Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Virtuoso: High Resource Utilization and μs-scale Performance Isolation in a Shared Virtual Machine TCP Network Stack

Matheus Stolet, Liam Arzola, Simon Peter, Antoine Kaufmann

TL;DR

Virtuoso targets the inefficiencies of conventional layered virtual network stacks by sharing a single, elastic network stack across all guests and enforcing microsecond-scale isolation through per-packet budgeting. It achieves this with a single-layer data path and a one-shot fast-path that processes common traffic efficiently, complemented by a central slow-path for control tasks. The approach yields up to $82\%$ improvements in resource utilization and up to $91\%$ gains in throughput over optimized layered stacks, while maintaining $μs$ tail latency and modest overhead relative to unvirtualized stacks. The implementation, evaluated on a realistic 100 Gbps testbed with VMs and containers, scales to many guests and reduces VM exits in oversubscribed environments, offering a practical path to more efficient cloud networking.

Abstract

Virtualization improves resource efficiency and ensures security and performance isolation for cloud applications. Today, operators use a layered architecture with separate network stack instances in each VM and container connected to a virtual switch. Decoupling through layering reduces complexity, but induces performance and resource overheads at odds with increasing demands for network bandwidth, connection scalability, and low latency. We present Virtuoso, a new software network stack for VMs and containers. Virtuoso re-organizes the network stack to maximize CPU utilization, enforce isolation, and minimize processing overheads. We maximize utilization by running one elastically shared network stack instance on dedicated cores; we enforce isolation by performing central and fine-grained per-packet resource accounting and scheduling; we reduce overheads by building a single-layer data path with a one-shot fast-path incorporating all processing from the TCP transport layer through network virtualization and virtual switching. Virtuoso improves resource efficiency by up to 82%, latencies by up to 58% compared to other virtualized network stacks without sacrificing isolation, and keeps processing overhead within 6.7% of unvirtualized stacks.

Virtuoso: High Resource Utilization and μs-scale Performance Isolation in a Shared Virtual Machine TCP Network Stack

TL;DR

Virtuoso targets the inefficiencies of conventional layered virtual network stacks by sharing a single, elastic network stack across all guests and enforcing microsecond-scale isolation through per-packet budgeting. It achieves this with a single-layer data path and a one-shot fast-path that processes common traffic efficiently, complemented by a central slow-path for control tasks. The approach yields up to improvements in resource utilization and up to gains in throughput over optimized layered stacks, while maintaining tail latency and modest overhead relative to unvirtualized stacks. The implementation, evaluated on a realistic 100 Gbps testbed with VMs and containers, scales to many guests and reduces VM exits in oversubscribed environments, offering a practical path to more efficient cloud networking.

Abstract

Virtualization improves resource efficiency and ensures security and performance isolation for cloud applications. Today, operators use a layered architecture with separate network stack instances in each VM and container connected to a virtual switch. Decoupling through layering reduces complexity, but induces performance and resource overheads at odds with increasing demands for network bandwidth, connection scalability, and low latency. We present Virtuoso, a new software network stack for VMs and containers. Virtuoso re-organizes the network stack to maximize CPU utilization, enforce isolation, and minimize processing overheads. We maximize utilization by running one elastically shared network stack instance on dedicated cores; we enforce isolation by performing central and fine-grained per-packet resource accounting and scheduling; we reduce overheads by building a single-layer data path with a one-shot fast-path incorporating all processing from the TCP transport layer through network virtualization and virtual switching. Virtuoso improves resource efficiency by up to 82%, latencies by up to 58% compared to other virtualized network stacks without sacrificing isolation, and keeps processing overhead within 6.7% of unvirtualized stacks.
Paper Structure (61 sections, 2 equations, 11 figures, 1 table, 1 algorithm)

This paper contains 61 sections, 2 equations, 11 figures, 1 table, 1 algorithm.

Table of Contents

  1. Introduction
  2. Background
  3. Network Virtualization Concepts
  4. Status Quo: Layered Silos
  5. Advantages.
  6. Disadvantages.
  7. SR-IOV is not a panacea.
  8. Summary.
  9. Virtualization Overheads
  10. Prior Work
  11. Reducing layering overheads.
  12. Hardware offload.
  13. Virtuoso Approach
  14. Design Principles
  15. Shared network stack for elastic resource utilization.
  16. ...and 46 more sections

Figures (11)

  • Figure 1: Layered and independent virtualized stacks.
  • Figure 2: Fast-path manages TX and RX; slow-path handles control operations. Legacy applications follow a layered legacy path.
  • Figure 3: The fast path routes packets to VMs with cached state; the slow path fetches tunnel headers on cache misses.
  • Figure 4: Guest VM latency and throughput with variable boost, budget caps, and update periods, under adversarial interference.
  • Figure 5: Fast-path cores utilize a guest's local budget for processing tasks; all tasks measure resource consumption, with the slow-path periodically replenishing budgets
  • ...and 6 more figures