Background

Sandstorm is a multi-tenant key-value store that uses kernel-bypass networking and can host and isolate small pieces of compute pushed down by clients at runtime. In order to be able to safely do so, Sandstorm uses the Rust programming language to provide memory isolation between the database and these pieces of compute.

The RAMCloud Storage System journal paper is the best reference for key-value stores that use kernel-bypass networking. This paper describes the key-value data model, the interplay between the network stack and requests processing, RAMCloud's log structured memory allocator, and the recovery engine/protocol. Another system worth reading about is MICA. The journal paper describes the low-layer networking required to achieve a throughput of a billion operations per second on a single machine running a key-value store.

NetBricks is a kernel-bypass based packet processing engine that uses type safety to erase isolation boundaries between untrusted network functions. However, unlike Sandstorm which aims to isolate functions at runtime, NetBricks performs isolation at compile time.

Finally, an early workshop paper presents the case for using type safe languages to isolate pieces of compute inside low-latency distributed key-value stores.