SlideShare a Scribd company logo

Enable DPDK and SR-IOV for containerized virtual network functions with zun

Download as PPTX, PDF
H
heut2008

Enable DPDK and SR-IOV for containerized virtual network functions with zun

Technology
1 of 32
Enabling DPDK/SR-IOV for containerized Virtual Network Functions with Zun Bin Zhou [NFV Researcher, Lenovo] Hongbin Lu [Zun PTL,Huawei] Yaguang Tang [NFV Researcher, Lenovo] Shunli Zhou [Zun Core, Fiberhome] November 2017
➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
Which Emerging Technologies Interest OpenStack Users? ● Containers are the most interesting emerging technologies. ● 75% of OpenStack users interests in containers.
➡How to use containers on OpenStack? ➡Existing solutions • Integrate containers into Nova • Example: Nova-docker, Nova-lxd • Install Container Orchestration Engine (COEs) on VMs. • Example: Magnum, Kubespray • OpenStack Container service: Zun Introduce Zun
● OpenStack Container service ● Provide API for provisioning and managing containers without VMs ○ Speed ○ Simplicity ● Arbitrary memory and vCPUs ● Containers as first class resource ○ Keystone RBAC for individual container ○ Neutron port(s) for each container ○ Cinder volume(s) bind-mount Introduce Zun
VMs Containers Create List Delete Run Exec ... SSH Migrate ... Nova Zun ➡Nova-docker • Use Nova to manage containers • Suitable if VMs and containers are the same ➡Obstacles • VMs and containers are different • Container specified features are not exposed Introduce Zun
Baremetal Tenant 1 Virtualization Tenant 2 Tenant 3 COE Baremetal Tenant 1 Virtualization (optional) Tenant 2 Tenant 3 Contain ers ZunCOE COE Contain ers Contain ers Contain ers Contain ers Contain ers Magnum Zun ➡Magnum • Provision Nova instances • Install a COE • Run containers on the COE ➡Pros: • Strong Isolation ➡Cons: • Low resource utilization • Virtualization penalty Introduce Zun
➡Concepts: • Container: A single container • create, update, delete, start, stop, kill, … • network-attach, add-security-group, … • attach, exec, commit, log, ... • Capsule (Experimental): A group of containers that are co- located, have shared network and volumes. • create, list, delete, … Introduce Zun
Introduce Zun ➡Zun API • Provide REST APIs • Manage all compute nodes • Scheduling containers ➡Zun Compute • Compute node agent • Manage local containers • Track compute resources ➡Kuryr • Bind neutron ports to containers Zun API Zun Compute Docker Keystone KuryrNeutron Cinder
➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
➡What is NFV • A new way to design, deploy and manage network services • Replace hardware with software • Move network functions to commodity hardware ➡Benefits of NFV • Fast provisioning • Quick scale up and down • Easy upgrade and relocate • Reduce cost • No vendor hardware locked-in Container for NFV
➡VM or Containers? • Time to provision: container boots faster • Resource consumption: container has less memory footprint • Package management: Docker makes it easy • Configurability: container is better • Portability: container image is smaller • Security: VM provides better isolation • Use Clear Container to improve security Container for NFV
Challenges & Gaps of using containers NFV Req features VM Container SR-IOV Yes Weak DPDK Yes Weak CPU pinning Yes Weak NUMA Yes Weak Hugepage Yes Weak ➡Lack of supports of NFV required features in container ecosystem • Container runtime • Container orchestration • OpenStack integration ➡Use Zun to reduce the gaps
Enable SR-IOV in Zun ➡What is SR-IOV? • A standardized mechanism to virtualize PCIe devices • Make a single PCIe Ethernet controller (PF) to appear as multiple PCIe devices (VF) • PF: Physical Function • VF: Virtual Function • Passthrough VF to container • Bypass virtual switch layer
