Kenichi Yasukata, Michio Honda, Douglas Santry, and Lars Eggert
2016 USENIX Annual Technical Conference
StackMap leverages the best aspects of kernel-bypass networking into a new low-latency OS network service based on the full-featured TCP kernel implementation, by dedicating network interfaces to applications and offering an extended version of the netmap API for zero-copy, low-overhead data path alongside control path based on socket API. For small-message, transactional workloads, StackMap outperforms baseline Linux by 4 to 78 % in latency and 42 to 133 % in throughput. It also achieves comparable performance with Seastar, a highly-optimized user-level TCP/IP stack that runs on top of DPDK.
Peter Shah, and Won So
Many storage customers are adopting encryption solutions to protect themselves against data leakage or theft. Encryption solutions are already on the market, many of which take the form of encryption solutions that sit in, or near, the application that is the source of critical data. We refer to this deployment strategy as data-source encryption. Placing encryption near the source makes it easy to guarantee that data remains encrypted downstream of the application, enabling the use of untrusted storage,such as public clouds. Unfortunately, data-source encryption encryption also prevents downstream storage systems from applying content-based data management features, such as data deduplication to the data. In this paper, we present Lamassu, an alternative encryption solution that provides strong, data-source encryption, while preserving downstream storage-based data deduplication. Lamassu uses a convergent encryption strategy to provide this service, and,unlike past convergent encryption systems, securely inserts encryption metadata into the data stream, rather than placing it in a dedicated store. This allows us to use existing systems without requiring any modification to either the client application or the storage controller. In this paper we will lay out the architecture and security model used in our prototype system, and provide an analysis of its performance under a variety of circumstances. Our performance analysis will show that our system provides excellent storage efficiency, while achieving I/O throughput on par with similar conventional encryption systems.