents the most promising characteristics of this technology and the main encountered limitations, and we envision some solutions that can mitigate the latter. We also summarize the most important lessons learned while exploiting eBPF to create complex network functions and, finally, we provide a quantitative characterization of the most significant aspects of this technology

Securing Linux with a Faster and Scalable Iptables

The sheer increase in network speed and the massive deployment of containerized applications in a Linux server has led to the consciousness that iptables, the current de-facto firewall in Linux, may not be able to cope with the current requirements particularly in terms of scalability in the number of rules. This paper presents an eBPF-based firewall, bpf-iptables, which emulates the iptables filtering semantic while guaranteeing higher throughput. We compare our implementation against the current version of iptables and other Linux firewalls, showing how it achieves a notable boost in terms of performance particularly when a high number of rules is involved. This result is achieved without requiring custom kernels or additional software frameworks (e.g., DPDK) that could not be allowed in some scenarios such as public data-centers

Transparent Optimization of Inter-Virtual Network Function Communication in Open vSwitch

This paper proposes an architecture that can optimize inter-VM communication in an NFV environment through the creation of direct channels between virtual machines. Particularly, our prototype can transparently optimize the data transfer between virtual machines running DPDK applications by dynamically recognizing the existence of point-to-point connections in the traffic steering rules, reverting back to the traditional VM-to-switch-to-VM approach when the optimization is no longer possible. This paper demonstrates the huge advantages of this architecture and the possibility to implement it with localized modifications mainly in Open vSwitch, without touching the applications inside the VMs

A Service-Agnostic Software Framework for Fast and Efficient In-Kernel Network Services

This paper presents Polycube, an open-source software framework based on eBPF, that enables the creation of arbitrary and complex network function chains. Each function can include an efficient in-kernel data plane and a flexible userspace control plane with strong characteristics of isolation, persistence (e.g., across server reboots) and composability. In addition, a generic model for the control and management plane of each network function simplifies the manageability and accelerates the development of new network services. We validate the framework by creating different network services and benchmarking their performance in a complex scenario, namely a network provider for Kubernetes. Results show that Polycube programs are about 20x shorter than equivalent programs implemented with vanilla eBP

Baños: la memoria habitada

La parroquia rural de Baños es un enclave rico en cultura popular y tradiciones de un largo devenir desde tiempos prehispánicos hasta nuestros días. Se trata de un punto geográfico que nunca pasó desapercibido por sus hábiles pobladores, sus aguas termales y la riqueza de tierras, y que en la Colonia, encendió la vana ilusión de la minería. La obra que presentamos a continuación es un registro actual de esta jurisdicción, un repaso por los imaginarios y las memorias, por las manifestaciones cotidianas y festivas, en suma por una especialísima identidad que debe ser conocida, valorada y protegida. Ocho artículos etnográficos conforman esta publicación que nos permite una aproximación a su historia, geografía y población. Aquí un recorrido por la más profunda religiosidad, una particular gastronomía, el pegamento social de los juegos de la infancia y los imaginarios sobre la muerte, por esa forma de vivir la artesanía y los emprendimientos relacionados con el turismo

Revista Temas Agrarios Volumen 26; Suplemento 1 de 2021

1st International and 2nd National Symposium of Agronomic Sciences: The rebirth of the scientific discussion space for the Colombian Agro.1 Simposio Intenacional y 2 Nacional de Ciencias Agronómicas: El renacer del espacio de discusión científica para el Agro colombiano