Professional Documents
Culture Documents
#DPDKSummit
Agenda
u IntroducIon – 2 mins
u Understanding a typical SDWAN Ecosystem, SDWAN gateway, Key Performance Requirements, Why
DPDK?
u SoluIon Overview – 3 mins
u Dedicated DPDK apvs OVS-DPDK, KNI
u SoluIon Design with DPDK – 5 mins
u SoYware Architecture, High-level design, Component Design & Threading Model, ConfiguraIon
Management
u The Big Picture – 3 mins
u Addressing SDWAN gateway requirements
u Conclusion – 2 mins
u Current status, Future Work, Credits, Further Reading & Q/A
#DPDKSummit 2
u IntroducIon – 2 mins
u Understanding a typical SDWAN Ecosystem, SDWAN gateway, Key Performance
Requirements, Why DPDK?
u SoluIon Overview
u SoluIon Design with DPDK
u The Big Picture
u Conclusion
#DPDKSummit 3
Understanding the SDWAN Ecosystem
u SoYware Defined WAN is centered around a gateway (usually a COTS hardware) through which a branch
connects with other branches and its Enterprise Data center through IPSEC enabled broadband.
u SDWAN gateway is centrally managed by Zero Touch Provisioning (ZTP) and oYen needs to provide high
speed throughput.
u The gateway hardware comprises of:
u One or two ports face the WAN side (aka uplink), can support high speed Internet (each port can be 10Gbps Full Duplex)
u Remaining ports face the LAN side (aka access link), usually can be Gigabit Ethernet – connects directly to hosts or other
switches/routers depending on the size of the branch
u The gateway soYware usually:
u Runs Linux base OS (customized Redhat, Centos or Ubuntu)
u VirtualizaIon soYware for supporIng VNFs
u Virtual Switch (viz. Open vSwitch) – for switching packets to other overlay and underlay desInaIons (local and/or
remote to the branch)
4
The SDWAN Ecosystem
A Simplified Illustration
Gateway
Border
CMS Data Center Data Center
Gateway
(openstack/ (private cloud)
Border
(public cloud)
neutron plugin)
Openflow Controller
Machine Machine
Machine Machine
Machine Machine
Legend
Access Links(Wired/Wireless) - LAN
Machine Machine
Machine Machine
Machine Machine
Uplinks (Broadband IPSEC enabled) – WAN – data traffic
Branch #1 WAN – control traffic (openflow, JSON) Branch #N
LAN side ports (usually 1GbE)
WAN side ports (can be upto 10GbE)
5
Some SDWAN Datapath Considerations
6
Why DPDK?
Limita&ons of Kernel based forwarding
u Using Linux Kernel for high speed data path
typically has some inherent issues:
u Linux Kernel default pagesize: 4K
u This means for every three packets (1500 MTU) there
could be a page fault. During large number of packets
processed, this could introduce lot of delay.
u No dedicated resources for packet processing
u CPU and memory (pages) shared with rest of system
u All ports are kernel managed
u Packets arrive in kernel’s network stack and passes
through several layers of kernel before reaching virtual
switch (Open vSwitch). This can introduce boqlenecks.
u First packet given to OVS user space for openflow rules
table consultaIon leading to more boqlenecks.
u Result: even though SDWAN gateway has 20G
uplink, it cannot meet the performance
requirements!
7
Why DPDK?
