| Item type |
SIG Technical Reports(1) |
| 公開日 |
2022-07-20 |
| タイトル |
|
|
タイトル |
Accelerating TCP/IP Communications in Rootless Containers by Socket Switching |
| タイトル |
|
|
言語 |
en |
|
タイトル |
Accelerating TCP/IP Communications in Rootless Containers by Socket Switching |
| 言語 |
|
|
言語 |
eng |
| キーワード |
|
|
主題Scheme |
Other |
|
主題 |
ユーザ空間 |
| 資源タイプ |
|
|
資源タイプ識別子 |
http://purl.org/coar/resource_type/c_18gh |
|
資源タイプ |
technical report |
| 著者所属 |
|
|
|
Kyoto University |
| 著者所属 |
|
|
|
NTT Software Innovation Center |
| 著者所属(英) |
|
|
|
en |
|
|
Kyoto University |
| 著者所属(英) |
|
|
|
en |
|
|
NTT Software Innovation Center |
| 著者名 |
Naoki, Matsumoto
Akihiro, Suda
|
| 著者名(英) |
Naoki, Matsumoto
Akihiro, Suda
|
| 論文抄録 |
|
|
内容記述タイプ |
Other |
|
内容記述 |
”Rootless containers” is a concept to run the entire container runtime and containers without the root privileges. It protects the host environment from attackers exploiting container runtime vulnerabilities. However, when rootless containers communicate with external endpoints, the network performance is very low compared to rootful containers because of the overhead of the user-land TCP/IP implementation called ”slirp4netns”. In this paper, we propose ”bypass4netns” that accelerate TCP/IP communications in rootless containers by bypassing slirp4netns. bypass4netns uses sockets allocated on the host. It switches socket file descriptors in containers to the host's socket file descriptors by intercepting syscalls and injecting the file descriptors, using ioctl (SECCOMP_IOCTL_NOTIF_ADDFD). We confirmed that rootless containers with bypass4netns can achieve more than 10 times faster throughput than rootless containers without it. |
| 論文抄録(英) |
|
|
内容記述タイプ |
Other |
|
内容記述 |
”Rootless containers” is a concept to run the entire container runtime and containers without the root privileges. It protects the host environment from attackers exploiting container runtime vulnerabilities. However, when rootless containers communicate with external endpoints, the network performance is very low compared to rootful containers because of the overhead of the user-land TCP/IP implementation called ”slirp4netns”. In this paper, we propose ”bypass4netns” that accelerate TCP/IP communications in rootless containers by bypassing slirp4netns. bypass4netns uses sockets allocated on the host. It switches socket file descriptors in containers to the host's socket file descriptors by intercepting syscalls and injecting the file descriptors, using ioctl(SECCOMP_IOCTL_NOTIF_ADDFD). We confirmed that rootless containers with bypass4netns can achieve more than 10 times faster throughput than rootless containers without it. |
| 書誌レコードID |
|
|
収録物識別子タイプ |
NCID |
|
収録物識別子 |
AN10444176 |
| 書誌情報 |
研究報告システムソフトウェアとオペレーティング・システム(OS)
巻 2022-OS-156,
号 9,
p. 1-7,
発行日 2022-07-20
|
| ISSN |
|
|
収録物識別子タイプ |
ISSN |
|
収録物識別子 |
2188-8795 |
| Notice |
|
|
|
SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc. |
| 出版者 |
|
|
言語 |
ja |
|
出版者 |
情報処理学会 |
IPSJ-OS22156009.pdf (1.3 MB)
