190 likes | 203 Views
Explore the evolution and challenges of high-performance virtual networking services, including SR-IOV technology. Learn about Smart NICs, advanced virtualization, and integrating Serverless solutions. Discover Cloudigo's programmable network infrastructure and offloading core functions to commodity hardware.
E N D
Serverless Network SrvicesIn OpenStack Data Centers OpenStack Summit Boston May 2017 Eran Gampel, CEO at Cloudigo Erez Cohen, VP CloudX program at Mellanox
VirtualNetworking • Mature. Provides virtualization, Isolation, advance services … • But does it fit high IO performance use cases? • More and More Use cases for High-Performance Virtual Network are emerging . VM VM Hypervisor vSwitch NIC
ExistingSolutions For Virtualized High performance IO • OVS-DPDK • VPP • SR-IOV
SR-IOV • Single Root I/O Virtualization (SR-IOV) specify a standard way of bypassing the VMM’s involvement in data movement by providing independent memory space, interrupts, and DMA streams for each virtual machine. • SR-IOV allows a physical network adapter to appear as multiple PCIe network devices. SR-IOV Software Switch Hypervisor VM VM VM VM Hypervisor vSwitch Physical Function (PF) Virtual Function (VF) SR-IOV NIC NIC
SR-IOV: Pros And Cons • Pros • Lower processor utilization and network latency • High IO performance • Persistent performance up to line rate • Cons • Static VF allocation, VF relay on PF configuration • Most NIC include limited switching capabilities for VF’s on the same NIC • No local virtual services such as Security Groups (SG) and more SR-IOV Hypervisor VM VM Virtual Function (VF) SR-IOV NIC
High Performance VirtualizedServicesChallenges • Use relatively high CPU footprint for virtual network services • Relay on the virtual switch features, no custom action unless redirected to controller • Overhead (CPU, latency and bandwidth) increases with the number of flows • For advance services that are provided in VM or appliance, traffic need to be steered to service Compute Node Network Node VM VM Virtual Services VM Hypervisor SR-IOV vSwitch SR-IOV NIC NIC
Web Application Evaluation - Progression to Serverless Tier 1 App Tier 2 Tier 3 Monolithic Application Serverless Microservice Services
Serverless For Networking Services - Is It Possible? SEC VM QoS QoS NAT Scale CT DPI Alarm Alarm L2 L2 MNG LB NAT Scale CT DPI Route Shaping TCP IPS Route Shaping TCP IPS HA OEM Tunnel ACL Dpi ENCAP NAT HA OEM Tunnel ACL Route LB Smart NIC Monolithic Appliance Serverless Virtual Appliance
TheRise Of The Smart NIC • Modern data centers demand advance, smart NICs • High bandwidth, 100G today, 200G this year • Low latency • Transport offloads • Kernel bypass • Advance virtualization support • Flow based switch • Software programmable • Smart NICs are the future • ASIC: Highest performance and efficiency • ASIC + FPGA: High efficiency and flexibility • CPU / System On a Chip: Most programmable
ASIC based smart NIC Features Gen 3 and Gen 4 X16 PCIe 2 Network Ports, 10, 25, 40, 50 and 100G Stateless offloads (inc. overlay offload) Highest DPDK performance (over 131 Mpps) Single Root IO Virtualization (SR-IOV) HW based QoS, High Availability Accelerated Switch And Packet Processing (ASAP2) In host network services offload or acceleration VNF acceleration Remote Direct Memory Access (RDMA) Storage and application transport acceleration Mellanox ConnectX Family Introduction
Accelerated Switching And Packet Proccessing (ASAP2) • NIC contains advance embedded flow based switch/router (eSwitch) • Offload “Match -> Action” operations • HW based classification, steering, encap/decap, header rewrite and more • Open source, standard control APIs: TC, DPDK ConnectX-5
ASAP2 Implementation Example – OVS Offload • Zero! CPU utilization on hypervisor compared to 2 cores with OVS over DPDK • Same CPU load on VM
OpenStack Virtual Services For SR-IOV • Line rate SR-IOV including distributed statefull services. SG, Virtual Router, LB • Linear Scale up to line rate without using extra CPU resources Virtual Router Virtual Switch Virtual Switch Compute Node SG SG SG Physical Host layout Tenant Overlay Logical View VM 1 VM 2 VM 3 CLOUDIGO ENGINE VM Neutron Server Neutron Server Virtual Function (VF) Compute Node Compute Node Compute Node VM SR-IOV NIC
Cloudigo’sProgrammableNetworkInfrastructure • Programmable Infrastructure with Built-In ultra efficient network services • Seamless offload of the core discrete functions to commodity HW 20% Other… CLOUDIGO SW PROGRAMMABLE ENGINE User Defined LB NAT DDoS FW Offload Learning Engine ASIC Layer - NIC Adapter
Cloudigo – HW + SW Engine VM VM Thin layer with minimal latency and resource usage Zero Copy Ports (SR-IOV like) CLOUDIGO SW PROGRAMMABLE ENGINE SR-IOV VF CLOUDIGO SW PROGRAMMABLE ENGINE 3rd Party DDoS LB FW NAT DDoS FW NAT SR-IOV VF HW Pipeline Route LB CLOUDIGO INSTALLED PIPELINE External Ports
OpenStack Virtual Services For SR-IOV 20% Other… • Line rate SR-IOV including distributed statefull services. • SG, Virtual Router, LB • Linear Scale without using extra CPU resources CLOUDIGO ENGINE VM VM Logical Router 3rd Party DDoS LB … VM SR-IOV VF Logical Switch Logical Switch SG SG SG CLOUDIGO INSTALLED PIPELINE VM 1 VM 2 VM 3 ConnectX 5 External Ports SR-IOV VF SR-IOV VF
CPU Utilization VM density and Latency Improvement Test Scenario: Virtual routing and state full security groups for VM’s 90% CPU saving Improving VM density by almost 200% Almost eliminating latency for virtual network services Server: 2xE5-2690v4 (14 cores) Total: 28 cores SR-IOV + Cloudigo VM VM Cloudigo OVS-DPDK Virtual Functions (VF) VM VM Smart NIC OVS-DPDK 1 core of Cloudigo engine for 100Gbps 27 cores left for VM’s = 4x27 = ~ 108 VMs Latency for Cloudigo layer = ~0us OVS-DPDK – ~8Gbps for 1 core For 100Gbps = 12 cores 16 cores left for VM’s = 4x16 = ~64 VMs Minimal Latency for OVS-DPDK layer = 33us NIC
Solutions Use Cases SEC • vCPE • vBNG • … VM VM VM … VM QinQ PPPoE Tunnel CLOUDIGO ENGINE Route LB VM SR-IOV SR-IOV NIC
Questions? Eran Gampel, CEO at Cloudigo (eran@cloudigo.io) Erez Cohen, VP CloudX program at Mellanox (erezc@mellanox.com)