Netronome, profile picture
Uploaded byNetronome
PDF, PPTX1,144 views

Host Data Plane Acceleration: SmartNIC Deployment Models

The document outlines host dataplane acceleration and various deployment models for SmartNICs, discussing the evolution from hardware switching to software-defined networking. It covers tools for datapath programmability, the roles of existing technologies such as Open vSwitch and eBPF in accelerating data paths, and the integration of P4 language for custom datapath solutions. Key points include the balance between flexibility and performance, as well as the integration efforts required for effective implementation in modern networking frameworks.

Embed presentation

Download as PDF, PPTX
© 2018 NETRONOME SYSTEMS, INC. Host Dataplane Acceleration: SmartNIC Deployment Models Simon Horman 20 August 2018
© 2018 NETRONOME SYSTEMS, INC. 2 Agenda ●  Introduction ○  Hardware and Software Switching ○  SDN Programmability ○  Host Datapath Acceleration ●  Acceleration Models ○  Existing Host Datapath Acceleration ○  Extended Datapath Acceleration ○  New Datapath Acceleration ●  Closing Remarks
© 2018 NETRONOME SYSTEMS, INC. Hardware and Software Switching
© 2018 NETRONOME SYSTEMS, INC. 4 Historically Switching Done in Hardware ●  Dedicated physical switch ●  Fast ●  Fixed feature set ●  Inflexible
© 2018 NETRONOME SYSTEMS, INC. 5 Virtualisation Moved Switching to Host ●  Desire to share network between hosts and VMs ●  Software bridging or user-space networking used to achieve this ●  Flexible ●  Slow
© 2018 NETRONOME SYSTEMS, INC. 6 SR-IOV Moved Hardware Switching to the Host ●  Embedded switch between ○  Physical Port ○  “PF” network interfaces used by host ○  VF network interfaces used by VMs ●  Performance improvement over software based switching to VMs ●  Reduced flexibility
© 2018 NETRONOME SYSTEMS, INC. 7 SDN Moved Host Switching Back into Software ●  Exploited flexibility of software ●  Many features emerged: f.e.: ○  Tunnel Termination ○  Rich flow key for matching on L2 ~ L4 ○  Packet modification possible: set packet header fields ○  Stateful Security Policies (Conntrack) ○  NAT ○  Increasing programmability ●  Slow/consumes CPU resources
© 2018 NETRONOME SYSTEMS, INC. Datapath Programmability
© 2018 NETRONOME SYSTEMS, INC. 9 SDN Programmability ●  Applications ○  Rich feature set but fixed function ○  Policy implemented at run-time, f.e. using match/action tables ○  Software is malleable, but new features require modification of application ○  f.e.: Open vSwitch, vRouter ●  Packet Movement Infrastructure ○  Allows programing of part of datapath ○  With fallback option ○  f.e.: eBPF ●  Tools ○  Allows full description of datapath ○  f.e.: P4
© 2018 NETRONOME SYSTEMS, INC. 10 NEW Tools vs. Applications
© 2018 NETRONOME SYSTEMS, INC. Host Datapath Acceleration
© 2018 NETRONOME SYSTEMS, INC. 12 Host Datapath Acceleration ●  Combine flexibility of software with performance of hardware Hardware Software Pendulum motive credit: Rashid Khan, “Red Hat’s perspective on OVS HW Offload Status”, presented at Open vSwtich 2018 Conference Host Data Plane Acceleration Fast Inflexible Flexible Slow
© 2018 NETRONOME SYSTEMS, INC. 13 Comprehensive and Proven SmartNIC Platform Agilio SmartNIC Family 10-100Gb/s, w/ 2-8GB DDR, up to 4 ARM Cores NFP Silicon Family with 36-120 cores, up to 960 processing threads Data Plane Programming Tools for Custom Feature Adds P4, C, eBPF/XDP-based Programming Layer Virtualization Layer and SDN (with standard offload) Inbox Open vSwitch (OVS) in RHEL 7.5; vRouter in Contrail Cloud 3.x/4.x Virtual Switching and Routing Next Gen EAGLE (In Concept) Next Gen KESTRE L (In Dev) VXLAN, MPLS, MPLS over GRE ACLs and Security Groups vProbes, In- band Telemetry DDoS and Load Bal Visibility using SSL-on-a-NIC Congestion and Tail Latency Reduction Basic NIC Upstreamed Linux Device Drivers Stateless Offloads, SR-IOV, DPDK, Express Virtio (XVIO) BasicNICFeatures OffloadNICFeatures ProgrammableNICFeatures NFP-5000 (In Dev)
© 2018 NETRONOME SYSTEMS, INC. Existing Open vSwitch Datapath Acceleration
© 2018 NETRONOME SYSTEMS, INC. 15 What is Open vSwitch (OVS)? ●  Production quality multilayer virtual switch ●  Widely used in conjunction with OpenStack ●  Allows policy to be describe using OpenFlow match/action tables
© 2018 NETRONOME SYSTEMS, INC. 16 OVS Datapath Open vSwitch Subsystem OVS Agent OpenFlow Virtual Machine Virtual Machine Virtual Machine x86 Kernel x86 Userspace Virtual Machine Apps Flow table miss 2 2 OVS userspace agent populates kernel cache; instructs OVS kernel DP to execute packet 1 OVS Kernel DP Match/Act Miss 1
