OASis: towards extensible open-architecture services platforms

Abstract

In this paper, we propose an extensible Open-Architecture Services platform (OASis) for high-performance network processing. OASis embraces recent advances of open technologies, including open source software, open system standards and open network architectures. Three programming models are proposed for target-specific processing modules: a multi-granularity packet processing model for network processing; a thread-isolated parallel programming model for service processing; and a message-based management model for centralized system administration. As an application example of OASis, a Unified Threat Management (UTM) prototype is implemented. This prototype provides multiple network security services, including stateful firewall, intrusion detection, and virus scanning. Experimental results show that, the OASis-UTM prototype can achieve 40Gbps stateful firewall performance together with 4--8Gbps intrusion detection and anti-virus performance on a 12U 14-slot ATCA platform.