Enable SR-IOV in Zun ➡Enable SR-IOV in Zun • Create VFs in compute nodes • Configure Neutron • Configure Zun • Whitelist PCI devices (e.g. pci_passthrough_whitelist = { "devname": "eth3", "physical_network": "physnet2"}) • Enable PCI filters (e.g. enabled_filters = ...,PciPassthroughFilter) • Configure Kuryr • Enable SR-IOV driver
Enable SR-IOV in Zun 1.Create a SR-IOV port 2.Create a container 3.Pick a host that has available VFs 4.Assign a VF to the port 5.Create a container 6.Docker calls its network plugin (Kuryr) to setup the network 7.Kuryr retrieve VF’s information from the neutron port and perform port binding Zun API Zun Compute Kuryr Neutron Docker User 1 2 3 5 6 7 4
Container with DPDK DPDK PMD ● physical nic ○ igb_uio ○ vfio-pci ● virtual hardware ○ virtio_user vhost software ● net_pcap (kernel stack)
Host kernel Container Container VF VFPF PF driver Host kernel Container DPDK DPDK DPDK DPDK & SR-IOV for container SR-IOV in userland SR-IOV in kernel VFVF VF driver VF driver Container netns ETHx netns ETHx Passthrough
➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
Case 1 (non DPDK) ● Zun Container with SR-IOV ● Zun Container with OVS networking Performance Benchmark Testing Case 2 (SR-IOV & DPDK) ● Container with SR-IOV & DPDK (kernel land) ● Container with SR-IOV & DPDK (user land)
Role Hardware OS network CPU Controller Think system x3650 M5 Ubuntu 16.04.3 82599ES 10Gb Intel(R) E5- 2680 v3 @ 2.50GHz compute Think system x3650 M5 Ubuntu 16.04.3 82599ES 10Gb Intel(R) E5- 2680 v3 @ 2.50GHz Software version other DPDK 17.05 Openvswitch 2.8.1 Testing setup ● L2FWD as containerized VNF ● RFC 2544 standard throughput testing ● DPDK-pktgen as packet generator DPDK Testing non DPDK Testing ● iperf3 with udp
zun-compute Server1 zun-compute Server2 O V S O V S container container container container Linux bridge Linux bridge PF PF Zun networking without SR-IOV
zun-compute Server1 zun-compute Server2 container container container container VF VF VF VF Zun networking with SR-IOV
Container network Benchmarking
● Hugepage size ● PCIe NUMA ● Isolate CPU cores for tx/rx pktgen ● Disable isolated cpu core interrupts BOOT_IMAGE=/vmlinuz-4.4.0-87-generic root=/dev/mapper/docker2--vg-root ro default_hugepagesz=1G hugepagesz=2M hugepagesz=1G hugepages=8 iommu=pt intel_iommu=on isolcpus=5,6,7,8,9,10 nohz=on nohz_full=5,6,7,8,9,10 rcu_nocbs=5,6,7,8,9,10 DPDK testing tuning
Server1 Server2 VF1 VF2 pktgen VNF l2fwd VF1 VF2 VF1 Testing scenario 1 ● Userland SR-IOV used by container ● DPDK application l2fwd inside container Container dpdk-devbind --bind=igb_uio 0000:06:10.2 docker run -v /dev/hugepages/:/dev/hug epages --net=none -- privileged --name test2 -dit 14ce48b74dd9 l2fwd -l 5-6 -n 4 --huge-dir /dev/hugepages --socket- mem 1024,1024 -- -q 8 -p 1
Server1 Server2 VF1 VF2 pktgen VNF l2fwd VF1 VF2 VF1 Testing scenario 2 ● containers using SR-IOV by kernel netns ● DPDK application l2fwd inside container NETNS Container $ neutron port-create sriov -- name sriov_port -- binding:vnic_type direct $ zun run --net port=sriov_port dpdk-test l2fwd -l 5-6 -n 4 --huge-dir /dev/hugepages --socket-mem 1024,1024 -- vdev=’eth_pcap0,iface=eth0’ -- -q 8 -p 1
Container DPDK/SR-IOV Benchmarking
https://youtu.be/EwghPOVZLq0 Demo
➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
SR-IOV & DPDK can accelerate container networking performance Benefits High throughput Low latency Deterministic networking Conclusion ● DPDK & SR-IOV for container user land approaching physical server performance ● multi-tenancy issue ● security issue ● Container with SR-IOV for high throughput non DPDK application ● unified management of VF
@OpenStack Q&A Thank you! openstack openstack OpenStackFoundation

