Enab abling DP DPDK DK/SR-IOV f for r November 2017 2017 - - PowerPoint PPT Presentation

enab abling dp dpdk dk sr iov f for r
SMART_READER_LITE
LIVE PREVIEW

Enab abling DP DPDK DK/SR-IOV f for r November 2017 2017 - - PowerPoint PPT Presentation

Oct 20, 2022 156 likes •483 views

Enab abling DP DPDK DK/SR-IOV f for r November 2017 2017 contai ainer erized zed V Virtual al Net Network Func unctions w ns with h Zun Zun Bin Zhou [NFV Researcher, Lenovo] Hongbin Lu [Zun PTL,Huawei] Yaguang Tang [NFV

slide-1
SLIDE 1

Enab abling DP DPDK DK/SR-IOV f for r contai ainer erized zed V Virtual al Net Network Func unctions w ns with h Zun Zun

Bin Zhou [NFV Researcher, Lenovo] Hongbin Lu [Zun PTL,Huawei] Yaguang Tang [NFV Researcher, Lenovo] Shunli Zhou [Zun Core, Fiberhome]

November 2017 2017

slide-2
SLIDE 2

➡Introduction to Zun ➡Zun Container for NFV

  • Challenges & Gaps
  • SR-IOV support in Zun
  • Container with DPDK

➡Performance Benchmark Testing

  • Setup
  • Results

➡Demo ➡Conclusion

Age genda da

slide-3
SLIDE 3

Which E Emerging Technologies I Interest st Open enStac ack Us User ers?

  • Containers are the

most interesting emerging technologies.

  • 75% of OpenStack

users interests in containers.

slide-4
SLIDE 4

➡How to use containers on OpenStack? ➡Existing solutions

  • Integrate containers into Nova
  • Example: Nova-docker, Nova-lxd
  • Install Container Orchestration Engine (COEs) on VMs.
  • Example: Magnum, Kubespray
  • OpenStack Container service: Zun

Introduce Zun Zun

slide-5
SLIDE 5
  • OpenStack Container service
  • Provide API for provisioning and

managing containers without VMs ○ Speed ○ Simplicity

  • Arbitrary memory and vCPUs
  • Containers as first class resource

○ Keystone RBAC for individual container ○ Neutron port(s) for each container ○ Cinder volume(s) bind-mount

Introduce Zun Zun

slide-6
SLIDE 6

VMs Containers Create List Delete Run Exec ... SSH Migrate ... Nova Zun

➡Nova-docker

  • Use Nova to manage

containers

  • Suitable if VMs and

containers are the same ➡Obstacles

  • VMs and containers are

different

  • Container specified features

are not exposed

Introduce Zun Zun

slide-7
SLIDE 7

Baremetal Tenant 1 Virtualization Tenant 2 Tenant 3 COE Baremetal Tenant 1 Virtualization (optional) Tenant 2 Tenant 3 Contain ers Zun COE COE Contain ers Contain ers Contain ers Contain ers Contain ers Magnum Zun

➡Magnum

  • Provision Nova instances
  • Install a COE
  • Run containers on the

COE ➡Pros:

  • Strong Isolation

➡Cons:

  • Low resource utilization
  • Virtualization penalty

Introduce Zun Zun

slide-8
SLIDE 8

➡Concepts:

  • Contai

ainer er: A single container

  • create, update, delete, start, stop, kill, …
  • network-attach, add-security-group, …
  • attach, exec, commit, log, ...
  • Cap

apsule e (Experimental): A group of containers that are co- located, have shared network and volumes.

  • create, list, delete, …

Introduce Zun Zun

slide-9
SLIDE 9

Introduce Zun Zun

➡Zun API

  • Provide REST APIs
  • Manage all compute nodes
  • Scheduling containers

➡Zun Compute

  • Compute node agent
  • Manage local containers
  • Track compute resources

➡Kuryr

  • Bind neutron ports to

containers

Zun API Zun Compute Docker Keystone Kuryr Neutron Cinder

slide-10
SLIDE 10

➡Introduction to Zun ➡Zun Container for NFV

  • Challenges & Gaps
  • SR-IOV support in Zun
  • Container with DPDK

➡Performance Benchmark Testing

  • Setup
  • Results

➡Demo ➡Conclusion

Age genda da

slide-11
SLIDE 11

➡What is NFV

  • A new way to design, deploy and manage network services
  • Replace hardware with software
  • Move network functions to commodity hardware

➡Benefits of NFV

  • Fast provisioning
  • Quick scale up and down
  • Easy upgrade and relocate
  • Reduce cost
  • No vendor hardware locked-in

Co Contai ainer f for NF NFV

slide-12
SLIDE 12

➡VM or Containers?

  • Time to provision: container boots faster
  • Resource consumption: container has less memory footprint
  • Package management: Docker makes it easy
  • Configurability: container is better
  • Portability: container image is smaller
  • Security: VM provides better isolation
  • Use Clear Container to improve security

Co Contai ainer f for NF NFV

slide-13
SLIDE 13

Challe lleng nges & Gaps of usin ing containe iners

NFV Req features VM Container SR-IOV Yes Weak DPDK Yes Weak CPU pinning Yes Weak NUMA Yes Weak Hugepage Yes Weak

➡Lack of supports of NFV required features in container ecosystem

  • Container runtime
  • Container orchestration
  • OpenStack integration

➡Use Zun to reduce the gaps

slide-14
SLIDE 14

Enab able S e SR-IOV i in Zu Zun

➡What is SR-IOV?

