SlideShare a Scribd company logo

Enabling NFV features in kubernetes

K
Kuralamudhan Ramakrishnan

Austin KubeCon 2017 Workshop on Enabling NFV features in Kubernetes. Authors Ivan Coughlan Kuralamudhan Ramakrishnan

Technology
1 of 26
Download to read offline
1 DatacenterNetworkSolutionsGroup
EnablingNFVfeatures inkubernetes IVANCOUGHLAN IVAN.COUGHLAN@INTEL.COM SoftwareArchitect KuralamudhanRamakrishnan kuralamudhan.ramakrishnan@intel.com SeniorSoftwareEngineer DataCenterNetworkSolutionGroup Intel
3 DatacenterNetworkSolutionsGroup LegalNoticesandDisclaimers • Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at intel.com, or from the OEM or retailer. • No computer system can be absolutely secure. • Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit http://www.intel.com/performance. • Intel, the Intel logo, Xeon, and others are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. • © 2017 Intel Corporation.
4 DatacenterNetworkSolutionsGroup Whatwillyoulearntoday? 1. Containers Deployment Models for NFV ecosystem 2. Addressing Data Plane Scalability in Containers:  Container Bare Metal Reference Architecture  Compute  Network
5 DatacenterNetworkSolutionsGroup VNFsvCMTS vIMS vEPC vCPE vSBC NFVi- Network SR-IOV NFV Orchestration Hybrid Unified Containers VM Containers Containers VM Bare Metal VM CLOUD NATIVE COMPUTING FOUNDATION Containersnetworkingdeploymentsconsiderations
6 DatacenterNetworkSolutionsGroup Collaboratewithearlymovers,driveOpenSourcedevelopmentsandenabletheindustry VNFs vCMTS vIMS vEPC vCPE vSBC NFVi- Network SR-IOV NFV Orchestration CLOUD NATIVE COMPUTING FOUNDATION Containers Bare Metal Containers Containers & VM Unified Infrastructure Containers VM Containersnetworkingdeploymentsconsiderations
7 DatacenterNetworkSolutionsGroup DataPlanechallengesincontainers Multiple network interfaces for VNFs High performance Data Plane (N-S) High performance Data Plane (E-W) Ability to request/allocate platform capabilities CPU Core-Pinning for K8s pods Dynamic Huge Page allocation High performance Data Plane (UI) Removing performance penalties for container in VM (UI) Platform telemetry information Node Feature Discovery CPU Manager for Kubernetes Native Huge page support for Kubernetes SR-IOV VHOST USER Master VM Kuryr- Kubernetes In Development Kuryr-k8s v0.1.0: Jun ‘17 Open Source: CNI plug-in - V2.0 June ‘17 Upstream K8s: TBD Open Source: CNI plug-in - V1.0 Sep ‘17 Open Source: CNI plug-in - V2.0 April ‘17 Open Source: Nov. ‘16 Upstream K8: Incubation Graduation TBD Open Source: V1.2 April ‘17 Upstream K8: Phase 1 - V1.8 Sept ‘17 Upstream K8: V1.8 Sept ‘17 Upstream collectd: V5.7.2 June ‘17 ; 5.8.0 ((Q4 2017 date TBD) Scaling Open Source: Available on Intel github https://github.com/Intel-Corp | NFD at https://github.com/kubernetes-incubator/node-feature-discovery
8 DatacenterNetworkSolutionsGroup ContainerBaremetalExperienceKits Alibraryofbest-practicedevelopmentguidelinesforContainerbaremetalorchestration Reference Architecture Reference Architectures Installation Scripts Reference Architecture User Guide Enhance Platform Awareness Feature Brief White Paper Tech. Application Note Benchmark Test Report Demo Kubernetes Networking Feature Brief Tech. Application Note Demo Released throughout December, 2017 on: https://networkbuilders.intel.com/network-technologies/container-experience-kits Platform Telemetry Feature Brief Tech. Application Note Demo
9 DatacenterNetworkSolutionsGroup ContainerNetworkingGTM OPEN SOURCE POC EXPERIENCE KITS Best Practice Guidelines Software community SCALEWithPARTNERS CONTAINER CAPABILITIES CONTAINER NETWORKING Intel is addressing key challenges to using containers for NFV use cases Many of these have been open sourced already Material will be made available throughout November https://networkbuilders.intel.com/network-technologies/intel- container-experience-kits VNF
10 DatacenterNetworkSolutionsGroup NetworkCloudification ContainersBareMetal VNFs vCPE vEPC vRNC vNAT vHLR vIMS vSGSN vRouter vMME vGGSN vIDS vFirewall NFVi- Network SR-IOV NFV Orchestration Containers Bare Metal Hardware Containerized Virtual Network Functions vRNCvCPE vEPC vFirewall vSBCvCMTS vIMS vRouter Orchestration Host OS Docker Engine
11 DatacenterNetworkSolutionsGroup Node Feature Discovery CPU Manager for Kubernetes Native Huge page support for Kubernetes SR-IOV VHOST USER IndustrychallengesincontainersBareMetal Multiple network interfaces for VNFs Support for high performance Data Plane (N-S) Support for high performance Data Plane(E-W) Ability to request/allocate platform capabilities Support for CPU Core-Pinning for K8s pods Dynamic Huge Page allocation
