Fast and Secure: DPDK Meets Confidential Computing - Zhifei Yang, TikTok
HTML-код
- Опубликовано: 25 сен 2023
- Fast and Secure: DPDK Meets Confidential Computing - Zhifei Yang, TikTok
The latest Confidential Virtual Machine (CVM) technologies such as AMD SEV, Intel TDX and ARM CCA allow customers to deploy their services in cloud VMs without trusting the cloud provider. As high-performance I/O applications such as DPDK and SPDK are often deployed in virtualized environments for easier maintenance and better isolation, moving them into CVMs further ensures confidentiality. However, this poses unique challenges: 1) DPDK requires shared hugepages for direct I/O in CVM, while hugetlbfs lacks the notion of private/shared state; 2) DPDK library itself is underoptimized due to unawareness of private/shared memory; 3) different hardware vendors impose different restrictions on the CVM control and data path. In this talk, we present our ongoing efforts of deploying DPDK applications in CVM, including patching the Linux kernel to allow differentiating private/shared memory from user space, optimizing DPDK for CVM-aware memory management, and introducing an abstraction layer to hide CVM platform subtleties. We explain the trade-offs behind our design and discuss future directions.
Accelerating Network Performance - The most popular kit to accelerate packet processing on a wide variety of CPU architectures Designed to run on x86, POWER and ARM processors, DPDK is a set of libraries running mostly in Linux userland, with a FreeBSD port available for a subset of features. www.dpdk.org/ 
Наука
