Virtuoso: High Resource Utilization and μs-scale Performance Isolation in a Shared Virtual Machine TCP Network Stack

Virtualization improves resource efficiency and ensures security and performance isolation for cloud applications. Today, operators use a layered architecture with separate network stack instances in each VM and container connected to a virtual switch. Decoupling through layering reduces complexity, but induces performance and resource overheads at odds with increasing demands for network bandwidth, connection scalability, and low latency. We present Virtuoso, a new software network stack for VMs and containers. Virtuoso re-organizes the network stack to maximize CPU utilization, enforce isolation, and minimize processing overheads. We maximize utilization by running one elastically shared network stack instance on dedicated cores; we enforce isolation by performing central and fine-grained per-packet resource accounting and scheduling; we reduce overheads by building a single-layer data path with a one-shot fast-path incorporating all processing from the TCP transport layer through network virtualization and virtual switching. Virtuoso improves resource efficiency by up to 82%, latencies by up to 58% compared to other virtualized network stacks without sacrificing isolation, and keeps processing overhead within 6.7% of unvirtualized stacks.