mmb: Flexible High-Speed Userspace Middleboxes

Abstract: Nowadays, Internet actors have to deal with a strong increase in Internet traffic at many levels. One of their main challenge is building high-speed and efficient networking solutions. In such a context, kernel-bypass I/O frameworks have become their preferred answer to the increasing bandwidth demands. Many works have been achieved, so far, all of them claiming to have succeeded in reaching line-rate for traffic forwarding. However, this claim does not hold for more complex packet processing. In addition, all those solutions share common drawbacks on either deployment flexibility or configurability and user-friendliness. This is exactly what we tackle in this paper by introducing mmb, a VPP middlebox plugin. mmb allows, through an intuitive command-line interface, to easily build stateless and stateful classification and rewriting middleboxes. mmb makes a careful use of instruction caching and memory prefetching, in addition to other techniques used by other high-performance I/O frameworks. We compare mmb performance with other performance-enhancing middlebox solutions, such as kernel-bypass framework, kernel-level optimized approach and other state-of-the-art solutions for enforcing middleboxes policies (firewall, NAT, transport-level engineering). We demonstrate that mmb performs, generally, better than existing solutions, sustaining a line-rate processing while performing large numbers of complex policies.