SlideShare una empresa de Scribd logo

Accelerated SDN in Azure

Open Networking Summit
Open Networking Summit

Daniel Firestone and Gabriel Silva's presentation from the 2017 Open Networking Summit. SDN is at the foundation of all large scale networks in the public cloud, such as Microsoft Azure - at past ONSes, Microsoft has detailed how all of Azure's virtual networks, load balancing, and security operate on SDN. But how do we make a software network scale to an era of 40, 50, and 100 gigabit networks on servers, providing great performance to end customers with ever increasing VM and container scale and density? In this presentation, Daniel Firestone and Gabriel Silva will detail Azure Accelerated Networking, using Azure's FPGA-based SmartNICs. They will show how using FPGAs, we can achieve the programmability of a software network with the performance of a hardware one. They will detail how this and other host SDN advances have led to huge performance increases for Linux VMs in particular, and Linux-based NFV appliances, giving Azure industry-leading network performance.

Tecnología
1 de 25
Descargar para leer sin conexión
Accelerated SDN in Azure Daniel Firestone, Tech Lead and Manager Gabriel Silva, Product Manager Azure Networking Host SDN Team
Agenda • Azure scale • SDN in Azure • Scaling SDN with SmartNIC • Linux Networking • Demo
mediacaching identity service bus mobile services cloud services virtual machines Data Services tableData Lake blob storage SQL database App Services media hpcintegration analytics caching identity service bus web apps mobile services cloud services Infrastructure Services cdn virtual machines virtual network vpn traffic manager Microsoft Azure
10’s of PB ExabytesAzure Storage Pbps10’s of TbpsDatacenter Network 2010 2017 100K MillionsCompute Instances
Fortune 500 using Microsoft Cloud >85% TRILLION Azure storage objects MILLION Azure Active Directory Orgs 1 out of 3 Azure VMs are Linux VMs TRILLION requests/day > 3 TRILLION Azure Event Hubs events/week >110 BILLION Azure DB requests/day Azure Scale & Momentum >18 BILLION Azure Active Directory authentications/week New Azure customers a month >120,000
How Do We Build Software Networks in the Cloud?
SDN: Building the right abstractions for Scale Abstract by separating management, control, and data planes REST APIs Controller Virtual Switch Management Plane Control Plane Management plane Create a tenant Control plane Plumb these tenant ACLs to these switches Data plane Apply these ACLs to these flows Example: ACLs Data plane needs to apply per-flow policy to millions of VMs How do we apply billions of flow policy actions to packets?
Virtual Filtering Platform (VFP) Azure’s SDN Dataplane • Acts as a virtual switch inside Hyper-V VMSwitch • Provides core SDN functionality for Azure networking services, including: • Address Virtualization for VNET • VIP -> DIP Translation for SLB • ACLs, Metering, and Security Guards • Uses programmable rule/flow tables to perform per-packet actions • Supports all Azure dataplane policy at 40GbE+ with offloads
Flow Tables are the right abstraction for the Host Node: 10.4.1.5 VFP Blue VM1 10.1.1.2 NIC Controller Tenant Description VNet Description Flow Action VNet Routing Policy ACLsNAT Endpoints Flow ActionFlow Action TO: 10.2/16 Encap to GW TO: 10.1.1.5 Encap to 10.5.1.7 TO: !10/8 NAT out of VNET Flow ActionFlow Action TO: 79.3.1.2 DNAT to 10.1.1.2 TO: !10/8 SNAT to 79.3.1.2 Flow Action TO: 10.1.1/24 Allow 10.4/16 Block TO: !10/8 Allow • VMSwitch exposes a typed Match- Action-Table API to the controller • One table per policy • Key insight: Let controller tell the switch exactly what to do with which packets (e.g. encap/decap), rather than trying to use existing abstractions (Tunnels, …) VNET LB NAT ACLS
This worked well at 1GbE, ok at 10GbE… what about 40GbE+?
Traditional Approach to Scale: ASICs • We’ve worked with network ASIC vendors over the years to accelerate many functions, including: • TCP offloads: Segmentation, checksum, … • Steering: VMQ, RSS, … • Encapsulation: NVGRE, VXLAN, … • Direct NIC Access: DPDK, PacketDirect, … • RDMA • Is this a long term solution?
