highly scalable transparent performance enhancing proxy
play

Highly-Scalable Transparent Performance Enhancing Proxy Verizon: - PowerPoint PPT Presentation

Jan 02, 2024 •377 likes •620 views

Highly-Scalable Transparent Performance Enhancing Proxy Verizon: Jae Won Chung, Xiaoxiao Jiang, Manish Kurup, Sriram Sridhar Mojatatu Networks: Jamal Hadi Salim, Roman Mashak November 10, 2017 Confidential and proprietary materials for

  1. Highly-Scalable Transparent Performance Enhancing Proxy Verizon: Jae Won Chung, Xiaoxiao Jiang, Manish Kurup, Sriram Sridhar Mojatatu Networks: Jamal Hadi Salim, Roman Mashak November 10, 2017 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

  2. Performance Enhanced Proxy (PEP) Improve end-to-end TCP performance over a wireless network. TCP congestion avoidance algorithms widely used today are designed for wired networks, and may not work well on wireless environment. New TCP congestion avoidance algorithms that may work well on wireless environments are proposed, but require thorough evaluation to be widely adopted in the Internet. PEP can bridge two di ff erent TCP congestion avoidance algorithms; one suitable for wireless and another for wired network. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 2

  3. PEP Service Implementation Technical Challenges Fast time-to-market Fast adaptation to emerging technology Reduce software maintenance headache Attractive Potential Solution Transparent PEP using • Open source TCP proxy • Linux TCP and networking stack • Existing / new / home-grown TCP Congestion Avoidance Module Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 3

  4. PEP Design & Evaluation Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4

  5. PEP Service PoC Setup • Ixia: Client and Server • x86 Blade with HAProxy: Transparent PEP • HAProxy: 20 processes Architecture x86_64 Number of Socket 2 Cores per Socket 14 Thread per Core 2 Model Name Intel Xeon E5-2648L@1.80GHz NIC Intel XL710 40GbE Kernel Linux 4.11.0 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5

  6. Design Principles Maximize Parallel Processing Pining packets from a pair of proxy flows to the same CPU core using receive side scaling (RSS) Minimize Memory Access across the NUMA boundary Reduce interrupts and context switches Running all HAProxy instances on the same NUMA node responsible for the NIC PCI management Containers Simplify transparent proxy routing and the service orchestration Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6

  7. Transparent PEP Overview Host Network VLAN for di ff erentiating client-side and server-side tra ffi c TC Mirred action redirect packets based on VLAN TC VLAN action strips and adds back the VLAN Network Container Default routing to client-side veth HAProxy binds the server-side connection to the server-side veth All incoming tra ffi c is routed to loopback device via table 100 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 7

  8. System Test Scenario NO-NF Kernel without Netfilter NF-NO-IPT Kernel with Netfilter but no iptables rule NF-IPT Kernel with iptables rule using TPROXY Target for NAT System Scenarios Netfilter Iptables Rule Proxy Listen Port NO-NF Disable None 80 NF-NO-IPT Enable None 80 NF-IPT Enable TPROXY Target 1234 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 8

  9. Performance Tuning Options NIC RSS Distributing tra ffi c among multiple receiving queues (28 in our experiments) Symmetrical RSS can be achieved by configuring the hash key in NIC Splicing Two sockets can be spliced inside kernel instead of sending tra ffi c to the user-space proxy. Proxy Mode (TCP/HTTP) HTTP proxy has additional cost of parsing HTTP request/response Proxy-NUMA Binding Binding HAProxy processes to the cores within the same NUMA that manages the NIC PCI Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 9

  10. Baseline Bottleneck Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 10

  11. Baseline Performance Baseline Environment with container and TC 128 TC graphs, 12 RSS queues, mqprio qdisc, netdev_budge_usece=4000 Qualified Metrics Packets per Second (PPS) and Average Latency Identified Bottlenecks A transmit lock in the prio qdisc when contended by multiple cores A TC action context and statistics update lock in the VLAN action Bottlenecks Elimination Using mqprio qdisc and modifying the TC VLAN action to use the Read Copy Update (RCU) mechanism, instead of a spinlock. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 11