Recommended

DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabMichelle Holley
 
Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDKDenys Haryachyy
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network StackAdrien Mahieux
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
Issues of OpenStack multi-region mode
Issues of OpenStack multi-region modeIssues of OpenStack multi-region mode
Issues of OpenStack multi-region modeJoe Huang
 
DPDK KNI interface
DPDK KNI interfaceDPDK KNI interface
DPDK KNI interfaceDenys Haryachyy
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
 
Linux BPF Superpowers
Linux BPF SuperpowersLinux BPF Superpowers
Linux BPF SuperpowersBrendan Gregg
 

Recommended

DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabMichelle Holley
 
Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDKDenys Haryachyy
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network StackAdrien Mahieux
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
Issues of OpenStack multi-region mode
Issues of OpenStack multi-region modeIssues of OpenStack multi-region mode
Issues of OpenStack multi-region modeJoe Huang
 
DPDK KNI interface
DPDK KNI interfaceDPDK KNI interface
DPDK KNI interfaceDenys Haryachyy
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
 
Linux BPF Superpowers
Linux BPF SuperpowersLinux BPF Superpowers
Linux BPF SuperpowersBrendan Gregg
 
DPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingDPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingMichelle Holley
 
Intel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsIntel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsHisaki Ohara
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughThomas Graf
 
DPDK In Depth
DPDK In DepthDPDK In Depth
DPDK In DepthKernel TLV
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machineAlexei Starovoitov
 
VPP事始め
VPP事始めVPP事始め
VPP事始めnpsg
 
Troubleshooting containerized triple o deployment
Troubleshooting containerized triple o deploymentTroubleshooting containerized triple o deployment
Troubleshooting containerized triple o deploymentSadique Puthen
 
CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016] CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016] IO Visor Project
 
Intel dpdk Tutorial
Intel dpdk TutorialIntel dpdk Tutorial
Intel dpdk TutorialSaifuddin Kaijar
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
 
Dpdk performance
Dpdk performanceDpdk performance
Dpdk performanceStephen Hemminger
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch YongKi Kim
 
Security Monitoring with eBPF
Security Monitoring with eBPFSecurity Monitoring with eBPF
Security Monitoring with eBPFAlex Maestretti
 
Fast Userspace OVS with AF_XDP, OVS CONF 2018
Fast Userspace OVS with AF_XDP, OVS CONF 2018Fast Userspace OVS with AF_XDP, OVS CONF 2018
Fast Userspace OVS with AF_XDP, OVS CONF 2018Cheng-Chun William Tu
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
 
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelThe TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelDivye Kapoor
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)Brendan Gregg
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Andriy Berestovskyy
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux KernelKernel TLV
 
Kubernetes
KubernetesKubernetes
KubernetesLinjith Kunnon
 
Composing services with Kubernetes
Composing services with KubernetesComposing services with Kubernetes
Composing services with KubernetesBart Spaans
 

More Related Content

What's hot

DPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingDPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingMichelle Holley
 
Intel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsIntel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsHisaki Ohara
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughThomas Graf
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machineAlexei Starovoitov
 
VPP事始め
VPP事始めVPP事始め
VPP事始めnpsg
 
Troubleshooting containerized triple o deployment
Troubleshooting containerized triple o deploymentTroubleshooting containerized triple o deployment
Troubleshooting containerized triple o deploymentSadique Puthen
 
CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016] CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016] IO Visor Project
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch YongKi Kim
 
Security Monitoring with eBPF
Security Monitoring with eBPFSecurity Monitoring with eBPF
Security Monitoring with eBPFAlex Maestretti
 
Fast Userspace OVS with AF_XDP, OVS CONF 2018
Fast Userspace OVS with AF_XDP, OVS CONF 2018Fast Userspace OVS with AF_XDP, OVS CONF 2018
Fast Userspace OVS with AF_XDP, OVS CONF 2018Cheng-Chun William Tu
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
 
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelThe TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelDivye Kapoor
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)Brendan Gregg
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Andriy Berestovskyy
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux KernelKernel TLV
 