Host SDN Scale Challenges in Practice • Hosts are Scaling Up: 1G  10G  40G  50G  100G • Reduces COGS of VMs (more VMs per host) and enables new workloads • Need the performance of hardware to implement policy without CPU • Not enough to just accelerate to ASICs – need to move entire stacks to HW • Need to support new scenarios: BYO IP, BYO Topology, BYO Appliance • We are always pushing richer semantics to virtual networks • Need the programmability of software to be agile and future-proof – 12-18 month ASIC cycle + time to roll new HW is too slow How do we get the performance of hardware with programmability of software?
Our Solution – Azure SmartNIC • HW is needed for scale, perf, and COGS at 40G+ • 12-18 month ASIC cycle + time to roll new HW is too slow • To compete and react to new needs, we need agility – SDN • SmartNIC combines agility of SDN with speed+COGS of HW Roll out Hardware as we do Software Blade SmartNIC NIC ASIC FPGA CPU ToR Bump in the Wire: Reconfigurable FPGA + NIC ASIC
SmartNIC Design • Use an FPGA for reconfigurable functions • Same FPGAs already used in Bing • Roll out Hardware as we do software • Programmed using Generic Flow Tables • Language for programming SDN to hardware • Uses connections and structured actions as primitives • SmartNIC can also do Crypto, QoS, storage acceleration, and more… Blade SmartNIC NIC ASIC FPGA CPU ToR
2015-17 FPGA Deployments: 40G Bump in the Wire CPU CPU FPGA NIC DRAM DRAM DRAM Server Blade FPGA board Gen3 2x8 Gen3 x8 QPI Switch QSFP QSFPQSFP 40Gb/s 40Gb/s OCS Blade with NIC and FPGA FPGA Tray Backplane Option Card Mezzanine Connectors SmartNIC FPGA Card All new Azure Compute servers since late 2015 ship with FPGAs!
Azure Accelerated Networking: Fastest Cloud Network! • Highest bandwidth VMs of any cloud • DS15v2 & D15v2 VMs get 25Gbps • Consistent low latency network performance • Provides SR-IOV to the VM • 10x latency improvement • Increased packets per second (PPS) • Reduced jitter means more consistency in workloads • Enables workloads requiring native performance to run in cloud VMs • >2x improvement for many DB and OLTP applications
Accelerated Networking Internals SDN/Networking policy applied in software in the host FPGA acceleration used to apply all policies
Controller Controller Controller VFP VFP APIs GFT Offload API (NDIS) VMSwitch VM ARM APIs SR-IOV (Host Bypass) GFT Table First Packet GFT Offload Engine SmartNIC 50G QoSCrypto RDMA GFT 19 SmartNIC - Accelerating SDN
Linux on Azure Momentum • Over 1 in 3 Azure VMs run Linux, and growing • Over 40% of new VMs created today in Azure are Linux! • Powershell is now open source and available on Linux • Azure Container Service is GA – Integration with Docker Swarm, Kubernetes, DC/OS Our goal is that everything in Azure works for Linux VMs and Windows VMs equally
VM Boost for Linux VM Boost is a combination of Linux and Azure optimizations: • Linux network driver improvements • Microsoft Hyper-V Network adapter • Fewer CPU interrupts • Take advantage of segmentation offload in Azure • Azure Platform optimizations • VNET offloads recently deployed to production • VFP performance improvements Result is up to 200% improvement on larger VM sizes!
Announcing Accelerated Networking For Linux (Preview) • Now offered on Dv2 Series VMs • Preview available in select regions • West US 2 • South Central US • Supported on multiple Linux distributions in the Azure Marketplace • Ubuntu • CentOS Get the highest bandwidth VMs of any cloud (25Gbps) with ultra-low latency on Linux!
Demo Accelerated Networking for Linux
Linux Network Virtual Appliances on Azure • Dedicated to getting the best performance for 1st and 3rd party appliances running on Azure • Accelerated Networking for Linux allows appliance vendors to get low latency, high throughput, high packets per second, and low jitter, for a best in class experience • Working with multiple partners to enable your favorite appliances • SRIOV is just the first step, more improvements coming!
Microsoft’s Contributions to Linux Networking • All Hyper-V and Azure integration, including Accelerated Networking, is now upstream in the kernel • SR-IOV problem – how do you live migrate a VM or service the host network stack if the VM has a virtual function? • Previously solved in Hyper-V for Windows VMs with transparent failover to synthetic path • Now contributed upstream to Linux – support for Live Migration for SR-IOV Linux VMs running over Hyper-V (potentially others) • First industry support for SR-IOV Live Migration in Linux! • Supports serviceability in Azure with Accelerated Networking