  12. Results after Bottleneck Removal Packet Size Rx PPS Tx PPS Rx Mbps Tx Mbps Rx Avg. Tx Avg. (B) Latency Latency 78 10M 6.8M 6,240 4,261 873 873 256 8.9M 7.7M 18,285 15,736 883 883 800 3M 3M 19,417 19,417 34 34 900 2.7M 2.7M 19,483 19,483 97 190 1500 1.6M 1.6M 19,680 19,680 105 106 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 12

  13. Results Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 13

  14. Impact of Netfilter and IPTables 97k, 94k, 93k Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 14

  15. Impact of Proxy – NUMA Binding 97k vs. 83k ( Δ : 14%) Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 15

  16. Impact of RSS – Symmetric vs. Asymmetric 97k vs. 95k ( Δ : 2%) Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 16

  17. Impact of Splicing 97k vs. 94k ( Δ : 3%) Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 17

  18. Impact from Proxy Mode 97k vs. 74k ( Δ : 23.7%) Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 18

  19. Conclusions Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 19

  20. Conclusions Build a Highly Scalable Transparent PEP on Linux Using open-sourced HAProxy Simple but e ffi cient Our transparent PEP Achieved Closed to 100K TPS Netfilter is disabled With 14 core CPUs, Hyper-Thread (28 RSS Queues) 8K object size Evaluates Major Performance Tuning Design Symmetric RSS, Splicing, Process-NUMA Binding, TCP/HTTP Proxy Mode Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Highly Scalable Highly Scalable Ethernets Ethernets Paul Bottorff, Chief Architect, Carrier

Highly Scalable Highly Scalable Ethernets Ethernets Paul Bottorff, Chief Architect, Carrier

I nternational Telecom m unication Union ITU-T Highly Scalable Highly Scalable Ethernets Ethernets Paul Bottorff, Chief Architect, Carrier Ethernet, Nortel MEF VP, S ecretary, and Board Member IEEE P802.1ah Editor pbottorf@ nortel.com

237 views • 21 slides
Highly Transparent and Highly Passivating Silicon Nitride for Solar Cells Yimao Wan The Australian

Highly Transparent and Highly Passivating Silicon Nitride for Solar Cells Yimao Wan The Australian

Highly Transparent and Highly Passivating Silicon Nitride for Solar Cells Yimao Wan The Australian National University (ANU) 23/10/2014 Outline Motivation Reviews of SiNx properties Process development Recombination studies

754 views • 41 slides
The Squid caching proxy Chris Wichura caw@cawtech.com What is Squid? A caching proxy for

The Squid caching proxy Chris Wichura caw@cawtech.com What is Squid? A caching proxy for

The Squid caching proxy Chris Wichura caw@cawtech.com What is Squid? A caching proxy for HTTP, HTTPS (tunnel only) FTP Gopher WAIS (requires additional software) WHOIS (Squid version 2 only) Supports transparent

592 views • 35 slides
Andrew Design Goals Transparent file naming in single name space Scalable -- O(1000s)

Andrew Design Goals Transparent file naming in single name space Scalable -- O(1000s)

COMP 790-088 -- Distributed File Systems Andrew File System COMP 790-088 -- Fall 2009 1 1 Andrew Design Goals Transparent file naming in single name space Scalable -- O(1000s) Performance approximating local files Low

470 views • 8 slides
National Energy Research Scientific Computing Center (NERSC) Highly Scalable Networking

National Energy Research Scientific Computing Center (NERSC) Highly Scalable Networking

National Energy Research Scientific Computing Center (NERSC) Highly Scalable Networking Configuration Management For Highly Scalable Systems Nicholas P. Cardo NERSC Center Division, LBNL CUG 2008, Helsinki N ATIONAL E NERGY R ESEARCH S

877 views • 14 slides
Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science,

Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science,

Our result Features A peak under the hood Summary Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science, Technion DIMACS Workshop on Outsourcing Computation Securely Joint work with Eli Ben-Sasson, Iddo