© 2018 NETRONOME SYSTEMS, INC. 17 Agilio® OVS Datapath Acceleration Open vSwitch Subsystem OVS Agent OpenFlow Virtual Machine Virtual Machine Virtual Machine x86 Kernel x86 Userspace PCIe Virtual Machine SR-IOV Agilio SmartNIC Apps Flow table miss 2 2 OVS userspace agent populates kernel cache; instructs OVS kernel DP to execute packet 1 Open vSwitch Datapath Execute Action (e.g. Entunnel, Deliver to VM, Send to Port) 3 Offload datapath: copy match tables, sync stats 3 4 Flow tracking: per-microflow state learning 4 MissSelf Learning Exact Match Flow Tracker Miss Hit TC Kernel DP Match/Act OVS Kernel DP Match/Act Miss OVS Kernel DP Match/Act Miss 1 SR-IOV VFs / VirtIO
© 2018 NETRONOME SYSTEMS, INC. Existing eBPF Datapath Acceleration
© 2018 NETRONOME SYSTEMS, INC. 19 What is eBPF? eBPF is a simple way to extend the functionality of the kernel at runtime ●  Small kernel based machine ○  10 64bit registers ○  512 byte stack ○  Data structures known as maps (unlimited size) ○  4K BPF instructions (Bytecode) ●  Verifier to ensure kernel safe ○  no loops, not more than 4K insns, not more than 64 maps etc… ●  Can be JITed to ensure maximum performance
© 2018 NETRONOME SYSTEMS, INC. 20 Used Within Hyperscale-Not a Toy! Those who have publicly stated they are using BPF or planning to use BPF include: ●  Facebook-Load Balancing, Security ●  Netflix-Network Monitoring ●  Cilium Project ●  Cloudflare-Security ●  OVS-Virtual Switching Due to its upstream safety and kernel support BPF provides a safe, flexible and scalable networking tool.
© 2018 NETRONOME SYSTEMS, INC. 21 The Programming Model ●  LLVM is used to compile from supported languages ○  C, Go, P4 ●  When Programs are loaded ○  Verifier is called-ensure safety ○  Program is JITed-ensure perf ○  Can also be offloaded ■  nfp_bpf_jit upstream LL VM NFP verifier.c bpf_prog.go bpf_prog.elf bpf syscall USER JIT nfp_bfp_jit.c Host CPU KERNEL HARDWARE bpf_prog.p4 bpf_prog.c
© 2018 NETRONOME SYSTEMS, INC. 22 Maps: What They Are ●  Maps are key value stores ○  Can be accessed from kernel or user space ○  Used for interaction between kernel and user space programs ●  Number of different types of maps ○  Used for interaction between kernel and user space programs bpf_user.c bpf_kern.c Map
© 2018 NETRONOME SYSTEMS, INC. 23 BPF Kernel Hooks Many hooks with different purposes ●  kprobes ●  socket filters-tcpdump-old school! ●  seccomp ●  netfilter ●  TC ●  XDP(no skb-super fast!)
© 2018 NETRONOME SYSTEMS, INC. 24 Agilio eBPF Acceleration Instantiation eBPF Subsystem eBPF Agent Virtual Machine Virtual Machine Virtual Machine x86 Kernel x86 Userspace eBPF Datapath eBPF Prog. PCIe Virtual Machine SR-IOV VFs Agilio SmartNIC Apps Apps Linux Network Stack XDP eBPF Prog. vRouter Forwarding cls_bpf eBPF Prog. 1 1 Programs pre-emptively loaded into Kernel 2 JIT program, offload program and maps 2 Apps SR-IOV Apps Apps Apps Apps
© 2018 NETRONOME SYSTEMS, INC. 25 Agilio eBPF Acceleration Fallback Path eBPF Subsystem eBPF Agent Virtual Machine Virtual Machine Virtual Machine x86 Kernel x86 Userspace eBPF Datapath eBPF Prog. PCIe Virtual Machine SR-IOV Agilio SmartNIC Apps Apps Linux Network Stack XDP eBPF Prog. Miss vRouter Forwarding cls_bpf eBPF Prog. Miss SR-IOV Apps Apps Apps Apps Miss
© 2018 NETRONOME SYSTEMS, INC. 26 Offload Existing Datapath: Characteristics ●  Flexibility defined by server’s existing datapath software ○  OVS: Configure match/action tables (forwarding/policies) ○  Tungsten Fabric vRouter: Configure forwarding and policies separately ●  Integration via drivers/plugins ○  OVS: OpenStack ML2 plugin (with/without SDN controller) ○  OVS: OpenStack driver for OVN ○  TF vRouter: OpenStack driver for TF ●  Extend OpenStack to support new concept — SR-IOV path directly to VM while offloading virtual switching to NIC
© 2018 NETRONOME SYSTEMS, INC. Extended and New Datapath Acceleration
© 2018 NETRONOME SYSTEMS, INC. 28 ●  P4 is a domain specific language for describing datapaths ●  Description may be compiled into datapath What is P4?
© 2018 NETRONOME SYSTEMS, INC. Plug-in Datapath
© 2018 NETRONOME SYSTEMS, INC. 30 Extending OVS using P4/C Plugins Open vSwitch Subsystem OVS Agent OpenFlow x86 Kernel x86 Userspace PCIe Agilio SmartNIC Flow table miss OVS userspace agent populates kernel cache; instructs OVS kernel DP to execute packet Execute Action Open vSwitch Datapath Execute Action (e.g. Entunnel, Deliver to VM, Send to Port) Virtual Machine Virtual Machine Virtual Machine Offload datapath: copy match tables, sync stats OVS Kernel DP Match/Act OVS Kernel DP Match/Act Fallback Fallback Virtual Machine SR-IOV / Virtio VFs Apps netdev or DPDK Datapath Extension or Plugin P4 / C in Sandbox DP Ext. Datapath extension software SR-IOV Apps netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK 2 4 3 1 2 4 1 3 4