Recomendados

RBD: What will the future bring? - Jason Dillaman
RBD: What will the future bring? - Jason DillamanRBD: What will the future bring? - Jason Dillaman
RBD: What will the future bring? - Jason Dillaman
Ceph Community
 
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. GrayOVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
harryvanhaaren
 
Cfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF SuperpowersCfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF Superpowers
Raphaël PINSON
 
Enable DPDK and SR-IOV for containerized virtual network functions with zun
Enable DPDK and SR-IOV for containerized virtual network functions with zunEnable DPDK and SR-IOV for containerized virtual network functions with zun
Enable DPDK and SR-IOV for containerized virtual network functions with zun
heut2008
 
Ceph on arm64 upload
Ceph on arm64 uploadCeph on arm64 upload
Ceph on arm64 upload
Ceph Community
 
raid technology
raid technologyraid technology
raid technology
Mangukiya Maulik
 
Intel dpdk Tutorial
Intel dpdk TutorialIntel dpdk Tutorial
Intel dpdk Tutorial
Saifuddin Kaijar
 
High-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringHigh-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uring
ScyllaDB
 

Recomendados

RBD: What will the future bring? - Jason Dillaman
RBD: What will the future bring? - Jason DillamanRBD: What will the future bring? - Jason Dillaman
RBD: What will the future bring? - Jason Dillaman
Ceph Community
 
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. GrayOVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
harryvanhaaren
 
Cfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF SuperpowersCfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF Superpowers
Raphaël PINSON
 
Enable DPDK and SR-IOV for containerized virtual network functions with zun
Enable DPDK and SR-IOV for containerized virtual network functions with zunEnable DPDK and SR-IOV for containerized virtual network functions with zun
Enable DPDK and SR-IOV for containerized virtual network functions with zun
heut2008
 
Ceph on arm64 upload
Ceph on arm64 uploadCeph on arm64 upload
Ceph on arm64 upload
Ceph Community
 
raid technology
raid technologyraid technology
raid technology
Mangukiya Maulik
 
Intel dpdk Tutorial
Intel dpdk TutorialIntel dpdk Tutorial
Intel dpdk Tutorial
Saifuddin Kaijar
 
High-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringHigh-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uring
ScyllaDB
 
Cluster computing pptl (2)
Cluster computing pptl (2)Cluster computing pptl (2)
Cluster computing pptl (2)
Rohit Jain
 
MeetBSD2014 Performance Analysis
MeetBSD2014 Performance AnalysisMeetBSD2014 Performance Analysis
MeetBSD2014 Performance Analysis
Brendan Gregg
 
Cs6703 grid and cloud computing unit 1
Cs6703 grid and cloud computing unit 1Cs6703 grid and cloud computing unit 1
Cs6703 grid and cloud computing unit 1
RMK ENGINEERING COLLEGE, CHENNAI
 
Extreme Linux Performance Monitoring and Tuning
Extreme Linux Performance Monitoring and TuningExtreme Linux Performance Monitoring and Tuning
Extreme Linux Performance Monitoring and Tuning
Milind Koyande
 
Systems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting StartedSystems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting Started
Brendan Gregg
 
Linux memory consumption
Linux memory consumptionLinux memory consumption
Linux memory consumption
haish
 