599 views • 32 slides
Positive Electronic Cross-Correlations in a Highly Transparent Normal-Superconducting Beam

Positive Electronic Cross-Correlations in a Highly Transparent Normal-Superconducting Beam

Positive Electronic Cross-Correlations in a Highly Transparent Normal-Superconducting Beam Splitter Rgis Mlin, Institut NEL, Grenoble May 24, 2012

592 views • 33 slides
Transparent Fault Tolerance for Scalable Functional Computation Rob Stewart 1 Patrick Maier 2 Phil

Transparent Fault Tolerance for Scalable Functional Computation Rob Stewart 1 Patrick Maier 2 Phil

Transparent Fault Tolerance for Scalable Functional Computation Rob Stewart 1 Patrick Maier 2 Phil Trinder 2 26 th July 2016 1 Heriot-Watt University Edinburgh 2 University of Glasgow Motivation Tolerating faults with irregular parallelism The

802 views • 49 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

504 views • 27 slides
Highly-Scalable Algorithms for Ensemble Data Assimila8on Jeffrey

Highly-Scalable Algorithms for Ensemble Data Assimila8on Jeffrey

Highly-Scalable Algorithms for Ensemble Data Assimila8on Jeffrey Anderson, Nancy Collins, and Helen Kershaw Ins$tute for Mathema$cs Applied to Geophysics,

775 views • 63 slides
I n t e r n s L i g h t n i n g T a l k s Proxy editing PiTiVi Proxy editing

I n t e r n s L i g h t n i n g T a l k s Proxy editing PiTiVi Proxy editing

I n t e r n s L i g h t n i n g T a l k s Proxy editing PiTiVi Proxy editing Anton Belka, antonbelka@gmail.com GUADEC 2013 The TM Conference GUADEC Proxy editing What is proxy editing? Proxy editing is the ability to

1.75k views • 143 slides
2DECOMP&FFT A Highly Scalable 2D Decomposition Library and FFT Interface Ning Li and

2DECOMP&FFT A Highly Scalable 2D Decomposition Library and FFT Interface Ning Li and

2DECOMP&FFT A Highly Scalable 2D Decomposition Library and FFT Interface Ning Li and Sylvain Laizet Experts in numerical algorithms and

486 views • 29 slides
A 61.5dB SNDR Pipelined ADC Using Simple Highly-Scalable Ring Amplifiers Benjamin Hershberg 1 ,

A 61.5dB SNDR Pipelined ADC Using Simple Highly-Scalable Ring Amplifiers Benjamin Hershberg 1 ,

A 61.5dB SNDR Pipelined ADC Using Simple Highly-Scalable Ring Amplifiers Benjamin Hershberg 1 , Skyler Weaver 1 , Kazuki Sobue 2 , Seiji Takeuchi 2 , Koichi Hamashita 2 , Un-Ku Moon 1 1 Oregon State University, Corvallis, OR, USA 2 Asahi Kasei

680 views • 53 slides
Highly Capable Performance Study Update Highly Capable Recommendation Action Recommendation 1:

Highly Capable Performance Study Update Highly Capable Recommendation Action Recommendation 1:

Highly Capable Performance Study Update Highly Capable Recommendation Action Recommendation 1: Develop program elements such as a Highly capable advisory team will facilitate process to articulate mission statement and program goals with

466 views • 10 slides
Small and highly efficient hydrothermal liquefaction (HTL) units for scalable mass implementation

Small and highly efficient hydrothermal liquefaction (HTL) units for scalable mass implementation

Small and highly efficient hydrothermal liquefaction (HTL) units for scalable mass implementation in biomass conversion Ib Johannsen, V.Milkevych, D.More, B.S.Kielsgaard, K.Anastasakis, P.Biller Bio2Oil IVS and Dept. of Engineering, Aarhus

442 views • 28 slides
Enhancing Software-Defined RAN with Ruozhou Yu, Shuang Qin, Mehdi Bennis, Xianfu Chen,

Enhancing Software-Defined RAN with Ruozhou Yu, Shuang Qin, Mehdi Bennis, Xianfu Chen,