© 2018 NETRONOME SYSTEMS, INC. 31 Plugin in Datapath: Characteristics ●  Some flexibility ○  Easy to implement custom actions ○  Difficult to implement custom classification ○  Can implement inner protocols ●  Integration effort varies ○  Can model as custom port ○  Can model as custom action
© 2018 NETRONOME SYSTEMS, INC. P4 Datapath on SmartNIC
© 2018 NETRONOME SYSTEMS, INC. 33 Virtual Machine Virtual Machine Virtual Machine x86 Kernel x86 Userspace OVS “on” SmartNIC P4 Datapath Open vSwitch Subsystem OVS Agent OpenFlow PCIe Virtual Machine SR-IOV / Virtio VFs SR-IOV Agilio SmartNIC Apps Apps netdev or DPDK netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK Execute Action P4 Generated Datapath Execute P4 Action OVS Kernel DP Match/Act P4 Matching Fallback Fallback
© 2018 NETRONOME SYSTEMS, INC. 34 P4 Datapath on SmartNIC: Characteristics ●  Some flexibility ○  In theory easy to implement offloaded behavior ○  However, OpenFlow matching is more flexible ○  Limited to what OVS on host supports ●  Integration effort modest ○  Already done if offloading existing OVS code ○  Must extend OpenFlow and OVSDB or OVN if enhancing OVS
© 2018 NETRONOME SYSTEMS, INC. P4 Datapath In Kernel
© 2018 NETRONOME SYSTEMS, INC. 36 P4 “into” OVS Datapath Open vSwitch Subsystem OVS Agent OpenFlow Virtual Machine Virtual Machine Virtual Machine x86 Kernel x86 Userspace PCIe Virtual Machine SR-IOV / Virtio VFs SR-IOV Agilio SmartNIC Apps Apps netdev or DPDK netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK P4 Generated Datapath Execute P4/OVS Action Execute P4/OVS Action P4/OVS Matching or eBPF P4/OVS Matching or eBPF Fallback Fallback
© 2018 NETRONOME SYSTEMS, INC. 37 P4 Datapath in Kernel: Characteristics ●  Mixed flexibility ○  Easy to implement behavior ○  However, OpenFlow matching is more flexible ■  Regenerate program on demand ■  Implement program based on assumed model ●  Integration effort considerable ○  Need to re-implement OVS on P4 ○  Offloading easier once infrastructure in place
© 2018 NETRONOME SYSTEMS, INC. New Datapath
© 2018 NETRONOME SYSTEMS, INC. 39 P4 or eBPF Datapath and Control Host Code Agent Virtual Machine Virtual Machine Virtual Machine x86 Kernel x86 Userspace PCIe Virtual Machine SR-IOV / Virtio VFs SR-IOV Agilio SmartNIC Apps Apps netdev or DPDK netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK P4 Generated Datapath Execute Action Execute Action P4 or eBPF P4 Matching or eBPF… Fallback Fallback Open issues: ●  Control Protocol - could become a callable API ●  Downloading programs via OpenStack or other systems ●  Scheduling VMs to run on nodes with acceleration hardware or offloaded eBPF Calable API
© 2018 NETRONOME SYSTEMS, INC. 40 New Datapath & Control: Characteristics ●  Full flexibility ○  Easy to implement behavior ○  Can deploy completely different control plane ●  Integration effort considerable ○  New infrastructure required in OpenStack ■  ML2 plugin, Southbound protocol or API, etc...
© 2018 NETRONOME SYSTEMS, INC. Closing Remarks
© 2018 NETRONOME SYSTEMS, INC. 42 OVS Frame Rate @64k Rules+Flows
© 2018 NETRONOME SYSTEMS, INC. 43 OVS Frame Rate @64k Rules+Flows+VXLAN
© 2018 NETRONOME SYSTEMS, INC. 44 Integration / Open Sourcing Activities Area Activities Linux Drivers Driver in upstream kernel v4.5, RHEL 7.4, Ubuntu 18.04 Representor netdevs for fallback processing and SmartNIC configuration CoreNIC, eBPF, OVS offload feature evolution FreeBSD Drivers Kernel device driver implemented DPDK Drivers Poll mode driver in upstream DPDK 2.2 Open vSwitch Acceleration Integration Present in upstream using kernel TC datapath Feature coverage iteration in progress OpenStack Integration Plugins and agents to support virtual switching acceleration present in upstream Integration for OVS in process present in upstream Integration for TF vRouter in process — Juniper etc... Participation Appreciated — Join us at Linux, Open vSwitch, TF vRouter, OpenStack, p4.org, OpenSourceSDN.org
© 2018 NETRONOME SYSTEMS, INC. 45 Next Steps ●  Use Agilio SmartNICs with existing dataplanes ○  Use Agilio eBPF ○  Use Agilio OVS ○  Use Agilio vRouter ●  Program Agilio SmartNICs ○  Use APIs (on x86 servers) - with above dataplanes ○  Program in P4 and/or C (on SmartNIC/on x86) ●  Improve performance + free up server resources!
© 2018 NETRONOME SYSTEMS, INC. Thank You! More information: netronome.com