12 DatacenterNetworkSolutionsGroup PROBLEM In NFV use cases, one key requirement is the functionality to provide multiple network interfaces to the virtualized operating environment of the Virtual Network Function (VNF). Kubernetes support only one Network interface – “eth0” USE CASES Functional separation of control and data network planes Link aggregation for redundancy of the network Support for implementation of different network protocol stacks and/or SLAs Network segregation and Security REFERENCE Multus CNI – https://github.com/Intel-Corp/multus-cni Native Kubernetes - Mailing list with details on discussions : https://groups.google.com/forum/#!forum/kubernetes-sig-network Current Kubernetes Networking NFVI Requirement in Kubernetes Networking MultipleNetwork InterfaceforVNFs Network Control Flow with Multus SR-IOV net1 KUBELET SR-IOV net0eth0 LINUX BRIDGE VF0 VF1 Pod Network Interfaces with Multus SR-IOV Logging vFirewall net0 net1 eth0 FlannelLinuxBridge Kubernetes Pod eth0 Pod eth1 eth2 eth0 interface Pod Container Container Container Container Container Container
13 DatacenterNetworkSolutionsGroup NGNIX POD annotation network: CRD Network: kubectl Create Flannel-net Network SRIOV-net Network Kubernetes Master KUBE API SERVER CRD NETWORK OBJECT flannel-net PLUGIN Kubernetes Minion KUBELET NGNIX POD spec annotation network: flannel-net sriov-net CNI CRD NETWORK OBJECT sriov-net PLUGIN POD CRD Network Object Creation Pod Creation Master Assign NGNIX POD Out of cluster Communication Between Multus & Apiserver Net plugins Multus-MultiNetworkinginKubernetes Setup
14 DatacenterNetworkSolutionsGroup Kernel Kubernetes Pod Container VNF Application DPDK SR-IOV Enabled Network Interface VFVF VF uio_pci_generic/igb_uio/vfio-pci PROBLEM No support for physical platform resource isolation guaranteeing network I/O performance & determinism No support for Data Plane Networking in userspace SOLUTION Enables NIC SR-IOV support in Kubernetes via a CNI plugin Supports two modes of operation: SR-IOV : SR-IOV VFs are allocated to pod network namespace DPDK : SR-IOV VFs are bounded to DPDK drivers in the userspace REFERENCE https://github.com/Intel-Corp/sriov-cni DPDK-SRIOVCNIPlugin
15 DatacenterNetworkSolutionsGroup NIC eth0 OVS- DPDK / VPP PROBLEM No networking solution with software acceleration for inter-pod connectivity on same host (e.g. SFC use case) SOLUTION Virtio_user/ vhost_user gives boosted performance than VETH pairs Support VPP as well as DPDK OVS Vhost_user CNI plugin enables K8s to leverage data plane acceleration REFERENCE https://github.com/intel/vhost-user-net-plugin (V1.0 Sep ’17) VhostuserCNIPlugin vhostuser Kubernetes Pod Container VNF Application DPDK virtio_user
16 DatacenterNetworkSolutionsGroup Kubernetes Pod Network Namespace LO DPDK OVS SR-IOV Enabled Network Interface NIC 1 VF VHOSTUSERCNIPLUGINIntegrationwithMULTUS Kubernetes CNI Multus CNI Flannel CNI DPDK - SRIOV CNI Vhostuser CNI containers VPP (FIB) eth0 eth1 eth2 (virtio user) eth3 (virtio user) NIC 2 NIC 3 Flannel veth pair Legend Mgnt plane Ctrl plane Data plane
17 DatacenterNetworkSolutionsGroup PROBLEM No way to identify hardware capabilities or configuration Inability for workload to request certain hardware feature SOLUTION Node feature Discovery brings Enhanced Platform Awareness (EPA) in K8s NFD detects resources on each node in a Kubernetes cluster and advertises those features Allows matching of workload to platform capabilities REFERENCE https://github.com/kubernetes-incubator/node-feature- discovery Nodefeaturediscovery(NFD) cc NODE 1 DISCOVERY PODNODE 2 DISCOVERY POD DISCOVERY POD NODE 1 DISCOVERY POD SRIOV AVX Turbo boost Master Node 1 Node 2 ETCD NGNIX POD label: SRIOV AVX Turbo boost SRIOV Network Features SRIOV AVX CPUID Features AVX Turboboost Intel TurboBoost enabled Node Feature Discovery Label details Node Feature Discovery in K8s
18 DatacenterNetworkSolutionsGroup 18 CPUManagerforKubernetes–CPUPinningandIsolation PROBLEM Kubernetes has no mechanism to support core pinning and isolation Results in high priority workloads not achieving SLAs * Noisy Neighbor Workload: An application that affects other applications sharing the infrastructure to suffer from nondeterministic performance e.g. context switching, cache affects WITHOUT CMK: CPU Pinning and Isolation Core0 CPU0 CPU1 Target Workload Core1 CPU2 CPU3 Noisy Neighbour Workload REFERENCE https://github.com/Intel-Corp/CPU-Manager-for- Kubernetes SOLUTION CPU-Manager-For-Kubernetes introduces core pinning and isolation to K8s without requiring changes to the k8s code base CMK guarantees high priority workloads are pinned to exclusive cores Gives a performance boost & determinism to high priority applications Negates the noisy neighbour* scenario Core0 CPU0 CPU1 Target Workload Core1 CPU2 CPU3 Noisy Neighbour Workload WITH CMK: CPU Pinning and Isolation Noisy Neighbour Workload