  • A standardized mechanism to virtualize PCIe devices
  • Make a single PCIe Ethernet controller (PF) to appear as multiple PCIe

devices (VF)

  • PF: Physical Function
  • VF: Virtual Function
  • Passthrough VF to container
  • Bypass virtual switch layer
slide-15
SLIDE 15

Enab able S e SR-IOV i in Zu Zun

➡Enable SR-IOV in Zun

  • Create VFs in compute nodes
  • Configure Neutron
  • Configure Zun
  • Whitelist PCI devices (e.g. pci_passthrough_whitelist = { "devname":

"eth3", "physical_network": "physnet2"})

  • Enable PCI filters (e.g. enabled_filters = ...,PciPassthroughFilter)
  • Configure Kuryr
  • Enable SR-IOV driver
slide-16
SLIDE 16

Enab able S e SR-IOV i in Zu Zun

1.Create a SR-IOV port 2.Create a container 3.Pick a host that has available VFs 4.Assign a VF to the port 5.Create a container 6.Docker calls its network plugin (Kuryr) to setup the network 7.Kuryr retrieve VF’s information from the neutron port and perform port binding

Zun API Zun Compute Kuryr Neutron Docker User 1 2 3 5 6 7 4

slide-17
SLIDE 17

➡Introduction to Zun ➡Zun Container for NFV

  • Challenges & Gaps
  • SR-IOV support in Zun
  • Container with DPDK

➡Performance Benchmark Testing

  • Setup
  • Results

➡Demo ➡Conclusion

Age genda da

slide-18
SLIDE 18

Co Contai ainer w with DP DPDK DK

DPDK PMD

  • physical nic

○ igb_uio ○ vfio-pci

  • virtual hardware

○ virtio_user vhost software

  • net_pcap (kernel stack)
slide-19
SLIDE 19

Host kernel Container Container VF VF PF PF driver

Host kernel

Container DPDK DPDK DPDK

DP DPDK DK & & S SR-IOV for c container er

SR-IOV in userland

SR-IOV in kernel

VF VF

VF driver VF driver

Container

netns ETHx netns ETHx Passthrough

slide-20
SLIDE 20

Case 1 (non DPDK)

  • Zun Container with SR-IOV
  • Zun Container with OVS

networking

Per erforman ance Ben enchmark T Tes esting

Case 2

  • Container with SR-IOV &

DPDK (kernel land)

  • Container with SR-IOV &

DPDK (user land)

slide-21
SLIDE 21

Role Hardware OS network CPU

Controller Think system x3650 M5 Ubuntu 16.04.3 82599ES 10Gb Intel(R) E5- 2680 v3 @ 2.50GHz compute Think system x3650 M5 Ubuntu 16.04.3 82599ES 10Gb Intel(R) E5- 2680 v3 @ 2.50GHz

Software version

  • ther

DPDK 17.05 Openvswitch 2.8.1

Tes esting s set etup

  • L2FWD as containerized

VNF

  • RFC 2544 standard

throughput testing

  • DPDK-pktgen as packet

generator DPDK Testing non DPDK Testing

  • iperf3 with udp
slide-22
SLIDE 22

zun-compute Server1 zun-compute Server2 O V S O V S container container container container Linux bridge Linux bridge

PF PF

Zu Zun networking w witho hout SR-IOV OV

slide-23
SLIDE 23

zun-compute Server1 zun-compute Server2 container container container container VF VF VF VF

Zu Zun n networking with S SR-IOV OV

slide-24
SLIDE 24

Container n network B Benchmarking

slide-25
SLIDE 25
  • Hugepage size
  • PCIe NUMA
  • Isolate CPU cores for tx/rx pktgen
  • Disable isolated cpu core interrupts

BOOT_IMAGE=/vmlinuz-4.4.0-87-generic root=/dev/mapper/docker2--vg-root ro default_hugepagesz=1G hugepagesz=2M hugepagesz=1G hugepages=8 iommu=pt intel_iommu=on isolcpus=5,6,7,8,9,10 nohz=on nohz_full=5,6,7,8,9,10 rcu_nocbs=5,6,7,8,9,10

DPDK testing ng tuning

slide-26
SLIDE 26

Server1 Server2 VF1 VF2 pktgen VNF l2fwd VF1 VF2 VF1

Te Testing scenar ario 1 1

  • Userland SR-IOV used by container
  • DPDK application l2fwd inside container

Container

dpdk-devbind --bind=igb_uio 0000:06:10.2 docker run -v /dev/hugepages/:/dev/hug epages --net=none -- privileged --name test2

  • dit 14ce48b74dd9

l2fwd -l 5-6 -n 4 --huge-dir /dev/hugepages --socket- mem 1024,1024 -- -q 8 -p 1

slide-27
SLIDE 27

Server1 Server2 VF1 VF2 pktgen VNF l2fwd VF1 VF2 VF1

Te Testing scenar ario 2 2

  • containers using SR-IOV by kernel netns
  • DPDK application l2fwd inside container

NETNS

Container $ neutron port-create sriov -- name sriov_port -- binding:vnic_type direct $ zun run --net port=sriov_port dpdk-test l2fwd -l 5-6 -n 4 --huge-dir /dev/hugepages --socket-mem 1024,1024 -- vdev=’eth_pcap0,iface=eth0’ --

  • q 8 -p 1
slide-28
SLIDE 28

Container DPDK Benchmarking

slide-29
SLIDE 29

ht https://yout utu. u.be/EwghP hPOVZLq Lq0

Dem Demo

slide-30
SLIDE 30

SR-IOV & DPDK can accelerate container networking performance Benefits High throughput Low latency Deterministic networking

Conclusi sion

  • DPDK & SR-IOV for container user land approaching physical

server performance

  • multi-tenancy issue
  • security issue
  • Container with SR-IOV for

high throughput non DPDK application

  • unified management of VF
slide-31
SLIDE 31

@ O @ OpenStack

Q&A

Thank you!

  • pe
  • penstack
  • pe
  • penstack

OpenStac ackFoundat ation