Traditional network resident functions (e.g., firewalls, network address translation) and middleboxes (caches, load balancers) have moved from purpose-built appliances to software-based components. However, L2/L3 network functions (NFs) are being implemented on Network Function Virtualization (NFV) platforms that extensively exploit kernel-bypass technology. They often use DPDK for zero-copy delivery and high performance. On the other hand, L4/L7 middleboxes, which have a greater emphasis on functionality, take advantage of a full-fledged kernel-based system. L2/L3 NFs and L4/L7 middleboxes continue to be handled by distinct platforms on different nodes. This paper proposes MiddleNet that develops a unified network resident function framework that supports L2/L3 NFs and L4/L7 middleboxes. MiddleNet supports function chains that are essential in both NFV and middlebox environments. MiddleNet uses the Data Plane Development Kit (DPDK) library for zero-copy packet delivery without interrupt-based processing, to enable the "bump-in-the-wire" L2/L3 processing performance required of NFV. To support L4/L7 middlebox functionality, MiddleNet utilizes a consolidated, kernel-based protocol stack for processing, avoiding a dedicated protocol stack for each function. MiddleNet fully exploits the event-driven capabilities of the extended Berkeley Packet Filter (eBPF) and seamlessly integrates it with shared memory for high-performance communication in L4/L7 middlebox function chains. The overheads for MiddleNet in L4/L7 are strictly load-proportional, without needing the dedicated CPU cores of DPDK-based approaches. MiddleNet supports flow-dependent packet processing by leveraging Single Root I/O Virtualization (SR-IOV) to dynamically select the packet processing needed (Layers 2 - 7). Our experimental results show that MiddleNet achieves high performance in such a unified environment.

翻译：传统网络驻留功能（如防火墙、网络地址转换）及中间件（缓存、负载均衡器）已从专用硬件设备转向基于软件的实现。然而，L2/L3层网络功能正部署在广泛利用内核旁路技术的网络功能虚拟化平台上，通常采用DPDK实现零拷贝交付与高性能。另一方面，更侧重于功能实现的L4/L7层中间件则充分利用成熟的内核级系统。L2/L3网络功能与L4/L7中间件仍由不同节点上的独立平台处理。本文提出MiddleNet，构建支持L2/L3网络功能与L4/L7中间件的统一网络驻留功能框架。MiddleNet支持网络功能虚拟化与中间件环境中均至关重要的功能链。该框架利用数据平面开发套件库实现无中断处理的零拷贝数据包交付，满足NFV所需的"在线直插"式L2/L3处理性能。为支持L4/L7中间件功能，MiddleNet采用统一的内核协议栈进行处理，避免为每个功能配备专用协议栈。MiddleNet充分运用扩展的伯克利数据包过滤器的事件驱动能力，将其与共享内存无缝集成，实现L4/L7中间件功能链中的高性能通信。其L4/L7处理开销严格遵循负载比例增长特征，无需DPDK方案所需的专用CPU核心。MiddleNet利用单根输入/输出虚拟化技术支持基于流的包处理，动态选择所需的包处理层级（L2-L7）。实验结果表明，MiddleNet在此统一环境中实现了高性能。