19 DatacenterNetworkSolutionsGroup PROBLEM No resource management of Huge Pages in kubernetes Responsibility of the cluster operator to handle it manually SOLUTION Huge Pages introduced as first class resource in kubernetes Support for hugepages via hugetlbfs enabled through a memory backed volume plugin Inherent accounting of Huge Pages Automatic relinquinshing of Huge Pages in case of unexpected process termination REFERENCE Alpha support for pre-allocated hugepages Hugetlbfs support based on empty dir volume plugin HugepageNativeSupportinKubernetes
20 DatacenterNetworkSolutionsGroup 20 ExperienceKitExample:CPUManagerforKubernetesBenchmarkTest Disclaimer: For more complete information about performance and benchmark results, visit http://www.intel.com/performance. ; Test configuration: Master & Minion Nodes: {mother board: Intel Corporation; S2600WFQ; CPU: Intel® Xeon® Gold Processor 6138T; 2.0 Ghz; 2 socket; 20 cores; 27.5 MB; 125 W; Memory: Micron MTA36ASF2G72PZ; 1 DIMM/Channel, 6 Channel/Socket; BIOS: Intel Corporation SE5C620.86B.0X.01.0007.060920171037; NIC: Intel Corporation; Ethernet Controller XXV710 for 2x25GbE Firmware version 5.50; SW: Ubuntu 16.04.2 64bit; Kernel 4.4.0-62-generic x86_64; DPDK 17.05}; IXIA* - IxNetwork 8.10.1046.6 EA; Protocols: 8.10.1105.9, IxOS 8.10.1250.8 EA-Patch1 Core Isolation decrease latency of target workload up >x13 in presence of Noisy Workload Uptox55latencydecrease Test are done with 16 Target Workloads” (=16 Containers) and with or without Noisy Workload present 1 Core with 2 threads are assigned to each container. Noisy Workload uses any available (non-isolated) cores in the system Platform: Intel® Xeon® Gold Processor 20C@2.00 GHz (6138T); DPDK L2 Forwarding using XXV710 NICs Core Isolation increase throughput of target-workload >200% for small packets in presence of Noisy Workload CoreIsolationleadstoperformanceconsistencysolvingnoisyworkloadsproblem Uptox4throughput increase
21 DatacenterNetworkSolutionsGroup NetworkCloudification ContainerUnifiedInfrastructure DeploymentModel VNFs vCPE vEPC vRNC vNAT vHLR vIMS vSGSN vRouter vMME vGGSN vIDS vFirewall NFVi- Network SR-IOV NFV Orchestration Containers Unified Infrastructure Hardware Orchestration VM Guest OS Docker Engine VM Guest OS Docker Engine VM Guest OS Docker Engine Hypervisor App App App App App App CLOUD NATIVE COMPUTING FOUNDATION
22 DatacenterNetworkSolutionsGroup CPU Manager for KubernetesSupport for CPU Core pinning for Kuryr-K8s pods Support for high performance Data Plane (E-W) Multiple network interfaces for VNFs Kuryr- KubernetesRemoving Network performance penalties for container in VM IndustrychallengesincontainersUnifiedInfrastructure KuryrKubernetes MASTER VM Same as in Container Bare Metal
23 DatacenterNetworkSolutionsGroup OBJECTIVES One Virtual Machine to many Containers Target: 1k Containers per VM Container Data Plane performance BENEFITS VT-x ring de-privileging to move the VM and Container into userspace, making it accessible to the userspace vSwitch with just a single copy. Standard Virtio interface & control plane supporting both interrupt and poll modes, VNF and Cloud based applications. Standard Vhost shared memory interface between DPDK vSwitch and VNF. SOLUTIONS Enabling DPDK support in nested containers With Kuryr–DPDK plugin for Kubernetes USE CASE Elasticity and scalability of containerized VNF application in VM Socket App Nova DPDK Pod Non DPDK Pod BSD Sockets API Layer 4 Layer 3 Layer 2 Network Appliance Virt I/O Virt I/O Neutron Virtual Machine Master VM: Co-existence of Containers and Virtual Machines Leverage OpenStack Infra DPDK based vSwitch to accelerate the Container Data Plane. MasterVMForContainers ENABLINGDPDKinNestedContainers
24 DatacenterNetworkSolutionsGroup CALLtoaction • We need feedback on the current ingredients e.g. • Multus • SR-IOV • Vhost user • Be active in K8s SIGs • Network • Resource Management
25 DatacenterNetworkSolutionsGroup TalktousForyourcontainers Usecase? ivan.coughlan@intel.com kuralamudhan.ramakrishnan@intel.com https://intel-corp.herokuapp.com thed00de rkamudhan
26 DatacenterNetworkSolutionsGroup

