evaluating viability of network functions on lambda
play

Evaluating Viability of Network Functions on Lambda Architecture - PowerPoint PPT Presentation

Evaluating Viability of Network Functions on Lambda Architecture By Arjun Singhvi, Anshul Purohit and Shruthi Racha Network Functions (NFs) Examine and modify packets and flows in sophisticated ways Ensure security, improve


  1. Evaluating Viability of Network Functions on Lambda Architecture By Arjun Singhvi, Anshul Purohit and Shruthi Racha

  2. Network Functions (NFs) ❖ Examine and modify packets and flows in sophisticated ways ❖ Ensure security, improve performance, and providing other novel network functionality ❖ Examples of Network Functions : Firewall, Network Address Translators, Intrusion Detection Systems

  3. Network Functions (NFs) ❖ Lie in the Critical Path between source and destination ❖ Should be capable of ➢ Handling packet bursts ➢ Failures

  4. Lambda Architecture - Working Upload your code to Lambda runs your code only Pay just for the Lambda when triggered, using only compute time used the compute resources Setup your code to trigger needed from other cloud services, HTTP endpoints or in-app activity

  5. Lambda Frameworks ❖ Lambda Frameworks are popular ❖ Public cloud lambda offerings ➢ AWS Lambda ➢ Azure Functions ➢ Google Cloud Functions

  6. Lambda Frameworks - Advantages ❖ Elimination of server management ❖ Continuous Scaling on demand ❖ High-availability ❖ Pay-as-you-go model ❖ Developer just writes event-handling logic

  7. Problem Statement Does it make sense to implement network functions on lambda architectures?

  8. Our Focus ❖ Investigate the performance of standalone NFs on Lambda architectures ❖ Implement and evaluate a locality-aware, event-based NF chaining system - LENS

  9. Key Takeaways ❖ Naively implementing NFs on Lambda architecture leads to scalability at the cost of ➢ High end-to-end latency ➢ High overhead ❖ Porting standalone NFs onto Lambda architecture is not a viable option ❖ Lambda architectures are too restrictive - users cannot control the placement of lambda functions

  10. Outline ❖ Standalone NFs Implementation ❖ Standalone NFs Evaluation Results ❖ LENS Design ❖ LENS Implementation Choices ❖ LENS Evaluation Results ❖ Summary ❖ Conclusion

  11. Standalone Network Functions ❖ Firewall ❖ NAT (Network address translation) ❖ PRADS (Passive Real-time Asset Detection System)

  12. Standalone Network Functions - Firewall Redis ❖ Monitors and controls the incoming 2 and outgoing network traffic based on 2 predetermined security rules Firewall ❖ Control Flow - i. Switch triggers Firewall 3 ii. Fetch security rules 1 iii. Block malicious packets SWITCH

  13. Standalone Network Functions - NAT Redis ❖ Remaps IP addresses across private 2 2 and public IP address space NAT ❖ Control Flow - i. Switch triggers NAT ii. Extract IP address from packet 3 1 iii. Lookup for IP from external store iv. Modify the IP address in packet SWITCH

  14. Standalone Network Functions - PRADS Redis ❖ Gathers information on hosts/services 2 2 ❖ Control Flow - i. Switch triggers PRADS PRADS ii. Extract relevant packet fields iii. Store to external store 3 1 SWITCH

  15. Experimental Setup ❖ Experiments run on Cloudlab ❖ Synthetic Benchmarks - ➢ Sequential Packet Benchmark ■ Analyse latency breakdown ➢ Concurrent Packet Benchmark ■ Analyze latency with scale ❖ Lambda Region ➢ AWS: us-east-1 region

  16. Sequential Packet Benchmark Results - NAT Sequential Packet Benchmark: End to End Latency Time (s) Packets

  17. Sequential Packet Benchmark Results - NAT Total Latency = Lambda Execution Time + Network Latency + AWS Overhead Sequential Packet Benchmark Time (s) Packet Number

  18. Sequential Packet Benchmark Results - NAT Lambda Execution Time = External Store Access Time + Pure Lambda Execution Time Sequential Lambda Time Breakdown Time (ms) Packet Number

  19. Concurrent Packet Benchmark Results - NAT Network Functions Scale on Lambda Frameworks Effect of Scale on Packet Concurrent Benchmark Average Processing Latency on a single Latency Average Time per packet (ms) machine Time (s) Concurrent Clients Number of concurrent packets

  20. Concurrent Packet Benchmark Results - NAT Average Time on Local vs Lambda Time of Local (ms) Time of Lambda (ms) Concurrent Clients

  21. DynamoDB vs Redis Use of in-memory redis state operations provides much lower latencies NAT Redis Lambda Breakdown NAT Dynamo Lambda Breakdown Time (ms) Time (ms) Store Type Store Type

