Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
© 2015 Citrix
Developing and Deploying L4-L7
services for SDN and NFV
environments
Youcef Laribi
September 2015
© 2015 Citrix
Let’s start with a definition…
© 2015 Citrix
Typical Enterprise L4-L7 Services
Firewall
URL
Filter
Transparent
Caching
ADC
IPS/IDS
WAN
Opt
Monitoring
© 2015 Citrix
L4-L7 Services in Telco Networks
© 2015 Citrix
Typical S/Gi-LAN L4-L7 Network Services
CGNAT
DPI
Parental
Control
Video
Optimization
SBC
Firewall
URL
Filte...
© 2015 Citrix
Manifestations of an L4-L7 Service
© 2015 Citrix
Devices vs. Services
Service A
Service A
Service A
© 2015 Citrix
Software-Defined Networking
© 2015 Citrix
Traditional Definition of SDN
Control Plane
Control PlaneControl Plane
Control Plane
Data Plane Data Plane
D...
© 2015 Citrix
Pragmatic Definition of SDN
Source: http://blog.ipspace.net/2015/08/sdn-onf-is-moving-to-logically.html
© 2015 Citrix
Pragmatic Definition of SDN
Control Plane
Control Plane Control Plane
Control Plane
Logically-Central Contro...
© 2015 Citrix
Protocols supported in OpenDaylight Lithium release
Source: http://www.slideshare.net/CiscoDevNet/devnet-117...
© 2015 Citrix
Examples of SDN Platforms
© 2015 Citrix
L4-L7 Services in an SDN Platform
SDN
Controller
Gateway
L4-L7
Appliance
VLANs
Virtual
Networks
Virtual
Swit...
© 2015 Citrix
Network Function Virtualization
© 2015 Citrix
NFV Mission Statement
Vision:
An open ecosystem for NFV enables rapid service innovation for Network Operato...
© 2015 Citrix
SDN vs NFV
Source: https://www.sdxcentral.com/articles/contributed/nfv-and-sdn-whats-the-difference/2013/03/
© 2015 Citrix
NFV Architecture Framework
© 2015 Citrix
NFV Architecture – Simplified View
© 2015 Citrix
Virtualized Infrastructure Manager - VIM
© 2015 Citrix
A VIM suitable for running Network Services
Current VIM
Capabilities
Desired VIM
Capabilities
GAP
- Resource...
© 2015 Citrix
Source: https://www.opnfv.org/software/technical-overview
© 2015 Citrix
Examples of NFV Orchestrators
© 2015 Citrix
VNF Managers
• Control Plane Elements that can:
– Reserve Compute/Network/Storage Resources for a VNF
– Inst...
© 2015 Citrix
Accelerating the Data Path
© 2015 Citrix
Problem
VM
vNIC
VM
vNIC
Virtual
Switch
pNIC
Linux networking Stack
Overhead
Overhead
Overhead
© 2015 Citrix
Open vSwitch Performance
0
2,500,000
5,000,000
7,500,000
10,000,000
12,500,000
15,000,000
0 256 512 768 1024...
© 2015 Citrix
Adding to the Problem
Source: http://people.netfilter.org/hawk/presentations/LCA2015/net_stack_challenges_10...
© 2015 Citrix
SR-IOV
© 2015 Citrix
SR-IOV
• Drawbacks
– VM dependence on Hardware
(must use a specific NIC driver)
– Prevents VM Migration
– By...
© 2015 Citrix
Various out-of-tree Linux Kernel Bypass techniques
• NETMAP
• PF_RING
• PacketShader
• OpenONLoad (SolarFlar...
© 2015 Citrix
Intel DPDK (Data Plane Driver Kit)
• All in User Space
• Fixed-Size Buffers
• Poll-Mode NIC drivers (PMDs) f...
© 2015 Citrix
DPDK with OVS
NIC
PMD
DPDK
netdev
OVS kernel module
kernel packet
processing
User Space Forwarding
socketTAP...
© 2015 Citrix
Other tricks to squeeze out performance
• CPU Socket Affinity: Placing all the vCPUs of a VM on the same phy...
© 2015 Citrix
Performance Numbers
Source: https://networkbuilders.intel.com/docs/Network_Builders_RA_DPDK_vSwitch_Final.pd...
© 2015 Citrix
Extension of Intel DPDK with 6Wind
• Poll Mode Drivers (PMDs) for non-Intel
NICs
• Performance accleleration...
© 2015 Citrix
Scale-up and Scale-out Solutions
© 2015 Citrix
Stitching Network Services
© 2015 Citrix
Static Service Chaining
• Service chain ordering or addition of new services requires network topology chang...
© 2015 Citrix
Dynamic Service Chaining
FE FE
NS1 NS2 NS3 NS4
Chain 1
Chain 2
Classifier
© 2015 Citrix
NFV Forwarding Graphs
Source: http://www.etsi.org/deliver/etsi_gs/nfv/001_099/002/01.02.01_60/gs_nfv002v0102...
© 2015 Citrix
NSH as an emerging IETF Standard
• IETF Draft: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/
• Goals:...
© 2015 Citrix
NSH Header Format
Source: http://www.slideshare.net/mestery/lisp-and-nsh-in-open-vswitch
© 2015 Citrix
NSH encapsulated in a VxLAN-GPE transport
Original
Packet/Frame
NSH Header
Transport
Encap
© 2015 Citrix
SFC Components
• Service Function (SF): A function that is responsible for specific treatment of
received pa...
© 2015 Citrix
NSH Header
Transport Encap (e.g. VxLAN-GPE, MPLS, LISP)
Example of an NSH-based service chain
Source
Destina...
© 2015 Citrix
OpenDaylight SFC with NSH on OpenVSwitch
© 2015 Citrix
OpenDaylight SFC Control Plane Elements
© 2015 Citrix
ODL Controller
OpenVSwitch
VNF
VM1
VNF
VM2
OpenVSwitch
VNF
VM3
VNF
VM4
OpenVSwitch
Client
VM
OpenVSwitch
Ser...
© 2015 Citrix
Summary
• Take-aways:
– Ways to accelerate the data path to your service for scale
– Work on integrating you...
© 2015 Citrix
Work better. Live better.Work better. Live better.
Próxima SlideShare
Cargando en…5
×