Recommended

Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 final
KwonSun Bae
 
CNCF TUG (Telecom User Group) Ike Alisson 5G New Service Capabilities Rev pa10
CNCF TUG (Telecom User Group) Ike Alisson 5G New Service Capabilities Rev pa10CNCF TUG (Telecom User Group) Ike Alisson 5G New Service Capabilities Rev pa10
CNCF TUG (Telecom User Group) Ike Alisson 5G New Service Capabilities Rev pa10
Ike Alisson
 
Overview of kubernetes network functions
Overview of kubernetes network functionsOverview of kubernetes network functions
Overview of kubernetes network functions
HungWei Chiu
 
Introduction to vxlan
Introduction to vxlanIntroduction to vxlan
Introduction to vxlan
Mohammed Umair
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWS
Zvika Gazit
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
Suraj Deshmukh
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
ShapeBlue
 
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
Vietnam Open Infrastructure User Group
 

Recommended

Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 final
KwonSun Bae
 
CNCF TUG (Telecom User Group) Ike Alisson 5G New Service Capabilities Rev pa10
CNCF TUG (Telecom User Group) Ike Alisson 5G New Service Capabilities Rev pa10CNCF TUG (Telecom User Group) Ike Alisson 5G New Service Capabilities Rev pa10
CNCF TUG (Telecom User Group) Ike Alisson 5G New Service Capabilities Rev pa10
Ike Alisson
 
Overview of kubernetes network functions
Overview of kubernetes network functionsOverview of kubernetes network functions
Overview of kubernetes network functions
HungWei Chiu
 
Introduction to vxlan
Introduction to vxlanIntroduction to vxlan
Introduction to vxlan
Mohammed Umair
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWS
Zvika Gazit
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
Suraj Deshmukh
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
ShapeBlue
 
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
Vietnam Open Infrastructure User Group
 
Openstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNs
Thomas Morin
 
How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratch
All Things Open
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advance
Bertrand Duvivier
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
Te-Yen Liu
 
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStackMeetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Vietnam Open Infrastructure User Group
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
Sim Janghoon
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
Cisco Canada
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
APNIC
 
OVN Controller Incremental Processing
OVN Controller Incremental ProcessingOVN Controller Incremental Processing
OVN Controller Incremental Processing
Han Zhou
 
How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on Linux
Etsuji Nakai
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
vivekkonnect
 
[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험
NHN FORWARD
 
OVN - Basics and deep dive
OVN - Basics and deep diveOVN - Basics and deep dive
OVN - Basics and deep dive
Trinath Somanchi
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1
ronsito
 
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data CenterPLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PROIDEA
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조
Seung-Hoon Baek
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS
Akihiro Suda
 
[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With Contrail[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With Contrail
OpenStack Korea Community
 
Ovs dpdk hwoffload way to full offload
Ovs dpdk hwoffload way to full offloadOvs dpdk hwoffload way to full offload
Ovs dpdk hwoffload way to full offload
Kevin Traynor
 
Building Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
Building Multi-Site and Multi-OpenStack Cloud with OpenStack CascadingBuilding Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
Building Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
Joe Huang
 
NFV features in kubernetes
NFV features in kubernetesNFV features in kubernetes
NFV features in kubernetes
Kuralamudhan Ramakrishnan
 
Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Road to Cloud Native Orchestration
Road to Cloud Native Orchestration
Open Source Technology Center MeetUps
 

More Related Content

What's hot

How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratch
All Things Open
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
Sim Janghoon
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
Cisco Canada
 
How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on Linux
Etsuji Nakai
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1
ronsito
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS
Akihiro Suda
 

What's hot (20)

Openstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNs
 
How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratch
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advance
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStackMeetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStack
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
 
OVN Controller Incremental Processing
OVN Controller Incremental ProcessingOVN Controller Incremental Processing
OVN Controller Incremental Processing
 
How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on Linux
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
 
[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험
 
OVN - Basics and deep dive
OVN - Basics and deep diveOVN - Basics and deep dive
OVN - Basics and deep dive
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1
 
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data CenterPLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS
 
[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With Contrail[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With Contrail
 
Ovs dpdk hwoffload way to full offload
Ovs dpdk hwoffload way to full offloadOvs dpdk hwoffload way to full offload
Ovs dpdk hwoffload way to full offload
 
Building Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
Building Multi-Site and Multi-OpenStack Cloud with OpenStack CascadingBuilding Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
Building Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
 

Similar to Enabling NFV features in kubernetes

Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Road to Cloud Native Orchestration
Road to Cloud Native Orchestration
Open Source Technology Center MeetUps
 
