SlideShare a Scribd company logo

Enable DPDK and SR-IOV for containerized virtual network functions with zun

Download as PPTX, PDF
H
heut2008

Enable DPDK and SR-IOV for containerized virtual network functions with zun

Technology
1 of 32
Enabling DPDK/SR-IOV for containerized Virtual Network Functions with Zun Bin Zhou [NFV Researcher, Lenovo] Hongbin Lu [Zun PTL,Huawei] Yaguang Tang [NFV Researcher, Lenovo] Shunli Zhou [Zun Core, Fiberhome] November 2017
➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
Which Emerging Technologies Interest OpenStack Users? ● Containers are the most interesting emerging technologies. ● 75% of OpenStack users interests in containers.
➡How to use containers on OpenStack? ➡Existing solutions • Integrate containers into Nova • Example: Nova-docker, Nova-lxd • Install Container Orchestration Engine (COEs) on VMs. • Example: Magnum, Kubespray • OpenStack Container service: Zun Introduce Zun
● OpenStack Container service ● Provide API for provisioning and managing containers without VMs ○ Speed ○ Simplicity ● Arbitrary memory and vCPUs ● Containers as first class resource ○ Keystone RBAC for individual container ○ Neutron port(s) for each container ○ Cinder volume(s) bind-mount Introduce Zun
VMs Containers Create List Delete Run Exec ... SSH Migrate ... Nova Zun ➡Nova-docker • Use Nova to manage containers • Suitable if VMs and containers are the same ➡Obstacles • VMs and containers are different • Container specified features are not exposed Introduce Zun
Baremetal Tenant 1 Virtualization Tenant 2 Tenant 3 COE Baremetal Tenant 1 Virtualization (optional) Tenant 2 Tenant 3 Contain ers ZunCOE COE Contain ers Contain ers Contain ers Contain ers Contain ers Magnum Zun ➡Magnum • Provision Nova instances • Install a COE • Run containers on the COE ➡Pros: • Strong Isolation ➡Cons: • Low resource utilization • Virtualization penalty Introduce Zun
➡Concepts: • Container: A single container • create, update, delete, start, stop, kill, … • network-attach, add-security-group, … • attach, exec, commit, log, ... • Capsule (Experimental): A group of containers that are co- located, have shared network and volumes. • create, list, delete, … Introduce Zun
Introduce Zun ➡Zun API • Provide REST APIs • Manage all compute nodes • Scheduling containers ➡Zun Compute • Compute node agent • Manage local containers • Track compute resources ➡Kuryr • Bind neutron ports to containers Zun API Zun Compute Docker Keystone KuryrNeutron Cinder
➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
➡What is NFV • A new way to design, deploy and manage network services • Replace hardware with software • Move network functions to commodity hardware ➡Benefits of NFV • Fast provisioning • Quick scale up and down • Easy upgrade and relocate • Reduce cost • No vendor hardware locked-in Container for NFV
➡VM or Containers? • Time to provision: container boots faster • Resource consumption: container has less memory footprint • Package management: Docker makes it easy • Configurability: container is better • Portability: container image is smaller • Security: VM provides better isolation • Use Clear Container to improve security Container for NFV
Challenges & Gaps of using containers NFV Req features VM Container SR-IOV Yes Weak DPDK Yes Weak CPU pinning Yes Weak NUMA Yes Weak Hugepage Yes Weak ➡Lack of supports of NFV required features in container ecosystem • Container runtime • Container orchestration • OpenStack integration ➡Use Zun to reduce the gaps
Enable SR-IOV in Zun ➡What is SR-IOV? • A standardized mechanism to virtualize PCIe devices • Make a single PCIe Ethernet controller (PF) to appear as multiple PCIe devices (VF) • PF: Physical Function • VF: Virtual Function • Passthrough VF to container • Bypass virtual switch layer
