Resilient Edge: A scalable, robust network function backend

Increasing hardware resources, such as multi-core and multi-socket CPUs, memory capacity and high-speed NICs, impose significant challenges on Network Function Virtualization (NFV) backends. They increase the potential numbers of per-server NFs or tenants, which requires a packet switching architecture that is not only scalable to large number of virtual ports, but also robust to attacks on the data plane. This is a real problem; a recent study has reported that Open vSwitch, a widely used software switch, had a buffer-overflow bug in its data plane that results the entire SDN domain to be hijacked by worms propagated in the network. In order to address this problem, we propose REdge. It scales to thousands of virtual ports or NFs (as opposed to hundreds in the current state-of-the art), and protect modular, flexible packet switching logic against various bugs, such as buffer overflow and other unexpected operations using static program checking. When 2048 NFs are active and packets are distributed to them based on the MAC or IP addresses, REdge achieves 3.16 Mpps or higher packet forwarding rates for 60 byte packets and achieves the wire rate for 1500 byte packets in the 25 Gbps link.