QUIC encryption and decryption offloading based on data processing unit

Abstract

Abstract: QUIC, as an emerging transmission protocol parallel to TCP, follows the TCP research approach. The mainstream research way is hardware offloading, which offloads computation-intensive functional modules to network devices and replaces host CPU computation by hardware processing. However, due to the poor generality of hardware offloading, although its performance is high, it cannot guarantee user programmability. To overcome this limitation, this paper proposes a software offloading model—NanoBPF, which is a protocol offloading model based on the RISC-style many-core DPU (Data Processing Unit). By modifying the Bootloader's startup code, it guides the eBPF (extended Berkeley Packet Filter) code as a runtime environment and offloads encryption and decryption functional modules with high CPU utilization rates in the protocol stack using software. The encryption and decryption functional modules are written in high-level languages (C) and compiled into custom BPF (Berkeley Packet Filter) bytecode dynamically loaded into the DPU. The throughput and fairness of the prototype system are validated using local and Docker-based network topologies. The results show that software offloading of message encryption and decryption can increase the message throughput of the protocol stack by nearly 13%, and under certain conditions, it can ensure link fairness with TCP.

Key words: DPU, encryption/decryption, software offloading, multicore parallelism, eBPF code

WANG Ji-chang, L Gao-feng, LIU Zhong-pei, YANG Xiang-rui. QUIC encryption and decryption offloading based on data processing unit[J]. Computer Engineering & Science, 2023, 45(11): 1960-1969.

References ［30］

［1］	Iyengar J,Thomson M. QUIC:A UDP-based multiplexed and secure transport:RFC 9000［S/OL］.［2021-05-01］.https://rfc-editor.org/rfc/rfc9000.txt.
［2］	Iyengar J,Thomson M.Version-independent properties of QUIC:RFC 8999［S/OL］.［2021-05-01］.https://rfc-editor.org/rfc/rfc8999.txt.
［3］	Iyengar J,Thomson M.QUIC loss detection and congestion control:RFC 9002［S/OL］.［2021-05-01］.https://rfc-editor.org/rfc/rfc9002.txt.
［4］	Thomson M,Turner S. Using TLS to secure QUIC:RFC 9001［S/OL］.［2021-05-01］.https://rfc-editor.org/rfc/rfc9001.txt.
［5］	Bishop M.Hypertext transfer protocol version 3 (HTTP/3)［EB/OL］.［2022-02-18］.https://www.ietf.org/archive/id/draft-ietf-quic-http-27.html.
［6］	Rescorla E,Dierks T.The transport layer security (TLS) protocol version 1.3:RFC8446［S/OL］.［2022-02-18］.https://www.rfc-editor.org/rfc/rfc8446.
［7］	Turner S,Polk T.Prohibiting secure sockets layer (SSL) version 2.0:RFC6176［S/OL］.［2022-02-18］.https://www.rfc-editor.org/rfc/rfc6176.
［8］	Yu Y J,Xu M W,Yang Y.When QUIC meets TCP:An experimental study［C］∥Proc of 2017 IEEE 36th International Performance Computing and Communications Conference,2017:1-8.
［9］	Kakhki A M,Jero S,Choffnes D,et al.Taking a long look at QUIC:An approach for rigorous evaluation of rapidly evolving transport protocols［C］∥Proc of the 2017 Internet Measurement Conference,2017:290-303.
［10］	Scharf M,Kiesel S.NXG03-5:Head-of-line blocking in TCP and SCTP:Analysis and measurements［C］∥Proc of IEEE Globecom 2006,2006:1-5.
［11］	Langley A,Riddoch A,Wilk A,et al.The quic transport protocol:Design and internet-scale deployment［C］∥Proc of the Conference of the ACM Special Interest Group on Data Communication,2017:183-196.
［12］	Yang X,Eggert L,Ott J,et al.Making QUIC quicker with NIC offload［C］∥Proc of the Workshop on the Evolution,Performance,and Interoperability of QUIC,2020:21-27.
［13］	Linux Foundation.Data plane development kit［EB/OL］.［2018-12-12］.https://www.dpdk.org/.
［14］	Rizzo L.Netmap:A novel framework for fast packet I/O［C］∥Proc of the 2012 USENIX Annual Technical Confe- rence,2012:101-112.
［15］	Rogaway P.Authenticated-encryption with associated data［C］∥Proc of the 9th ACM Conference on Computer and Communications Security,2002:98-107.
［16］	https://blogs.nvidia.com/blog/2020/05/20/whats a dpu data processing unit/.
［17］	Hiland-Jrgensen T,Brouer J D,Borkmann D,et al.The express data path:Fast programmable packet processing in the operating system kernel［C］∥Proc of the 14th International Conference on Emerging Networking Experiments and Technologies,2018:54-66.
［18］	Docker Inc. Docker engine［EB/OL］.［2022-02-18］.https://www.docker.com.
［19］	TCP offload engine (TOE)［EB/OL］.［2022-03-14］.https://www.chelsio.com/nic/tcp-offload-engine/.
［20］	Hay J, Machnikowski M,Bowers G, et al.Accelerating QUIC via hardware offloads through a socket interface［C］∥Proc of the Technical Conference on Linux Network,2019:1.
［21］	Bellare M,Tackmann B.The multi-user security of authenticated encryption:AES-GCM in TLS 1.3［C］∥Proc of Annual International Cryptology Conference,2016:247-276.
［22］	Ibanez S,Mallery A,Arslan S,et al.The NanoPU:Redesigning the CPU-network interface to minimize RPC tail latency［J］.arXiv:2010.12114,2020.
［23］	Kogias M,Prekas G,Ghosn A,et al. R2P2:Making RPCs first-class datacenter citizens［C］∥Proc of 2019 USENIX Annual Technical Conference,2019:863-880.
［24］	Vieira M,Castanho M,Pacífico R,et al.Fast packet processing with eBPF and XDP:Concepts,code,challenges,and applications［J］.ACM Computing Surveys, 2020,53(1):1-36.
［25］	Kicinski J,Viljoen N.eBPF hardware offload to SmartNICs:Cls bpf and XDP［C］∥Proc of NetDev,2016:1.
［26］	Ariane［EB/OL］.［2022-02-18］.https://github.com/openhwgroup/cva6.git.
［27］	Haj-Yahya J,Wong M M,Pudi V,et al.Lightweight secure-boot architecture for risc-v system-on-chip［C］∥Proc of the 20th International Symposium on Quality Electronic Design,2019:216-223.
［28］	Quant［EB/OL］.［2022-03-03］.https://github.com/NTAP/quant.
［29］	Stanic M P.TC-traffic control Linux QOS control tool［EB/OL］.［2022-02-18］.https://arvanta.net/~map/linux-tc.html.
［30］	Tirumala A.Iperf:The TCP/UDP bandwidth measurement tool［EB/OL］.［2018-12-12］.http://dast.nlanr.net/Projects/Iperf/.

[1]	SHENG Suying1,WU Xinhua2. Research of Online Chaotic Image Secure Communications [J]. J4, 2011, 33(4): 30-34.
[2]	. [J]. J4, 2006, 28(10): 20-22.