Enable SR-IOV in Zun ➡Enable SR-IOV in Zun • Create VFs in compute nodes • Configure Neutron • Configure Zun • Whitelist PCI devices (e.g. pci_passthrough_whitelist = { "devname": "eth3", "physical_network": "physnet2"}) • Enable PCI filters (e.g. enabled_filters = ...,PciPassthroughFilter) • Configure Kuryr • Enable SR-IOV driver
Enable SR-IOV in Zun 1.Create a SR-IOV port 2.Create a container 3.Pick a host that has available VFs 4.Assign a VF to the port 5.Create a container 6.Docker calls its network plugin (Kuryr) to setup the network 7.Kuryr retrieve VF’s information from the neutron port and perform port binding Zun API Zun Compute Kuryr Neutron Docker User 1 2 3 5 6 7 4
Container with DPDK DPDK PMD ● physical nic ○ igb_uio ○ vfio-pci ● virtual hardware ○ virtio_user vhost software ● net_pcap (kernel stack)
Host kernel Container Container VF VFPF PF driver Host kernel Container DPDK DPDK DPDK DPDK & SR-IOV for container SR-IOV in userland SR-IOV in kernel VFVF VF driver VF driver Container netns ETHx netns ETHx Passthrough
➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
Case 1 (non DPDK) ● Zun Container with SR-IOV ● Zun Container with OVS networking Performance Benchmark Testing Case 2 (SR-IOV & DPDK) ● Container with SR-IOV & DPDK (kernel land) ● Container with SR-IOV & DPDK (user land)
Role Hardware OS network CPU Controller Think system x3650 M5 Ubuntu 16.04.3 82599ES 10Gb Intel(R) E5- 2680 v3 @ 2.50GHz compute Think system x3650 M5 Ubuntu 16.04.3 82599ES 10Gb Intel(R) E5- 2680 v3 @ 2.50GHz Software version other DPDK 17.05 Openvswitch 2.8.1 Testing setup ● L2FWD as containerized VNF ● RFC 2544 standard throughput testing ● DPDK-pktgen as packet generator DPDK Testing non DPDK Testing ● iperf3 with udp
zun-compute Server1 zun-compute Server2 O V S O V S container container container container Linux bridge Linux bridge PF PF Zun networking without SR-IOV
zun-compute Server1 zun-compute Server2 container container container container VF VF VF VF Zun networking with SR-IOV
Container network Benchmarking
● Hugepage size ● PCIe NUMA ● Isolate CPU cores for tx/rx pktgen ● Disable isolated cpu core interrupts BOOT_IMAGE=/vmlinuz-4.4.0-87-generic root=/dev/mapper/docker2--vg-root ro default_hugepagesz=1G hugepagesz=2M hugepagesz=1G hugepages=8 iommu=pt intel_iommu=on isolcpus=5,6,7,8,9,10 nohz=on nohz_full=5,6,7,8,9,10 rcu_nocbs=5,6,7,8,9,10 DPDK testing tuning
Server1 Server2 VF1 VF2 pktgen VNF l2fwd VF1 VF2 VF1 Testing scenario 1 ● Userland SR-IOV used by container ● DPDK application l2fwd inside container Container dpdk-devbind --bind=igb_uio 0000:06:10.2 docker run -v /dev/hugepages/:/dev/hug epages --net=none -- privileged --name test2 -dit 14ce48b74dd9 l2fwd -l 5-6 -n 4 --huge-dir /dev/hugepages --socket- mem 1024,1024 -- -q 8 -p 1
Server1 Server2 VF1 VF2 pktgen VNF l2fwd VF1 VF2 VF1 Testing scenario 2 ● containers using SR-IOV by kernel netns ● DPDK application l2fwd inside container NETNS Container $ neutron port-create sriov -- name sriov_port -- binding:vnic_type direct $ zun run --net port=sriov_port dpdk-test l2fwd -l 5-6 -n 4 --huge-dir /dev/hugepages --socket-mem 1024,1024 -- vdev=’eth_pcap0,iface=eth0’ -- -q 8 -p 1
Container DPDK/SR-IOV Benchmarking
https://youtu.be/EwghPOVZLq0 Demo
➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
SR-IOV & DPDK can accelerate container networking performance Benefits High throughput Low latency Deterministic networking Conclusion ● DPDK & SR-IOV for container user land approaching physical server performance ● multi-tenancy issue ● security issue ● Container with SR-IOV for high throughput non DPDK application ● unified management of VF
@OpenStack Q&A Thank you! openstack openstack OpenStackFoundation