What's hot (20)

DPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingDPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet Processing
 
Intel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsIntel DPDK Step by Step instructions
Intel DPDK Step by Step instructions
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking Walkthrough
 
DPDK In Depth
DPDK In DepthDPDK In Depth
DPDK In Depth
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machine
 
VPP事始め
VPP事始めVPP事始め
VPP事始め
 
Troubleshooting containerized triple o deployment
Troubleshooting containerized triple o deploymentTroubleshooting containerized triple o deployment
Troubleshooting containerized triple o deployment
 
CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016] CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016]
 
Intel dpdk Tutorial
Intel dpdk TutorialIntel dpdk Tutorial
Intel dpdk Tutorial
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
 
Dpdk performance
Dpdk performanceDpdk performance
Dpdk performance
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch
 
Security Monitoring with eBPF
Security Monitoring with eBPFSecurity Monitoring with eBPF
Security Monitoring with eBPF
 
Fast Userspace OVS with AF_XDP, OVS CONF 2018
Fast Userspace OVS with AF_XDP, OVS CONF 2018Fast Userspace OVS with AF_XDP, OVS CONF 2018
Fast Userspace OVS with AF_XDP, OVS CONF 2018
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
 
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelThe TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux Kernel
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux Kernel
 

Similar to Enable DPDK and SR-IOV for containerized virtual network functions with zun

Composing services with Kubernetes
Composing services with KubernetesComposing services with Kubernetes
Composing services with KubernetesBart Spaans
 
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV ClusterMethod of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Clusterbyonggon chun
 
OSS-10mins-7th2.pptx
OSS-10mins-7th2.pptxOSS-10mins-7th2.pptx
OSS-10mins-7th2.pptxjagmohan33
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networkingmarkmcclain
 
Scaling the Container Dataplane
Scaling the Container Dataplane Scaling the Container Dataplane
Scaling the Container Dataplane Michelle Holley
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2Liang Bo
 
CentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and UpdateCentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and UpdateTom Herbert
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
OVN: Scaleable Virtual Networking for Open vSwitch
OVN: Scaleable Virtual Networking for Open vSwitchOVN: Scaleable Virtual Networking for Open vSwitch
OVN: Scaleable Virtual Networking for Open vSwitchmestery
 
DevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes IntegrationDevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes IntegrationHank Preston
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowPLUMgrid
 
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeBuild and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeOmar Al-Safi
 
Comparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesComparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesAdam Hamsik
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetesJuraj Hantak
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Cynthia Thomas
 
La apuesta de Telefónica por la cloud privada
La apuesta de Telefónica por la cloud privadaLa apuesta de Telefónica por la cloud privada
La apuesta de Telefónica por la cloud privadaLibreCon
 

Similar to Enable DPDK and SR-IOV for containerized virtual network functions with zun (20)

Kubernetes
KubernetesKubernetes
Kubernetes
 
Composing services with Kubernetes
Composing services with KubernetesComposing services with Kubernetes
Composing services with Kubernetes
 
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV ClusterMethod of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
 
OSS-10mins-7th2.pptx
OSS-10mins-7th2.pptxOSS-10mins-7th2.pptx
OSS-10mins-7th2.pptx
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
 
Scaling the Container Dataplane
Scaling the Container Dataplane Scaling the Container Dataplane
Scaling the Container Dataplane
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2
 
CentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and UpdateCentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and Update
 
Neutron CI Run on Docker
Neutron CI Run on DockerNeutron CI Run on Docker
Neutron CI Run on Docker
 
Accelerated SDN in Azure
Accelerated SDN in AzureAccelerated SDN in Azure
Accelerated SDN in Azure
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing Infrastructure
 
OVN: Scaleable Virtual Networking for Open vSwitch
OVN: Scaleable Virtual Networking for Open vSwitchOVN: Scaleable Virtual Networking for Open vSwitch
OVN: Scaleable Virtual Networking for Open vSwitch
 
DevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes IntegrationDevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes Integration
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
 
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeBuild and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
 
Comparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesComparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetes
 
Building a Router
Building a RouterBuilding a Router
Building a Router
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
 
