SlideShare a Scribd company logo

NFF-GO (YANFF) - Yet Another Network Function Framework

M
Michelle Holley

NFF-Go is a framework allows developers to deploy performant cloud-native network functions much faster. NFF-Go internally implements low-level optimizations and can auto-scale to multicores using built-in capabilities to take advantage of Intel® architecture. NFF uses Data Plane Development Kit (DPDK) for efficient input/output (I/O) and Go programming language as a high-level, safe, productive language.

Software
1 of 31
Download to read offline
Intel Golang Team Gregory Shimansky
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Legal Information Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at intel.com, or from the OEM or retailer. No computer system can be absolutely secure. Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit http://www.intel.com/performance. Tests document performance of components on a particular test, in specific systems. Differences in hardware, software, or configuration will affect actual performance. Consult other sources of information to evaluate performance as you consider your purchase. For more complete information about performance and benchmark results, visit http://www.intel.com/performance. Cost reduction scenarios described are intended as examples of how a given Intel- based product, in the specified circumstances and configurations, may affect future costs and provide cost savings. Circumstances will vary. Intel does not guarantee any costs or cost reduction. Results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance. Intel does not control or audit third-party benchmark data or the web sites referenced in this document. You should visit the referenced web site and confirm whether referenced data are accurate. Intel, the Intel logo and others are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. © 2017 Intel Corporation.
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. YANFF - Yet Another Network Function Framework Framework for building performant native network functions • Open-source project • Higher level abstractions than DPDK • Go language: productivity, performance, concurrency, safety • Network functions are application programs and not virtual machines Benefits: • Easily leverage IA HW capabilities: multi-cores, AES-NI, CAT, QAT, DPDK • 10x reduction lines of code • No need to be expert network system programmer • Similar performance with C • Take advantage of cloud native deployment: continuous delivery, micro- services, containers https://github.com/intel-go/yanff 3
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. 4 Technical Motivation ▪ Developers need framework to shorten development cycle of VNFs – Currently VNFs are monolithic - “virtual appliances” instead of network functions – Significant part of VNF is about plumbing. Plumbing VNFs to CommSPs network is an art. Should be abstracted from VNFs ▪ Lack of stable and unified APIs for VNF control and data plane ▪ Challenges with access to HW Accelerators in cloud environment. ▪ Cloud-friendly APIs and designs needed. Accelerating transition to from rule-based networking to imperative networking https://github.com/intel-go/yanff
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. YANFF: Yet Another Network Function Framework • Simple but powerful abstractions: • Flow, Packet • User builds packet processing graph using “flow functions” chaining • SetReceiver -> SetHandler -> SetSender • Several predefined possibilities of adding user processing inside packet processing graph • Split, Separate, Generate, Handle • Can leverage predefined functions which parse packets, check ACL rules, etc. • Run to completion – NFs can be expressed in the flow functions and natural chaining • Auto-scaling, ease of development • Zero-copy between NFs • Flexible incoming flow handling – sources can be anything: network port, memory buffer, remote procedure call, etc. System SW Optimized SW Application IA PlatformIA Platform Optimized Platform Software Optimized Software on CPU ISA (e.g. AES, AVX) Standard NIC Accelerators (Intel® QAT) Application Smart NIC Integrated FPGA U P I YANFF 4https://github.com/intel-go/yanff
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. L3 Simple Forwarding Example var L3Rules *rules.L3Rules func main() { flow.SystemInit(16) L3Rules = rules.GetL3RulesFromORIG("Forwarding.conf") inputFlow := flow.SetReceiver(0) outputFlows := flow.SetSplitter(inputFlow, L3Splitter, uint(3)) flow.SetStopper(outputFlows[0]) for i := 1; i < 3; i++ { flow.SetSender(outputFlows[i], uint8(i-1)) } flow.SystemStart() } // User defined function for splitting packets func L3Splitter(currentPacket *packet.Packet) uint { currentPacket.ParseL4() return rules.L3_ACL_port(currentPacket, L3Rules) }
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Configuration file for Forwarding # Source address, Destination address, L4 protocol ID, Source port, Destination port, Output port 111.2.0.0/31 ANY tcp ANY ANY 1 111.2.0.2/32 ANY tcp ANY ANY Reject ANY ANY udp 3078:3964 56:61020 2
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Exactly The Same Example in DPDK/C … 10 more screens to get to the end… 23 SLOC in YANFF vs 2079 in DPDK/C!
Copyright © 2016, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Optimization Notice YANFF – Main Architectural Concepts Flow Abstraction without public fields, which is used for pointing connections between Flow functions. Opened by Receive / Split / Separate / Counter / Generate. Closed by Send / Merge / Stop. Packet High-level representation of network packet. Private field is *mbuf, public fields are mac / ip / data /etc: pointers to mbuf with offsets (zero copy). Is extracted before any User defined function. Can be filled after user request by Packet functions. Can be checked by Rule functions. Port Network door, used in Receive, Send. Rule Set of checking rules, used in User defined functions.
Copyright © 2016, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Optimization Notice 10 Building Processing Graph Separate(SeparateFunction) {input stay} -> Flow Flow -> SeparateFunction -> Flow Merge Flow -> Flow -> Flow Flow -> Partition (periodicity) -> Flow Flow -> calculation -> Flow Split (SplitFunction) {input closed} -> Flow Flow -> SplitFunction -> Flow -> Flow Generate (GenerateFunction) {can wait} GenerateFunction -> Flow Stop Flow -> drop Receive (Port) driver (loop) -> Flow Send (Port) Flow -> driver (loop) Read (File) PCAP file -> Flow Write (File) Flow -> PCAP file