Recommended

DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabMichelle Holley
 
DPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingDPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingMichelle Holley
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
Intel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsIntel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsHisaki Ohara
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network StackAdrien Mahieux
 
DPDK KNI interface
DPDK KNI interfaceDPDK KNI interface
DPDK KNI interfaceDenys Haryachyy
 
Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDKDenys Haryachyy
 

Recommended

DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabMichelle Holley
 
DPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingDPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingMichelle Holley
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
Intel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsIntel DPDK Step by Step instructions
Intel DPDK Step by Step instructionsHisaki Ohara
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network StackAdrien Mahieux
 
DPDK KNI interface
DPDK KNI interfaceDPDK KNI interface
DPDK KNI interfaceDenys Haryachyy
 
Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDKDenys Haryachyy
 
Dpdk applications
Dpdk applicationsDpdk applications
Dpdk applicationsVipin Varghese
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDPDaniel T. Lee
 
BPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabBPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabTaeung Song
 
Introduction to eBPF
Introduction to eBPFIntroduction to eBPF
Introduction to eBPFRogerColl2
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 
DPDK In Depth
DPDK In DepthDPDK In Depth
DPDK In DepthKernel TLV
 
Xdp and ebpf_maps
Xdp and ebpf_mapsXdp and ebpf_maps
Xdp and ebpf_mapslcplcp1
 
SR-IOV Introduce
SR-IOV IntroduceSR-IOV Introduce
SR-IOV IntroduceLingfei Kong
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network InterfacesKernel TLV
 
Dpdk performance
Dpdk performanceDpdk performance
Dpdk performanceStephen Hemminger
 
netfilter and iptables
netfilter and iptablesnetfilter and iptables
netfilter and iptablesKernel TLV
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machineAlexei Starovoitov
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Diverajdeep
 
Using GTP on Linux with libgtpnl
Using GTP on Linux with libgtpnlUsing GTP on Linux with libgtpnl
Using GTP on Linux with libgtpnlKentaro Ebisawa
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)Kirill Tsym
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareBrendan Gregg
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack monad bobo
 
Open vSwitchソースコードの全体像
Open vSwitchソースコードの全体像 Open vSwitchソースコードの全体像
Open vSwitchソースコードの全体像 Sho Shimizu
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Andriy Berestovskyy
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Kubernetes
KubernetesKubernetes
KubernetesLinjith Kunnon
 
Composing services with Kubernetes
Composing services with KubernetesComposing services with Kubernetes
Composing services with KubernetesBart Spaans
 

More Related Content

What's hot

Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDPDaniel T. Lee
 
BPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabBPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabTaeung Song
 
Introduction to eBPF
Introduction to eBPFIntroduction to eBPF
Introduction to eBPFRogerColl2
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 
Xdp and ebpf_maps
Xdp and ebpf_mapsXdp and ebpf_maps
Xdp and ebpf_mapslcplcp1
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network InterfacesKernel TLV
 
netfilter and iptables
netfilter and iptablesnetfilter and iptables
netfilter and iptablesKernel TLV
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machineAlexei Starovoitov
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Diverajdeep
 
Using GTP on Linux with libgtpnl
Using GTP on Linux with libgtpnlUsing GTP on Linux with libgtpnl
Using GTP on Linux with libgtpnlKentaro Ebisawa
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)Kirill Tsym
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareBrendan Gregg
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack monad bobo
 
Open vSwitchソースコードの全体像
Open vSwitchソースコードの全体像 Open vSwitchソースコードの全体像
Open vSwitchソースコードの全体像 Sho Shimizu
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Andriy Berestovskyy
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 

What's hot (20)

Dpdk applications
Dpdk applicationsDpdk applications
Dpdk applications
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDP
 
BPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabBPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLab
 
Introduction to eBPF
Introduction to eBPFIntroduction to eBPF
Introduction to eBPF
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
 
