What is it about?
Many Internet of Things (IoT) devices, such as sensors, gateways, and edge devices, run services in containers because containers make software easier to deploy, update, and isolate. However, containers also add extra network-processing steps inside the operating system. On small IoT devices with limited CPU resources, these extra steps can make communication slower and more expensive. This paper presents SCON, a Linux kernel networking accelerator for IoT containers. SCON observes how the kernel handles the first packet of a network connection, stores the useful packet-processing decisions, and then uses a faster “express” path for later packets in the same connection. This avoids repeating expensive work such as Netfilter checks, packet-header processing, and routing lookup. A key goal of SCON is compatibility. It does not require special networking hardware, does not change socket APIs, and does not require legacy IoT applications to be rewritten or recompiled.
Featured Image
Photo by Jakub Żerdzicki on Unsplash
Why is it important?
Low-latency and efficient communication is essential for IoT systems, especially in smart factories, smart homes, healthcare monitoring, and edge-cloud applications. These systems often need containers for deployability, but they also run on devices where CPU cycles, power, and network capacity are limited. Existing container-networking accelerators often trade performance for deployability: they may require special NICs, kernel-bypass frameworks, modified networking semantics, or application changes. SCON takes a compatibility-first approach by accelerating the standard Linux container networking path from inside the kernel. In the evaluation, SCON reduced HTTP latency by about 10× compared with standard containers and reduced MQTT latency by 31%. In packet-level benchmarks, it reduced SoftIRQ CPU usage by 26% for TCP and 33% for UDP, while improving throughput by 18% for TCP and 32% for UDP. It also worked across multiple IoT devices and wireless networking settings. This suggests that containerized IoT services can become faster and more CPU-efficient without giving up the deployment model that existing IoT systems already use.
Perspectives
From a systems perspective, this work is about making containerized edge computing practical on real IoT hardware. Containers are attractive because they simplify deployment and management, but their networking overhead can be too costly on small devices. SCON shows that we do not always need to bypass the kernel, add special hardware, or change application APIs to improve performance. By carefully profiling the Linux networking stack and reusing packet-processing decisions that remain valid across packets within a connection, we can eliminate redundant work while preserving compatibility. I see this work as a step toward more deployable IoT and edge systems: systems that retain the usability benefits of containers while communicating closer to native Linux performance.
Gyeongsik Yang
Korea University
Read the Original
This page is a summary of: Intelligent Packet Processing for Performant Containers in IoT, IEEE Internet of Things Journal, January 2024, Institute of Electrical & Electronics Engineers (IEEE),
DOI: 10.1109/jiot.2024.3453410.
You can read the full text:
Contributors
The following have contributed to this page