Copyright © 2016, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Optimization Notice 11 Packet modification functions Handle (SeparateFunction) {can drop} -> Stop Flow -> SeparateFunction-> Flow Handle (HandleFunction) {can’t drop} Flow -> HandleFunction -> Flow Packet functions Parsing packet fields Parse L2 or/and L3 or/and L4 levels Checking packet fields by rule Check L2 or/and L3 or/and L4 levels Create rule Create checking rule from json / config Initializing packet fields Initialize L2 or/and L3 or/and L4 levels Rule functions Encapsulate / Decapsulate
Copyright © 2016, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Optimization Notice 12 Flow Graph Example - Forwarding 1 Receiver 2 Splitter 3 Stop 3 3 Send Send
Copyright © 2016, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Optimization Notice 13 Let’s build some functions!
Copyright © 2016, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Optimization Notice 14 Create test VMs 1.Create and provision two test VMs: $ cd $GOPATH/src/github.com/intel-go/yanff/vagrant $ vagrant up 2.Open two terminal windows 3.cd to vagrant directory below 4.run “vagrant ssh yanf-”VM_number” to connect to pktgen VM and target VM, e.g. $ vagrant ssh yanff-1 # YANFF test program host yanff-1$ bindports # if ports not bound yet $ vagrant ssh yanff-0 # pktgen host yanff-0$ bindports # if ports not bound yet
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (1 of 11) Flow graph: package main import "github.com/intel-go/yanff/flow" func main() { // Init YANFF system config := flow.Config{} checkFatal(flow.SystemInit(&config)) initCommonState() checkFatal(flow.SystemStart()) } 15 yanff-0$ cd $YANFF/examples/tutorial yanff-0$ ./genscripts yanff-0$ ./runpktgen.sh Pktgen:/> start 0 …… Pktgen:/> quit yanff-1$ cd $YANFF/examples/tutorial yanff-1$ sudo ./step1
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (2 of 11) Flow graph: Receive Send package main import "github.com/intel-go/yanff/flow" func main() { config := flow.Config{} checkFatal(flow.SystemInit(&config)) initCommonState() firstFlow, err := flow.SetReceiver(0) checkFatal(err) checkFatal(flow.SetHandler(firstFlow, modifyPacket[0], nil)) checkFatal(flow.SetSender(firstFlow, 0)) checkFatal(flow.SystemStart()) } 16 yanff-0$ ./runpktgen.sh Pktgen:/> load step2.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step2 Modify
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (3 of 11) Flow graph: Receive Send Partition Send package main import "github.com/intel-go/yanff/flow" func main() { config := flow.Config{} checkFatal(flow.SystemInit(&config)) initCommonState() firstFlow, err := flow.SetReceiver(0) checkFatal(err) secondFlow, err := flow.SetPartitioner(firstFlow, 300, 300) checkFatal(err) checkFatal(flow.SetHandler(firstFlow, modifyPacket[0], nil)) checkFatal(flow.SetHandler(secondFlow, modifyPacket[1], nil)) checkFatal(flow.SetSender(firstFlow, 0)) checkFatal(flow.SetSender(secondFlow, 1)) checkFatal(flow.SystemStart()) } 17 yanff-0$ ./runpktgen.sh Pktgen:/> load step3.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step3 Modify Modify
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (4 of 11) package main import "github.com/intel-go/yanff/flow“ import "github.com/intel-go/yanff/packet“ func main() { config := flow.Config{} checkFatal(flow.SystemInit(&config)) initCommonState() firstFlow, err := flow.SetReceiver(0) checkFatal(err) secondFlow, err := flow.SetSeparator(firstFlow, mySeparator, nil) checkFatal(err) checkFatal(flow.SetHandler(firstFlow, modifyPacket[0], nil)) checkFatal(flow.SetHandler(secondFlow, modifyPacket[1], nil)) checkFatal(flow.SetSender(firstFlow, 0)) checkFatal(flow.SetSender(secondFlow, 1)) checkFatal(flow.SystemStart()) } func mySeparator(cur *packet.Packet, ctx flow.UserContext) bool { cur.ParseL3() if cur.GetIPv4() != nil { cur.ParseL4ForIPv4() if cur.GetTCPForIPv4() != nil && packet.SwapBytesUint16(cur.GetTCPForIPv4().DstPort) == 53 { return false } } return true } Flow graph: Receive Send Separate Send 18 yanff-0$ ./runpktgen.sh Pktgen:/> load step4.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step4 Modify Modify
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (5 of 11) … … … import "github.com/intel-go/yanff/rules“ var L3Rules *rules.L3Rules func main() { var err error config := flow.Config{} checkFatal(flow.SystemInit(&config)) initCommonState() l3Rules, err = packet.GetL3ACLFromORIG("rules1.conf") checkFatal(err) firstFlow, err := flow.SetReceiver(0) checkFatal(err) secondFlow, err := flow.SetSeparator(firstFlow, mySeparator, nil) checkFatal(err) checkFatal(flow.SetHandler(firstFlow, modifyPacket[0], nil)) checkFatal(flow.SetHandler(secondFlow, modifyPacket[1], nil)) checkFatal(flow.SetSender(firstFlow, 0)) checkFatal(flow.SetSender(secondFlow, 1)) checkFatal(flow.SystemStart()) } func MySeparator(cur *packet.Packet, ctx flow.UserContext) bool { return cur.L3ACLPermit(l3Rules) } Flow graph: Receive Send Separate Send Rules 19 yanff-0$ ./runpktgen.sh Pktgen:/> load step5.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step5 Modify Modify
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (6 of 11) … … … func main() { var err error config := flow.Config{} checkFatal(flow.SystemInit(&config)) L3Rules = rules.GetL3RulesFromORIG(“rules1.conf") checkFatal(err) firstFlow, err := flow.SetReceiver(0) checkFatal(err) secondFlow, err := flow.SetSeparator(firstFlow, mySeparator, nil) checkFatal(err) checkFatal(flow.SetHandler(firstFlow, modifyPacket[0], nil)) checkFatal(flow.SetSender(firstFlow, 0)) checkFatal(flow.SetStopper(secondFlow)) checkFatal(flow.SystemStart()) } func MySeparator(cur *packet.Packet, ctx flow.UserContext) bool { return cur.L3ACLPermit(l3Rules) } Flow graph: Receive Send Separate Stop Rules 20 yanff-0$ ./runpktgen.sh Pktgen:/> load step6.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step6 Modify
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (7 of 11) … … … import “time” var rulesp unsafe.Pointer … … … l3Rules, err := packet.GetL3ACLFromORIG("rules1.conf") checkFatal(err) rulesp = unsafe.Pointer(&l3Rules) go updateSeparateRules() … … … func MySeparator(cur *packet.Packet, ctx flow.UserContext) bool { localL3Rules := (*packet.L3Rules)(atomic.LoadPointer(&rulesp)) return cur.L3ACLPermit(localL3Rules) } func updateSeparateRules() { for { time.Sleep(time.Second * 5) locall3Rules, err := packet.GetL3ACLFromORIG("rules1.conf") checkFatal(err) atomic.StorePointer(&rulesp, unsafe.Pointer(locall3Rules)) } } Flow graph: Receive Send Separate Stop updated Rules 21 yanff-0$ ./runpktgen.sh Pktgen:/> load step7.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step7 Modify To make changes in rules1.conf file it is necessary to connect to target VM in another window or run YANFF executable in screen terminal multiplexer.