Intel® Xeon® Scalable Processors Enabled Applications Marketing Guide
Intel® Xeon® Scalable Processors Enabled Applications Marketing GuideIntel® Xeon® Scalable Processors Enabled Applications Marketing Guide
Intel® Xeon® Scalable Processors Enabled Applications Marketing Guide
Intel IT Center
 
“Intel Video AI Box—Converging AI, Media and Computing in a Compact and Open ...
“Intel Video AI Box—Converging AI, Media and Computing in a Compact and Open ...“Intel Video AI Box—Converging AI, Media and Computing in a Compact and Open ...
“Intel Video AI Box—Converging AI, Media and Computing in a Compact and Open ...
Edge AI and Vision Alliance
 
ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...
ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...
ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...
Kuralamudhan Ramakrishnan
 

Similar to Enabling NFV features in kubernetes (20)

NFV features in kubernetes
NFV features in kubernetesNFV features in kubernetes
NFV features in kubernetes
 
Road to Cloud Native Orchestration
Road to Cloud Native Orchestration Road to Cloud Native Orchestration
Road to Cloud Native Orchestration
 
5 pipeline arch_rationale
5 pipeline arch_rationale5 pipeline arch_rationale
5 pipeline arch_rationale
 
Netsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvNetsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfv
 
Introduction to container networking in K8s - SDN/NFV London meetup
Introduction to container networking in K8s - SDN/NFV London meetupIntroduction to container networking in K8s - SDN/NFV London meetup
Introduction to container networking in K8s - SDN/NFV London meetup
 
Intel® Xeon® Scalable Processors Enabled Applications Marketing Guide
Intel® Xeon® Scalable Processors Enabled Applications Marketing GuideIntel® Xeon® Scalable Processors Enabled Applications Marketing Guide
Intel® Xeon® Scalable Processors Enabled Applications Marketing Guide
 
NFV and SDN: 4G LTE and 5G Wireless Networks on Intel(r) Architecture
NFV and SDN: 4G LTE and 5G Wireless Networks on Intel(r) ArchitectureNFV and SDN: 4G LTE and 5G Wireless Networks on Intel(r) Architecture
NFV and SDN: 4G LTE and 5G Wireless Networks on Intel(r) Architecture
 
“Intel Video AI Box—Converging AI, Media and Computing in a Compact and Open ...
“Intel Video AI Box—Converging AI, Media and Computing in a Compact and Open ...“Intel Video AI Box—Converging AI, Media and Computing in a Compact and Open ...
“Intel Video AI Box—Converging AI, Media and Computing in a Compact and Open ...
 
ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...
ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...
ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...
 
G rpc talk with intel (3)
G rpc talk with intel (3)G rpc talk with intel (3)
G rpc talk with intel (3)
 
NFF-GO (YANFF) - Yet Another Network Function Framework
NFF-GO (YANFF) - Yet Another Network Function FrameworkNFF-GO (YANFF) - Yet Another Network Function Framework
NFF-GO (YANFF) - Yet Another Network Function Framework
 
5G Network Introduction
5G Network Introduction5G Network Introduction
5G Network Introduction
 
Intel® Select Solutions for the Network
Intel® Select Solutions for the NetworkIntel® Select Solutions for the Network
Intel® Select Solutions for the Network
 
Intel® Xeon® Processor E5-2600 v3 Product Family Application Showcase - Telec...
Intel® Xeon® Processor E5-2600 v3 Product Family Application Showcase - Telec...Intel® Xeon® Processor E5-2600 v3 Product Family Application Showcase - Telec...
Intel® Xeon® Processor E5-2600 v3 Product Family Application Showcase - Telec...
 
Seminar Accelerating Business Using Microservices Architecture in Digital Age...
Seminar Accelerating Business Using Microservices Architecture in Digital Age...Seminar Accelerating Business Using Microservices Architecture in Digital Age...
Seminar Accelerating Business Using Microservices Architecture in Digital Age...
 
Python Data Science and Machine Learning at Scale with Intel and Anaconda
Python Data Science and Machine Learning at Scale with Intel and AnacondaPython Data Science and Machine Learning at Scale with Intel and Anaconda
Python Data Science and Machine Learning at Scale with Intel and Anaconda
 
Intel xeon-scalable-processors-overview
Intel xeon-scalable-processors-overviewIntel xeon-scalable-processors-overview
Intel xeon-scalable-processors-overview
 
Intel® Xeon® Processor E5-2600 v4 Telco Cloud Digital Applications Showcase
Intel® Xeon® Processor E5-2600 v4 Telco Cloud Digital Applications ShowcaseIntel® Xeon® Processor E5-2600 v4 Telco Cloud Digital Applications Showcase
Intel® Xeon® Processor E5-2600 v4 Telco Cloud Digital Applications Showcase
 
Intel® Xeon® Processor E5-2600 v3 Product Family Application Showcase – Big D...
Intel® Xeon® Processor E5-2600 v3 Product Family Application Showcase – Big D...Intel® Xeon® Processor E5-2600 v3 Product Family Application Showcase – Big D...
Intel® Xeon® Processor E5-2600 v3 Product Family Application Showcase – Big D...
 
