Designing Transport-Level Encryption for Datacenter Networks

TL;DR

This paper introduces SMT, a transport protocol for datacenter networks that integrates TLS encryption with efficient RPC support, enhancing security and performance over existing TCP-based solutions.

Contribution

SMT is a novel protocol design that combines TLS encryption with datacenter transport protocols like Homa, enabling secure, high-performance RPCs with NIC offloads.

Findings

RPC throughput improved by up to 41%

RPC latency reduced by up to 35%

Supports existing NIC offloads for TLS

Abstract

Cloud applications need network data encryption to isolate from other tenants and protect their data from potential eavesdroppers in the network infrastructure. This paper presents SMT, a protocol design for emerging datacenter transport protocols, such as NDP and Homa, to integrate data encryption. SMT integrates TLS-based encryption with a message-based transport protocol that supports efficient Remote Procedure Calls (RPCs), a common workload in datacenters. This architecture enables the use of per-message record sequence number spaces in a secure session, while ensuring unique message identities to prevent replay attacks. It also enables the use of existing NIC offloads designed for TLS over TCP, while being a native transport protocol alongside TCP and UDP. We implement SMT in the Linux kernel by extending Homa/Linux and improve RPC throughput by up to 41 % and latency by up to 35 % in comparison to TLS/TCP.