L4-L7 services for SDN and NVF by Youcef Laribi

1.663 visualizaciones

Publicado el

In this talk, we will discuss how L4-L7 devices can integrate in various SDN architectures, discuss benefits and some of the challenges that such integration represents. We will also talk about how SDN and NFV relate, and what are the different challenges to successfully deploy L4-L7 devices as Virtual Network Functions (VNFs) or provide such services to the NFV Infrastructure (VIM).

Bio

Youcef Laribi is a Principal Architect in the Delivery Networks BU at Citrix. He is responsible for driving the integration projects of the NetScaler ADC product with several Cloud, SDN and Automation environments including OpenStack, CloudStack, VMware NSX and Cisco ACI. He is also the Citrix representative on the OpenDaylight Technical Steering Committee. His background is mainly in Operating Systems and Distributed Systems, and he worked on several middleware technologies from DCE and CORBA in the early days, to J2EE and .NET to SOA and micro-services today. Youcef speaks 4 languages and holds a PhD and an MSc in Computer Science from the French INPG Institute in Grenoble, France.

Publicado en: Tecnología
  • Sé el primero en comentar

L4-L7 services for SDN and NVF by Youcef Laribi

  1. 1. © 2015 Citrix Developing and Deploying L4-L7 services for SDN and NFV environments Youcef Laribi September 2015
  2. 2. © 2015 Citrix Let’s start with a definition…
  3. 3. © 2015 Citrix Typical Enterprise L4-L7 Services Firewall URL Filter Transparent Caching ADC IPS/IDS WAN Opt Monitoring
  4. 4. © 2015 Citrix L4-L7 Services in Telco Networks
  5. 5. © 2015 Citrix Typical S/Gi-LAN L4-L7 Network Services CGNAT DPI Parental Control Video Optimization SBC Firewall URL Filter WAP Gateway Transparent Caching ADCLawful Intercept IP Reputation TCP Opt
  6. 6. © 2015 Citrix Manifestations of an L4-L7 Service
  7. 7. © 2015 Citrix Devices vs. Services Service A Service A Service A
  8. 8. © 2015 Citrix Software-Defined Networking
  9. 9. © 2015 Citrix Traditional Definition of SDN Control Plane Control PlaneControl Plane Control Plane Data Plane Data Plane Data Plane Data Plane Data Plane Data Plane
  10. 10. © 2015 Citrix Pragmatic Definition of SDN Source: http://blog.ipspace.net/2015/08/sdn-onf-is-moving-to-logically.html
  11. 11. © 2015 Citrix Pragmatic Definition of SDN Control Plane Control Plane Control Plane Control Plane Logically-Central Control Plane Data Plane Data Plane Data Plane
  12. 12. © 2015 Citrix Protocols supported in OpenDaylight Lithium release Source: http://www.slideshare.net/CiscoDevNet/devnet-1175-open-daylight-service-function-chaining
  13. 13. © 2015 Citrix Examples of SDN Platforms
  14. 14. © 2015 Citrix L4-L7 Services in an SDN Platform SDN Controller Gateway L4-L7 Appliance VLANs Virtual Networks Virtual Switch Data Plane Control Protocol SDN Controller L4-L7 Appliance Virtual Networks Virtual Switch VLANs
  15. 15. © 2015 Citrix Network Function Virtualization
  16. 16. © 2015 Citrix NFV Mission Statement Vision: An open ecosystem for NFV enables rapid service innovation for Network Operators and Service Providers. Innovation in end-to-end services is enabled by software-based deployment and operationalization of virtualized network functions on independently deployed and operated NFV infrastructure platforms.