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (8 of 11) … … … const flowN = 3 … … … firstFlow, err := flow.SetReceiver(0) checkFatal(err) outputFlows, err := flow.SetSplitter(firstFlow, mySplitter, flowN, nil) checkFatal(err) checkFatal(flow.SetStopper(outputFlows[0])) for i := uint8(1); i < flowN; i++ { checkFatal(flow.SetHandler(outputFlows[i], modifyPacket[i-1], nil)) checkFatal(flow.SetSender(outputFlows[i], i-1)) } … … … func mySplitter(cur *packet.Packet, ctx flow.UserContext) uint { localL3Rules := L3Rules return cur.L3ACLPort(localL3Rules) } … … … Flow graph: Receive Stop Split Send updated Rules Send 22 yanff-0$ ./runpktgen.sh Pktgen:/> load step8.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step8 Modify Modify To make changes in rules2.conf file it is necessary to connect to target VM in another window or run YANFF executable in screen terminal multiplexer.
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (9 of 11) … … … import "github.com/intel-go/yanff/common“ … … … firstFlow, err := flow.SetReceiver(0) checkFatal(err) outputFlows, err := flow.SetSplitter(firstFlow, mySplitter, flowN, nil) checkFatal(err) checkFatal(flow.SetStopper(outputFlows[0])) checkFatal(flow.SetHandler(outputFlows[1], myHandler, nil)) for i := uint8(1); i < flowN; i++ { checkFatal(flow.SetHandler(outputFlows[i], modifyPacket[i-1], nil)) checkFatal(flow.SetSender(outputFlows[i], i-1)) } … … … func myHandler(cur *packet.Packet, ctx flow.UserContext) { cur.EncapsulateHead(common.EtherLen, common.IPv4MinLen) cur.ParseL3() cur.GetIPv4NoCheck().SrcAddr = packet.BytesToIPv4(111, 22, 3, 0) cur.GetIPv4NoCheck().DstAddr = packet.BytesToIPv4(3, 22, 111, 0) cur.GetIPv4NoCheck().VersionIhl = 0x45 cur.GetIPv4NoCheck().NextProtoID = 0x04 } Flow graph: Receive Send Split Send updated Rules Stop Handle 23 yanff-0$ ./runpktgen.sh Pktgen:/> load step9.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step9 ModifyModify To make changes in rules2.conf file it is necessary to connect to target VM in another window or run YANFF executable in screen terminal multiplexer.
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (10 of 11) … … … func myHandler(curV []*packet.Packet, num uint, ctx flow.UserContext) { for i := uint(0); i < num; i++ { cur := curV[i] cur.EncapsulateHead(common.EtherLen, common.IPv4MinLen) cur.ParseL3() cur.GetIPv4NoCheck().SrcAddr = packet.BytesToIPv4(111, 22, 3, 0) cur.GetIPv4NoCheck().DstAddr = packet.BytesToIPv4(3, 22, 111, 0) cur.GetIPv4NoCheck().VersionIhl = 0x45 cur.GetIPv4NoCheck().NextProtoID = 0x04 } } Flow graph: Receive Send Split Send updated Rules Stop Handle Packet vector 24 yanff-0$ ./runpktgen.sh Pktgen:/> load step10.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step10 Modify Modify To make changes in rules2.conf file it is necessary to connect to target VM in another window or run YANFF executable in screen terminal multiplexer.
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (11 of 11) … … … func myHandler(curV []*packet.Packet, num uint, ctx flow.UserContext) { for i := uint(0); i < num; i++ { cur := curV[i] cur.EncapsulateHead(common.EtherLen, common.IPv4MinLen) cur.ParseL3() cur.GetIPv4NoCheck().SrcAddr = packet.BytesToIPv4(111, 22, 3, 0) cur.GetIPv4NoCheck().DstAddr = packet.BytesToIPv4(3, 22, 111, 0) cur.GetIPv4NoCheck().VersionIhl = 0x45 cur.GetIPv4NoCheck().NextProtoID = 0x04 } // Some heavy computational code heavyCode() } Flow graph: Receive Send Split Send updated Rules Stop Handle Packet vector Scaling 25 yanff-0$ ./runpktgen.sh Pktgen:/> load step11.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step11 Modify Modify To make changes in rules2.conf file it is necessary to connect to target VM in another window or run YANFF executable in screen terminal multiplexer.
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Finally: NAT 26 yanff-0$ ./runpktgen.sh Pktgen:/> load nat.pg Pktgen:/> start 0 Pktgen:/> start 1 … Pktgen:/> quit yanff-1$ ./genscripts -pktgen direct yanff-1$ sudo ../nat/main/nat -config nat.json
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Q & A ? 27
Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Optimization Notice 28 Optimization Notice Intel’s compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2®, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice. Notice revision #20110804
Basic components • External (bytes inside network) • Flow (*mbufs inside rings) • Packets (as function arguments) Send (Port) Flow -> driver (loop) Receive (Port) driver (loop) -> Flow Stop Flow -> free Separate(SeparateFunction) {input stay} -> Flow Flow -> SeparateFunction -> Flow Merge {slow} Flow -> Flow -> Flow User defined functions Separate Function * -> Packet -> Boolean value -> Handle Function * -> Packet -> Flow functions Handle (SeparateFunction) {can drop} -> Stop Flow -> SeparateFunction-> Flow Generate (GenerateFunction) {can wait} GenerateFunction -> Flow Connections bool Packet functions Parsing packet fields Parse L2 or/and L3 or/and L4 levels Partition (periodicity) -> Flow Flow -> calculation -> Flow Instances (new types) Flow Abstraction without public fields, which is used for pointing connections between Flow functions. Opened by Receive / Split / Separate / Counter / Generate. Closed by Send / Merge / Stop. Packet High-level representation of network packet. Private field is *mbuf, public fields are mac / ip / data /etc: pointers to mbuf with offsets (zero copy). Is extracted before any User defined function. Can be filled after user request by Packet functions. Can be checked by Rule functions. Split Function -> Packet -> № of Flow -> uint Split (SplitFunction) {input closed} -> Flow Flow -> SplitFunction -> Flow -> Flow Checking packet fields by rule Check L2 or/and L3 or/and L4 levels • Flow: type “Flow” Init, Starting, Checking, Flow functions • Packet: type “Packet”, parsing / initializing packet functions • Rules: type “Rule”, parsing rules / checking Packet functions • User package: user defined functions Library External Components Create rule Create checking rule from json / config • Scheduler: Cloning of user defined flow functions • Asm: assembler functions added to GO • Common: technical functions shared by other components • Low: connections with DPDK C implementation Library Internal ComponentsHandle (HandleFunction) {can’t drop} Flow -> HandleFunction -> Flow Port Network door, used in Receive, Send. Initializing packet fields Initialize L2 or/and L3 or/and L4 levels Rule functions Rule Set of checking rules, used in User defined functions. Encapsulate / Decapsulate Generate Function * Packet -> * Can process vector of packets at one time All functions take packet and handling context All functions at separate cores and can be cloned
Lab configuration dcomp01 Switch dcomp02 dcomp03 dcomp10 dcomp11 dcomp12 dbdw04 dbdw05 dbdw06 dbdw07 dbdw08 dbdw09 dbdw10 dbdw11 dbdw12 dbdw13 dbdw14 dbdw15 dbdw16 dbdw17 Traffic generators 30 YANFF target hosts Jump host 207.108.8.161, Login: gashiman, Password: YanffLab
Finally (2 of 2): ipsec • Showing ipsec example 31

