Mir Rosenberg Program Manager Microsoft WSV327 Wassim Fayed Program Manager.
Unikernels Meet NFVs: Architecture, Performance and Challenges (Wassim Haddad, Heikki Mahkonen &...
-
Upload
the-linux-foundation -
Category
Technology
-
view
2.048 -
download
3
Transcript of Unikernels Meet NFVs: Architecture, Performance and Challenges (Wassim Haddad, Heikki Mahkonen &...
Ericsson Internal | 2011-10-19 | Page 2
MOTIVATION
› The advent of distributed NFVs is highlighting the need for a more granular services chaining:– tight coordination between cloud orchestration, SDN controller and storage – metadata to enable flow control per user and/or per device and/or per app– OVS enables re-routing traffic between different NFVs
› Containerization simplifies the “virtualization” stack and allows running more apps on a particular host,
– constrains apps to run on the same kernel– “light” security makes it difficult for cloud providers to embrace “multi-tenancy” with containers only
› Both containers and VM run on a full bloated kernel– large amount of dead code => large “attack surface” => systems vulnerabilities on the rise! – long time to boot => always “on” => no “zero footprint” => high power consumption
› Operators are moving towards highly distributed small datacenters (e.g., AT&T NGCO, Orange NGPoP)
– limited number of CPUs– Mainly to run operator NFVs for fixed and mobile broadband
Ericsson Internal | 2011-10-19 | Page 3
Hypervisor
Operating System
Runtime & Libraries
Application
App in a VM
Operating System
Runtime & Libraries
Application
App in Container
Hypervisor
Host OS
Runtime & Libraries
Application
Secure App in Container
Hypervisor
Unikernel App
Unikernel
Unikernel: Single-purpose Appliance designed to run in cloud environment
§ Unikernels are compiled from the modular stack of application code, system libraries and configuration§ Not designed to run on HW => lacks bloat & complexity of dealing with drivers§ Not meant to be multi-user nor multi-process => single thread which runs only one specific application§ “Zero-footprint cloud” => No instance is running “waiting” for requests
UNIKERNEL AT A GLANCE…
A full application may consist of one or many unikernels running together as a distributed System, e.g., within the same box
Ericsson Internal | 2011-10-19 | Page 4
Slide title 44 pt
Text and bullet level 1 minimum 24 pt
Bullets level 2-5 minimum 20 pt
Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl
ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨ¬ΪΫΌΎΏ
ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐә�ẀẁẂẃẄẅỲỳ№
Do not add objects or text in the footer area
Ericsson Internal | 2011-10-19 | Page 14
Specialized Virtual Appliances
Source Code Object Files Network Libraries
Device Library
Boot Library
Whole system linking
Config File
XEN Cloud Appliance
Linker
Each app embeds own “personalized” kernel
Each App embeds its own “personalized” kernel
UNIKERNELS AT A GLANCE…APPLIANCE EMBEDS OWN “PERSONALIZED” KERNEL
Current Virtual Appliance
Slide title 44 pt
Text and bullet level 1 minimum 24 pt
Bullets level 2-5 minimum 20 pt