  17. 17. © 2015 Citrix SDN vs NFV Source: https://www.sdxcentral.com/articles/contributed/nfv-and-sdn-whats-the-difference/2013/03/
  18. 18. © 2015 Citrix NFV Architecture Framework
  19. 19. © 2015 Citrix NFV Architecture – Simplified View
  20. 20. © 2015 Citrix Virtualized Infrastructure Manager - VIM
  21. 21. © 2015 Citrix A VIM suitable for running Network Services Current VIM Capabilities Desired VIM Capabilities GAP - Resource Reservation - Fault Diagnosis - High-Availability of VIM - Sophisticated Placement - Policy-driven Lifecycle - Hardware-Accelerated IO - Unified Security Platform - QoS for all VIM services - Service Function Chaining
  22. 22. © 2015 Citrix Source: https://www.opnfv.org/software/technical-overview
  23. 23. © 2015 Citrix Examples of NFV Orchestrators
  24. 24. © 2015 Citrix VNF Managers • Control Plane Elements that can: – Reserve Compute/Network/Storage Resources for a VNF – Instantiate a VNF – Update the VNF – (Re)Configure the VNF – Monitor the VNF – VNF Scale-up or Scale-out – Terminate the VNF • It May be specific to a VNF or responsible for managing multiple VNFs • Often provided by the VNF Vendor, but can also be part of the NFV Orchestrator
  25. 25. © 2015 Citrix Accelerating the Data Path
  26. 26. © 2015 Citrix Problem VM vNIC VM vNIC Virtual Switch pNIC Linux networking Stack Overhead Overhead Overhead
  27. 27. © 2015 Citrix Open vSwitch Performance 0 2,500,000 5,000,000 7,500,000 10,000,000 12,500,000 15,000,000 0 256 512 768 1024 1280 1536 Packets/second Packet Size Open vSwitch Phy-Phy Throughput PPS Line Rate PPS OVS Kernel Source: http://openvswitch.org/support/ovscon2014/17/1630-accelerating-with-dpdk.pptx
  28. 28. © 2015 Citrix Adding to the Problem Source: http://people.netfilter.org/hawk/presentations/LCA2015/net_stack_challenges_100G_LCA2015.pdf Line rate on a 10Gbps NIC => Time to process 64-byte packet: 67.2 nanoseconds!! (to put this in perspective: A single cache-miss on an Intel Xeon E5-2650 CPU costs 32 nanoseconds)
  29. 29. © 2015 Citrix SR-IOV
  30. 30. © 2015 Citrix SR-IOV • Drawbacks – VM dependence on Hardware (must use a specific NIC driver) – Prevents VM Migration – Bypasses Hypervisor security features
  31. 31. © 2015 Citrix Various out-of-tree Linux Kernel Bypass techniques • NETMAP • PF_RING • PacketShader • OpenONLoad (SolarFlare) • DPDK (Intel)
  32. 32. © 2015 Citrix Intel DPDK (Data Plane Driver Kit) • All in User Space • Fixed-Size Buffers • Poll-Mode NIC drivers (PMDs) for Intel NICs • Efficient Flow Classification based on Intel SSE • Lockless Queues • Huge Pages (up to 1GB) • Run to completion mode
  33. 33. © 2015 Citrix DPDK with OVS NIC PMD DPDK netdev OVS kernel module kernel packet processing User Space Forwarding socketTAP netdev User Space qemu VM virtio IVSHEM vHost qemu VM shmem DPDK Tunnels Kernel Space DPDK Libraries ovs-switchd
  34. 34. © 2015 Citrix Other tricks to squeeze out performance • CPU Socket Affinity: Placing all the vCPUs of a VM on the same physical CPU socket. • CPU Pinning: Pinning a VM vCPU to a physical core. • NUMA-aware Scheduling: Associates the VM with the same NUMA nodes as the PCIe devices passed to the VM Source: https://networkbuilders.intel.com/docs/openStack_Kilo_wp_v2.pdf