5G Multi-Access Edge Compute
5G Multi-Access Edge Compute5G Multi-Access Edge Compute
5G Multi-Access Edge Compute
 

Recently uploaded

Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
UXDXConf
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
UXDXConf
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
 

Recently uploaded (20)

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 

Enabling NFV features in kubernetes

  • 3. 3 DatacenterNetworkSolutionsGroup LegalNoticesandDisclaimers • Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at intel.com, or from the OEM or retailer. • No computer system can be absolutely secure. • Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit http://www.intel.com/performance. • Intel, the Intel logo, Xeon, and others are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. • © 2017 Intel Corporation.
  • 4. 4 DatacenterNetworkSolutionsGroup Whatwillyoulearntoday? 1. Containers Deployment Models for NFV ecosystem 2. Addressing Data Plane Scalability in Containers:  Container Bare Metal Reference Architecture  Compute  Network
  • 5. 5 DatacenterNetworkSolutionsGroup VNFsvCMTS vIMS vEPC vCPE vSBC NFVi- Network SR-IOV NFV Orchestration Hybrid Unified Containers VM Containers Containers VM Bare Metal VM CLOUD NATIVE COMPUTING FOUNDATION Containersnetworkingdeploymentsconsiderations
  • 6. 6 DatacenterNetworkSolutionsGroup Collaboratewithearlymovers,driveOpenSourcedevelopmentsandenabletheindustry VNFs vCMTS vIMS vEPC vCPE vSBC NFVi- Network SR-IOV NFV Orchestration CLOUD NATIVE COMPUTING FOUNDATION Containers Bare Metal Containers Containers & VM Unified Infrastructure Containers VM Containersnetworkingdeploymentsconsiderations
  • 7. 7 DatacenterNetworkSolutionsGroup DataPlanechallengesincontainers Multiple network interfaces for VNFs High performance Data Plane (N-S) High performance Data Plane (E-W) Ability to request/allocate platform capabilities CPU Core-Pinning for K8s pods Dynamic Huge Page allocation High performance Data Plane (UI) Removing performance penalties for container in VM (UI) Platform telemetry information Node Feature Discovery CPU Manager for Kubernetes Native Huge page support for Kubernetes SR-IOV VHOST USER Master VM Kuryr- Kubernetes In Development Kuryr-k8s v0.1.0: Jun ‘17 Open Source: CNI plug-in - V2.0 June ‘17 Upstream K8s: TBD Open Source: CNI plug-in - V1.0 Sep ‘17 Open Source: CNI plug-in - V2.0 April ‘17 Open Source: Nov. ‘16 Upstream K8: Incubation Graduation TBD Open Source: V1.2 April ‘17 Upstream K8: Phase 1 - V1.8 Sept ‘17 Upstream K8: V1.8 Sept ‘17 Upstream collectd: V5.7.2 June ‘17 ; 5.8.0 ((Q4 2017 date TBD) Scaling Open Source: Available on Intel github https://github.com/Intel-Corp | NFD at https://github.com/kubernetes-incubator/node-feature-discovery
  • 8. 8 DatacenterNetworkSolutionsGroup ContainerBaremetalExperienceKits Alibraryofbest-practicedevelopmentguidelinesforContainerbaremetalorchestration Reference Architecture Reference Architectures Installation Scripts Reference Architecture User Guide Enhance Platform Awareness Feature Brief White Paper Tech. Application Note Benchmark Test Report Demo Kubernetes Networking Feature Brief Tech. Application Note Demo Released throughout December, 2017 on: https://networkbuilders.intel.com/network-technologies/container-experience-kits Platform Telemetry Feature Brief Tech. Application Note Demo
  • 9. 9 DatacenterNetworkSolutionsGroup ContainerNetworkingGTM OPEN SOURCE POC EXPERIENCE KITS Best Practice Guidelines Software community SCALEWithPARTNERS CONTAINER CAPABILITIES CONTAINER NETWORKING Intel is addressing key challenges to using containers for NFV use cases Many of these have been open sourced already Material will be made available throughout November https://networkbuilders.intel.com/network-technologies/intel- container-experience-kits VNF
  • 10. 10 DatacenterNetworkSolutionsGroup NetworkCloudification ContainersBareMetal VNFs vCPE vEPC vRNC vNAT vHLR vIMS vSGSN vRouter vMME vGGSN vIDS vFirewall NFVi- Network SR-IOV NFV Orchestration Containers Bare Metal Hardware Containerized Virtual Network Functions vRNCvCPE vEPC vFirewall vSBCvCMTS vIMS vRouter Orchestration Host OS Docker Engine
  • 11. 11 DatacenterNetworkSolutionsGroup Node Feature Discovery CPU Manager for Kubernetes Native Huge page support for Kubernetes SR-IOV VHOST USER IndustrychallengesincontainersBareMetal Multiple network interfaces for VNFs Support for high performance Data Plane (N-S) Support for high performance Data Plane(E-W) Ability to request/allocate platform capabilities Support for CPU Core-Pinning for K8s pods Dynamic Huge Page allocation