Present of Raid and Its Type
Present of Raid and Its TypePresent of Raid and Its Type
Present of Raid and Its Type
Usama ahmad
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
HungWei Chiu
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack
monad bobo
 
PCF-VxRail-ReferenceArchiteture
PCF-VxRail-ReferenceArchiteturePCF-VxRail-ReferenceArchiteture
PCF-VxRail-ReferenceArchiteture
Vuong Pham
 
GPU Architecture NVIDIA (GTX GeForce 480)
GPU Architecture NVIDIA (GTX GeForce 480)GPU Architecture NVIDIA (GTX GeForce 480)
GPU Architecture NVIDIA (GTX GeForce 480)
Fatima Qayyum
 
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV ClusterMethod of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
byonggon chun
 
Service Function Chaining with SRv6
Service Function Chaining with SRv6Service Function Chaining with SRv6
Service Function Chaining with SRv6
Ahmed AbdelSalam
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 
SR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stable
juet-y
 
Disaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoFDisaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoF
ShapeBlue
 
Contrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at ScaleContrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at Scale
MarketingArrowECS_CZ
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)
Kirill Tsym
 
Linux Internals - Part I
Linux Internals - Part ILinux Internals - Part I
Linux Internals - Part I
Emertxe Information Technologies Pvt Ltd
 
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPFA Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
oholiab
 
Lenovo networking: top of the top of the rack
Lenovo networking: top of the top of the rackLenovo networking: top of the top of the rack
Lenovo networking: top of the top of the rack
Lenovo Data Center
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld
 

Más contenido relacionado

La actualidad más candente

PCF-VxRail-ReferenceArchiteture
PCF-VxRail-ReferenceArchiteturePCF-VxRail-ReferenceArchiteture
PCF-VxRail-ReferenceArchiteture
Vuong Pham
 
Service Function Chaining with SRv6
Service Function Chaining with SRv6Service Function Chaining with SRv6
Service Function Chaining with SRv6
Ahmed AbdelSalam
 
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPFA Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
oholiab
 

La actualidad más candente (20)

Cluster computing pptl (2)
Cluster computing pptl (2)Cluster computing pptl (2)
Cluster computing pptl (2)
 
MeetBSD2014 Performance Analysis
MeetBSD2014 Performance AnalysisMeetBSD2014 Performance Analysis
MeetBSD2014 Performance Analysis
 
Cs6703 grid and cloud computing unit 1
Cs6703 grid and cloud computing unit 1Cs6703 grid and cloud computing unit 1
Cs6703 grid and cloud computing unit 1
 
Extreme Linux Performance Monitoring and Tuning
Extreme Linux Performance Monitoring and TuningExtreme Linux Performance Monitoring and Tuning
Extreme Linux Performance Monitoring and Tuning
 
Systems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting StartedSystems@Scale 2021 BPF Performance Getting Started
Systems@Scale 2021 BPF Performance Getting Started
 
Linux memory consumption
Linux memory consumptionLinux memory consumption
Linux memory consumption
 
Present of Raid and Its Type
Present of Raid and Its TypePresent of Raid and Its Type
Present of Raid and Its Type
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack
 
PCF-VxRail-ReferenceArchiteture
PCF-VxRail-ReferenceArchiteturePCF-VxRail-ReferenceArchiteture
PCF-VxRail-ReferenceArchiteture
 
GPU Architecture NVIDIA (GTX GeForce 480)
GPU Architecture NVIDIA (GTX GeForce 480)GPU Architecture NVIDIA (GTX GeForce 480)
GPU Architecture NVIDIA (GTX GeForce 480)
 
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV ClusterMethod of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
 
Service Function Chaining with SRv6
Service Function Chaining with SRv6Service Function Chaining with SRv6
Service Function Chaining with SRv6
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
 
SR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stable
 
Disaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoFDisaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoF
 
Contrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at ScaleContrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at Scale
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)
 
Linux Internals - Part I
Linux Internals - Part ILinux Internals - Part I
Linux Internals - Part I
 
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPFA Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
 