DPDK In Depth
DPDK In DepthDPDK In Depth
DPDK In Depth
 
Xdp and ebpf_maps
Xdp and ebpf_mapsXdp and ebpf_maps
Xdp and ebpf_maps
 
SR-IOV Introduce
SR-IOV IntroduceSR-IOV Introduce
SR-IOV Introduce
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network Interfaces
 
Dpdk performance
Dpdk performanceDpdk performance
Dpdk performance
 
netfilter and iptables
netfilter and iptablesnetfilter and iptables
netfilter and iptables
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machine
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
 
Using GTP on Linux with libgtpnl
Using GTP on Linux with libgtpnlUsing GTP on Linux with libgtpnl
Using GTP on Linux with libgtpnl
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of Software
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack
 
Open vSwitchソースコードの全体像
Open vSwitchソースコードの全体像 Open vSwitchソースコードの全体像
Open vSwitchソースコードの全体像
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
 

Similar to Enable DPDK and SR-IOV for containerized virtual network functions with zun

Composing services with Kubernetes
Composing services with KubernetesComposing services with Kubernetes
Composing services with KubernetesBart Spaans
 
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV ClusterMethod of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Clusterbyonggon chun
 
OSS-10mins-7th2.pptx
OSS-10mins-7th2.pptxOSS-10mins-7th2.pptx
OSS-10mins-7th2.pptxjagmohan33
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networkingmarkmcclain
 
Scaling the Container Dataplane
Scaling the Container Dataplane Scaling the Container Dataplane
Scaling the Container Dataplane Michelle Holley
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2Liang Bo
 
CentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and UpdateCentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and UpdateTom Herbert
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
OVN: Scaleable Virtual Networking for Open vSwitch
OVN: Scaleable Virtual Networking for Open vSwitchOVN: Scaleable Virtual Networking for Open vSwitch
OVN: Scaleable Virtual Networking for Open vSwitchmestery
 
DevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes IntegrationDevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes IntegrationHank Preston
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowPLUMgrid
 
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeBuild and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeOmar Al-Safi
 
Comparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesComparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesAdam Hamsik
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetesJuraj Hantak
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Cynthia Thomas
 
La apuesta de Telefónica por la cloud privada
La apuesta de Telefónica por la cloud privadaLa apuesta de Telefónica por la cloud privada
La apuesta de Telefónica por la cloud privadaLibreCon
 

Similar to Enable DPDK and SR-IOV for containerized virtual network functions with zun (20)

Kubernetes
KubernetesKubernetes
Kubernetes
 
Composing services with Kubernetes
Composing services with KubernetesComposing services with Kubernetes
Composing services with Kubernetes
 
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV ClusterMethod of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
 
OSS-10mins-7th2.pptx
OSS-10mins-7th2.pptxOSS-10mins-7th2.pptx
OSS-10mins-7th2.pptx
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
 
Scaling the Container Dataplane
Scaling the Container Dataplane Scaling the Container Dataplane
Scaling the Container Dataplane
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2
 
CentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and UpdateCentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and Update
 
Neutron CI Run on Docker
Neutron CI Run on DockerNeutron CI Run on Docker
Neutron CI Run on Docker
 
Accelerated SDN in Azure
Accelerated SDN in AzureAccelerated SDN in Azure
Accelerated SDN in Azure
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing Infrastructure
 
OVN: Scaleable Virtual Networking for Open vSwitch
OVN: Scaleable Virtual Networking for Open vSwitchOVN: Scaleable Virtual Networking for Open vSwitch
OVN: Scaleable Virtual Networking for Open vSwitch
 
DevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes IntegrationDevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes Integration
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
 
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and KnativeBuild and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
Build and Deploy Cloud Native Camel Quarkus routes with Tekton and Knative
 
Comparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesComparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetes
 
Building a Router
Building a RouterBuilding a Router
Building a Router
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
 
La apuesta de Telefónica por la cloud privada
La apuesta de Telefónica por la cloud privadaLa apuesta de Telefónica por la cloud privada
La apuesta de Telefónica por la cloud privada
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

