Network functions currently use network card drivers intended for general purpose use, even though many core network functions have a restricted model. General-purpose drivers are hard to verify, requiring tradeoffs between peformance and verifiability.

We present TinyNF, a new driver model for network cards aimed at non-TCP network functions, such as Ethernet bridges, load balancers, and IP routers. TinyNF allows network functions to process packets one by one, modifying each packet as needed before transmitting or dropping it. Unlike traditional drivers, as found in DPDK and other such frameworks, network functions cannot keep buffers around for later.

TinyNF not only improves the performance of network functions compared to a verified driver subset, with 160% more throughput on average, but also beats state-of-the-art drivers that are too complex to verify. In addition, network functions can be verified 8x faster with TinyNF compared to using a verified driver subset.

Our code is publicly available:

Paper: A Simpler and Faster NIC Driver Model for Network Functions, Solal Pirelli and George Candea, USENIX Symposium on Operating Systems Design and Implementation (OSDI), Banff, Canada, November 2020