Similar a Accelerated SDN in Azure

Sergey Dzyuban "To Build My Own Cloud with Blackjack…"
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"Sergey Dzyuban "To Build My Own Cloud with Blackjack…"
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"
Fwdays
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrail
nvirters
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
LinuxCon ContainerCon CloudOpen China
 
Microsofts Configurable Cloud
Microsofts Configurable CloudMicrosofts Configurable Cloud
Microsofts Configurable Cloud
Chris Genazzio
 

Similar a Accelerated SDN in Azure (20)

Lenovo networking: top of the top of the rack
Lenovo networking: top of the top of the rackLenovo networking: top of the top of the rack
Lenovo networking: top of the top of the rack
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
 
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"Sergey Dzyuban "To Build My Own Cloud with Blackjack…"
Sergey Dzyuban "To Build My Own Cloud with Blackjack…"
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrail
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
 
vBNG-for-Partners
vBNG-for-PartnersvBNG-for-Partners
vBNG-for-Partners
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
 
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
 
Introduction to HPC & Supercomputing in AI
Introduction to HPC & Supercomputing in AIIntroduction to HPC & Supercomputing in AI
Introduction to HPC & Supercomputing in AI
 
Big Data Hadoop Briefing Hosted by Cisco, WWT and MapR: Cisco UCS For Big Dat...
Big Data Hadoop Briefing Hosted by Cisco, WWT and MapR: Cisco UCS For Big Dat...Big Data Hadoop Briefing Hosted by Cisco, WWT and MapR: Cisco UCS For Big Dat...
Big Data Hadoop Briefing Hosted by Cisco, WWT and MapR: Cisco UCS For Big Dat...
 
Cubro subprocessor appliance in nic format
Cubro subprocessor appliance in nic formatCubro subprocessor appliance in nic format
Cubro subprocessor appliance in nic format
 
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVMSven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
 
Net Devops Overview
Net Devops OverviewNet Devops Overview
Net Devops Overview
 
Microsofts Configurable Cloud
Microsofts Configurable CloudMicrosofts Configurable Cloud
Microsofts Configurable Cloud
 
Cloud Networking Trends
Cloud Networking TrendsCloud Networking Trends
Cloud Networking Trends
 
Cisco UCS Integrated Infrastructure for Big Data with Cassandra
Cisco UCS Integrated Infrastructure for Big Data with CassandraCisco UCS Integrated Infrastructure for Big Data with Cassandra
Cisco UCS Integrated Infrastructure for Big Data with Cassandra
 
QNAP NAS打造私有雲平台
QNAP NAS打造私有雲平台QNAP NAS打造私有雲平台
QNAP NAS打造私有雲平台
 
Cumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Linux 2.5 Overview
Cumulus Linux 2.5 Overview
 
6WINDGate™ - Enabling Cloud RAN Virtualization
6WINDGate™ - Enabling Cloud RAN Virtualization6WINDGate™ - Enabling Cloud RAN Virtualization
6WINDGate™ - Enabling Cloud RAN Virtualization
 
6WINDGate™ - Accelerated Data Plane Solution for EPC and vEPC
6WINDGate™ - Accelerated Data Plane Solution for EPC and vEPC6WINDGate™ - Accelerated Data Plane Solution for EPC and vEPC
6WINDGate™ - Accelerated Data Plane Solution for EPC and vEPC
 

Más de Open Networking Summit

A Centrally Orchestrated SD-WAN Building a Green Ecosystem
A Centrally Orchestrated SD-WAN Building a Green EcosystemA Centrally Orchestrated SD-WAN Building a Green Ecosystem
A Centrally Orchestrated SD-WAN Building a Green Ecosystem
Open Networking Summit
 
Open and Disaggregated Transport SDN - from PoC to Field Trial
Open and Disaggregated Transport SDN - from PoC to Field TrialOpen and Disaggregated Transport SDN - from PoC to Field Trial
Open and Disaggregated Transport SDN - from PoC to Field Trial
Open Networking Summit
 
Arachne: How does Uber check the health of its Network Infrastructure every 1...
Arachne: How does Uber check the health of its Network Infrastructure every 1...Arachne: How does Uber check the health of its Network Infrastructure every 1...
Arachne: How does Uber check the health of its Network Infrastructure every 1...
Open Networking Summit
 

