A New Approach to Network Function Virtualization

Aurojit Panda

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2017-141
August 10, 2017

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-141.pdf

Networks provide functionality beyond just packet routing and delivery. Network functions such as firewalls, caches, WAN optimizers, etc. are crucial for scaling networks and in supporting new applications. While traditionally network functions were implemented using dedicated hardware middleboxes, recent efforts have resulted in them being implemented as software and deployed in virtualized environment . This move towards virtualized network function is commonly referred to as network function virtualization (NFV). While the NFV proposal has been enthusiastically accepted by carriers and enterprises, actual efforts to deploy NFV have not been as successful. In this thesis we argue that this is because the current deployment strategy which relies on operators to ensure that network functions are configured to correctly implement policies, and then deploys these network functions as virtual machines (or containers), connected by virtual switches are ill- suited to NFV workload.

In this dissertation we propose an alternative NFV framework based on the use of static techniques such as type checking and formal verification. Our NFV framework consists of NetBricks – a NFV runtime and programming environment, that uses type checking to provide isolation, and presents a novel dataflow based approach to writing high performance network functions; and VMN a verification tool that can automatically check whether a set of NFs correctly implement network policy. Finally, we also show that simplifying NF development and deployment enable new applications, both in the wide-area and within datacenters.

Advisor: Scott Shenker


BibTeX citation:

@phdthesis{Panda:EECS-2017-141,
    Author = {Panda, Aurojit},
    Title = {A New Approach to Network Function Virtualization},
    School = {EECS Department, University of California, Berkeley},
    Year = {2017},
    Month = {Aug},
    URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-141.html},
    Number = {UCB/EECS-2017-141},
    Abstract = {Networks provide functionality beyond just packet routing and delivery. Network functions such as firewalls, caches, WAN optimizers, etc. are crucial for scaling networks and in supporting new applications. While traditionally network functions were implemented using dedicated hardware middleboxes, recent efforts have resulted in them being implemented as software and deployed in virtualized environment . This move towards virtualized network function is commonly referred to as network function virtualization (NFV). While the NFV proposal has been enthusiastically accepted by carriers and enterprises, actual efforts to deploy NFV have not been as successful. In this thesis we argue that this is because the current deployment strategy which relies on operators to ensure that network functions are configured to correctly implement policies, and then deploys these network functions as virtual machines (or containers), connected by virtual switches are ill- suited to NFV workload.

In this dissertation we propose an alternative NFV framework based on the use of static techniques such as type checking and formal verification. Our NFV framework consists of NetBricks – a NFV runtime and programming environment, that uses type checking to provide isolation, and presents a novel dataflow based approach to writing high performance network functions; and VMN a verification tool that can automatically check whether a set of NFs correctly implement network policy. Finally, we also show that simplifying NF development and deployment enable new applications, both in the wide-area and within datacenters.}
}

EndNote citation:

%0 Thesis
%A Panda, Aurojit
%T A New Approach to Network Function Virtualization
%I EECS Department, University of California, Berkeley
%D 2017
%8 August 10
%@ UCB/EECS-2017-141
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-141.html
%F Panda:EECS-2017-141