Limita&ons of Kernel based forwarding
Advantages of DPDK
u Using Linux Kernel for high speed data path
typically has some inherent issues: u DPDK supports larger pagesize:
u Linux Kernel default pagesize: 4K
u This means for every three packets (1500 MTU) there u 2M or 1G hugepages
could be a page fault. During large number of packets
processed, this could introduce lot of delay. u DPDK allows dedicated resources
No dedicated resources for packet processing
u
aqached to network ports (PMD). Also
u CPU and memory (pages) shared with rest of system
memory can set aside for packet
u All ports are kernel managed
u Packets arrive in kernel’s network stack and passes
processing.
through several layers of kernel before reaching virtual
switch (Open vSwitch). This can introduce boqlenecks. u DPDK allows packets to be received
u First packet given to OVS user space for openflow rules
table consultaIon leading to more boqlenecks. directly in the user space using PMD
u Result: even though SDWAN gateway has 20G u What is specifically needed for SDWAN?
uplink, it cannot meet the performance
requirements! u Add IPSEC capability
u Add QoS capability
8
u IntroducIon
u SoluIon Overview – 3 mins
u Dedicated DPDK app vs OVS-DPDK, KNI
u SoluIon Design with DPDK
u The Big Picture
u Future Work & Conclusion
#DPDKSummit 9
The Need for a Dedicated DPDK app
Current State of Art Analysis
#DPDKSummit 12
High Level Architecture
1
8
7 4
2 7
A 3
3 6 2
1 8 4 5 1
alubr0 vrs-dpdk-datapath
(ovs-vswitchd) (DPDK application) KNI
libvrs-dpdk 5 4
7
Kernel TCP/IP 2 rte_kni.ko
vrs-dpdk-datapath
vrs-dpdk-datapath-unixctl (DPDK app) vrs-dpdk-datapath-qos
libdpdk.a
User Space
Kernel Space
rte_kni.ko igb_uio.ko
LEGEND
vrs-dpdk-datapath component – DPDK application code (Nokia developed)
DPDK SDK (upgraded to support DPDK-17.02 – DPDK LTS)
Open vSwitch library code 14
Component Design & Threading Model
Port1 (dpdk0)
Flow Flow
Table Table
Plugins
(IPSec, Arp Snooper, QoS)
vrs-dpdk-datapath
Flow Manager
vrs-dpdk-datapath
Plugin Manager vrs-dpdk-datapath
Device Manager
(PMD & KNI)
Netlink
messaging vrs-dpdk-datapath
(with ovs- Configuration Manager
vswitchd)
vrs-dpdk-datapath
Unixctl Manager
vrs-dpdk-datapath (DPDK app)
LEGEND dpdk_bond0
Main Thread (RX/TX) Physical Port Queue Kernel RX/TX
PMD Thread (RX/TX) KNI Kernel Queues (rte_kni.ko)
15
KNI Thread (RX/TX)
Security Configuration Management
nuage-rpc ALUFF_FLOW_ECMP_ROUTE
OFPTYPE_IPSEC_POLICY_MOD Flow Tables
(IPSEC_POLICY_TABLE,
nuage-nsg-ipsec-cfg IPSEC_KEYS_TABLE)
XFRM_MSG_NEWPOLICY
OFPTYPE_IPSEC_SEED_UPDATE XFRM_MSG_NEWSA
XFRM_MSG_DELPOLICY
XFRM_MSG_DELSA
ovs-vswitchd vrs-dpdk-datapath
XFRM_MSG_GETPOLICY
XFRM_MSG_GETSA
XFRM_MSG_NEWPOLICY
XFRM_MSG_NEWSA XFRM_MSG_GETPOLICY User Space
XFRM_MSG_DELPOLICY XFRM_MSG_GETSA Kernel
XFRM_MSG_DELSA
Legend
XFRM modules Netlink with Kernel Datapath
(xfrm4_tunnel, xfrm_ipcomp) Netlink with DPDK Datapath
16
u IntroducIon
u SoluIon Overview
u SoluIon Design with DPDK
u The Big Picture – 3 mins
u Addressing SDWAN gateway requirements
u Conclusion
#DPDKSummit 17
Meeting SDWAN gateway specific
requirements
u Enabling/Disabling DPDK on WAN ports in the gateway
u Could be dynamically done through SDN UI by Icking off Network Accelera@on
u DPDK app starts, sets up hugeTLB pages, scans PCI bus and configures DPDK ports from list of whitelisted devices
u Note: SDWAN gateways should NOT have downImes, meaning “no reboots” or traffic loss while enabling/disabling
DPDK
u SDWAN gateway underlay networking configuraIon
u DPDK enabled WAN ports get their IP addresses automaIcally from DHCP server
u DHCP server works seamlessly: modificaIon in KNI infra to ensure rte_kni_alloc accepts and assigns DPDK physical
port’s mac address
u Network Manager hooks added to setup underlay IP tables and routes
u Tuning gateway for best results
u Need to judiciously balance IRQs so as to ensure KNIs get enough cores and PMD threads get full CPU cycles
u Other interesIng configuraIons in KNI devices: Packet Steering Parameters (rps_cpus/xps_cpus) in /proc, txqlen,
ring parameters
18
DPDK Profiles – Monetization opportunity!