  22. Middlebox Chaining Solution (Naive Approach) Firewall NAT PRADS 4 5 3 2 6 1 SWITCH

  23. LENS Locality-aware, Event-based NF Chaining System

  24. LENS Implementation Choice 1 - All In One ❖ Functionality of 3 middleboxes in single function 1 ❖ Pros ➢ Locality Aware Firewall ❖ Cons ➢ One hot middlebox leads to NAT unnecessary relaunch of all 3 SWITCH middleboxes. ➢ One middlebox corruption renders PRADS other middleboxes on same lambda 2 instance unusable

  25. LENS Implementation Choice 2 - Start Step Functions 1 Firewall ❖ Interpose each middlebox lambda Choice State SWITC onto a node in step function H ❖ Pros ➢ Easy to model complex Default 2 workflows NAT ❖ Cons ➢ Overhead in Lambda States Blocked and Transitions PRADS ➢ Can not enforce locality End

  26. Implementation Choice 3 - Simple Notification Service ❖ Simple Notification Service (SNS) ➢ Fast ➢ Flexible ➢ Push Notification Service ➢ Send individual messages ➢ Fan - out messages ➢ Publisher - Subscriber Model ❖ Pros ➢ Simplifies Event based handling ❖ Cons ➢ Locality unaware

  27. LENS Implementation Choice 3 - Simple Notification Service (SNS) Firewall NAT PRADS publish publish subscribe subscribe 5 2 4 3 SNS Topic 1 SNS Topic 2 1 6 SWITCH

  28. LENS Evaluation Results Middlebox Chaining : End to End Latency Results Chaining Method Time (s)

  29. LENS Evaluation Results - Analysing Step Functions Total Latency = Network Latency + Lambda Execution Time + AWS Step Function Overhead Step Functions - Latency Breakdown ❖ ~100ms to execute ❖ ~3ms for Lambda Execution Time (s) ❖ High setup cost ❖ AWS Step Function Overhead represents ➢ State Transitions ➢ Non-Task State time Step Functions Latency

  30. LENS Evaluation Results - Analysing SNS Execution ❖ SNS SNS Latency Breakdown ➢ 92% overhead ❖ Overhead includes Time (s) ➢ Pub-Sub delay ➢ Lambda Setup costs SNS Latency

  31. Summary ❖ Implementing standalone NFs/middleboxes on Lambda is not a viable option ➢ High latency and overhead ❖ Chaining middleboxes hides the high latency ❖ After exploring various chaining methods ➢ Services provided by AWS lambda are ■ Very restrictive ■ Have high overhead ➢ Chaining is most beneficial in the All-In-One case ■ Provides locality ■ High memory footprint ■ Only suitable when all NFs scale equally

  32. Questions?

  33. Graph Slides

  34. Graph 1 Effect of Scale on Packet Processing ❖ Plot illustrating average Latency on a single machine NAT response time with Average Time per packet (ms) concurrent clients ❖ Highlights the problem of scaling on a single machine ❖ Motivation for investigating a an implementation in a Number of concurrent packets distributed setting

  35. Graph 2 ❖ NAT implementation on Concurrent Benchmark Average Latency AWS lambda scales well ❖ AWS lambda: maximum parallel executions set to 100 Time (s) ❖ Latency is mostly unaffected ❖ High end to end latencies Concurrent Clients

  36. Graph 3 Average Time on Local vs Lambda ❖ Comparison between lambda and local NAT ❖ Very higher rate of change Time of Local (ms) Time of Lambda (ms) of local latency ❖ Lambda is unaffected ❖ Lambda addresses the scaling problem ➢ At the cost of very high end-to-end latency Concurrent Clients ➢ Further analysis

  37. Graph 4 ❖ Distribution of NAT Sequential Packet Benchmark: End to End Latency latencies for 100 sequential packets. ❖ Need to breakdown the latency into known components Time (s) ➢ Network Latency ➢ Lambda Execution ➢ AWS overhead Packets

  38. Graph 5 ❖ Distribution with the Lambda, Network and Sequential Packet Benchmark AWS overhead components ❖ High cost for launching Time (s) lambda instances Packet Number

  39. Graph 6 Sequential Lambda Time Breakdown ❖ Breakdown of Lambda Execution Time ❖ State operations take higher fraction of time Time (ms) ❖ DynamoDB Update operations are costly ➢ Provides High Consistency Packet Number

  40. Graph 7 ❖ Illustrating the scaling property Concurrent Benchmark Average Latency provided by the lambda architecture ❖ Similar trend observed for Firewall and PRADS Time (s) middleboxes ❖ Average latency remains mostly unaffected Concurrent Clients

  41. Graph 8 ❖ Use of in-memory redis state operations provides much lower latencies ❖ The state mapping will not be persistent ➢ Backup state in the DynamoDB ➢ Replication in Redis NAT Redis Lambda Breakdown NAT Dynamo Lambda Breakdown Time (ms) Time (ms) Store Type Store Type

  42. Graph 9 ❖ Running the benchmarks from an Latency Trends EC2 instance ❖ Avoids the Wide Area Network Latency by calling an internal API and Lambda trigger ➢ Time (s) Lower Network Latency ➢ Lower AWS Overhead ❖ Latency characteristics are comparable among the middleboxes

Recommend


More recommend