Characters for Embedded font: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~¡¢£¤¥¦§¨©ª«¬®¯°±²³´¶·¸¹º»¼½ÀÁÂÃÄÅÆÇÈËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂăąĆćĊċČĎďĐđĒĖėĘęĚěĞğĠġĢģĪīĮįİıĶķĹĺĻļĽľŁłŃńŅņŇňŌŐőŒœŔŕŖŗŘřŚśŞşŠšŢţŤťŪūŮůŰűŲųŴŵŶŷŸŹźŻżŽžƒȘșˆˇ˘˙˚˛˜˝ẀẁẃẄẅỲỳ–—‘’‚“”„†‡•…‰‹›⁄€™ĀĀĂĂĄĄĆĆĊĊČČĎĎĐĐĒĒĖĖĘĘĚĚĞĞĠĠĢĢĪĪĮĮİĶĶĹĹĻĻĽĽŃŃŅŅŇŇŌŌŐŐŔŔŖŖŘŘŚŚŞŞŢŢŤŤŪŪŮŮŰŰŲŲŴŴŶŶŹŹŻŻȘș−≤≥fifl
ΆΈΉΊΌΎΏΐΑΒΓΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΪΫΆΈΉΊΰαβγδεζηθικλνξορςΣΤΥΦΧΨ¬ΪΫΌΎΏ
ЁЂЃЄЅІЇЈЉЊЋЌЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯЁЂЃЄЅІЇЈЉЊЋЌЎЏѢѢѲѲѴѴҐҐә�ẀẁẂẃẄẅỲỳ№
Do not add objects or text in the footer area
Ericsson Internal | 2011-10-19 | Page 13
Current Virtual Appliances
Source Code Object Files Userland Binaries
Network Stack
Device Drivers
Virtual Memory
I/O Scheduler
compiler stops at userspace
Syscalls to call to different modules
Library Runtime
Each app embeds own “personalized” kernel
Kernel
Application Code
Mirage runtime
Ericsson Internal | 2011-10-19 | Page 5
› Move beyond current VM and container technologies by introducing much smaller, specialized, secure and scalable NFVs
– slice “infrastructure” per user/device/app – respond to network traffic in real time
UNIKERNELS MEET NFVSBEYOND VM & CONTAINER
› Integrate automation, orchestration and SDN control – NFVs are created only when needed– NFVs are autiomatically stitched together– NFVs are removed when demand is fulfilled => dedicated slice resources are free
› Enable “In-Network” processing cloud– host 3rd party NFVs – NFV acceleration– low latency services
To synthetize specialized on-demand NFVs to stream into our next-gen cloud appliances
Ericsson Internal | 2011-10-19 | Page 6
slice on LTE
slice on Fixed BB
slice for IoT
Internet
APPDPI BNG APP
NAT EPGFWDPIDNS DHCP
Edge
Edge
UNIKERNELS MEET NFVSBEYOND VM & CONTAINER
› Integrate automation, orchestration and SDN control – NFVs are created only when needed– NFVs are automatically stitched together– NFVs are removed when demand is fulfilled => dedicated slice resources are free
BNGFWDPI APP
Ericsson Internal | 2011-10-19 | Page 7
Virtual Backplane
…
› What– Modular virtual router– High performance and scale– Elastic architecture– Designed for cloud and NFV era
› Why– Carrier grade virtual router
› Control plane redundancy› Data plane resiliency› Seamless scale-up / scale-out
ERICSSON VIRTUALROUTER (EVR)
Redundant Control Plane
Virtual Backplane
Distributed Elastic Data Plane
Ericsson Internal | 2011-10-19 | Page 8
Current server
• CPU, Disc, Ram and NIC (>80% of server cost) on same card in same chassis
• Server has a fixed configuration – need to fit all workloads
• Whole server need to be changed at the same time even though different components have different lifecycles
Future server
• CPU, Disc, RAM and NIC on differentsleds
• CPU, Disc, RAM, and NIC can be changed according to individual lifecycles
• HW can be configured dynamically for better utilization and performance
Hyperscale Datacenter systemkey technology: hw disaggregation
Ericsson Internal | 2011-10-19 | Page 9
Subscription & Policy
Locationoptimizer
Performancemonitoring
Connectivitymonitoring
Configuration
DCOrch.