Más de Open Networking Summit (20)

Microservice Powered Orchestration
Microservice Powered OrchestrationMicroservice Powered Orchestration
Microservice Powered Orchestration
 
Considerations for Deploying Virtual Network Functions and Services
Considerations for Deploying Virtual Network Functions and ServicesConsiderations for Deploying Virtual Network Functions and Services
Considerations for Deploying Virtual Network Functions and Services
 
Software Defined RAN
Software Defined RANSoftware Defined RAN
Software Defined RAN
 
Design Principles for 5G
Design Principles for 5GDesign Principles for 5G
Design Principles for 5G
 
Disaggregation @Equinix
Disaggregation @EquinixDisaggregation @Equinix
Disaggregation @Equinix
 
Open Source Networking Solving Molecular Analysis of Cancer
Open Source Networking Solving Molecular Analysis of CancerOpen Source Networking Solving Molecular Analysis of Cancer
Open Source Networking Solving Molecular Analysis of Cancer
 
Building Business on Top of Open Source
Building Business on Top of Open SourceBuilding Business on Top of Open Source
Building Business on Top of Open Source
 
Harmonizing of Open Source Networking
Harmonizing of Open Source NetworkingHarmonizing of Open Source Networking
Harmonizing of Open Source Networking
 
Five Trends Enabled by 5G that will Change Networking Forever
Five Trends Enabled by 5G that will Change Networking ForeverFive Trends Enabled by 5G that will Change Networking Forever
Five Trends Enabled by 5G that will Change Networking Forever
 
Container Networking
Container NetworkingContainer Networking
Container Networking
 
Networking Challenges for the Next Decade
Networking Challenges for the Next DecadeNetworking Challenges for the Next Decade
Networking Challenges for the Next Decade
 
A Centrally Orchestrated SD-WAN Building a Green Ecosystem
A Centrally Orchestrated SD-WAN Building a Green EcosystemA Centrally Orchestrated SD-WAN Building a Green Ecosystem
A Centrally Orchestrated SD-WAN Building a Green Ecosystem
 
SDN-Based Enterprise Connectivity Service
SDN-Based Enterprise Connectivity ServiceSDN-Based Enterprise Connectivity Service
SDN-Based Enterprise Connectivity Service
 
Open and Disaggregated Transport SDN - from PoC to Field Trial
Open and Disaggregated Transport SDN - from PoC to Field TrialOpen and Disaggregated Transport SDN - from PoC to Field Trial
Open and Disaggregated Transport SDN - from PoC to Field Trial
 
Disaggregated Networking - The Drivers, the Software & The High Availability
Disaggregated Networking - The Drivers, the Software & The High AvailabilityDisaggregated Networking - The Drivers, the Software & The High Availability
Disaggregated Networking - The Drivers, the Software & The High Availability
 
IoT in Action: Architecting, Securing, & Scaling Applications
IoT in Action: Architecting, Securing, & Scaling ApplicationsIoT in Action: Architecting, Securing, & Scaling Applications
IoT in Action: Architecting, Securing, & Scaling Applications
 
Open Source Approach to Design and Deployment of Microservices-based VNF
Open Source Approach to Design and Deployment of Microservices-based VNFOpen Source Approach to Design and Deployment of Microservices-based VNF
Open Source Approach to Design and Deployment of Microservices-based VNF
 
Container Service Chaining
Container Service ChainingContainer Service Chaining
Container Service Chaining
 
OpenStack: Networking Roadmap, Collaboration and Contribution
OpenStack: Networking Roadmap, Collaboration and ContributionOpenStack: Networking Roadmap, Collaboration and Contribution
OpenStack: Networking Roadmap, Collaboration and Contribution
 
Arachne: How does Uber check the health of its Network Infrastructure every 1...
Arachne: How does Uber check the health of its Network Infrastructure every 1...Arachne: How does Uber check the health of its Network Infrastructure every 1...
Arachne: How does Uber check the health of its Network Infrastructure every 1...
 

