{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,19]],"date-time":"2025-12-19T09:37:40Z","timestamp":1766137060130,"version":"3.41.0"},"reference-count":15,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2018,8,28]],"date-time":"2018-08-28T00:00:00Z","timestamp":1535414400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGOPS Oper. Syst. Rev."],"published-print":{"date-parts":[[2018,8,28]]},"abstract":"<jats:p>VMware NSX virtualizes network functionality in a manner anal- ogous to how hypervisors virtualize compute resources. To do this, NSX must faithfully recreate virtual versions of network compo- nents, such as switches, routers, and firewalls. As this functionality becomes commoditized, NSX must move \"up the stack\" to provide more advanced features, such as load-balancers, IDS\/IPS (intrusion detection and prevention systems), and DPI (deep packet inspec- tion) for classification. NSX is designed to work in all types of deployments-even those without any other VMware software. It integrates with ESXi, Linux KVM, and Hyper-V hypervisors; it is even being made to work on systems without a hypervisor, such as containers and third- party clouds. Each of these platforms has its own native forwarding plane. For the best user experience, all of the forwarding planes should provide the same behavior, but the disparate implemen- tations make this difficult in practice. As network functions be- come more complex and as NSX supports more forwarding planes, both duplication of effort and undesirable diversity of behavior in- creases. We propose a new approach to building advanced network func- tions in NSX. Under this approach, identical code runs on all of NSX's supported platforms. Applications will run at or near native performance, but with better security and identical cross-platform behavior. We demonstrate this by writing a single application to provide DPI functionality that runs in the fast paths of each of NSX's primary platforms: ESXi, Linux, and Edge gateway appli- ance. We evaluate the performance and correctness of our imple- mentation on the three platforms.<\/jats:p>","DOI":"10.1145\/3273982.3273994","type":"journal-article","created":{"date-parts":[[2018,8,30]],"date-time":"2018-08-30T13:45:11Z","timestamp":1535636711000},"page":"123-128","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Bringing Platform Harmony to VMware NSX"],"prefix":"10.1145","volume":"52","author":[{"given":"Justin","family":"Pettit","sequence":"first","affiliation":[{"name":"VMware Inc."}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ben","family":"Pfaff","sequence":"additional","affiliation":[{"name":"VMware Inc."}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joe","family":"Stringer","sequence":"additional","affiliation":[{"name":"VMware Inc."}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Cheng-Chun","family":"Tu","sequence":"additional","affiliation":[{"name":"VMware Inc."}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Brenden","family":"Blanco","sequence":"additional","affiliation":[{"name":"VMware Inc."}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alex","family":"Tessmer","sequence":"additional","affiliation":[{"name":"VMware Inc."}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2018,8,28]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Deep packet inspection. https:\/\/en.wikipedia.org\/wiki\/ Deep_packet_inspection.  Deep packet inspection. https:\/\/en.wikipedia.org\/wiki\/ Deep_packet_inspection."},{"key":"e_1_2_1_2_1","unstructured":"VMware NSX with next-generation security from Palo Alto Networks. https:\/\/www.paloaltonetworks.com\/resources\/ techbriefs\/vmware-nsx-solution-brief.  VMware NSX with next-generation security from Palo Alto Networks. https:\/\/www.paloaltonetworks.com\/resources\/ techbriefs\/vmware-nsx-solution-brief."},{"key":"e_1_2_1_3_1","unstructured":"Use cases: IO Visor project. https:\/\/www.iovisor.org\/ technology\/use-cases May 2017.  Use cases: IO Visor project. https:\/\/www.iovisor.org\/ technology\/use-cases May 2017."},{"key":"e_1_2_1_4_1","unstructured":"Brenden Blanco Brendan Gregg Sasha Goldshtein etal BPF com- piler collection (BCC). https:\/\/github.com\/iovisor\/bcc.  Brenden Blanco Brendan Gregg Sasha Goldshtein et al. BPF com- piler collection (BCC). https:\/\/github.com\/iovisor\/bcc."},{"key":"e_1_2_1_5_1","unstructured":"Jonathan Corbet. Extending extended BPF. http:\/\/lwn.net\/ Articles\/603983\/ 2014.  Jonathan Corbet. Extending extended BPF. http:\/\/lwn.net\/ Articles\/603983\/ 2014."},{"key":"e_1_2_1_6_1","unstructured":"Free Software Foundation. GNU general public license version 2. https:\/\/www.gnu.org\/licenses\/old-licenses\/gpl-2.0. en.html June 1991.  Free Software Foundation. GNU general public license version 2. https:\/\/www.gnu.org\/licenses\/old-licenses\/gpl-2.0. en.html June 1991."},{"key":"e_1_2_1_7_1","unstructured":"Intel et al. DPDK: Data plane development kit. http:\/\/dpdk.org\/.  Intel et al. DPDK: Data plane development kit. http:\/\/dpdk.org\/."},{"key":"e_1_2_1_8_1","first-page":"15","volume-title":"2016 Usenix Annual Technical Conference (USENIX ATC 16)","author":"Jackson Ethan J","year":"2016"},{"volume-title":"USENIX Winter, vol- ume 46","year":"1993","author":"McCanne Steven","key":"e_1_2_1_9_1"},{"key":"e_1_2_1_10_1","unstructured":"David Miller. {GIT net-next} Open vSwitch. https:\/\/www. spinics.net\/lists\/netdev\/msg291696.html August 2014.  David Miller. {GIT net-next} Open vSwitch. https:\/\/www. spinics.net\/lists\/netdev\/msg291696.html August 2014."},{"key":"e_1_2_1_11_1","unstructured":"David Miller. net: Add STT support. https:\/\/www.spinics.net\/ lists\/netdev\/msg314619.html January 2015.  David Miller. net: Add STT support. https:\/\/www.spinics.net\/ lists\/netdev\/msg314619.html January 2015."},{"key":"e_1_2_1_12_1","unstructured":"Quentin Monnet et al. rbpf: Rust (user-space) virtual machine for eBPF. https:\/\/github.com\/qmonnet\/rbpf.  Quentin Monnet et al. rbpf: Rust (user-space) virtual machine for eBPF. https:\/\/github.com\/qmonnet\/rbpf."},{"key":"e_1_2_1_13_1","unstructured":"Ben Pfaff. CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch. https:\/\/mail.openvswitch.org\/pipermail\/ ovs-announce\/2016-March\/000222.html March 2016.  Ben Pfaff. CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch. https:\/\/mail.openvswitch.org\/pipermail\/ ovs-announce\/2016-March\/000222.html March 2016."},{"key":"e_1_2_1_14_1","unstructured":"Julien Tinnes. Introducing Chrome's next-generation Linux sandbox. http:\/\/blog.cr0.org\/2012\/09\/ introducing-chromes-next-generation.html September 2012  Julien Tinnes. Introducing Chrome's next-generation Linux sandbox. http:\/\/blog.cr0.org\/2012\/09\/ introducing-chromes-next-generation.html September 2012"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3139645.3139657"}],"container-title":["ACM SIGOPS Operating Systems Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3273982.3273994","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3273982.3273994","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:44:44Z","timestamp":1750207484000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3273982.3273994"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,8,28]]},"references-count":15,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2018,8,28]]}},"alternative-id":["10.1145\/3273982.3273994"],"URL":"https:\/\/doi.org\/10.1145\/3273982.3273994","relation":{},"ISSN":["0163-5980"],"issn-type":[{"type":"print","value":"0163-5980"}],"subject":[],"published":{"date-parts":[[2018,8,28]]},"assertion":[{"value":"2018-08-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}