  35. 35. © 2015 Citrix Performance Numbers Source: https://networkbuilders.intel.com/docs/Network_Builders_RA_DPDK_vSwitch_Final.pdf No packet processing – just forwarding Traffic Generator
  36. 36. © 2015 Citrix Extension of Intel DPDK with 6Wind • Poll Mode Drivers (PMDs) for non-Intel NICs • Performance accleleration for vNICs: – Fast vNIC PMD – vNIC VMXNET3 PMD – vNIC virtio PMD • Crypto-Acceleration Modules for: – Cavium Nitro – Intel Multi Buffer Crypto for IPSec – Intel QuickAssist
  37. 37. © 2015 Citrix Scale-up and Scale-out Solutions
  38. 38. © 2015 Citrix Stitching Network Services
  39. 39. © 2015 Citrix Static Service Chaining • Service chain ordering or addition of new services requires network topology changes • All traffic flows through all services regardless of need • Tied to the transport protocol Source: http://www.flat-planet.net/blog/?p=205
  40. 40. © 2015 Citrix Dynamic Service Chaining FE FE NS1 NS2 NS3 NS4 Chain 1 Chain 2 Classifier
  41. 41. © 2015 Citrix NFV Forwarding Graphs Source: http://www.etsi.org/deliver/etsi_gs/nfv/001_099/002/01.02.01_60/gs_nfv002v010201p.pdf
  42. 42. © 2015 Citrix NSH as an emerging IETF Standard • IETF Draft: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ • Goals: – Transport Agnostic – Carry Service Chain Information – Ability to reclassify traffic mid-stream – Ability to share Metadata
  43. 43. © 2015 Citrix NSH Header Format Source: http://www.slideshare.net/mestery/lisp-and-nsh-in-open-vswitch
  44. 44. © 2015 Citrix NSH encapsulated in a VxLAN-GPE transport Original Packet/Frame NSH Header Transport Encap
  45. 45. © 2015 Citrix SFC Components • Service Function (SF): A function that is responsible for specific treatment of received packets (e.g. Firewall, DPI, NAT, LB, etc.) • Service Function Forwarder (SFF): Responsible for forwarding traffic to one or more connected service functions according to information carried in the SFC encapsulation. • Service Function Proxy: Removes and inserts SFC Encapsulation on behalf of an SFC-unaware service function. • Classifier: An element in the data plane that performs classification Source: https://tools.ietf.org/html/draft-ietf-sfc-architecture-11
  46. 46. © 2015 Citrix NSH Header Transport Encap (e.g. VxLAN-GPE, MPLS, LISP) Example of an NSH-based service chain Source Destination Data Plane
  47. 47. © 2015 Citrix OpenDaylight SFC with NSH on OpenVSwitch
  48. 48. © 2015 Citrix OpenDaylight SFC Control Plane Elements
  49. 49. © 2015 Citrix ODL Controller OpenVSwitch VNF VM1 VNF VM2 OpenVSwitch VNF VM3 VNF VM4 OpenVSwitch Client VM OpenVSwitch Server VM Compute Host Compute Host Compute Host Compute Host OpenDaylight SFC Control Plane Elements
  50. 50. © 2015 Citrix Summary • Take-aways: – Ways to accelerate the data path to your service for scale – Work on integrating your service into SDN Fabric Control Planes – Track and Support service chaining standards like NSH – Provide a management layer in an NFV environment for your services
  51. 51. © 2015 Citrix Work better. Live better.Work better. Live better.

×