More Related Content

PDF
Stacks and Layers: Integrating P4, C, OVS and OpenStack
byOpen-NFP
 
PDF
OCP U.S. Summit 2017 Presentation
byNetronome
 
PDF
P4 Introduction
byNetronome
 
PDF
ODSA Use Case - SmartNIC
byODSA Workgroup
 
PPTX
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...
byNetronome
 
PDF
Enabling Applications to Exploit SmartNICs and FPGAs
byinside-BigData.com
 
PDF
Unifying Network Filtering Rules for the Linux Kernel with eBPF
byNetronome
 
PDF
Data Plane and VNF Acceleration Mini Summit
byOpen-NFP
 
Stacks and Layers: Integrating P4, C, OVS and OpenStack
byOpen-NFP
 
OCP U.S. Summit 2017 Presentation
byNetronome
 
P4 Introduction
byNetronome
 
ODSA Use Case - SmartNIC
byODSA Workgroup
 
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...
byNetronome
 
Enabling Applications to Exploit SmartNICs and FPGAs
byinside-BigData.com
 
Unifying Network Filtering Rules for the Linux Kernel with eBPF
byNetronome
 
Data Plane and VNF Acceleration Mini Summit
byOpen-NFP
 

What's hot

PDF
OpenContrail, Real Speed: Offloading vRouter
byOpen-NFP
 
PDF
CAPI and OpenCAPI Hardware acceleration enablement
byGanesan Narayanasamy
 
PDF
Transparent eBPF Offload: Playing Nice with the Linux Kernel
byOpen-NFP
 
PDF
FD.io - The Universal Dataplane
byOpen Networking Summit
 
PDF
Accelerating Networked Applications with Flexible Packet Processing
byOpen-NFP
 
