Introducing smartnics in server-based data plane processing: The ddos mitigation use case

Sebastiano Miano*, Roberto Doriguzzi-Corin, Fulvio Risso, Domenico Siracusa, Raffaele Sommese

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review

9 Citations (Scopus)
1 Downloads (Pure)

Abstract

In the recent years, the complexity of the network data plane and their requirements in terms of agility has increased significantly, with many network functions now implemented in software and executed directly in datacenter servers. To avoid bottlenecks and to keep up with the ever increasing network speeds, recent approaches propose to move the software packet processing in kernel space using technologies such as eBPF/XDP, or to offload (part of it) in specialized hardware, the so called SmartNICs. This paper aims at guiding the reader through the intricacies of the above mentioned technologies, leveraging SmartNICs to build a more efficient processing pipeline and providing concrete insights on their usage for a specific use case, namely, the mitigation of Distributed Denial of Service (DDoS) attacks. In particular, we enhance the mitigation capabilities of edge servers by transparently offloading a portion of DDoS mitigation rules in the SmartNIC, thus achieving a balanced combination of the XDP flexibility in operating traffic sampling and aggregation in the kernel, with the performance of hardware-based filtering. We evaluate the performance in different combinations of host and SmartNIC-based mitigation, showing that offloading part of the DDoS network function in the SmartNIC can indeed optimize the packet processing but only if combined with additional processing on the host kernel space.

Original languageEnglish
Article number8789414
Pages (from-to)107161-107170
Number of pages10
JournalIEEE Access
Volume7
DOIs
Publication statusPublished - 2019

Keywords

  • DDoS
  • eBPF
  • NFV
  • SmartNIC
  • XDP

Fingerprint

Dive into the research topics of 'Introducing smartnics in server-based data plane processing: The ddos mitigation use case'. Together they form a unique fingerprint.

Cite this