Boosting the Network Performance of Confidential VM Using Userspace Stack

Learn how to enhance network performance in Confidential Virtual Machines (CVM) through userspace stack implementation in this technical conference talk. Explore emerging confidential computing technologies for secure data processing in hosted environments, with a focus on overcoming I/O overhead challenges in Intel TDX and AMD SEV-SNP platforms. Discover the extension of DPDK support to Intel TDX platform on Xeon CPU (SPR), addressing key overhead issues including vm-exit paths and memory copies between CVM shared and private memory. Examine a comprehensive network solution that implements DPDK polling mode to reduce vm-exits and integrates TLS protocol processing with data transfer to minimize memory copies, resulting in doubled throughput compared to traditional kernel network stacks.