• Customers can enable Profiles dynamically at Cloud Director UI and add / remove CPU allocation
• Switching from one profile to another often works seamlessly without gateway reboots!
• Just a restart of the DPDK application.
Profile # # KNI / Usage
PMD / uplink
uplink
Normal (Small) 1 1 Regular (day-to-day) processing
Accelerated (Medium) 1 3 Encrypt/decrypt happens in same PMD thread.
Three KNIs drain packets from PMD. Useful for
higher workload than regular profile.
Performance (Large) 2 4 One dedicated CPU (core) each for encrypt
and decrypt of packets, four KNIs associated
with each uplink. Excellent throughput (upto
7Gbps HD) – useful for high performance WAN
traffic (voice/video).
19
Branch–Cloud–Branch: DPDK everywhere!!
LEGEND
SDWAN border GW w/ 10G ports
SDWAN branch GW
Branch Hosts
Internet Router (Juniper MX, Cloud Stitching together disjoint
ALU SR7550 etc) (Enterprise Datacenter) underlays (terminates and
1G FD link (LAN) reistarts IPSEC across WANs)
vrs-dpdk-datapath
10G FD IPSEC Broadband
1G FD IPSEC Broadband
Branch-A Branch-D
Branch-B Branch-E
Branch-C Branch-F
20
u IntroducIon
u SoluIon Overview
u SoluIon Design with DPDK
u The Big Picture
u Conclusion – 2 mins
u Current status, Future Work, Credits, Further Reading & Q/A
#DPDKSummit 21
Current State & Future Work
u Current status
u Upto 7Gbps Half Duplex with IPSEC on 10Gbps WAN link
u Highway: 55mph, Freeway: 65+ mph
u That copy between user space and kernel space!
u Kernel IRQ processing becomes the boqleneck aYer that rate
u SIll way way beqer than original: ~2Gbps H/D with IPSEC on 10Gbps WAN link
u SoluIon:
u Move all LAN side ports to DPDK.
u vrs-dpdk-datapath app acts as fastpath app and sends first packet to the slow path ovs-vswitchd app
u Implement flow cache inside vrs-dpdk-datapath along with the pipeline.
22
Credits
u Engineering
u Sabyasachi Sengupta – sabyasachi.sengupta@nokia.com - SDWAN ecosystem & DPDK/OVS Infrastructure
u Paul Hong – paul.hong@nokia.com - DPDK Plugin Management Infrastructure
u Limin Wang – limin.wang@nokia-bell-labs.com - IPSEC plugin, FragmentaIon
u Ravilochan Shamanna – ravilochan.samanna@nokia.com - IPSEC plugin
u John Shirron – john.shirron@nokia.com - QoS plugin
u Rohit PaIl Bagli – rohit.paIl-bagli@nokia.com - FuncIonal test
u Priyanka Kumar – priyanka.kumar@nokia.com - FuncIonal test
u Ankush Singh – ankush.singh@nokia.com - Performance test
u Product Management
u Prasad Nellipudi – prasad.nellipudi@nokia.com
u Program Management
u Raymond Zhang – raymond.zhang@nokia.com
23
References
24