Último

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Accelerated SDN in Azure

  • 1. Accelerated SDN in Azure Daniel Firestone, Tech Lead and Manager Gabriel Silva, Product Manager Azure Networking Host SDN Team
  • 2. Agenda • Azure scale • SDN in Azure • Scaling SDN with SmartNIC • Linux Networking • Demo
  • 3. mediacaching identity service bus mobile services cloud services virtual machines Data Services tableData Lake blob storage SQL database App Services media hpcintegration analytics caching identity service bus web apps mobile services cloud services Infrastructure Services cdn virtual machines virtual network vpn traffic manager Microsoft Azure
  • 4. 10’s of PB ExabytesAzure Storage Pbps10’s of TbpsDatacenter Network 2010 2017 100K MillionsCompute Instances
  • 5. Fortune 500 using Microsoft Cloud >85% TRILLION Azure storage objects MILLION Azure Active Directory Orgs 1 out of 3 Azure VMs are Linux VMs TRILLION requests/day > 3 TRILLION Azure Event Hubs events/week >110 BILLION Azure DB requests/day Azure Scale & Momentum >18 BILLION Azure Active Directory authentications/week New Azure customers a month >120,000
  • 6. How Do We Build Software Networks in the Cloud?
  • 7. SDN: Building the right abstractions for Scale Abstract by separating management, control, and data planes REST APIs Controller Virtual Switch Management Plane Control Plane Management plane Create a tenant Control plane Plumb these tenant ACLs to these switches Data plane Apply these ACLs to these flows Example: ACLs Data plane needs to apply per-flow policy to millions of VMs How do we apply billions of flow policy actions to packets?
  • 8. Virtual Filtering Platform (VFP) Azure’s SDN Dataplane • Acts as a virtual switch inside Hyper-V VMSwitch • Provides core SDN functionality for Azure networking services, including: • Address Virtualization for VNET • VIP -> DIP Translation for SLB • ACLs, Metering, and Security Guards • Uses programmable rule/flow tables to perform per-packet actions • Supports all Azure dataplane policy at 40GbE+ with offloads
  • 9. Flow Tables are the right abstraction for the Host Node: 10.4.1.5 VFP Blue VM1 10.1.1.2 NIC Controller Tenant Description VNet Description Flow Action VNet Routing Policy ACLsNAT Endpoints Flow ActionFlow Action TO: 10.2/16 Encap to GW TO: 10.1.1.5 Encap to 10.5.1.7 TO: !10/8 NAT out of VNET Flow ActionFlow Action TO: 79.3.1.2 DNAT to 10.1.1.2 TO: !10/8 SNAT to 79.3.1.2 Flow Action TO: 10.1.1/24 Allow 10.4/16 Block TO: !10/8 Allow • VMSwitch exposes a typed Match- Action-Table API to the controller • One table per policy • Key insight: Let controller tell the switch exactly what to do with which packets (e.g. encap/decap), rather than trying to use existing abstractions (Tunnels, …) VNET LB NAT ACLS
  • 10. This worked well at 1GbE, ok at 10GbE… what about 40GbE+?
  • 11. Traditional Approach to Scale: ASICs • We’ve worked with network ASIC vendors over the years to accelerate many functions, including: • TCP offloads: Segmentation, checksum, … • Steering: VMQ, RSS, … • Encapsulation: NVGRE, VXLAN, … • Direct NIC Access: DPDK, PacketDirect, … • RDMA • Is this a long term solution?
  • 12. Host SDN Scale Challenges in Practice • Hosts are Scaling Up: 1G  10G  40G  50G  100G • Reduces COGS of VMs (more VMs per host) and enables new workloads • Need the performance of hardware to implement policy without CPU • Not enough to just accelerate to ASICs – need to move entire stacks to HW • Need to support new scenarios: BYO IP, BYO Topology, BYO Appliance • We are always pushing richer semantics to virtual networks • Need the programmability of software to be agile and future-proof – 12-18 month ASIC cycle + time to roll new HW is too slow How do we get the performance of hardware with programmability of software?