  • 12. 12 DatacenterNetworkSolutionsGroup PROBLEM In NFV use cases, one key requirement is the functionality to provide multiple network interfaces to the virtualized operating environment of the Virtual Network Function (VNF). Kubernetes support only one Network interface – “eth0” USE CASES Functional separation of control and data network planes Link aggregation for redundancy of the network Support for implementation of different network protocol stacks and/or SLAs Network segregation and Security REFERENCE Multus CNI – https://github.com/Intel-Corp/multus-cni Native Kubernetes - Mailing list with details on discussions : https://groups.google.com/forum/#!forum/kubernetes-sig-network Current Kubernetes Networking NFVI Requirement in Kubernetes Networking MultipleNetwork InterfaceforVNFs Network Control Flow with Multus SR-IOV net1 KUBELET SR-IOV net0eth0 LINUX BRIDGE VF0 VF1 Pod Network Interfaces with Multus SR-IOV Logging vFirewall net0 net1 eth0 FlannelLinuxBridge Kubernetes Pod eth0 Pod eth1 eth2 eth0 interface Pod Container Container Container Container Container Container
  • 13. 13 DatacenterNetworkSolutionsGroup NGNIX POD annotation network: CRD Network: kubectl Create Flannel-net Network SRIOV-net Network Kubernetes Master KUBE API SERVER CRD NETWORK OBJECT flannel-net PLUGIN Kubernetes Minion KUBELET NGNIX POD spec annotation network: flannel-net sriov-net CNI CRD NETWORK OBJECT sriov-net PLUGIN POD CRD Network Object Creation Pod Creation Master Assign NGNIX POD Out of cluster Communication Between Multus & Apiserver Net plugins Multus-MultiNetworkinginKubernetes Setup
  • 14. 14 DatacenterNetworkSolutionsGroup Kernel Kubernetes Pod Container VNF Application DPDK SR-IOV Enabled Network Interface VFVF VF uio_pci_generic/igb_uio/vfio-pci PROBLEM No support for physical platform resource isolation guaranteeing network I/O performance & determinism No support for Data Plane Networking in userspace SOLUTION Enables NIC SR-IOV support in Kubernetes via a CNI plugin Supports two modes of operation: SR-IOV : SR-IOV VFs are allocated to pod network namespace DPDK : SR-IOV VFs are bounded to DPDK drivers in the userspace REFERENCE https://github.com/Intel-Corp/sriov-cni DPDK-SRIOVCNIPlugin
  • 15. 15 DatacenterNetworkSolutionsGroup NIC eth0 OVS- DPDK / VPP PROBLEM No networking solution with software acceleration for inter-pod connectivity on same host (e.g. SFC use case) SOLUTION Virtio_user/ vhost_user gives boosted performance than VETH pairs Support VPP as well as DPDK OVS Vhost_user CNI plugin enables K8s to leverage data plane acceleration REFERENCE https://github.com/intel/vhost-user-net-plugin (V1.0 Sep ’17) VhostuserCNIPlugin vhostuser Kubernetes Pod Container VNF Application DPDK virtio_user
  • 16. 16 DatacenterNetworkSolutionsGroup Kubernetes Pod Network Namespace LO DPDK OVS SR-IOV Enabled Network Interface NIC 1 VF VHOSTUSERCNIPLUGINIntegrationwithMULTUS Kubernetes CNI Multus CNI Flannel CNI DPDK - SRIOV CNI Vhostuser CNI containers VPP (FIB) eth0 eth1 eth2 (virtio user) eth3 (virtio user) NIC 2 NIC 3 Flannel veth pair Legend Mgnt plane Ctrl plane Data plane
  • 17. 17 DatacenterNetworkSolutionsGroup PROBLEM No way to identify hardware capabilities or configuration Inability for workload to request certain hardware feature SOLUTION Node feature Discovery brings Enhanced Platform Awareness (EPA) in K8s NFD detects resources on each node in a Kubernetes cluster and advertises those features Allows matching of workload to platform capabilities REFERENCE https://github.com/kubernetes-incubator/node-feature- discovery Nodefeaturediscovery(NFD) cc NODE 1 DISCOVERY PODNODE 2 DISCOVERY POD DISCOVERY POD NODE 1 DISCOVERY POD SRIOV AVX Turbo boost Master Node 1 Node 2 ETCD NGNIX POD label: SRIOV AVX Turbo boost SRIOV Network Features SRIOV AVX CPUID Features AVX Turboboost Intel TurboBoost enabled Node Feature Discovery Label details Node Feature Discovery in K8s