Recommended

Cisco IPv6 Tutorial
Cisco IPv6 TutorialCisco IPv6 Tutorial
Cisco IPv6 Tutorial
kriz5
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network Stack
Adrien Mahieux
 
Intel dpdk Tutorial
Intel dpdk TutorialIntel dpdk Tutorial
Intel dpdk Tutorial
Saifuddin Kaijar
 
NVMe over Fabric
NVMe over FabricNVMe over Fabric
NVMe over Fabric
singh.gurjeet
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet Processing
Michelle Holley
 
Linux Locking Mechanisms
Linux Locking MechanismsLinux Locking Mechanisms
Linux Locking Mechanisms
Kernel TLV
 
Scaling the Container Dataplane
Scaling the Container Dataplane Scaling the Container Dataplane
Scaling the Container Dataplane
Michelle Holley
 
HKG15-107: ACPI Power Management on ARM64 Servers (v2)
HKG15-107: ACPI Power Management on ARM64 Servers (v2)HKG15-107: ACPI Power Management on ARM64 Servers (v2)
HKG15-107: ACPI Power Management on ARM64 Servers (v2)
Linaro
 

Recommended

Cisco IPv6 Tutorial
Cisco IPv6 TutorialCisco IPv6 Tutorial
Cisco IPv6 Tutorial
kriz5
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network Stack
Adrien Mahieux
 
Intel dpdk Tutorial
Intel dpdk TutorialIntel dpdk Tutorial
Intel dpdk Tutorial
Saifuddin Kaijar
 
NVMe over Fabric
NVMe over FabricNVMe over Fabric
NVMe over Fabric
singh.gurjeet
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet Processing
Michelle Holley
 
Linux Locking Mechanisms
Linux Locking MechanismsLinux Locking Mechanisms
Linux Locking Mechanisms
Kernel TLV
 
Scaling the Container Dataplane
Scaling the Container Dataplane Scaling the Container Dataplane
Scaling the Container Dataplane
Michelle Holley
 
HKG15-107: ACPI Power Management on ARM64 Servers (v2)
HKG15-107: ACPI Power Management on ARM64 Servers (v2)HKG15-107: ACPI Power Management on ARM64 Servers (v2)
HKG15-107: ACPI Power Management on ARM64 Servers (v2)
Linaro
 
LCU14-410: How to build an Energy Model for your SoC
LCU14-410: How to build an Energy Model for your SoCLCU14-410: How to build an Energy Model for your SoC
LCU14-410: How to build an Energy Model for your SoC
Linaro
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101
SUSE Labs Taipei
 
IPV4 vs IPV6
IPV4 vs IPV6IPV4 vs IPV6
IPV4 vs IPV6
Devang Doshi
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on Lab
Michelle Holley
 
CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5
Nil Menon
 
Subnetting
SubnettingSubnetting
Subnetting
Kishore Kumar
 
Implementation &amp; Comparison Of Rdma Over Ethernet
Implementation &amp; Comparison Of Rdma Over EthernetImplementation &amp; Comparison Of Rdma Over Ethernet
Implementation &amp; Comparison Of Rdma Over Ethernet
James Wernicke
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
hugo lu
 
Enable DPDK and SR-IOV for containerized virtual network functions with zun
Enable DPDK and SR-IOV for containerized virtual network functions with zunEnable DPDK and SR-IOV for containerized virtual network functions with zun
Enable DPDK and SR-IOV for containerized virtual network functions with zun
heut2008
 
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIKernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Anne Nicolas
 
DPDK KNI interface
DPDK KNI interfaceDPDK KNI interface
DPDK KNI interface
Denys Haryachyy
 
DPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingDPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet Processing
Michelle Holley
 
Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to Linux
Anil Kumar Pugalia
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack
monad bobo
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3
Nil Menon
 
COSCUP 2020 RISC-V 32 bit linux highmem porting
COSCUP 2020 RISC-V 32 bit linux highmem portingCOSCUP 2020 RISC-V 32 bit linux highmem porting
COSCUP 2020 RISC-V 32 bit linux highmem porting
Eric Lin
 
LCA14: LCA14-306: CPUidle & CPUfreq integration with scheduler
LCA14: LCA14-306: CPUidle & CPUfreq integration with schedulerLCA14: LCA14-306: CPUidle & CPUfreq integration with scheduler
LCA14: LCA14-306: CPUidle & CPUfreq integration with scheduler
Linaro
 
Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...
Cisco Canada
 
Dpdk applications
Dpdk applicationsDpdk applications
Dpdk applications
Vipin Varghese
 
JUNOS - Monitoring and Troubleshooting
JUNOS - Monitoring and TroubleshootingJUNOS - Monitoring and Troubleshooting
JUNOS - Monitoring and Troubleshooting
Zenith Networks
 
QATCodec: past, present and future
QATCodec: past, present and futureQATCodec: past, present and future
QATCodec: past, present and future
boxu42
 
5 pipeline arch_rationale
5 pipeline arch_rationale5 pipeline arch_rationale
5 pipeline arch_rationale
videos
 

More Related Content

What's hot

LCU14-410: How to build an Energy Model for your SoC
LCU14-410: How to build an Energy Model for your SoCLCU14-410: How to build an Energy Model for your SoC
LCU14-410: How to build an Energy Model for your SoC
Linaro
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
hugo lu
 
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIKernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Anne Nicolas
 

What's hot (20)

LCU14-410: How to build an Energy Model for your SoC
LCU14-410: How to build an Energy Model for your SoCLCU14-410: How to build an Energy Model for your SoC
LCU14-410: How to build an Energy Model for your SoC
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101
 
IPV4 vs IPV6
IPV4 vs IPV6IPV4 vs IPV6
IPV4 vs IPV6
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on Lab
 
CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5
 
Subnetting
SubnettingSubnetting
Subnetting
 
Implementation &amp; Comparison Of Rdma Over Ethernet
Implementation &amp; Comparison Of Rdma Over EthernetImplementation &amp; Comparison Of Rdma Over Ethernet
Implementation &amp; Comparison Of Rdma Over Ethernet
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
 
Enable DPDK and SR-IOV for containerized virtual network functions with zun
Enable DPDK and SR-IOV for containerized virtual network functions with zunEnable DPDK and SR-IOV for containerized virtual network functions with zun
Enable DPDK and SR-IOV for containerized virtual network functions with zun
 
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIKernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
 
DPDK KNI interface
DPDK KNI interfaceDPDK KNI interface
DPDK KNI interface
 
DPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingDPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet Processing
 
Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to Linux
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3
 
COSCUP 2020 RISC-V 32 bit linux highmem porting
COSCUP 2020 RISC-V 32 bit linux highmem portingCOSCUP 2020 RISC-V 32 bit linux highmem porting
COSCUP 2020 RISC-V 32 bit linux highmem porting
 
LCA14: LCA14-306: CPUidle & CPUfreq integration with scheduler
LCA14: LCA14-306: CPUidle & CPUfreq integration with schedulerLCA14: LCA14-306: CPUidle & CPUfreq integration with scheduler
LCA14: LCA14-306: CPUidle & CPUfreq integration with scheduler
 
Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...
 
Dpdk applications
Dpdk applicationsDpdk applications
Dpdk applications
 
JUNOS - Monitoring and Troubleshooting
JUNOS - Monitoring and TroubleshootingJUNOS - Monitoring and Troubleshooting
JUNOS - Monitoring and Troubleshooting
 

Similar to NFF-GO (YANFF) - Yet Another Network Function Framework

Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive...
Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive... Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive...
Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive...
Databricks
 
Relative Capacity por Eduardo Oliveira e Joseph Temple
Relative Capacity por Eduardo Oliveira e Joseph TempleRelative Capacity por Eduardo Oliveira e Joseph Temple
Relative Capacity por Eduardo Oliveira e Joseph Temple
Joao Galdino Mello de Souza
 
Accelerate Your Apache Spark with Intel Optane DC Persistent Memory
Accelerate Your Apache Spark with Intel Optane DC Persistent MemoryAccelerate Your Apache Spark with Intel Optane DC Persistent Memory
Accelerate Your Apache Spark with Intel Optane DC Persistent Memory
Databricks
 
17294_HiperSockets.pdf
17294_HiperSockets.pdf17294_HiperSockets.pdf
17294_HiperSockets.pdf
Eeszt
 

Similar to NFF-GO (YANFF) - Yet Another Network Function Framework (20)

QATCodec: past, present and future
QATCodec: past, present and futureQATCodec: past, present and future
QATCodec: past, present and future
 
5 pipeline arch_rationale
5 pipeline arch_rationale5 pipeline arch_rationale
5 pipeline arch_rationale
 
What are latest new features that DPDK brings into 2018?
What are latest new features that DPDK brings into 2018?What are latest new features that DPDK brings into 2018?
What are latest new features that DPDK brings into 2018?
 