La apuesta de Telefónica por la cloud privada
La apuesta de Telefónica por la cloud privadaLa apuesta de Telefónica por la cloud privada
La apuesta de Telefónica por la cloud privada
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 

Enable DPDK and SR-IOV for containerized virtual network functions with zun

  • 1. Enabling DPDK/SR-IOV for containerized Virtual Network Functions with Zun Bin Zhou [NFV Researcher, Lenovo] Hongbin Lu [Zun PTL,Huawei] Yaguang Tang [NFV Researcher, Lenovo] Shunli Zhou [Zun Core, Fiberhome] November 2017
  • 2. ➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
  • 3. Which Emerging Technologies Interest OpenStack Users? ● Containers are the most interesting emerging technologies. ● 75% of OpenStack users interests in containers.
  • 4. ➡How to use containers on OpenStack? ➡Existing solutions • Integrate containers into Nova • Example: Nova-docker, Nova-lxd • Install Container Orchestration Engine (COEs) on VMs. • Example: Magnum, Kubespray • OpenStack Container service: Zun Introduce Zun
  • 5. ● OpenStack Container service ● Provide API for provisioning and managing containers without VMs ○ Speed ○ Simplicity ● Arbitrary memory and vCPUs ● Containers as first class resource ○ Keystone RBAC for individual container ○ Neutron port(s) for each container ○ Cinder volume(s) bind-mount Introduce Zun
  • 6. VMs Containers Create List Delete Run Exec ... SSH Migrate ... Nova Zun ➡Nova-docker • Use Nova to manage containers • Suitable if VMs and containers are the same ➡Obstacles • VMs and containers are different • Container specified features are not exposed Introduce Zun
  • 7. Baremetal Tenant 1 Virtualization Tenant 2 Tenant 3 COE Baremetal Tenant 1 Virtualization (optional) Tenant 2 Tenant 3 Contain ers ZunCOE COE Contain ers Contain ers Contain ers Contain ers Contain ers Magnum Zun ➡Magnum • Provision Nova instances • Install a COE • Run containers on the COE ➡Pros: • Strong Isolation ➡Cons: • Low resource utilization • Virtualization penalty Introduce Zun
  • 8. ➡Concepts: • Container: A single container • create, update, delete, start, stop, kill, … • network-attach, add-security-group, … • attach, exec, commit, log, ... • Capsule (Experimental): A group of containers that are co- located, have shared network and volumes. • create, list, delete, … Introduce Zun
  • 9. Introduce Zun ➡Zun API • Provide REST APIs • Manage all compute nodes • Scheduling containers ➡Zun Compute • Compute node agent • Manage local containers • Track compute resources ➡Kuryr • Bind neutron ports to containers Zun API Zun Compute Docker Keystone KuryrNeutron Cinder
  • 10. ➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
  • 11. ➡What is NFV • A new way to design, deploy and manage network services • Replace hardware with software • Move network functions to commodity hardware ➡Benefits of NFV • Fast provisioning • Quick scale up and down • Easy upgrade and relocate • Reduce cost • No vendor hardware locked-in Container for NFV
  • 12. ➡VM or Containers? • Time to provision: container boots faster • Resource consumption: container has less memory footprint • Package management: Docker makes it easy • Configurability: container is better • Portability: container image is smaller • Security: VM provides better isolation • Use Clear Container to improve security Container for NFV
  • 13. Challenges & Gaps of using containers NFV Req features VM Container SR-IOV Yes Weak DPDK Yes Weak CPU pinning Yes Weak NUMA Yes Weak Hugepage Yes Weak ➡Lack of supports of NFV required features in container ecosystem • Container runtime • Container orchestration • OpenStack integration ➡Use Zun to reduce the gaps
