Ally: OS-Transparent Packet Inspection Using Sequestered Cores

This paper presents Ally, a server platform architecture that supports compute-intensive management services on multi-core processors. Ally introduces simple hardware mechanisms to sequester cores to run a separate software environment dedicated to management tasks, including packet processing software appliances (e.g. for Deep Packet Inspection, DPI) with efficient mechanisms to safely and transparently intercept network packets. Ally enables distributed deployment of compute-intensive management services throughout a data center. Importantly, it uniquely allows these services to be deployed independent of the arbitrary OSs and/or hyper visor that users may choose to run on the remaining cores, with hardware isolation preventing the host environment from tampering with the management environment. Experiments using full system emulation and a Linux-based prototype validate Ally functionality and demonstrate low overhead packet interception, e.g., using Ally to host the well-known Snort packet inspection software incurs less over-head than deploying Snort as a Xen virtual machine appliance, resulting in up to 2× improvement in throughput for some workloads.