Performance out of the box developers
Performance out of the box developersPerformance out of the box developers
Performance out of the box developers
 
Intel Technologies for High Performance Computing
Intel Technologies for High Performance ComputingIntel Technologies for High Performance Computing
Intel Technologies for High Performance Computing
 
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway Application
 
Enabling NFV features in kubernetes
Enabling NFV features in kubernetesEnabling NFV features in kubernetes
Enabling NFV features in kubernetes
 
TDC2019 Intel Software Day - Tecnicas de Programacao Paralela em Machine Lear...
TDC2019 Intel Software Day - Tecnicas de Programacao Paralela em Machine Lear...TDC2019 Intel Software Day - Tecnicas de Programacao Paralela em Machine Lear...
TDC2019 Intel Software Day - Tecnicas de Programacao Paralela em Machine Lear...
 
Edge Computing and 5G - SDN/NFV London meetup
Edge Computing and 5G - SDN/NFV London meetupEdge Computing and 5G - SDN/NFV London meetup
Edge Computing and 5G - SDN/NFV London meetup
 
Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive...
Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive... Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive...
Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive...
 
Clear Linux OS - Architecture Overview
Clear Linux OS - Architecture OverviewClear Linux OS - Architecture Overview
Clear Linux OS - Architecture Overview
 
Intel NFVi Enabling Kit Demo/Lab
Intel NFVi Enabling Kit Demo/LabIntel NFVi Enabling Kit Demo/Lab
Intel NFVi Enabling Kit Demo/Lab
 
Introduction to container networking in K8s - SDN/NFV London meetup
Introduction to container networking in K8s - SDN/NFV London meetupIntroduction to container networking in K8s - SDN/NFV London meetup
Introduction to container networking in K8s - SDN/NFV London meetup
 
Relative Capacity por Eduardo Oliveira e Joseph Temple
Relative Capacity por Eduardo Oliveira e Joseph TempleRelative Capacity por Eduardo Oliveira e Joseph Temple
Relative Capacity por Eduardo Oliveira e Joseph Temple
 
Unlocking the SDN and NFV Transformation
Unlocking the SDN and NFV TransformationUnlocking the SDN and NFV Transformation
Unlocking the SDN and NFV Transformation
 
Accelerate Your Apache Spark with Intel Optane DC Persistent Memory
Accelerate Your Apache Spark with Intel Optane DC Persistent MemoryAccelerate Your Apache Spark with Intel Optane DC Persistent Memory
Accelerate Your Apache Spark with Intel Optane DC Persistent Memory
 
Accelerate Your Python* Code through Profiling, Tuning, and Compilation Part ...
Accelerate Your Python* Code through Profiling, Tuning, and Compilation Part ...Accelerate Your Python* Code through Profiling, Tuning, and Compilation Part ...
Accelerate Your Python* Code through Profiling, Tuning, and Compilation Part ...
 
Introduction ciot workshop premeetup
Introduction ciot workshop premeetupIntroduction ciot workshop premeetup
Introduction ciot workshop premeetup
 
DPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii TkachukDPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii Tkachuk
 
17294_HiperSockets.pdf
17294_HiperSockets.pdf17294_HiperSockets.pdf
17294_HiperSockets.pdf
 

More from Michelle Holley

Edge and 5G: What is in it for the developers?
Edge and 5G: What is in it for the developers?Edge and 5G: What is in it for the developers?
Edge and 5G: What is in it for the developers?
Michelle Holley
 
Accelerating Edge Computing Adoption
Accelerating Edge Computing Adoption Accelerating Edge Computing Adoption
Accelerating Edge Computing Adoption
Michelle Holley
 
DPDK & Cloud Native
DPDK & Cloud NativeDPDK & Cloud Native
DPDK & Cloud Native
Michelle Holley
 
Orchestrating NFV Workloads in Multiple Clouds
Orchestrating NFV Workloads in Multiple CloudsOrchestrating NFV Workloads in Multiple Clouds
Orchestrating NFV Workloads in Multiple Clouds
Michelle Holley
 
Convergence of device and data at the Edge Cloud
Convergence of device and data at the Edge CloudConvergence of device and data at the Edge Cloud
Convergence of device and data at the Edge Cloud
Michelle Holley
 
Intel® Network Builders - Network Edge Ecosystem Program
Intel® Network Builders - Network Edge Ecosystem ProgramIntel® Network Builders - Network Edge Ecosystem Program
Intel® Network Builders - Network Edge Ecosystem Program
Michelle Holley
 
Design Implications, Challenges and Principles of Zero-Touch Management Envir...
Design Implications, Challenges and Principles of Zero-Touch Management Envir...Design Implications, Challenges and Principles of Zero-Touch Management Envir...
Design Implications, Challenges and Principles of Zero-Touch Management Envir...
Michelle Holley
 
Using Microservices Architecture and Patterns to Address Applications Require...
Using Microservices Architecture and Patterns to Address Applications Require...Using Microservices Architecture and Patterns to Address Applications Require...
Using Microservices Architecture and Patterns to Address Applications Require...
Michelle Holley
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with Istio
Michelle Holley
 
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Michelle Holley
 
Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...
Michelle Holley
 

More from Michelle Holley (20)

Edge and 5G: What is in it for the developers?
Edge and 5G: What is in it for the developers?Edge and 5G: What is in it for the developers?
Edge and 5G: What is in it for the developers?
 
5G and Open Reference Platforms
5G and Open Reference Platforms5G and Open Reference Platforms
5G and Open Reference Platforms
 
De-fogging Edge Computing: Ecosystem, Use-cases, and Opportunities
De-fogging Edge Computing: Ecosystem, Use-cases, and OpportunitiesDe-fogging Edge Computing: Ecosystem, Use-cases, and Opportunities
De-fogging Edge Computing: Ecosystem, Use-cases, and Opportunities
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPE
 
Enabling Multi-access Edge Computing (MEC) Platform-as-a-Service for Enterprises
Enabling Multi-access Edge Computing (MEC) Platform-as-a-Service for EnterprisesEnabling Multi-access Edge Computing (MEC) Platform-as-a-Service for Enterprises
Enabling Multi-access Edge Computing (MEC) Platform-as-a-Service for Enterprises
 
Accelerating Edge Computing Adoption
Accelerating Edge Computing Adoption Accelerating Edge Computing Adoption
Accelerating Edge Computing Adoption
 
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
 
DPDK & Cloud Native
DPDK & Cloud NativeDPDK & Cloud Native
DPDK & Cloud Native
 
OpenDaylight Update (June 2018)
OpenDaylight Update (June 2018)OpenDaylight Update (June 2018)
OpenDaylight Update (June 2018)
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
 
Orchestrating NFV Workloads in Multiple Clouds
Orchestrating NFV Workloads in Multiple CloudsOrchestrating NFV Workloads in Multiple Clouds
Orchestrating NFV Workloads in Multiple Clouds
 
Convergence of device and data at the Edge Cloud
Convergence of device and data at the Edge CloudConvergence of device and data at the Edge Cloud
Convergence of device and data at the Edge Cloud
 
Intel® Network Builders - Network Edge Ecosystem Program
Intel® Network Builders - Network Edge Ecosystem ProgramIntel® Network Builders - Network Edge Ecosystem Program
Intel® Network Builders - Network Edge Ecosystem Program
 
Design Implications, Challenges and Principles of Zero-Touch Management Envir...
Design Implications, Challenges and Principles of Zero-Touch Management Envir...Design Implications, Challenges and Principles of Zero-Touch Management Envir...
Design Implications, Challenges and Principles of Zero-Touch Management Envir...
 
Using Microservices Architecture and Patterns to Address Applications Require...
Using Microservices Architecture and Patterns to Address Applications Require...Using Microservices Architecture and Patterns to Address Applications Require...
Using Microservices Architecture and Patterns to Address Applications Require...
 
Intel Powered AI Applications for Telco
Intel Powered AI Applications for TelcoIntel Powered AI Applications for Telco
Intel Powered AI Applications for Telco
 
Artificial Intelligence in the Network
Artificial Intelligence in the Network Artificial Intelligence in the Network
Artificial Intelligence in the Network
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with Istio
 
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
 
Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...
 

Recently uploaded

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 

Recently uploaded (20)

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
 

NFF-GO (YANFF) - Yet Another Network Function Framework

  • 2. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Legal Information Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at intel.com, or from the OEM or retailer. No computer system can be absolutely secure. Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit http://www.intel.com/performance. Tests document performance of components on a particular test, in specific systems. Differences in hardware, software, or configuration will affect actual performance. Consult other sources of information to evaluate performance as you consider your purchase. For more complete information about performance and benchmark results, visit http://www.intel.com/performance. Cost reduction scenarios described are intended as examples of how a given Intel- based product, in the specified circumstances and configurations, may affect future costs and provide cost savings. Circumstances will vary. Intel does not guarantee any costs or cost reduction. Results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance. Intel does not control or audit third-party benchmark data or the web sites referenced in this document. You should visit the referenced web site and confirm whether referenced data are accurate. Intel, the Intel logo and others are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. © 2017 Intel Corporation.
  • 3. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. YANFF - Yet Another Network Function Framework Framework for building performant native network functions • Open-source project • Higher level abstractions than DPDK • Go language: productivity, performance, concurrency, safety • Network functions are application programs and not virtual machines Benefits: • Easily leverage IA HW capabilities: multi-cores, AES-NI, CAT, QAT, DPDK • 10x reduction lines of code • No need to be expert network system programmer • Similar performance with C • Take advantage of cloud native deployment: continuous delivery, micro- services, containers https://github.com/intel-go/yanff 3
  • 4. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. 4 Technical Motivation ▪ Developers need framework to shorten development cycle of VNFs – Currently VNFs are monolithic - “virtual appliances” instead of network functions – Significant part of VNF is about plumbing. Plumbing VNFs to CommSPs network is an art. Should be abstracted from VNFs ▪ Lack of stable and unified APIs for VNF control and data plane ▪ Challenges with access to HW Accelerators in cloud environment. ▪ Cloud-friendly APIs and designs needed. Accelerating transition to from rule-based networking to imperative networking https://github.com/intel-go/yanff
  • 5. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. YANFF: Yet Another Network Function Framework • Simple but powerful abstractions: • Flow, Packet • User builds packet processing graph using “flow functions” chaining • SetReceiver -> SetHandler -> SetSender • Several predefined possibilities of adding user processing inside packet processing graph • Split, Separate, Generate, Handle • Can leverage predefined functions which parse packets, check ACL rules, etc. • Run to completion – NFs can be expressed in the flow functions and natural chaining • Auto-scaling, ease of development • Zero-copy between NFs • Flexible incoming flow handling – sources can be anything: network port, memory buffer, remote procedure call, etc. System SW Optimized SW Application IA PlatformIA Platform Optimized Platform Software Optimized Software on CPU ISA (e.g. AES, AVX) Standard NIC Accelerators (Intel® QAT) Application Smart NIC Integrated FPGA U P I YANFF 4https://github.com/intel-go/yanff
  • 6. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. L3 Simple Forwarding Example var L3Rules *rules.L3Rules func main() { flow.SystemInit(16) L3Rules = rules.GetL3RulesFromORIG("Forwarding.conf") inputFlow := flow.SetReceiver(0) outputFlows := flow.SetSplitter(inputFlow, L3Splitter, uint(3)) flow.SetStopper(outputFlows[0]) for i := 1; i < 3; i++ { flow.SetSender(outputFlows[i], uint8(i-1)) } flow.SystemStart() } // User defined function for splitting packets func L3Splitter(currentPacket *packet.Packet) uint { currentPacket.ParseL4() return rules.L3_ACL_port(currentPacket, L3Rules) }
  • 7. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Configuration file for Forwarding # Source address, Destination address, L4 protocol ID, Source port, Destination port, Output port 111.2.0.0/31 ANY tcp ANY ANY 1 111.2.0.2/32 ANY tcp ANY ANY Reject ANY ANY udp 3078:3964 56:61020 2
  • 8. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Exactly The Same Example in DPDK/C … 10 more screens to get to the end… 23 SLOC in YANFF vs 2079 in DPDK/C!
  • 9. Copyright © 2016, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Optimization Notice YANFF – Main Architectural Concepts Flow Abstraction without public fields, which is used for pointing connections between Flow functions. Opened by Receive / Split / Separate / Counter / Generate. Closed by Send / Merge / Stop. Packet High-level representation of network packet. Private field is *mbuf, public fields are mac / ip / data /etc: pointers to mbuf with offsets (zero copy). Is extracted before any User defined function. Can be filled after user request by Packet functions. Can be checked by Rule functions. Port Network door, used in Receive, Send. Rule Set of checking rules, used in User defined functions.
  • 10. Copyright © 2016, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Optimization Notice 10 Building Processing Graph Separate(SeparateFunction) {input stay} -> Flow Flow -> SeparateFunction -> Flow Merge Flow -> Flow -> Flow Flow -> Partition (periodicity) -> Flow Flow -> calculation -> Flow Split (SplitFunction) {input closed} -> Flow Flow -> SplitFunction -> Flow -> Flow Generate (GenerateFunction) {can wait} GenerateFunction -> Flow Stop Flow -> drop Receive (Port) driver (loop) -> Flow Send (Port) Flow -> driver (loop) Read (File) PCAP file -> Flow Write (File) Flow -> PCAP file
  • 11. Copyright © 2016, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Optimization Notice 11 Packet modification functions Handle (SeparateFunction) {can drop} -> Stop Flow -> SeparateFunction-> Flow Handle (HandleFunction) {can’t drop} Flow -> HandleFunction -> Flow Packet functions Parsing packet fields Parse L2 or/and L3 or/and L4 levels Checking packet fields by rule Check L2 or/and L3 or/and L4 levels Create rule Create checking rule from json / config Initializing packet fields Initialize L2 or/and L3 or/and L4 levels Rule functions Encapsulate / Decapsulate
  • 12. Copyright © 2016, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Optimization Notice 12 Flow Graph Example - Forwarding 1 Receiver 2 Splitter 3 Stop 3 3 Send Send
  • 13. Copyright © 2016, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Optimization Notice 13 Let’s build some functions!
  • 14. Copyright © 2016, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Optimization Notice 14 Create test VMs 1.Create and provision two test VMs: $ cd $GOPATH/src/github.com/intel-go/yanff/vagrant $ vagrant up 2.Open two terminal windows 3.cd to vagrant directory below 4.run “vagrant ssh yanf-”VM_number” to connect to pktgen VM and target VM, e.g. $ vagrant ssh yanff-1 # YANFF test program host yanff-1$ bindports # if ports not bound yet $ vagrant ssh yanff-0 # pktgen host yanff-0$ bindports # if ports not bound yet
  • 15. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (1 of 11) Flow graph: package main import "github.com/intel-go/yanff/flow" func main() { // Init YANFF system config := flow.Config{} checkFatal(flow.SystemInit(&config)) initCommonState() checkFatal(flow.SystemStart()) } 15 yanff-0$ cd $YANFF/examples/tutorial yanff-0$ ./genscripts yanff-0$ ./runpktgen.sh Pktgen:/> start 0 …… Pktgen:/> quit yanff-1$ cd $YANFF/examples/tutorial yanff-1$ sudo ./step1
  • 16. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (2 of 11) Flow graph: Receive Send package main import "github.com/intel-go/yanff/flow" func main() { config := flow.Config{} checkFatal(flow.SystemInit(&config)) initCommonState() firstFlow, err := flow.SetReceiver(0) checkFatal(err) checkFatal(flow.SetHandler(firstFlow, modifyPacket[0], nil)) checkFatal(flow.SetSender(firstFlow, 0)) checkFatal(flow.SystemStart()) } 16 yanff-0$ ./runpktgen.sh Pktgen:/> load step2.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step2 Modify
  • 17. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (3 of 11) Flow graph: Receive Send Partition Send package main import "github.com/intel-go/yanff/flow" func main() { config := flow.Config{} checkFatal(flow.SystemInit(&config)) initCommonState() firstFlow, err := flow.SetReceiver(0) checkFatal(err) secondFlow, err := flow.SetPartitioner(firstFlow, 300, 300) checkFatal(err) checkFatal(flow.SetHandler(firstFlow, modifyPacket[0], nil)) checkFatal(flow.SetHandler(secondFlow, modifyPacket[1], nil)) checkFatal(flow.SetSender(firstFlow, 0)) checkFatal(flow.SetSender(secondFlow, 1)) checkFatal(flow.SystemStart()) } 17 yanff-0$ ./runpktgen.sh Pktgen:/> load step3.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step3 Modify Modify
  • 18. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (4 of 11) package main import "github.com/intel-go/yanff/flow“ import "github.com/intel-go/yanff/packet“ func main() { config := flow.Config{} checkFatal(flow.SystemInit(&config)) initCommonState() firstFlow, err := flow.SetReceiver(0) checkFatal(err) secondFlow, err := flow.SetSeparator(firstFlow, mySeparator, nil) checkFatal(err) checkFatal(flow.SetHandler(firstFlow, modifyPacket[0], nil)) checkFatal(flow.SetHandler(secondFlow, modifyPacket[1], nil)) checkFatal(flow.SetSender(firstFlow, 0)) checkFatal(flow.SetSender(secondFlow, 1)) checkFatal(flow.SystemStart()) } func mySeparator(cur *packet.Packet, ctx flow.UserContext) bool { cur.ParseL3() if cur.GetIPv4() != nil { cur.ParseL4ForIPv4() if cur.GetTCPForIPv4() != nil && packet.SwapBytesUint16(cur.GetTCPForIPv4().DstPort) == 53 { return false } } return true } Flow graph: Receive Send Separate Send 18 yanff-0$ ./runpktgen.sh Pktgen:/> load step4.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step4 Modify Modify
  • 19. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (5 of 11) … … … import "github.com/intel-go/yanff/rules“ var L3Rules *rules.L3Rules func main() { var err error config := flow.Config{} checkFatal(flow.SystemInit(&config)) initCommonState() l3Rules, err = packet.GetL3ACLFromORIG("rules1.conf") checkFatal(err) firstFlow, err := flow.SetReceiver(0) checkFatal(err) secondFlow, err := flow.SetSeparator(firstFlow, mySeparator, nil) checkFatal(err) checkFatal(flow.SetHandler(firstFlow, modifyPacket[0], nil)) checkFatal(flow.SetHandler(secondFlow, modifyPacket[1], nil)) checkFatal(flow.SetSender(firstFlow, 0)) checkFatal(flow.SetSender(secondFlow, 1)) checkFatal(flow.SystemStart()) } func MySeparator(cur *packet.Packet, ctx flow.UserContext) bool { return cur.L3ACLPermit(l3Rules) } Flow graph: Receive Send Separate Send Rules 19 yanff-0$ ./runpktgen.sh Pktgen:/> load step5.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step5 Modify Modify
  • 20. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (6 of 11) … … … func main() { var err error config := flow.Config{} checkFatal(flow.SystemInit(&config)) L3Rules = rules.GetL3RulesFromORIG(“rules1.conf") checkFatal(err) firstFlow, err := flow.SetReceiver(0) checkFatal(err) secondFlow, err := flow.SetSeparator(firstFlow, mySeparator, nil) checkFatal(err) checkFatal(flow.SetHandler(firstFlow, modifyPacket[0], nil)) checkFatal(flow.SetSender(firstFlow, 0)) checkFatal(flow.SetStopper(secondFlow)) checkFatal(flow.SystemStart()) } func MySeparator(cur *packet.Packet, ctx flow.UserContext) bool { return cur.L3ACLPermit(l3Rules) } Flow graph: Receive Send Separate Stop Rules 20 yanff-0$ ./runpktgen.sh Pktgen:/> load step6.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step6 Modify
  • 21. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (7 of 11) … … … import “time” var rulesp unsafe.Pointer … … … l3Rules, err := packet.GetL3ACLFromORIG("rules1.conf") checkFatal(err) rulesp = unsafe.Pointer(&l3Rules) go updateSeparateRules() … … … func MySeparator(cur *packet.Packet, ctx flow.UserContext) bool { localL3Rules := (*packet.L3Rules)(atomic.LoadPointer(&rulesp)) return cur.L3ACLPermit(localL3Rules) } func updateSeparateRules() { for { time.Sleep(time.Second * 5) locall3Rules, err := packet.GetL3ACLFromORIG("rules1.conf") checkFatal(err) atomic.StorePointer(&rulesp, unsafe.Pointer(locall3Rules)) } } Flow graph: Receive Send Separate Stop updated Rules 21 yanff-0$ ./runpktgen.sh Pktgen:/> load step7.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step7 Modify To make changes in rules1.conf file it is necessary to connect to target VM in another window or run YANFF executable in screen terminal multiplexer.
  • 22. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (8 of 11) … … … const flowN = 3 … … … firstFlow, err := flow.SetReceiver(0) checkFatal(err) outputFlows, err := flow.SetSplitter(firstFlow, mySplitter, flowN, nil) checkFatal(err) checkFatal(flow.SetStopper(outputFlows[0])) for i := uint8(1); i < flowN; i++ { checkFatal(flow.SetHandler(outputFlows[i], modifyPacket[i-1], nil)) checkFatal(flow.SetSender(outputFlows[i], i-1)) } … … … func mySplitter(cur *packet.Packet, ctx flow.UserContext) uint { localL3Rules := L3Rules return cur.L3ACLPort(localL3Rules) } … … … Flow graph: Receive Stop Split Send updated Rules Send 22 yanff-0$ ./runpktgen.sh Pktgen:/> load step8.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step8 Modify Modify To make changes in rules2.conf file it is necessary to connect to target VM in another window or run YANFF executable in screen terminal multiplexer.
  • 23. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (9 of 11) … … … import "github.com/intel-go/yanff/common“ … … … firstFlow, err := flow.SetReceiver(0) checkFatal(err) outputFlows, err := flow.SetSplitter(firstFlow, mySplitter, flowN, nil) checkFatal(err) checkFatal(flow.SetStopper(outputFlows[0])) checkFatal(flow.SetHandler(outputFlows[1], myHandler, nil)) for i := uint8(1); i < flowN; i++ { checkFatal(flow.SetHandler(outputFlows[i], modifyPacket[i-1], nil)) checkFatal(flow.SetSender(outputFlows[i], i-1)) } … … … func myHandler(cur *packet.Packet, ctx flow.UserContext) { cur.EncapsulateHead(common.EtherLen, common.IPv4MinLen) cur.ParseL3() cur.GetIPv4NoCheck().SrcAddr = packet.BytesToIPv4(111, 22, 3, 0) cur.GetIPv4NoCheck().DstAddr = packet.BytesToIPv4(3, 22, 111, 0) cur.GetIPv4NoCheck().VersionIhl = 0x45 cur.GetIPv4NoCheck().NextProtoID = 0x04 } Flow graph: Receive Send Split Send updated Rules Stop Handle 23 yanff-0$ ./runpktgen.sh Pktgen:/> load step9.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step9 ModifyModify To make changes in rules2.conf file it is necessary to connect to target VM in another window or run YANFF executable in screen terminal multiplexer.
  • 24. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (10 of 11) … … … func myHandler(curV []*packet.Packet, num uint, ctx flow.UserContext) { for i := uint(0); i < num; i++ { cur := curV[i] cur.EncapsulateHead(common.EtherLen, common.IPv4MinLen) cur.ParseL3() cur.GetIPv4NoCheck().SrcAddr = packet.BytesToIPv4(111, 22, 3, 0) cur.GetIPv4NoCheck().DstAddr = packet.BytesToIPv4(3, 22, 111, 0) cur.GetIPv4NoCheck().VersionIhl = 0x45 cur.GetIPv4NoCheck().NextProtoID = 0x04 } } Flow graph: Receive Send Split Send updated Rules Stop Handle Packet vector 24 yanff-0$ ./runpktgen.sh Pktgen:/> load step10.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step10 Modify Modify To make changes in rules2.conf file it is necessary to connect to target VM in another window or run YANFF executable in screen terminal multiplexer.
  • 25. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Let’s try (11 of 11) … … … func myHandler(curV []*packet.Packet, num uint, ctx flow.UserContext) { for i := uint(0); i < num; i++ { cur := curV[i] cur.EncapsulateHead(common.EtherLen, common.IPv4MinLen) cur.ParseL3() cur.GetIPv4NoCheck().SrcAddr = packet.BytesToIPv4(111, 22, 3, 0) cur.GetIPv4NoCheck().DstAddr = packet.BytesToIPv4(3, 22, 111, 0) cur.GetIPv4NoCheck().VersionIhl = 0x45 cur.GetIPv4NoCheck().NextProtoID = 0x04 } // Some heavy computational code heavyCode() } Flow graph: Receive Send Split Send updated Rules Stop Handle Packet vector Scaling 25 yanff-0$ ./runpktgen.sh Pktgen:/> load step11.pg Pktgen:/> start 0 … Pktgen:/> quit yanff-1$ sudo ./step11 Modify Modify To make changes in rules2.conf file it is necessary to connect to target VM in another window or run YANFF executable in screen terminal multiplexer.
  • 26. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Finally: NAT 26 yanff-0$ ./runpktgen.sh Pktgen:/> load nat.pg Pktgen:/> start 0 Pktgen:/> start 1 … Pktgen:/> quit yanff-1$ ./genscripts -pktgen direct yanff-1$ sudo ../nat/main/nat -config nat.json
  • 27. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Q & A ? 27
  • 28. Copyright © 2017, Intel Corporation. All rights reserved. *Other names and brands may be claimed as the property of others. Optimization Notice 28 Optimization Notice Intel’s compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2®, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice. Notice revision #20110804
  • 29. Basic components • External (bytes inside network) • Flow (*mbufs inside rings) • Packets (as function arguments) Send (Port) Flow -> driver (loop) Receive (Port) driver (loop) -> Flow Stop Flow -> free Separate(SeparateFunction) {input stay} -> Flow Flow -> SeparateFunction -> Flow Merge {slow} Flow -> Flow -> Flow User defined functions Separate Function * -> Packet -> Boolean value -> Handle Function * -> Packet -> Flow functions Handle (SeparateFunction) {can drop} -> Stop Flow -> SeparateFunction-> Flow Generate (GenerateFunction) {can wait} GenerateFunction -> Flow Connections bool Packet functions Parsing packet fields Parse L2 or/and L3 or/and L4 levels Partition (periodicity) -> Flow Flow -> calculation -> Flow Instances (new types) Flow Abstraction without public fields, which is used for pointing connections between Flow functions. Opened by Receive / Split / Separate / Counter / Generate. Closed by Send / Merge / Stop. Packet High-level representation of network packet. Private field is *mbuf, public fields are mac / ip / data /etc: pointers to mbuf with offsets (zero copy). Is extracted before any User defined function. Can be filled after user request by Packet functions. Can be checked by Rule functions. Split Function -> Packet -> № of Flow -> uint Split (SplitFunction) {input closed} -> Flow Flow -> SplitFunction -> Flow -> Flow Checking packet fields by rule Check L2 or/and L3 or/and L4 levels • Flow: type “Flow” Init, Starting, Checking, Flow functions • Packet: type “Packet”, parsing / initializing packet functions • Rules: type “Rule”, parsing rules / checking Packet functions • User package: user defined functions Library External Components Create rule Create checking rule from json / config • Scheduler: Cloning of user defined flow functions • Asm: assembler functions added to GO • Common: technical functions shared by other components • Low: connections with DPDK C implementation Library Internal ComponentsHandle (HandleFunction) {can’t drop} Flow -> HandleFunction -> Flow Port Network door, used in Receive, Send. Initializing packet fields Initialize L2 or/and L3 or/and L4 levels Rule functions Rule Set of checking rules, used in User defined functions. Encapsulate / Decapsulate Generate Function * Packet -> * Can process vector of packets at one time All functions take packet and handling context All functions at separate cores and can be cloned
  • 31. Finally (2 of 2): ipsec • Showing ipsec example 31