Network Setup
DPI/Charg Security URL
Instantiation
Service Level Orchestration
SDN
WIFI Small Cell
WIFI RG
BNG / PGW
SDNSwitch-1
HW/SW Switch
Fixed
Self-CarePortal
Admin
Subscriber and application aware chaining
UP Application QoS & Flow steering
PEFixed
Leased line
Mobile
M2M
corp. B
corp. Bcorp. Acorp. A
Simplified home GW
Extended lifecycle / reduce truck rolls
Service agility
Fixed & mobile aligned per subscriber session model
UNIKERNELS MEET NFVS“TODAY” SERVICE CHAINING
Ericsson Internal | 2011-10-19 | Page 10
UNIKERNELS MEET NFVS“TODAY” SERVICE CHAINING
vBNGvEPG
AAA
• Authentication• Accounting• Lawful Intercept• Line QoS• Quotas
DPI/Charg Security URL
SDN-enabled service chaining (e.g., vCPE)
vNAT
SDN CTL
SDN Service Chaining
• Dynamic flow service chaining
• Per User, Destination, Application service chaining
Ericsson Internal | 2011-10-19 | Page 11
UNIKERNELS MEET NFVSEVOLVING SERVICE CHAINING (1)
› Within one host, let’s assume user traffic is allocated service chain { VM1 => VM2 => VM3 => VM4 }– Traffic will “bounce” on OVS– SDN controller configures OVS
Hypervisor + OVS
VM VM VM VM
Hypervisor + OVS
VM VM VM VM
Hypervisor + OVS
VM VM VM VM
OS Kernel
User Processes
Parallel Threads
Language Runtime
Application Binary
Configuration files
Application Code
Mirage runtime
VM1
EVR/OVS
VM2 VM3 VM4
Unikernel
SDN AAA
Ericsson Internal | 2011-10-19 | Page 12
› Setting up User A service chain requires instantiating and coordinating a dedicated set of unikernels– unikernel lacks user/kernel space division allows them to link directly in device driver as normal libraries – uses an abstraction over shared memory communication protocol built on top of Xen vchan
› establishes shared-memory pages for zero-copy communications between different unikernels specific to one particular service chain
Shared MemoryPacketPacket
Unikernel1
Unikernel2
Unikernel3
Unikernel4
Packet
User A service chain: NFVs stack to process incoming packets in “bottom-up” order
General concept
1
23
45
6
Unikernel1 Unikernel2 Unikernel3 Unikernel4
UNIKERNELS MEET NFVSEVOLVING SERVICE CHAINING (2)
Ericsson Internal | 2011-10-19 | Page 13
› In “ring” mode, one dedicated unikernel (U0) is tasked with exchanging data packets with the physical NIC – U0 pulls the packet from NIC queue into a shared memory segment then notifies Unikernel1 (U1) to process the packet – Upon finishing its task, each unikernel signals to its successor so it can process the packet (e.g., U1 à U2 à ….)– When unikernel4 finishes its task it notifies U0 to send the packet and pull the next one into shared memory
Shared MemoryPacketPacket
Unikernel0
Unikernel2
Unikernel3
Unikernel4
Packet
Inter-NFV stack signaling in “ring” mode +
Unikernel4Unikernel3Unikernel2Unikernel1U0
“Rx queue” physical NIC “Tx queue” physical NIC
Unikernel1
NIC à DomainX (e.g., U0) à SR-IOV
NIC à Domain0 (used for mgment, control)
UNIKERNELS MEET NFVSEVOLVING SERVICE CHAINING (3)
Ericsson Internal | 2011-10-19 | Page 14
Irmin
“Lightning”
Pkt I/O
AAA
• Authentication• Accounting• Lawful Intercept• Line QoS• Quotas DHCP NAT FW
• Receives sensors credentials from AAA• Communicates with Xen modules
XenStore
One dedicated chain per subscriber
UNIKERNELS MEET NFVSEVOLVING SERVICE CHAINING (4)
Ericsson Internal | 2011-10-19 | Page 15
XEN
LIGHTNING
Irmin XS
Network IO
Shared memory
Xenstore configDHCP
Subscriber
IP
DHCP NAT FW
PKIO
DomU
Dom0
UNIKERNELS MEET NFVSPROTOTYPE ARCHITECTURE