Enable DPDK and SR-IOV for containerized virtual network functions with zun

  • 1. Enabling DPDK/SR-IOV for containerized Virtual Network Functions with Zun Bin Zhou [NFV Researcher, Lenovo] Hongbin Lu [Zun PTL,Huawei] Yaguang Tang [NFV Researcher, Lenovo] Shunli Zhou [Zun Core, Fiberhome] November 2017
  • 2. ➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
  • 3. Which Emerging Technologies Interest OpenStack Users? ● Containers are the most interesting emerging technologies. ● 75% of OpenStack users interests in containers.
  • 4. ➡How to use containers on OpenStack? ➡Existing solutions • Integrate containers into Nova • Example: Nova-docker, Nova-lxd • Install Container Orchestration Engine (COEs) on VMs. • Example: Magnum, Kubespray • OpenStack Container service: Zun Introduce Zun
  • 5. ● OpenStack Container service ● Provide API for provisioning and managing containers without VMs ○ Speed ○ Simplicity ● Arbitrary memory and vCPUs ● Containers as first class resource ○ Keystone RBAC for individual container ○ Neutron port(s) for each container ○ Cinder volume(s) bind-mount Introduce Zun
  • 6. VMs Containers Create List Delete Run Exec ... SSH Migrate ... Nova Zun ➡Nova-docker • Use Nova to manage containers • Suitable if VMs and containers are the same ➡Obstacles • VMs and containers are different • Container specified features are not exposed Introduce Zun
  • 7. Baremetal Tenant 1 Virtualization Tenant 2 Tenant 3 COE Baremetal Tenant 1 Virtualization (optional) Tenant 2 Tenant 3 Contain ers ZunCOE COE Contain ers Contain ers Contain ers Contain ers Contain ers Magnum Zun ➡Magnum • Provision Nova instances • Install a COE • Run containers on the COE ➡Pros: • Strong Isolation ➡Cons: • Low resource utilization • Virtualization penalty Introduce Zun
  • 8. ➡Concepts: • Container: A single container • create, update, delete, start, stop, kill, … • network-attach, add-security-group, … • attach, exec, commit, log, ... • Capsule (Experimental): A group of containers that are co- located, have shared network and volumes. • create, list, delete, … Introduce Zun
  • 9. Introduce Zun ➡Zun API • Provide REST APIs • Manage all compute nodes • Scheduling containers ➡Zun Compute • Compute node agent • Manage local containers • Track compute resources ➡Kuryr • Bind neutron ports to containers Zun API Zun Compute Docker Keystone KuryrNeutron Cinder
  • 10. ➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
  • 11. ➡What is NFV • A new way to design, deploy and manage network services • Replace hardware with software • Move network functions to commodity hardware ➡Benefits of NFV • Fast provisioning • Quick scale up and down • Easy upgrade and relocate • Reduce cost • No vendor hardware locked-in Container for NFV
  • 12. ➡VM or Containers? • Time to provision: container boots faster • Resource consumption: container has less memory footprint • Package management: Docker makes it easy • Configurability: container is better • Portability: container image is smaller • Security: VM provides better isolation • Use Clear Container to improve security Container for NFV
  • 13. Challenges & Gaps of using containers NFV Req features VM Container SR-IOV Yes Weak DPDK Yes Weak CPU pinning Yes Weak NUMA Yes Weak Hugepage Yes Weak ➡Lack of supports of NFV required features in container ecosystem • Container runtime • Container orchestration • OpenStack integration ➡Use Zun to reduce the gaps
  • 14. Enable SR-IOV in Zun ➡What is SR-IOV? • A standardized mechanism to virtualize PCIe devices • Make a single PCIe Ethernet controller (PF) to appear as multiple PCIe devices (VF) • PF: Physical Function • VF: Virtual Function • Passthrough VF to container • Bypass virtual switch layer