  • 14. Enable SR-IOV in Zun ➡What is SR-IOV? • A standardized mechanism to virtualize PCIe devices • Make a single PCIe Ethernet controller (PF) to appear as multiple PCIe devices (VF) • PF: Physical Function • VF: Virtual Function • Passthrough VF to container • Bypass virtual switch layer
  • 15. Enable SR-IOV in Zun ➡Enable SR-IOV in Zun • Create VFs in compute nodes • Configure Neutron • Configure Zun • Whitelist PCI devices (e.g. pci_passthrough_whitelist = { "devname": "eth3", "physical_network": "physnet2"}) • Enable PCI filters (e.g. enabled_filters = ...,PciPassthroughFilter) • Configure Kuryr • Enable SR-IOV driver
  • 16. Enable SR-IOV in Zun 1.Create a SR-IOV port 2.Create a container 3.Pick a host that has available VFs 4.Assign a VF to the port 5.Create a container 6.Docker calls its network plugin (Kuryr) to setup the network 7.Kuryr retrieve VF’s information from the neutron port and perform port binding Zun API Zun Compute Kuryr Neutron Docker User 1 2 3 5 6 7 4
  • 17. Container with DPDK DPDK PMD ● physical nic ○ igb_uio ○ vfio-pci ● virtual hardware ○ virtio_user vhost software ● net_pcap (kernel stack)
  • 18. Host kernel Container Container VF VFPF PF driver Host kernel Container DPDK DPDK DPDK DPDK & SR-IOV for container SR-IOV in userland SR-IOV in kernel VFVF VF driver VF driver Container netns ETHx netns ETHx Passthrough
  • 19. ➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
  • 20. Case 1 (non DPDK) ● Zun Container with SR-IOV ● Zun Container with OVS networking Performance Benchmark Testing Case 2 (SR-IOV & DPDK) ● Container with SR-IOV & DPDK (kernel land) ● Container with SR-IOV & DPDK (user land)
  • 21. Role Hardware OS network CPU Controller Think system x3650 M5 Ubuntu 16.04.3 82599ES 10Gb Intel(R) E5- 2680 v3 @ 2.50GHz compute Think system x3650 M5 Ubuntu 16.04.3 82599ES 10Gb Intel(R) E5- 2680 v3 @ 2.50GHz Software version other DPDK 17.05 Openvswitch 2.8.1 Testing setup ● L2FWD as containerized VNF ● RFC 2544 standard throughput testing ● DPDK-pktgen as packet generator DPDK Testing non DPDK Testing ● iperf3 with udp
  • 25. ● Hugepage size ● PCIe NUMA ● Isolate CPU cores for tx/rx pktgen ● Disable isolated cpu core interrupts BOOT_IMAGE=/vmlinuz-4.4.0-87-generic root=/dev/mapper/docker2--vg-root ro default_hugepagesz=1G hugepagesz=2M hugepagesz=1G hugepages=8 iommu=pt intel_iommu=on isolcpus=5,6,7,8,9,10 nohz=on nohz_full=5,6,7,8,9,10 rcu_nocbs=5,6,7,8,9,10 DPDK testing tuning
  • 26. Server1 Server2 VF1 VF2 pktgen VNF l2fwd VF1 VF2 VF1 Testing scenario 1 ● Userland SR-IOV used by container ● DPDK application l2fwd inside container Container dpdk-devbind --bind=igb_uio 0000:06:10.2 docker run -v /dev/hugepages/:/dev/hug epages --net=none -- privileged --name test2 -dit 14ce48b74dd9 l2fwd -l 5-6 -n 4 --huge-dir /dev/hugepages --socket- mem 1024,1024 -- -q 8 -p 1
  • 27. Server1 Server2 VF1 VF2 pktgen VNF l2fwd VF1 VF2 VF1 Testing scenario 2 ● containers using SR-IOV by kernel netns ● DPDK application l2fwd inside container NETNS Container $ neutron port-create sriov -- name sriov_port -- binding:vnic_type direct $ zun run --net port=sriov_port dpdk-test l2fwd -l 5-6 -n 4 --huge-dir /dev/hugepages --socket-mem 1024,1024 -- vdev=’eth_pcap0,iface=eth0’ -- -q 8 -p 1
  • 30. ➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
  • 31. SR-IOV & DPDK can accelerate container networking performance Benefits High throughput Low latency Deterministic networking Conclusion ● DPDK & SR-IOV for container user land approaching physical server performance ● multi-tenancy issue ● security issue ● Container with SR-IOV for high throughput non DPDK application ● unified management of VF