fd.io vpp and Feature Summary at launch 2016-02-11 fd.io Foundaon 5 14+ MPPS, single core...
Transcript of fd.io vpp and Feature Summary at launch 2016-02-11 fd.io Foundaon 5 14+ MPPS, single core...
fd.iovppandcontainers
KeithBurns
fd.ioFounda2on 1
@alagalah
[email protected]|[email protected]
github.com/alagalah
fd.ioprojects
fd.ioFounda2on 4
Network IO
Packet Processing
VPP
Management Agent
NSH_SFC ONE VPP Sandbox TLDK
Honeycomb
Test
ing/
Per
form
ance
/Sup
port
CS
IT
Legend: - New Projects - Core Projects
deb_
dpdk
VPPFeatureSummaryatlaunch2016-02-11
fd.ioFounda2on 5
14+MPPS,singlecoreMul2millionentryFIBsSourceRPFThousandsofVRFs
Controlledcross-VRFlookupsMul2path–ECMPandUnequalCostMul2plemillionClassifiers–
ArbitraryN-tupleVLANSupport–Single/DoubletagMandatoryInputChecks:
TTLexpira2onheaderchecksumL2length<IPlengthARPresolu2on/snoopingARPproxy
IPv4/IPv6 IPv4
GRE,MPLS-GRE,NSH-GRE,VXLANIPSECDHCPclient/proxyCGNAT
IPv6
NeighbordiscoveryRouterAdver2sementDHCPv6ProxyL2TPv3SegmentRou2ngMAP/LW46–IPv4aasiOAM
MPLS
MPLS-o-Ethernet–Deeplabelstacks
supported
L2
VLANSupportSingle/DoubletagL2forwardingwithEFP/
BridgeDomainconceptsVTR–push/pop/Translate(1:1,1:2,2:1,2:2)MacLearning–defaultlimitof50kaddressesBridging–Split-horizongroupsupport/EFPFilteringProxyArpArptermina2onIRB–BVISupportwithRouterMacassignmentFloodingInputACLsInterfacecross-connect
VPPFeatureSummaryatlaunch2016-02-11
fd.ioFounda2on 6
14+MPPS,singlecoreMul2millionentryFIBsSourceRPFThousandsofVRFs
Controlledcross-VRFlookupsMul2path–ECMPandUnequalCostMul2plemillionClassifiers–
ArbitraryN-tupleVLANSupport–Single/DoubletagMandatoryInputChecks:
TTLexpira2onheaderchecksumL2length<IPlengthARPresolu2on/snoopingARPproxy
IPv4/IPv6 IPv4
GRE,MPLS-GRE,NSH-GRE,VXLANIPSECDHCPclient/proxyCGNAT
IPv6
NeighbordiscoveryRouterAdver2sementDHCPv6ProxyL2TPv3SegmentRou2ngMAP/LW46–IPv4aasiOAM
MPLS
MPLS-o-Ethernet–Deeplabelstacks
supported
L2
VLANSupportSingle/DoubletagL2forwardingwithEFP/
BridgeDomainconceptsVTR–push/pop/Translate(1:1,1:2,2:1,2:2)MacLearning–defaultlimitof50kaddressesBridging–Split-horizongroupsupport/EFPFilteringProxyArpArptermina2onIRB–BVISupportwithRouterMacassignmentFloodingInputACLsInterfacecross-connect
Countersfor
everything!
!!
VPP16.06Release
fd.ioFounda2on 7
• Enhanced Switching & Routing • IPv6 Segment Routing multicast support • LISP xTR support • VXLAN over IPv6 underlay • per interface whitelists • shared adjacencies in FIB
• Expanded Hardware and Software Support
• Support for ARM 32 targets • Support for Raspberry Pi • Support for DPDK 16.04
• New and improved interface support • jumbo frame support for vhost-user • Netmap interface support • AF_Packet interface support
• Programmability • Python API bindings • Enhanced JVPP Java API bindings • Enhanced debugging cli
Released2016-06-17
VPP16.09Release
fd.ioFounda2on 8 Release:2016-09-14
• Enhanced LISP support for • L2 overlays • Multi-tenancy • Multi-homing • Re-encapsulating Tunnel Routers (RTR)
support • Map-Resolver failover algorithm
• New “in-tree” plugins for • SNAT • MagLev-like Load Balancer • Identifier Locator Addressing (ILA)
• High performance port range ingress filtering
• Dynamically ordered subgraphs • Allows registration of node ‘before’ another node
Honeycomb16.09Release
fd.ioFounda2on 9
• Infrastructure • Data processing pipeline • Extensible translation layer (SPI) • Configuration and context persistence
• Yang models exposing VPP features: • Interfaces:
• Base interface management – ieft-interface + ietf-ip models
• vhost-user, Linux tap interface management • Bridge domain management • Overlays / Encapsulations
• VLAN, VXLAN, VXLAN-GPE, GRE management • NSH_SFC plugin support • ACLs
• L2/L3 ACL management – ietf-acl • LISP – mapping server configuration • Bit level granularity classifier interface
Release:2016-09-21
NSH_SFC16.09Release
fd.ioFounda2on 10
• SFF functionality • NSH Proxy for SF • Transport:
• VXLAN-GPE • GRE
• API • Automatically generated jar for java
bindings
• Integrated with OpenDaylight SFC
Release:2016-09-21
Implementa8onExample:VPPasavRouter/vSwitch
fd.ioFounda2on 11
• vSwitch/vRouter
• Including CLI • Switching
• Bridge Domains • BVI interfaces • Split-Horizon Groups • Program ARP termination
