TEE Time at P4—Performance Analysis of Trusted Execution Environments for Packet Processing

TEE Time a P4—Pe o mance Analysis o T us ed
Execu ion En i onmen s o Packe P ocessing
Manuel Simon, Sebas ian Wa e , Sebas ian Gallenm¨
ulle , and Geo g Ca le
Chai o Ne wo k A chi ec u es and Se ices, Technical Uni e si y o Munich, Ge many
{simonm|gallenmu|ca le}@ne .in. um.de, [email p o ec ed]
Abs ac —Mode n compu e ne wo ks, such as 5G/6G ne -
wo ks, equi e high-pe o mance, low-la ency, and secu e packe
p ocessing while ensu ing da a con iden iali y in cloud en i on-
men s. T us ed Execu ion En i onmen s (TEEs) add ess hese
secu i y equi emen s and p o ide enc yp ed memo y a eas ha
p o ec sensi i e da a om un us ed cloud p o ide s. This pape
p esen s a pe o mance analysis o TEE echnologies, speci ically
In el SGX and AMD SEV-SNP, in he con ex o so wa e-based
use -space packe p ocessing wi h DPDK and he P4 language.
We e alua e wo a chi ec u al app oaches: (1) in eg a ing TEEs
as ex e nal p ocessing modules implemen ed wi h SGX and (2)
execu ing he en i e P4 pipeline inside a TEE using AMD-
SEV. Ou analysis examines compu a ional and I/O o e head
ac oss di e en CPU a chi ec u es. The esul s show he ade-
o s be ween TEE designs, implemen a ions, and pe o mance,
demons a ing ha AMD SEV-SNP o e s be e scalabili y wi h
lowe pe o mance penal ies compa ed o In el SGX.
Index Te ms—TEE, SGX, SEV-SNP, P4, Packe P ocessing
I. INTRODUCTION
Mode n compu e ne wo ks, i.e., 5G/6G, aim o high-
pe o mance, low-la ency, secu e, and highly cus omizable
end- o-end connec ions. This end shi s unc ionali y in o he
ne wo k using cloud-based ne wo k unc ions (NFs). Howe e ,
mo ing unc ionali y and da a o hi d pa ies equi es us o
gua an ee he desi ed execu ion and p o ec sensi i e da a. Fo
ins ance, moni o ing and in usion de ec ion may in ol e he
analysis o IP add esses o known en i ies o e en include
analyzing he payload. Sensi i e use in o ma ion mus be
p o ec ed om he hi d pa y. Mo eo e , adminis a o s wan
o ensu e ha p og am code and unc ionali y a e no modi-
ied (maliciously) by he cloud p o ide . These p oblems a e
ackled by T us ed Execu ion En i onmen s (TEE), o e ing
enc yp ed memo y in which he keys a e only accessible by
he unde lying ha dwa e i sel . The e o e, CPUs o e ing TEE
abs ac he unde lying secu e execu ion om use s. This way,
he ope a o only has o us CPU manu ac u e s bu no
cloud p o ide s. Di e en implemen a ions o TEEs exis ; he
mos p ominen include In el’s So wa e Gua d Ex ensions
(SGX) and AMD’s Secu e Enc yp ed Vi ualiza ion wi h Se-
cu e Nes ed Paging (SEV-SNP).
We analyze he pe o mance o he di e en app oaches and
compa e he use cases w. . . so wa e packe p ocessing. Fo
ha , we in es iga e T4P4S [1], a P4 so wa e swi ch based on
DPDK. P4 [2] is a p og amming language o da a planes o
so wa e-de ined ne wo ks. I b ings he ad an age o a high-
le el, domain-speci ic language o build high-pe o mance NFs
in a a ge -independen way. T4P4S ansla es he P4 p og ams
o DPDK code, allowing he execu ion on commodi y, gen-
e al pu pose ha dwa e. I s implemen a ion in so wa e makes
T4P4S a sui able choice o execu ion in he cloud. We will
in es iga e wo di e en modes: P4 p o ides he op ion o
using ex e nal, non-P4 unc ionali y, which we can use o
de ine he API be ween common packe p ocessing and he
execu ion o sensi i e pa s inside he TEE. Al e na i ely, he
whole packe p ocessing pipeline may lay inside he TEE.
Ou con ibu ions a e: Implemen a ion o a P4 use -space
so wa e pipeline inside/nex o a TEE, compa ison o di e -
en TEE designs and implemen a ions, de ailed pe o mance
analysis o TEEs and implemen a ions o use -space packe
p ocessing, and a pe o mance model o I/O o e head.
II. BACKGROUND
a) P4 [2]: is a p og amming language o da a planes.
P4 suppo s ha dwa e and so wa e a ge s. So-called “ex-
e ns” add non-P4, a ge -speci ic unc ionali y. P4 o e s a
p og ammable pipeline o in oduce new p o ocols. Ou s udy
u ilizes he open-sou ce P4 so wa e a ge T4P4S [1] o
in es iga e packe p ocessing wi h and wi hou TEEs. T4P4S
is based on DPDK and, he e o e, o e s high pe o mance.
b) DPDK: is a amewo k o high-pe o mance packe
p ocessing. I s pe o mance elies on: (1) packe ecep ion ia
polling o ba ches, a oiding cos ly in e up s; and (2) unning
en i ely in use space o bypass he ke nel ne wo k s ack.
Di ec Memo y Access (DMA) o packe I/O causes issues
when used wi h us ed execu ion (c . Sec. II-0e). DPDK o e s
d i e s ha bind he NIC o he ke nel while copying e e y
packe o use space, i.e., XDP socke s (c . Sec. II-0 ); he
copy ope a ions inc ease p ocessing cos s. In e u n, DPDK
p og ams can s ill un wi hou equi ed modi ica ions i he
use space d i e s canno be used.
c) TEEs: gua an ee, acco ding o Sab e al. [3], he
“au hen ici y o he execu ed code, he in eg i y o un ime
s a es [. . . ], and he con iden iali y o i s code, da a and
un ime s a es [. . . ].” Cus ome s unning code in a TEE need
only us he execu ed code and CPU manu ac u e —no
he ha dwa e ope a o o hype iso . To ensu e he de ined
p ope ies, TEEs enc yp he memo y, using p o ec ed sec e s
on he CPU. Examples o TEEs include In el SGX and AMD
SEV. Fo packe p ocessing, di e en use cases a e possible:
calcula ions on enc yp ed a ic, as secu e ne wo k ga eways,
o as a p i acy-p ese ing moni o o (enc yp ed) a ic.
Table I: Compa ison o TEE implemen a ions
In el SGX AMD SEV-SNP
Type Use space VM
Mem. enc yp ion/in eg i y ✓/✓ ✓ /✓
O e head Con ex swi ches swio lb
A chi ec u e spli (secu e encla e) all in secu e VM
Requi es e ac o ing ✓✗
d) In el SGX: implemen s a TEE by ex ending he In-
s uc ion Se A chi ec u e. SGX allows he c ea ion o so-
called encla es ha a e sepa a ed om he egula use space.
Memo y in he encla e is enc yp ed. Running p og ams can
e i y hei in eg i y ia a secu e hash using a web se ice.
SGX p og ams mus be modi ied, equi ing a spli in o un-
us ed and us ed pa s, unning in egula use space o he
encla e. Since memo y in he encla e is limi ed, only he pa s
o he so wa e ha equi e us will un he e. We did no
in es iga e In el TDX, a mo e ecen TEE implemen a ion, as
we did no ha e access o a machine wi h TDX suppo .
e) AMD SEV: isola es he hype iso om gues VMs
and enc yp s hei memo y. The AMD Secu e P ocesso man-
ages he access o he in ol ed keys. Nei he he hype iso
no o he VMs can access he da a o he TEE VM. Hype iso
and gues ke nel mus be adap ed o handle enc yp ed pages.
To acili a e da a sha ing, memo y pages can be ma ked as
unenc yp ed. To ans e packe s in o us ed VMs, “bounce
bu e s” a e used, which ans e all da a om a empo a y,
unenc yp ed memo y a ea—used o DMA ope a ions by he
NIC— o he enc yp ed memo y a ea o he us ed VM. This
anspa en p ocess allows he use o exis ing ke nel d i e s
inside he VM wi hou modi ica ions. Howe e , i in oduces
addi ional la ency as all da a mus be copied. AMD p oposed
SEV T us ed-I/O (SEV-TIO) [4], which allows di ec DMA
ope a ions on p i a e and us ed memo y pages, elimina ing
he de ou h ough bounce bu e s. This ea u e inc eases
pe o mance and mi iga es a acks agains he memo y enc yp-
ion [5]. Table I lis s he ea u es o he wo in es iga ed TEEs.
) XDP F amewo k: Sha ed memo y pages canno be
c ea ed inside an AMD SEV VM om use space. We can use
he eXp ess Da a Pa h (XDP) [6] ke nel hook and AF_XDP
socke s as wo ka ound. The hook is called ea ly in he Linux
ne wo k s ack, and inside, ex ended Be keley Packe Fil-
e s (eBPF) can con ol packe (p e-)p ocessing. The eBPF VM
is a egis e machine ha uns e i ied code, and he NF can
edi ec packe s o an AF_XDP socke o u he p ocessing
ou side eBPF. This way, packe s om ke nel space, whe e he
sha ed pages a e loca ed, can be ans e ed o a use space
applica ion, i.e., DPDK. In copy mode, packe s a e duplica ed
and made accessible by DPDK ea ly in he ne wo king s ack,
hus a oiding cos ly ke nel execu ion. Wi hou SEV-TIO, in
o al, wo copies (bounce bu e s, XDP copy) a e equi ed o
use DPDK inside he TEE. [3]
III. RELATED WORK
Ligh Box [7] is an SGX-enabled implemen a ion o secu e
middleboxes. I o e s low s a e managemen and secu es
packe payloads and me ada a. Ligh Box uses a complex se up
P4 Pipeline
Pa se
Ma ch-
Ac ion
Ing ess
Ma ch-
Ac ion
Eg ess
T a ic
Manage
Depa se
Packe Packe
TEE ex e n
(a) TEE ex e n / ex e n app oach
TEE P4 Pipeline
Pa se
Ma ch-
Ac ion
Ing ess
Ma ch-
Ac ion
Eg ess
T a ic
Manage
Depa se
Packe Packe
(b) P4 pipeline in TEE / secu e P4 pipeline
Figu e 1: TEE posi ions o a P4 pipeline; packe pa h in g een,
da a pa h in pu ple; dashed pa hs may in ol e copies
wi h cus om i ual ne wo k in e aces, whe eas ou solu ion
uses s anda d echnologies. OFTinSGX [8] uns he OpenFlow
ules o Open Swi ch inside an SGX encla e. The e o e, i
isola es and secu es he exis ing ables and ules. Howe e ,
i canno handle enc yp ed da a lows. Ou P4-based solu ion
is mo e lexible, allowing a bi a y p o ocols and ad anced
p ocessing. ShieldBox [9] le e ages SGX encla es o c ea e
secu e con aine s. I uses Click [10] and SCONE o un NFs in
he encla e. Sa eB icks [11] simila ly enables secu e NF exe-
cu ion inside SGX encla es. I uses DPDK o I/O and sha ed
bu e s o communica e wi h he NF in he encla e wi hou
he need o an addi ional copy. I spli s he DPDK p ocessing
pa om he us ed unc ion. Sa eB icks uses Ne B icks [12]
o p og am NFs; ou solu ion elies on he a ge -independen
P4. k -io [13] is a amewo k o un applica ions inside In el
SGX ha ing a di ec use space ne wo k I/O s ack wi hin he
TEE. They p o ide a POSIX-compa ible socke () API.
The modi ied DPDK e sion o k -io uns inside he SGX
encla e o p o ide ne wo k access. We do no wan o ely
on highly cus omized and specialized solu ions bu in es iga e
common, easy- o-adap DPDK p ocessing app oaches. Li e
al. [14] p oposed a ke nel module allowing ha dwa e access o
DPDK om inside an SEV VM. Thei implemen a ion pa ly
elies on bounce bu e s. Ou app oach uses exis ing ke nel
echnologies ins ead.
We c ea e and in es iga e DPDK-based applica ions inside
TEEs, i.e., in secu e pipeline mode, wi hou adap ing he
applica ion. A oiding cus om solu ions sac i ices pe o mance.
Howe e , he in es iga ed applica ion can be used inside TEEs
o ou side, o po en ially in a mo e pe o man way using
he upcoming SEV-TIO, wi hou signi ican modi ica ions. We
ely on he es ablished and mul i- a ge P4 language ins ead
o specialized amewo ks o p og am he NFs. The esul s o
ou s udy show he bo lenecks when using s anda d solu ions.
IV. DESIGN
A. TEE ex e n nex o he P4 pipeline
In he ex e n app oach, he s anda d, as packe p ocessing
is de ined in P4, whe e us is unnecessa y. Inside he P4
pipeline, a well-de ined API can be used o call he “ex e n”,
ha d-coded unc ions o he TEE (c . Fig. 1a). The TEE holds
SGX encla e
DPDK/T4P4S
Hos OS/HV
Ha dwa e NIC
Di ec access
P4 ex e n
(a) SGX encla e in P4 ex e n
SEV-SNP VM
DPDK/T4P4S
Gues OS DRV
Hos OS/HV
Ha dwa e NIC
Di ec access
AF XDP (copy mode)
(b) P4 pipeline in SEV-SNP
Figu e 2: TEE implemen a ions o a P4 so wa e Pipeline
sec e s and can selec i ely use (enc yp ed) heade ields o
payload o p ocessing.
Use cases: include us ed compu a ion on sec e da a,
while no mal packe p ocessing, including ou ing, is no pa
o he us ed a ea. As i ollows he ypical applica ion spli o
SGX applica ions, he sepa a ed TEE module can be used o
analyze p i acy-conce ned (me a-)da a, i.e., access pa e ns o
IP add esses. This way, he applica ion in he TEE can be ed
a ic da a. Inside he TEE, he a ic is moni o ed o de ec
suspicious o malicious a ic, i.e., (DOS) a acks. The us ed
applica ion can e u n equi ed ac ions, e.g., blocking use s o
IP add esses. The sec e da a canno be accessed om ou side
he TEE o ensu e p i acy.
B. P4 Pipeline inside he TEE
The secu e pipeline pu s he whole P4 pipeline in o he
TEE (c . Fig. 1b). The whole packe p ocessing, including
access and modi ica ion o all heade ields, is secu ed in he
us ed en i onmen . Packe s a e copied om/in o he TEE
and p ocessed as a whole. Mo eo e , packe s can po en ially
be al e ed be o e o a e he pipeline du ing he exchange wi h
he NIC since he access o he NIC is s ill un us ed. Using
SEV-TIO would p o ide a emedy: e ching he packe s om
he NIC would be possible om inside he TEE, p e en ing
un us ed modi ica ion and addi ional copies.
Use cases: include us wo hy o wa ding and ou ing.
This app oach secu es he whole packe p ocessing pipeline.
In addi ion o he ex e n app oach, unenc yp ed heade da a,
e.g., IP add esses and po s, is also p o ec ed. These heade
ields may in luence he con ol low o he packe p ocessing.
Howe e , he e is no spli so ha he whole pipeline can access
all in o ma ion. In he case o p i acy-enhanced moni o ing—
in con as o he ex e n app oach— he moni o ing s a e,
including po en ial use da a is accessible by he whole packe
p ocessing pipeline, educing isola ion.
V. IMPLEMENTATION
a) P4 ex e n wi h SGX: Due o he spli a chi ec u e, we
implemen he P4 TEE ex e n using In el SGX (c . Fig. 2a).
Theo e ically, ex e ns can be implemen ed in AMD SEV;
howe e , unning a VM o jus a single ope a ion may no
jus i y he o e head. Fu he mo e, he p ocessing logic mus
be highly adap ed o i he communica ion model wi h a VM.
As only he ex e n uns in a TEE, we can un T4P4S
he common way, di ec ly on he CPU co es. T4P4S u ilizes
DPDK o di ec ly access he NIC using DMA. The P4 pipeline
is gene a ed by T4P4S ou o he P4 p og am. The ex e n code
which uns inside he SGX encla e is w i en in C. The inpu
ields and he ou pu a e copied om/ o he encla e. T4P4S
has o be adap ed/ex ended o un he ex e n.
b) Secu e P4 pipeline in SEV-SNP VM: To implemen
he whole P4 packe p ocessing pipeline in a TEE, we use
SEV-SNP Linux VMs, shown in Fig. 2b. We un a pa ched
Ubun u inside he VM wi h he equi ed SEV ex ensions
o he Linux ke nel. I is no possible o T4P4S/DPDK o
di ec ly access he NIC, e en i he NIC is exclusi ely bound
o he VM (c . Sec ions II-0e & II-0 ). The e o e, we used he
Linux ke nel d i e o he gues sys em o o e come ha issue
and buil an AF_XDP socke ha T4P4S/DPDK can access.
Ou expe imen s showed ha i is equi ed o un he AF_XDP
socke in he copy mode (by se ing a speci ic lag), leading
o an addi ional copy o e e y packe . Then, T4P4S/DPDK
can un wi hou u he equi ed modi ica ions, wi h he cos
o addi ional copies by he bounce bu e and he AF_XDP
socke . Howe e , as no modi ica ions o he code a e equi ed,
he applica ion can easily be used in an un us ed en i onmen
as well. Addi ionally, i may be used in a TIO en i onmen
wi hou XDP la e , p obably pe o ming be e .
VI. PERFORMANCE MODEL
We model I/O o e head and pe o mance based on x
(ing ess o DuT) and x (eg ess o DuT). To build ou model,
we de ine, max: he maximum packe a e ansmi ed, n:
numbe o packe s ecei ed in a ba ch, x(n), p(n), x(n):
ime o ecei e/p ocess/sen all npacke s o a ba ch, b(n):
o al ime o handle all npacke s. We make he ollowing
assump ions: (i) he packe s ha e a ixed size, (ii) he numbe
o packe s in a ba ch is cons an bu , depending on he packe
a e, may be lowe han he maximum ba ch size, (iii) packe s
a e only los i mo e packe s a i e han can be p ocessed
and he ba ch size is al eady maximized, (i ) imes o ecei e,
p ocess, and send a ba ch depends linea ly on he numbe
o packe s ( ac o b); addi ional cons an pe -ba ch o e head
(cons an a) is possible. Based on he assump ions, we model:
b(n)= x(n)+ p(n)+ x(n) x(n)=a x +n·b x
p(n)=ap+n·bp x(n)=a x +n·b x
To app oxima e pa ame e s a x, a x, b x, b x we conduc ed
measu emen s (1500-by e packe s) o de e mine nby using
di e en x using linea -leas squa es. Using he model, mea-
su ed alues o x can be spli in o he I/O and p ocessing
imes. On ou se up, we measu e hese imes o di e en x
and apply he model o calcula e he gene al sha es o I/O
and p ocessing ime o he packe s. We p o ide all model
pa ame e s o all expe imen s on Gi Hub [15].
VII. EVALUATION
Scena io: Ou wo-hos opology consis s o a De ice
unde Tes (DuT) and a load gene a o (LoadGen). The DuT
uns T4P4S wi h ou ex ensions o TEEs. The P4 p og ams
o wa d all incoming packe s and emula e an ope a ion on
Table II: Se up con igu a ions
Se up CPU NIC
AIn el Xeon Gold 6421N (1.8 GHz) In el E810 (100 Gbi /s)
BIn el Xeon Gold 6312U (2.4 GHz) In el E810 (100 Gbi /s)
CAMD EPYC 9354 (3.25 GHz) In el E810 (100 Gbi /s)
DAMD EPYC 7543 (2.8 GHz) In el E810 (100 Gbi /s)
CPU C CPU DCPU A CPU B
0
1
2
3
max [Mpps]
AF XDP ICE
CPU A CPU B CPU C CPU D
0
20
40
60
80
100
Ba ch Time [µs]
I/O ime
Figu e 3: Maximum packe a es ( max), ba ch p ocessing imes
( b(32))wi hou TEE, and I/O imes ( x(32) + x(32))
an enc yp ed heade ield ha XORs (dec yp ), inc emen s
(ope a ion), and XORs (enc yp ) a 4 B ield. This happens
inside he encla e o SGX expe imen s. The load gene a o
u ilizes MoonGen [16] o gene a e cons an bi a e a ic
wi h a de aul packe size o 1500 B, while measu ing he
co esponding la encies and h oughpu s.
Con igu a ion: Table II lis s he ou in es iga ed DuT
se ups. The DuT uns Ubun u Jammy wi h AMD’s SEV-SNP
hos ke nel o he SEV-SNP hype iso o else AMD’s SEV-
SNP gues ke nel based on Linux 6.7.0. All ou Se ups A–D
we e in es iga ed using he same ke nel and AMD’s SEV-
SNP QEMU 8.2.0 o elimina e any impac o e sion di -
e ences on measu emen esul s. We assign 1 GB hugepages
o DPDK: 48 GB o he hos sys em, and 32 GB o VMs,
i used. The TX/RX ing sizes a e se o 1024. Expe imen s
in ol ing XDP d i e s a e con igu ed o busy polling acco d-
ing o he DPDK documen a ion, wi h a busy_budge o
hal he ba ch size.
A. Baseline
Fi s , we de e mine he baseline pe o mance o a P4
o wa de o calcula e he o e head o he di e en TEE
implemen a ions. Ou baseline measu emen s use he ou
lis ed CPUs, wi h he “no mal”, so-called ICE d i e in polling
mode and he AF_XDP d i e in copy mode.
Th oughpu : Fig. 3 shows he maximum packe a es o
a baseline o wa de (ba e-me al, single co e). The o wa ding
a es a e sligh ly highe o he In el CPUs (2.28/2.14 Mpps,
o A/B), han o he AMD CPUs (2.06/1.96 Mpps, o C/D)
using he ICE d i e . Ra es signi ican ly dec ease on AF_XDP
due o he addi ional copies. Fo he In el CPUs, he o wa d-
ing a es dec ease o 0.68 Mpps (29.8 % o he ICE d i e )
o CPU A, and 0.74 Mpps (34.6 %) o CPU B. Again, he
AMD CPUs pe o m wo se, in absolu e and ela i e e ms.
Using he AF_XDP d i e , max educes o 0.52 Mpps (25.2 %)
o Se up C, and 0.42 Mpps (21.4 %) o Se up D. No ably,
no co ela ion be ween h oughpu and CPU clock a es is
obse able.
Time: We measu ed he ba ch p ocessing imes and he
o e head o gene a ed packe a es be ween 0.1–3.0 Mpps o
calcula e he model pa ame e s a x,a x,apand b x,b x,bp.
Applying hese, we calcula e he I/O o e head o he op imal
case (ba ch size n=nmax = 32).
Using he model, he ba ch p ocessing imes and he I/O
o e head can be calcula ed (c . Fig. 3). While he p ocessing
imesa e nea ly cons an in all cases, he I/O o e head is mo e
signi ican o AF_XDP. The XDP I/O o e head is ela i ely
lowe o In el han o AMD CPUs. Single-packe I/O akes
be ween 800–1000 ns (b x +b x)on In el and >1400 ns on
AMD CPUs. The DPDK d i e is mo e e icien , and due o
he small numbe , i is ha d o measu e he exac sha e, bu
he ela i e di e ence is abou 100 o 150 imes.
B. O e head o TEE
A e de e mining he baseline, we can now measu e he
o e head o he TEEs. Fo AMD CPUs, we addi ionally
compa e i wi h a VM se up wi hou SEV-SNP o see he
o e head p oduced by each pa o i .
Th oughpu : Again, we i s in es iga e he in luence o
he TEE echnologies on he maximum h oughpu . Fig. 4a
depic s he max o he di e en scena ios: ba e-me al wi hou
TEEs ( o compa ison), SGX, VM wi hou TEE, and SEV-
SNP. Each expe imen was pe o med wi h bo h d i e s on a
single CPU co e wi h a packe size o 1500 B.
Fi s , we look in o he ex e n app oach implemen ed using
In el SGX. The e is a conside able pe o mance d op o bo h
in es iga ed In el CPUs when packe s ha e o a e se he
secu e encla e. max alls om 2.28 Mpps o 0.24 Mpps o
CPU A, which is only 10.5 % o he baseline pe o mance. A
simila pic u e can be d awn o CPU B: he e, max dec eases
om 2.14 Mpps o 0.20 Mpps, which is 9.3 %. The pe o -
mance o he AF_XDP is depic ed only o comple eness bu
no used in he ex e n app oach.
Second, we in es iga e he secu e P4 pipeline app oach,
using AMD SEV-SNP. We can only use he AF_XDP d i e
o ha and depic he pe o mance o he ICE d i e only
o comple eness. Fo bo h CPUs, he pe o mance is simila .
Su p isingly, using a VM on Se up Cimp o es max om
0.52 Mpps o 0.55 Mpps, which is 105.7 % o he baseline. We
specula e ha he memo y alignmen o he VM is imp o ed
by chance, enhancing cache pe o mance. Enabling SEV-SNP
educes max o 0.44 Mpps, which is 84.6 % o he baseline,
and 80.0 % o he anilla VM. I is again simila o he
o he AMD CPU D: Baseline max is 0.42 Mpps, 0.53 Mpps
(126.2 %) o anilla VM, and 0.42 Mpps o SEV-SNP (100 %
o 79.2 %, espec i ely).
While he o e head o SGX is ela i ely high, he o e head
o SEV-SNP is handy. Fo his solu ion, mos o e head is in-
oduced by he equi ed AF_XDP d i e . Compa ing bo h so-
lu ions, he SEV-SNP achie es a highe max, 0.44/0.42 Mpps
o SEV-SNP, compa ed o 0.24/0.22 Mpps o SGX, app ox-
ima ely hal . The pe o mance is be e , e en hough all he
packe s ha e o be copied se e al imes. On he o he side, he
inpu and ou pu alues o he encla e ha e o be copied as
well. Addi ionally, con ex swi ches a e equi ed.
CPU A CPU B CPU C CPU D
0
1
2
3
max [Mpps]
AF XDP SNP - AF XDP VM-AF XDP ICE
VM - ICE SGX - AF XDP SGX - ICE I/O ime
(a) Maximum packe a es ( max)
CPU A CPU B CPU C CPU D
0
50
100
150
200
Ba ch Time [µs]
(b) Ba ch p ocessing imes ( b(32)), I/O imes ( x(32) + x(32))
Figu e 4: Di e en d i e s wi h and wi hou TEE
Time: We can again model he pa ame e s o he I/O
o e head o he ba ch imes (c . Fig. 4b). Fo expe imen s wi h
a low max (i.e., SGX), he da a poin s o c ea e he linea
app oxima ion unc ions a e limi ed, as he sys em becomes
o e loaded quickly, esul ing in maximum ba ch sizes.
Fig. 4b shows simila I/O o e head inside and ou side o
he SGX encla e. The addi ional wo kload a ises om highe
p ocessing imes due o he SGX encla e ansi ion. Fo SEV-
SNP, i.e., in Se up C, he p ocessing sha e s ays nea ly he
same o SEV-SNP as wi hou TEE. Howe e , he I/O cos s in-
c ease o b(32) be ween 44.54–59.44 µs (133.5 %) due o he
addi ional copy. Bu , we can measu e be e pe o mance o
a VM han ba e-me al, and we canno calcula e a signi ican
di e ence o he CPU D. Thus, he o e head o SEV-SNP
is minimal despi e he addi ional copy. Compa ing he pe -
packe p ocessing imes (bp) o SEV (408/429 ns) and SGX
(2249/1560 ns), we can, despi e he dec eased p ecision o he
model, obse e he o e head p oduced h ough he con ex
swi ches be ween un us ed pa and he secu e encla e.
VIII. DISCUSSION & CONCLUSION
We in es iga ed wo di e en app oaches o TEE oge he
wi h P4 pipelines. The ex e n app oach builds a TEE nex
o he pipeline and elies on In el SGX. The secu e pipeline
implemen s he whole P4 pipeline inside AMD SEV-SNP. We
aimed no o build a cus om solu ion bu o use DPDK applica-
ions wi hou equi ed modi ica ions o ensu e hei po abili y.
Howe e , his equi es wo ka ounds using bounce bu e s and
AF XDP in ol ing addi ional packe copies and nega i ely
in luencing he pe o mance. Ne e heless, we showed ha he
secu e pipeline using SEV-SNP o e s highe h oughpu s. Us-
ing SGX encla es o he ex e n app oach d as ically inc eases
p ocessing imes o he equi ed con ex swi ches. While he
SGX ex e n can be op imized u he , as ela ed wo k shows,
i will likely no scale as well as SEV-SNP.
Fu u e wo k may in es iga e scena ios based on la ency
and mul i-co e scaling. The secu e pipeline app oach may be
implemen ed using In el TDX and compa ed o AMD SEV.
SEV-TIO de ices migh inc ease he pe o mance wi hou
undamen al changes o he applica ion. A ee alua ion will be
wo hwhile a e i s NICs wi h SEV-TIO become a ailable.
ACKNOWLEDGMENTS
This wo k was suppo ed by he EU’s Ho izon 2020 p o-
g amme as pa o he p ojec s SLICES-PP (10107977) and
G eenDIGIT (101131207), by he Ge man Fede al Minis y
o Educa ion and Resea ch (BMBF) unde he p ojec s 6G-
li e (16KISK002) and 6G-ANNA (16KISK107), and by he
Ge man Resea ch Founda ion (Hype NIC, CA595/13-1).
REFERENCES
[1] P. V¨
o ¨
os, D. Ho p´
acsi, R. Ki lei, D. Lesk´
o, M. Tej el, and S. Laki,
“T4P4S: A Ta ge -independen Compile o P o ocol-independen
Packe P ocesso s,” in 19 h In e na ional Con e ence on High Pe o -
mance Swi ching and Rou ing, HPSR, Bucha es , Romania. IEEE, 2018.