  • 18. 18 DatacenterNetworkSolutionsGroup 18 CPUManagerforKubernetes–CPUPinningandIsolation PROBLEM Kubernetes has no mechanism to support core pinning and isolation Results in high priority workloads not achieving SLAs * Noisy Neighbor Workload: An application that affects other applications sharing the infrastructure to suffer from nondeterministic performance e.g. context switching, cache affects WITHOUT CMK: CPU Pinning and Isolation Core0 CPU0 CPU1 Target Workload Core1 CPU2 CPU3 Noisy Neighbour Workload REFERENCE https://github.com/Intel-Corp/CPU-Manager-for- Kubernetes SOLUTION CPU-Manager-For-Kubernetes introduces core pinning and isolation to K8s without requiring changes to the k8s code base CMK guarantees high priority workloads are pinned to exclusive cores Gives a performance boost & determinism to high priority applications Negates the noisy neighbour* scenario Core0 CPU0 CPU1 Target Workload Core1 CPU2 CPU3 Noisy Neighbour Workload WITH CMK: CPU Pinning and Isolation Noisy Neighbour Workload
  • 19. 19 DatacenterNetworkSolutionsGroup PROBLEM No resource management of Huge Pages in kubernetes Responsibility of the cluster operator to handle it manually SOLUTION Huge Pages introduced as first class resource in kubernetes Support for hugepages via hugetlbfs enabled through a memory backed volume plugin Inherent accounting of Huge Pages Automatic relinquinshing of Huge Pages in case of unexpected process termination REFERENCE Alpha support for pre-allocated hugepages Hugetlbfs support based on empty dir volume plugin HugepageNativeSupportinKubernetes
  • 20. 20 DatacenterNetworkSolutionsGroup 20 ExperienceKitExample:CPUManagerforKubernetesBenchmarkTest Disclaimer: For more complete information about performance and benchmark results, visit http://www.intel.com/performance. ; Test configuration: Master & Minion Nodes: {mother board: Intel Corporation; S2600WFQ; CPU: Intel® Xeon® Gold Processor 6138T; 2.0 Ghz; 2 socket; 20 cores; 27.5 MB; 125 W; Memory: Micron MTA36ASF2G72PZ; 1 DIMM/Channel, 6 Channel/Socket; BIOS: Intel Corporation SE5C620.86B.0X.01.0007.060920171037; NIC: Intel Corporation; Ethernet Controller XXV710 for 2x25GbE Firmware version 5.50; SW: Ubuntu 16.04.2 64bit; Kernel 4.4.0-62-generic x86_64; DPDK 17.05}; IXIA* - IxNetwork 8.10.1046.6 EA; Protocols: 8.10.1105.9, IxOS 8.10.1250.8 EA-Patch1 Core Isolation decrease latency of target workload up >x13 in presence of Noisy Workload Uptox55latencydecrease Test are done with 16 Target Workloads” (=16 Containers) and with or without Noisy Workload present 1 Core with 2 threads are assigned to each container. Noisy Workload uses any available (non-isolated) cores in the system Platform: Intel® Xeon® Gold Processor 20C@2.00 GHz (6138T); DPDK L2 Forwarding using XXV710 NICs Core Isolation increase throughput of target-workload >200% for small packets in presence of Noisy Workload CoreIsolationleadstoperformanceconsistencysolvingnoisyworkloadsproblem Uptox4throughput increase
  • 21. 21 DatacenterNetworkSolutionsGroup NetworkCloudification ContainerUnifiedInfrastructure DeploymentModel VNFs vCPE vEPC vRNC vNAT vHLR vIMS vSGSN vRouter vMME vGGSN vIDS vFirewall NFVi- Network SR-IOV NFV Orchestration Containers Unified Infrastructure Hardware Orchestration VM Guest OS Docker Engine VM Guest OS Docker Engine VM Guest OS Docker Engine Hypervisor App App App App App App CLOUD NATIVE COMPUTING FOUNDATION
  • 22. 22 DatacenterNetworkSolutionsGroup CPU Manager for KubernetesSupport for CPU Core pinning for Kuryr-K8s pods Support for high performance Data Plane (E-W) Multiple network interfaces for VNFs Kuryr- KubernetesRemoving Network performance penalties for container in VM IndustrychallengesincontainersUnifiedInfrastructure KuryrKubernetes MASTER VM Same as in Container Bare Metal
  • 23. 23 DatacenterNetworkSolutionsGroup OBJECTIVES One Virtual Machine to many Containers Target: 1k Containers per VM Container Data Plane performance BENEFITS VT-x ring de-privileging to move the VM and Container into userspace, making it accessible to the userspace vSwitch with just a single copy. Standard Virtio interface & control plane supporting both interrupt and poll modes, VNF and Cloud based applications. Standard Vhost shared memory interface between DPDK vSwitch and VNF. SOLUTIONS Enabling DPDK support in nested containers With Kuryr–DPDK plugin for Kubernetes USE CASE Elasticity and scalability of containerized VNF application in VM Socket App Nova DPDK Pod Non DPDK Pod BSD Sockets API Layer 4 Layer 3 Layer 2 Network Appliance Virt I/O Virt I/O Neutron Virtual Machine Master VM: Co-existence of Containers and Virtual Machines Leverage OpenStack Infra DPDK based vSwitch to accelerate the Container Data Plane. MasterVMForContainers ENABLINGDPDKinNestedContainers
  • 24. 24 DatacenterNetworkSolutionsGroup CALLtoaction • We need feedback on the current ingredients e.g. • Multus • SR-IOV • Vhost user • Be active in K8s SIGs • Network • Resource Management