The Network Virtual Machine (NetVM) is a virtual network processor optimized for implementation and execution of packet handling applications. As a Java Virtual Machine virtualizes a CPU, the NetVM virtualizes a network processor. The NetVM is expected to provide a unified layer for networking tasks (e.g., packet filtering, packet counting, string matching) performed by various network applications (firewalls, network monitors, intrusion detectors) so that they can be executed on any network device, ranging from high-end routers to small appliances. Moreover, the NetVM will provide efficient mapping of the elementary functionalities used to realize the above mentioned networking tasks onto specific hardware functional units (e.g., ASICs, FPGAs, and network processing elements) included in special purpose hardware systems possibly deployed to implement network devices.
The NetVM follows the principles motivating the architecture of network processors; consequently, differently from the existing general-purpose virtual machines, the NetVM is explicitly designed to process network packets. This is reflected in the set of supported functionalities that, on the one side is reduced with respect to the one of general purpose virtual processors, but on the other side is targeted to manipulations usually performed on network packets (classification, hash table handling, CRC calculation, encryption/decryption, and more). This is reflected in the assembly instruction set of the virtual processor.
A NetVM program is location-independent because the NetVM code can be translated at run-time (e.g., by a Just-In-Time Compiler) into native code for the specific hardware platform on which the NetVM is running in such a way that its execution is optimized. For example, if the underlying hardware architecture includes an integrated circuit performing a specific CRC calculation, the corresponding CRC calculation instruction will be translated in such a way that the CRC calculation will be performed by such integrated circuit. Consequently, program execution is optimized in terms of efficiency and the availability of custom hardware - even highly sophisticated one as in the case of off-load boards is leveraged of transparently for the programmer.
NetVM programming is further simplified by the definition of a high-level programming language that operates according to packet descriptions defined with NetPDL and is compiled into native NetVM bytecode.
Thanks to its flexibility, NetVM can be implemented for execution on network devices, thus enabling them to be programmed by means of third party software. Currently, having programs for network devices written by anyone else than the device's vendor is not practical also because of the specificity of the development tool that, when at all available, is required by each network device architecture.
The current status of the NetVM is twofold. From one side, the NetVM has been defined and implemented in software, and its assembly instructions are interpreted by ad-hoc software. A more efficient implementation based on JIT compilers is under way.
A list of NetVM-related publications can be found following this link.