Simplifying the development of complex network functions with mOS

  • 2,594

Abstract: Stateful middleboxes, such as intrusion detection systems and application-level firewalls, have provided key functionalities in modern IP networks.  However, developing a middlebox with efficient flow processing is challenging because implementing robust TCP state management is a demanding, error-prone task. Unfortunately, existing networking APIs are primarily designed for end-hosts and lack proper abstractions for intra-flow processing in middleboxes. Thus, middlebox developers often write complex flow management logic from scratch, which is not only prone to errors, but also wastes efforts for similar functionalities across applications.

In this talk, I will introduce mOS, a reusable networking stack for stateful flow processing in middlebox applications. mOS exposes a set of well-defined APIs that allow developers to focus on the core application logic instead of dealing with low-level packet/flow processing themselves. Under the hood, mOS implements an efficient event system that scales to monitoring millions of concurrent flow events at a low cost. Our evaluation demonstrates that the mOS enables modular development of stateful middleboxes, often significantly reducing development efforts represented by the source lines of code, while introducing little performance overhead in multi-10G network environments.


Bio: KyoungSoo Park is an associate professor in the school of Electrical Engineering at KAIST. He received his B.S. degree from Seoul National University in 1997, and his M.A. and Ph.D. degrees from Princeton University in 2004 and 2007, respectively, all in computer science. His research is focused on the reliability, performance, and security issues in the design and implementation of networked computing systems. His recent research interest includes high-performance flow processing on multicore systems, scalable resource management for distributed machine learning, and modular software architecture for embedded systems. He and his group have won two major awards given by the USENIX NSDI, namely, the best paper award at NSDI’17 and a community award at NSDI’17 given to the best paper among those that open-sourced their work.