• Routing • VRFs (FIBs) - thousands • IPv4 / IPv6 routes – millions • 700K updates per second
Linux Host
Kernel
DPDK
VPP App
Switch-1
Switch-2
VRF-1
VRF-2
VPPArchitecture
• Instruction/Data cache efficiency
• Graph composed at runtime
• Easy to create and incorporate new features
• All in user space
ethernet-input
ip6-input ip4input mpls-ethernet-input
arp-input llc-input
… ip6-lookup
ip6-rewrite-transmit ip6-local
…
Packet vector
Plug-in to create new nodes
Custom-A Custom-B
Plugins• First-class graph node citizens
• Introduce new graph nodes • Graph composed at runtime, nodes discovered
• Rearrange packet processing graph • Can be built independently of VPP source tree • Ability to take advantage of diverse hardware when present
ethernet-input
ip6-input ip4input mpls-ethernet-input
arp-input llc-input
… ip6-lookup
ip6-rewrite-transmit ip6-local
…
Packet vector
Plug-in to create new nodes
Custom-A Custom-B
Plug-in to enable new HW input
Nodes
VPPvRouter/vSwitch:LocalProgrammability
fd.ioFounda2on 14
Linux Host
Kernel
DPDK
VPP App External App
Low Level API • Complete • Feature Rich • High Performance
• Example: 900k routes/s • Shared memory/message queue • Box local • All CLI tasks can be done via API
Generated Low Level Bindings - existing today
• C, Java and Python API bindings • Others can be done
August27,2015,TVTechnology
16
Chunkycase-videoUncompresseddatarate=colordepths*ver8calresolu8on*horizontalresolu8on*refreshfrequency
“Encoding in multiple formats in parallel including raw uncompressed per camera”
- BBC: IP Studio project
… “Destination-timed switching is probably the simplest way to switch video on commodity Ethernet switches, but it generally requires twice the bandwidth of a single video signal to be reserved.”
- Thomas Edwards of Fox, June 10, 2015, TVTechnology.com
“Compute is going to everywhere, … ... compute will be distributed from end points and in layers of networks before data is even shipped back into the datacenter... ..there could be as much processing outside the “server” and the “datacenter” as inside of it. These terms could become somewhat meaningless.”
- Peak X86, The Next Platform, Sep 15, 2016
Deathbyathousandcutscase-distributed
Implica8onsofreality...
100GbpsNICsarereality
Usecasesexisttodayfor100Gbpsperworkload
3DXPointandMemristortechnologyisreality
Machinelearningalgorithmsbeingheldbackbylackofreal-2mestreaminginstrumenta2on
Implica8onsofcontainers
Containersaresmall
Quickertostart/stopondemand
Canaffordtohavemoreofthem
Easiertodevelopwith
Implica8onsofcontainers
Quickertostart/stopondemand
Canaffordtohavemoreofthem
Easiertodevelopwith
Newwaysofdesigningapplica2ons
Newdeploymentmodels
Implica8onsofcontainers
Newwaysofdesigningapplica2ons
Newdeploymentmodels
Microservices
SimplerAPI-REST
Applica2oncomponentsruninownprocess
Implica8onsofcontainers
Newwaysofdesigningapplica2ons
Newdeploymentmodels
Horizontallyscaled
Describedbycontainermetadata
http://blog.kubernetes.io/2016/07/kubernetes-updates-to-performance-and-scalability-in-1.3.html
Kubernetes1.3-2,000node60,000podclusters
29
Implica8onsofcontainers
Lotsofindividuallyaddressedelementstomanage
Lotsofsessionstoscale
Predictableperformanceunderload
Instrumenta2on-Doyouknowwhoistalkingtowho?Howmuch?
ProjectCalico–keyPrinciples
IP ! Perform layer 3 forwarding at each compute node
BGP ! Distribute routes using proven Border Gateway Protocol*, with route reflectors for scale
! Separate policy decisions from routing information ! Translate global policy into distributed firewall on each
host, enabling tenant isolation & more
HowdoIprovisionit?
calicoctl pool add 192.168.0.0/16
docker run --net=none --name workload-A -tid
busybox
sudo calicoctl container add workload-A 192.168.0.1
calicoctl profile add PROF_A
calicoctl container workload-A profile append
PROF_A
CalicoNetworkPolicy
Workload
… Endpoint Endpoint
… Profile Profile
… Tag Tag Rules
Workload
Endpoint
Profile
container, VM, bare metal
(virtual) network interface
reusable policy
NextSteps–GetInvolvedWeinviteyoutoPar2cipateinfd.io
• GettheCode,BuildtheCode,RuntheCode• Trythevppuserdemo• Installvppfrombinarypackages(yum/apt)
• Read/WatchtheTutorials
• JointheMailingLists• JointheIRCChannels• Explorethewiki• Joinfd.ioasamember
fd.ioFounda2on 43