Enhancing Software-Defined RAN with Ruozhou Yu, Shuang Qin, Mehdi Bennis, Xianfu Chen, Collaborative Caching and Scalable Gang Feng, Zhu Han, Video Coding Guoliang Xue Agenda Introduction Problem Formulation Solution Design Performance

758 views • 27 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (9/27/04) I E S R C E O V U

UMBC A B M A L T F O U M B C I M Y O R T 1 (9/27/04) I E S R C E O V U

Advanced VLSI Design CMOS Processing Technology II CMPE 640 CMOS Processing Technology Isolation of transistors, i.e., their source and drains, from other transistors is needed to reduce electrical interactions between them. For technologies

512 views • 15 slides
Gods Training Program: Volition and Thinking 1. Elijah was sent by God to announce Gods

Gods Training Program: Volition and Thinking 1. Elijah was sent by God to announce Gods

Gods Training Program: Volition and Thinking 1. Elijah was sent by God to announce Gods judgment on Israel to the pagan King Ahab. 2. God then protected Elijah by sending him into the remote desert and provided for his needs. 3.

438 views • 41 slides
On the Cognitive Complexity of Phonotactic Constraints James Rogers Dept. of Computer Science

On the Cognitive Complexity of Phonotactic Constraints James Rogers Dept. of Computer Science

Stony BrookCogComp 2018 1 On the Cognitive Complexity of Phonotactic Constraints James Rogers Dept. of Computer Science Earlham College Slide 1 jrogers@cs.earlham.edu http://cs.earlham.edu/~jrogers/slides/stonybrook.ho.pdf Joint work

327 views • 32 slides
Thin pixel assembly fabrication development with backside compensation layer R. Bates 1 , C.

Thin pixel assembly fabrication development with backside compensation layer R. Bates 1 , C.

Thin pixel assembly fabrication development with backside compensation layer R. Bates 1 , C. Buttar 1 , T. McMullen 1 , G. Pares 2 , L. Vignoud 2 , 1. Experimental Particle Physics Group, University of Glasgow, UK G12 8QQ 2. CEA Lti

841 views • 47 slides
Third Quarter 2019 Earnings Conference Call November 20, 2019 C S E : H A R V O T C Q X : H

Third Quarter 2019 Earnings Conference Call November 20, 2019 C S E : H A R V O T C Q X : H

Third Quarter 2019 Earnings Conference Call November 20, 2019 C S E : H A R V O T C Q X : H R V S F i n v e s t o r s @ h a r v e s t i n c . c o m @HarvestHOC DISCLAIMER IMPORTANT: YOU MUST READ THE FOLLOWING BEFORE CONTINUING The

312 views • 15 slides
A Systematic Overview of Data Mining Algorithms Sargur Srihari University at Buffalo The State

A Systematic Overview of Data Mining Algorithms Sargur Srihari University at Buffalo The State

A Systematic Overview of Data Mining Algorithms Sargur Srihari University at Buffalo The State University of New York 1 Topics Data Mining Algorithm Definition Example of CART Classification Iris, Wine Classification

441 views • 30 slides
RDMA-based Networking Technologies and Middleware for Next-Generation Clusters and Data Centers

RDMA-based Networking Technologies and Middleware for Next-Generation Clusters and Data Centers

RDMA-based Networking Technologies and Middleware for Next-Generation Clusters and Data Centers Keynote Talk at KBNet 18 by Dhabaleswar K. (DK) Panda The Ohio State University E-mail: panda@cse.ohio-state.edu

833 views • 62 slides
Communications draft-kuhn-nwcrg-network-coding-satellites-00 IETF99 July 2017 N. Kuhn (CNES)

Communications draft-kuhn-nwcrg-network-coding-satellites-00 IETF99 July 2017 N. Kuhn (CNES)

Network Coding and Satellite Communications draft-kuhn-nwcrg-network-coding-satellites-00 IETF99 July 2017 N. Kuhn (CNES) E. Lochin (ISAE) Objectives SoA on the current deployment of network coding schemes within satellite systems

369 views • 14 slides

More recommend