  • 15. Enable SR-IOV in Zun ➡Enable SR-IOV in Zun • Create VFs in compute nodes • Configure Neutron • Configure Zun • Whitelist PCI devices (e.g. pci_passthrough_whitelist = { "devname": "eth3", "physical_network": "physnet2"}) • Enable PCI filters (e.g. enabled_filters = ...,PciPassthroughFilter) • Configure Kuryr • Enable SR-IOV driver
  • 16. Enable SR-IOV in Zun 1.Create a SR-IOV port 2.Create a container 3.Pick a host that has available VFs 4.Assign a VF to the port 5.Create a container 6.Docker calls its network plugin (Kuryr) to setup the network 7.Kuryr retrieve VF’s information from the neutron port and perform port binding Zun API Zun Compute Kuryr Neutron Docker User 1 2 3 5 6 7 4
  • 17. Container with DPDK DPDK PMD ● physical nic ○ igb_uio ○ vfio-pci ● virtual hardware ○ virtio_user vhost software ● net_pcap (kernel stack)
  • 18. Host kernel Container Container VF VFPF PF driver Host kernel Container DPDK DPDK DPDK DPDK & SR-IOV for container SR-IOV in userland SR-IOV in kernel VFVF VF driver VF driver Container netns ETHx netns ETHx Passthrough
  • 19. ➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
  • 20. Case 1 (non DPDK) ● Zun Container with SR-IOV ● Zun Container with OVS networking Performance Benchmark Testing Case 2 (SR-IOV & DPDK) ● Container with SR-IOV & DPDK (kernel land) ● Container with SR-IOV & DPDK (user land)
  • 21. Role Hardware OS network CPU Controller Think system x3650 M5 Ubuntu 16.04.3 82599ES 10Gb Intel(R) E5- 2680 v3 @ 2.50GHz compute Think system x3650 M5 Ubuntu 16.04.3 82599ES 10Gb Intel(R) E5- 2680 v3 @ 2.50GHz Software version other DPDK 17.05 Openvswitch 2.8.1 Testing setup ● L2FWD as containerized VNF ● RFC 2544 standard throughput testing ● DPDK-pktgen as packet generator DPDK Testing non DPDK Testing ● iperf3 with udp
  • 25. ● Hugepage size ● PCIe NUMA ● Isolate CPU cores for tx/rx pktgen ● Disable isolated cpu core interrupts BOOT_IMAGE=/vmlinuz-4.4.0-87-generic root=/dev/mapper/docker2--vg-root ro default_hugepagesz=1G hugepagesz=2M hugepagesz=1G hugepages=8 iommu=pt intel_iommu=on isolcpus=5,6,7,8,9,10 nohz=on nohz_full=5,6,7,8,9,10 rcu_nocbs=5,6,7,8,9,10 DPDK testing tuning
  • 26. Server1 Server2 VF1 VF2 pktgen VNF l2fwd VF1 VF2 VF1 Testing scenario 1 ● Userland SR-IOV used by container ● DPDK application l2fwd inside container Container dpdk-devbind --bind=igb_uio 0000:06:10.2 docker run -v /dev/hugepages/:/dev/hug epages --net=none -- privileged --name test2 -dit 14ce48b74dd9 l2fwd -l 5-6 -n 4 --huge-dir /dev/hugepages --socket- mem 1024,1024 -- -q 8 -p 1
  • 27. Server1 Server2 VF1 VF2 pktgen VNF l2fwd VF1 VF2 VF1 Testing scenario 2 ● containers using SR-IOV by kernel netns ● DPDK application l2fwd inside container NETNS Container $ neutron port-create sriov -- name sriov_port -- binding:vnic_type direct $ zun run --net port=sriov_port dpdk-test l2fwd -l 5-6 -n 4 --huge-dir /dev/hugepages --socket-mem 1024,1024 -- vdev=’eth_pcap0,iface=eth0’ -- -q 8 -p 1
  • 30. ➡Introduction to Zun ➡Zun Container for NFV • Challenges & Gaps • SR-IOV support in Zun • Container with DPDK ➡Performance Benchmark Testing • Setup • Results ➡Demo ➡Conclusion Agenda
  • 31. SR-IOV & DPDK can accelerate container networking performance Benefits High throughput Low latency Deterministic networking Conclusion ● DPDK & SR-IOV for container user land approaching physical server performance ● multi-tenancy issue ● security issue ● Container with SR-IOV for high throughput non DPDK application ● unified management of VF