Browse Prior Art Database

CONTAINMENT STRATEGY FOR VIRTUAL NETWORK FUNCTION WORKLOADS

IP.com Disclosure Number: IPCOM000250150D
Publication Date: 2017-Jun-06
Document File: 2 page(s) / 56K

Publishing Venue

The IP.com Prior Art Database

Related People

Ian Wells: AUTHOR

Abstract

A comprehensive set of stall mitigations for real-time virtual network function workloads is provided. Using these stall mitigations, there is little opportunity for a workload to stall due to an external event. Any external events that cause a workload to stall while employing these stall mitigations are generally predictable in duration, nature and frequency.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 54% of the total text.

Copyright 2017 Cisco Systems, Inc. 1

CONTAINMENT STRATEGY FOR VIRTUAL NETWORK FUNCTION WORKLOADS

AUTHORS: Ian Wells

CISCO SYSTEMS, INC.

ABSTRACT

A comprehensive set of stall mitigations for real-time virtual network function

workloads is provided. Using these stall mitigations, there is little opportunity for a

workload to stall due to an external event. Any external events that cause a workload to

stall while employing these stall mitigations are generally predictable in duration, nature

and frequency.

DETAILED DESCRIPTION

Virtual Network Function (VNF) workloads are generally considered in terms of

Virtual Machines (VMs), and more recently containers, but rarely in the context of

processes, sandboxes, or plugins to a process. A strategy is presented herein for sandbox-

like containment with enhanced isolation sympathetic to the needs of high performance

network workloads.

High performance network workloads are real-time-like. Any unexpected delay in

the workload can cause latency and jitter, and can additionally cause lost packets due to

input queue overflow. When running workloads on a Unix kernel based infrastructure,

which is not real-time in nature, the workload can pause for a number of reasons, such as

rescheduling to another process, hardware interrupts such as timer interrupts local to a

central processing unit (CPU) or external input/output interrupts, system calls, none of

which has a specific time bound. The time required to emulate an instruction in a virtual

machine cannot be simulated in hardware, such as timer reads or privilege escalations, etc.

Allowances cannot be made for these pauses, as is necessary for real-time workloads,

because the duration of the pause is not fixed.

When running a NFV application, restrictions may be implemented in a non-

virtualized workload on a Unix system. Ultimately the workload cannot be interrupted,

Copyright 2017 Cisco Systems, Inc. 2

and, by denying system calls, cannot call a functionality that is unknown. Certain operation

codes must not be used (e.g., those generating a system call that would cause a privilege

escalation and a context switch). Emulation overhead is nonexistent because the workload

runs in a process context rather than in a VM. This is particularly useful because CPU timer

register access, useful in traffic shaping...