Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
KVM vs. LXC: Comparing Performance and Isolation of Hardware-assisted Virtual Routers
KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS, Network Systems Laboratory (NS Lab).ORCID iD: 0000-0002-6427-4612
KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS, Network Systems Laboratory (NS Lab).ORCID iD: 0000-0002-3172-076X
2013 (English)In: American Journal of Networks and Communications, ISSN 2326-893X, Vol. 2, no 4, 88-96 p.Article in journal (Refereed) Published
Abstract [en]

Concerns have been raised about the performance of PC-based virtual routers as they do packet processing in software. Furthermore, it becomes challenging to maintain isolation among virtual routers due to resource contention in a shared environment. Hardware vendors recognize this issue and PC hardware with virtualization support (SR-IOV and Intel-VTd) has been introduced in recent years. In this paper, we investigate how such hardware features can be integrated with two different virtualization technologies (LXC and KVM) to enhance performance and isolation of virtual routers on shared environments. We compare LXC and KVM and our results indicate that KVM in combination with hardware support can provide better trade-offs between performance and isolation. We notice that KVM has slightly lower throughput, but has superior isolation properties by providing more explicit control of CPU resources. We demonstrate that KVM allows defining a CPU share for a virtual router, something that is difficult to achieve in LXC, where packet forwarding is done in a kernel shared by all virtual routers.

Place, publisher, year, edition, pages
2013. Vol. 2, no 4, 88-96 p.
Keyword [en]
Network Virtualization, Virtual Router (VR), SR-IOV, Virtual Function (VF), SoftIRQ, NAPI
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:kth:diva-136604DOI: 10.11648/j.ajnc.20130204.11OAI: oai:DiVA.org:kth-136604DiVA: diva2:676603
Note

QC 20140303

Available from: 2013-12-06 Created: 2013-12-06 Last updated: 2017-05-11Bibliographically approved
In thesis
1. Performance, Isolation and Service Guarantees in Virtualized Network Functions
Open this publication in new window or tab >>Performance, Isolation and Service Guarantees in Virtualized Network Functions
2017 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

A network is generally a collection of different hardware-based network devices carrying out various network functions, (NF). These NF implementations are special purpose and expensive. Network function virtualization (NFV) is an alternative which uses software-based implementation of NFs in inexpensive commodity servers. However, it is challenging to achieve high networking performance due to bottlenecks in software, particularly in a virtualized environment where NFs are implemented inside the virtual machines (VM). The performance isolation is yet another challenge, which means that the load on one VM should not affect the performance of other VMs. However, it is difficult to provide performance isolation due to resource contention in a commodity server. Furthermore, different NFs may require different service guarantees which are difficult to ensure due to the non-deterministic performance behavior of a commodity server.

In this thesis we investigate how the challenges of performance, isolation and service guarantees can be addressed for virtual routers (VR), as an example of a virtualized NF. It is argued that the forwarding path of a VR can be modified in an efficient manner in order to improve the forwarding performance. When it comes to performance isolation, poor isolation is observed due to shared network queues and CPU sharing among VRs. We propose a design with SR-IOV, which allows reserving a network queue and CPU core for each VR. As a result, the resource contention is reduced and strong performance isolation is achieved. Finally, it is investigated how average throughput and bounded packet delay can be guaranteed to VRs. We argue that a classic rate-controlled service discipline can be adapted in a virtual environment to achieve service guarantees. We demonstrate that firm service guarantees can be achieved with little overhead of adding token bucket regulator in the forwarding path of a VR.

Place, publisher, year, edition, pages
KTH Royal Institute of Technology, 2017. 59 p.
Keyword
NFV, virtual router, service guarantee, scheduling, rate control
National Category
Telecommunications
Research subject
Computer Science
Identifiers
urn:nbn:se:kth:diva-206830 (URN)978-91-7729-380-4 (ISBN)
Public defence
2017-06-14, Sal C, kistagången 16, Kista, 13:00 (English)
Opponent
Supervisors
Note

QC 20170511

Available from: 2017-05-11 Created: 2017-05-09 Last updated: 2017-06-16Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text

Authority records BETA

Hidell, MarkusSjödin, Peter

Search in DiVA

By author/editor
Rathore, Muhammad SirajHidell, MarkusSjödin, Peter
By organisation
Network Systems Laboratory (NS Lab)
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 440 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf