Designing Transport-Level Encryption for Datacenter Networks

Abstract

Cloud applications need network data encryption to isolate from other tenants and protect their data from potential eavesdroppers in the network infrastructure. This paper presents SMT, a protocol design for emerging datacenter transport protocols, such as NDP and Homa, to integrate data encryption. SMT integrates TLS-based encryption with a message-based transport protocol that supports efficient Remote Procedure Calls (RPCs), a common workload in datacenters. This architecture enables the use of per-message record sequence number spaces in a secure session, while ensuring unique message identities to prevent replay attacks. It also enables the use of existing NIC offloads designed for TLS over TCP, while being a native transport protocol alongside TCP and UDP. We implement SMT in the Linux kernel by extending Homa/Linux and improve RPC throughput by up to 41 % and latency by up to 35 % in comparison to TLS/TCP.