[2] P. Bossha , D. Daly, G. Gibb, M. Izza d, N. McKeown, J. Rex o d,
C. Schlesinge , D. Talayco, A. Vahda , G. Va ghese, and D. Walke , “P4:
P og amming P o ocol-Independen Packe P ocesso s,” CCR, ol. 44,
no. 3, pp. 87–95, 2014.
[3] F. Pa ola, R. P ocopio, R. Que io, and F. Risso, “Compa ing Use Space
and In-Ke nel Packe P ocessing o Edge Da a Cen e s,” CCR, ol. 53,
no. 1, p. 14–29, Ap . 2023.
[4] AMD, “AMD SEV-TIO: T us ed I/O o Secu e Enc yp ed
Vi ualiza ion,” 2023, Las accessed: 2025-01-27. [Online]. A ail-
able: h ps://www.amd.com/con en /dam/amd/en/documen s/de elope /
se - io-whi epape .pd
[5] M. Li, Y. Zhang, Z. Lin, and Y. Solihin, “Exploi ing unp o ec ed
I/O ope a ions in amd’s secu e enc yp ed i ualiza ion,” in Secu i y
Symposium (USENIX Secu i y), San a Cla a, CA, USA. USENIX, 2019.
[6] T. Høiland-Jø gensen, J. D. B oue , D. Bo kmann, J. Fas abend, T. He -
be , D. Ahe n, and D. Mille , “The eXp ess Da a Pa h: Fas P o-
g ammable Packe P ocessing in he Ope a ing Sys em Ke nel,” in
In e na ional Con e ence on eme ging Ne wo king EXpe imen s and
Technologies (CoNEXT), He aklion, G eece. ACM, 2018.
[7] H. Duan, C. Wang, X. Yuan, Y. Zhou, Q. Wang, and K. Ren, “Ligh Box:
Full-s ack P o ec ed S a e ul Middlebox a Ligh ning Speed,” in Con e -
ence on Compu e and Communica ions Secu i y (CCS), London, UK.
ACM, 2019.
[8] J. Medina, N. Paladi, and P. A los, “P o ec ing OpenFlow using In el
SGX,” in Con e ence on Ne wo k Func ion Vi ualiza ion and So wa e
De ined Ne wo ks (NFV-SDN), Dallas, TX, USA. IEEE, 2019.
[9] B. T ach, A. K ohme , F. G ego , S. A nau o , P. Bha o ia, and C. Fe ze ,
“ShieldBox: Secu e Middleboxes using Shielded Execu ion,” in Sympo-
sium on SDN Resea ch (SOSR), Los Angeles, CA, USA. ACM, 2018.
[10] E. Kohle , R. Mo is, B. Chen, J. Janno i, and M. F. Kaashoek, “The
Click Modula Rou e ,” ACM T ans. Compu . Sys ., ol. 18, no. 3, p.
263–297, Aug. 2000.
[11] R. Podda , C. Lan, R. A. Popa, and S. Ra nasamy, “Sa eB icks: Shielding
Ne wo k Func ions in he Cloud,” in Symposium on Ne wo ked Sys ems
Design and Implemen a ion (NSDI). Ren on, WA: USENIX, 2018.
[12] A. Panda, S. Han, K. Jang, M. Walls, S. Ra nasamy, and S. Shenke ,
“Ne B icks: Taking he V ou o NFV,” in Symposium on Ope a ing
Sys ems Design and Implemen a ion (OSDI). Sa annah, GA: USENIX,
2016.
[13] J. Thalheim, H. Unnibha i, C. P iebe, P. Bha o ia, and P. Pie zuch, “ k -
io: A Di ec I/O S ack o Shielded Execu ion,” in Eu opean Con e ence
on Compu e Sys ems (Eu oSys). New Yo k, NY, USA: ACM, 2021.
[14] M. Li, S. S i as a a, and M. Yan, “B idge he Fu u e: High-Pe o mance
Ne wo ks in Con iden ial VMs wi hou T us ed I/O de ices,” CoRR, ol.
abs/2403.03360, 2024.
[15] “Gi Hub: manuel-simon/ne so -2025,” Las accessed: 2025-04-29.
[Online]. A ailable: h ps://gi hub.com/manuel-simon/ne so 25- esul s
[16] P. Emme ich, S. Gallenm¨
ulle , D. Raume , F. Wohl a , and G. Ca le,
“MoonGen: A Sc ip able High-Speed Packe Gene a o ,” in In e ne
Measu emen Con e ence, IMC Tokyo, Japan. ACM, 2015.