  • 13. Our Solution – Azure SmartNIC • HW is needed for scale, perf, and COGS at 40G+ • 12-18 month ASIC cycle + time to roll new HW is too slow • To compete and react to new needs, we need agility – SDN • SmartNIC combines agility of SDN with speed+COGS of HW Roll out Hardware as we do Software Blade SmartNIC NIC ASIC FPGA CPU ToR Bump in the Wire: Reconfigurable FPGA + NIC ASIC
  • 14. SmartNIC Design • Use an FPGA for reconfigurable functions • Same FPGAs already used in Bing • Roll out Hardware as we do software • Programmed using Generic Flow Tables • Language for programming SDN to hardware • Uses connections and structured actions as primitives • SmartNIC can also do Crypto, QoS, storage acceleration, and more… Blade SmartNIC NIC ASIC FPGA CPU ToR
  • 15. 2015-17 FPGA Deployments: 40G Bump in the Wire CPU CPU FPGA NIC DRAM DRAM DRAM Server Blade FPGA board Gen3 2x8 Gen3 x8 QPI Switch QSFP QSFPQSFP 40Gb/s 40Gb/s OCS Blade with NIC and FPGA FPGA Tray Backplane Option Card Mezzanine Connectors SmartNIC FPGA Card All new Azure Compute servers since late 2015 ship with FPGAs!
  • 16. Azure Accelerated Networking: Fastest Cloud Network! • Highest bandwidth VMs of any cloud • DS15v2 & D15v2 VMs get 25Gbps • Consistent low latency network performance • Provides SR-IOV to the VM • 10x latency improvement • Increased packets per second (PPS) • Reduced jitter means more consistency in workloads • Enables workloads requiring native performance to run in cloud VMs • >2x improvement for many DB and OLTP applications
  • 17. Accelerated Networking Internals SDN/Networking policy applied in software in the host FPGA acceleration used to apply all policies
  • 18. Controller Controller Controller VFP VFP APIs GFT Offload API (NDIS) VMSwitch VM ARM APIs SR-IOV (Host Bypass) GFT Table First Packet GFT Offload Engine SmartNIC 50G QoSCrypto RDMA GFT 19 SmartNIC - Accelerating SDN
  • 19.
  • 20. Linux on Azure Momentum • Over 1 in 3 Azure VMs run Linux, and growing • Over 40% of new VMs created today in Azure are Linux! • Powershell is now open source and available on Linux • Azure Container Service is GA – Integration with Docker Swarm, Kubernetes, DC/OS Our goal is that everything in Azure works for Linux VMs and Windows VMs equally
  • 21. VM Boost for Linux VM Boost is a combination of Linux and Azure optimizations: • Linux network driver improvements • Microsoft Hyper-V Network adapter • Fewer CPU interrupts • Take advantage of segmentation offload in Azure • Azure Platform optimizations • VNET offloads recently deployed to production • VFP performance improvements Result is up to 200% improvement on larger VM sizes!
  • 22. Announcing Accelerated Networking For Linux (Preview) • Now offered on Dv2 Series VMs • Preview available in select regions • West US 2 • South Central US • Supported on multiple Linux distributions in the Azure Marketplace • Ubuntu • CentOS Get the highest bandwidth VMs of any cloud (25Gbps) with ultra-low latency on Linux!
  • 24. Linux Network Virtual Appliances on Azure • Dedicated to getting the best performance for 1st and 3rd party appliances running on Azure • Accelerated Networking for Linux allows appliance vendors to get low latency, high throughput, high packets per second, and low jitter, for a best in class experience • Working with multiple partners to enable your favorite appliances • SRIOV is just the first step, more improvements coming!
  • 25. Microsoft’s Contributions to Linux Networking • All Hyper-V and Azure integration, including Accelerated Networking, is now upstream in the kernel • SR-IOV problem – how do you live migrate a VM or service the host network stack if the VM has a virtual function? • Previously solved in Hyper-V for Windows VMs with transparent failover to synthetic path • Now contributed upstream to Linux – support for Live Migration for SR-IOV Linux VMs running over Hyper-V (potentially others) • First industry support for SR-IOV Live Migration in Linux! • Supports serviceability in Azure with Accelerated Networking