Chamelio: A Fast Shared Cloud Network Stack for Isolated Tenant-Defined Protocols

TL;DR

Chamelio introduces a programmable shared cloud network stack using eBPF, enabling tenant-defined protocols with high performance and strong isolation, reducing programmability overhead and tail latency.

Contribution

It presents a novel architecture combining shared stacks, joint optimization, and bounded fast paths to enable tenant programmability with performance isolation.

Findings

Tenant programmable TCP reaches 9.2 million requests/sec, matching hand-tuned stacks.

Joint compilation reduces programmability overhead from 23.9% to 3.8%.

Chamelio bounds victim tail latency at 46 microseconds under adversarial scaling.

Abstract

Conventional cloud network virtualization sends packets through multiple guest and host layers, inflating CPU cost and tail latency. Shared host datapaths collapse this layering into one optimized path across tenants, but existing shared stacks are fixed-function: tenants cannot specialize their protocols. eBPF is the natural vehicle for restoring programmability to a shared datapath, but today's extensions are hook-sized, and its verifier provides safety -- not performance isolation: one tenant's per-packet work can inflate every other tenant's tail latency. Chamelio is a programmable shared network stack that lets tenants implement full protocols through a bounded eBPF fast path and a tenant slow path, while approaching the performance and preserving the strong isolation of fixed shared stacks. It combines three ideas: a shared-stack architecture for tenant-defined protocols; joint optimisation of tenant handlers with provider infrastructure and co-resident tenants in the shared fast path; and a bounded fast path contract with runtime cycle accounting that keeps tenant programmability compatible with strong performance isolation. A tenant programmable TCP on Chamelio reaches 9.2 Mreq/s, matching the hand-tuned TAS stack; joint compilation shrinks the programmability tax from 23.9% to 3.8%; and under a scaling TCP adversary that drives uninstrumented stacks to 154 microseconds, Chamelio bounds victim tail latency at 46 microseconds.