PDF
P4 for Custom Identification, Flow Tagging, Monitoring and Control
byOpen-NFP
 
PDF
Scaling the Container Dataplane
byMichelle Holley
 
PDF
DPDK Summit 2015 - Aspera - Charles Shiflett
byJim St. Leger
 
PDF
Programmable data plane at terabit speeds
byBarefoot Networks
 
PDF
Overview of HPC Interconnects
byinside-BigData.com
 
PDF
ODSA Proof of Concept SmartNIC Speeds & Feeds
byODSA Workgroup
 
PPTX
TLDK - FD.io Sept 2016
byBenoit Hudzia
 
PDF
Energy Efficient Computing using Dynamic Tuning
byinside-BigData.com
 
PPTX
P4 to OpenDataPlane Compiler - BUD17-304
byLinaro
 
PPTX
Netsft2017 day in_life_of_nfv
byIntel
 
PPTX
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
by44CON
 
PPTX
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
byHaidee McMahon
 
PDF
BKK16-400B ODPI - Standardizing Hadoop
byLinaro
 
PDF
DPDK Summit 2015 - Sprint - Arun Rajagopal
byJim St. Leger
 
PDF
DPDK Summit - 08 Sept 2014 - Ericsson - A Multi-Socket Ferrari for NFV
byJim St. Leger
 
OpenContrail, Real Speed: Offloading vRouter
byOpen-NFP
 
CAPI and OpenCAPI Hardware acceleration enablement
byGanesan Narayanasamy
 
Transparent eBPF Offload: Playing Nice with the Linux Kernel
byOpen-NFP
 
FD.io - The Universal Dataplane
byOpen Networking Summit
 
Accelerating Networked Applications with Flexible Packet Processing
byOpen-NFP
 
P4 for Custom Identification, Flow Tagging, Monitoring and Control
byOpen-NFP
 
Scaling the Container Dataplane
byMichelle Holley
 
DPDK Summit 2015 - Aspera - Charles Shiflett
byJim St. Leger
 
Programmable data plane at terabit speeds
byBarefoot Networks
 
Overview of HPC Interconnects
byinside-BigData.com
 
ODSA Proof of Concept SmartNIC Speeds & Feeds
byODSA Workgroup
 
TLDK - FD.io Sept 2016
byBenoit Hudzia
 
Energy Efficient Computing using Dynamic Tuning
byinside-BigData.com
 
P4 to OpenDataPlane Compiler - BUD17-304
byLinaro
 
Netsft2017 day in_life_of_nfv
byIntel
 
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
by44CON
 
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
byHaidee McMahon
 
BKK16-400B ODPI - Standardizing Hadoop
byLinaro
 
DPDK Summit 2015 - Sprint - Arun Rajagopal
byJim St. Leger
 
DPDK Summit - 08 Sept 2014 - Ericsson - A Multi-Socket Ferrari for NFV
byJim St. Leger
 

Similar to Host Data Plane Acceleration: SmartNIC Deployment Models

PDF
Using Agilio SmartNICs for OpenStack Networking Acceleration
byNetronome
 
PDF
BPF Hardware Offload Deep Dive
byNetronome
 
PDF
Leveraging Network Offload to Accelerate SDN and NFV Deployments
byNetronome
 
PDF
Netronome Corporate Brochure
byNetronome
 
PDF
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
byOpen-NFP
 
PDF
Summit 16: ARM Mini-Summit - NXP QorIQ NFV Solutions - NXP Semiconductors
byOPNFV
 
PDF
pps Matters
byBangladesh Network Operators Group
 
PDF
High performance and flexible networking
byJohn Berkmans
 
PPTX
Week_3.pptxmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
byNavumGupta1
 
PDF
Open vSwitch Implementation Options
byNetronome
 
PPTX
SoC Solutions Enabling Server-Based Networking
byNetronome
 
PDF
From Fixed-Function to Programmable Switching Chip for Network Packet Broker ...
byJunho Suh
 
PDF
VSPERF BEnchmarking the Network Data Plane of NFV VDevices and VLinks
byOPNFV
 
PDF
Platforms for Accelerating the Software Defined and Virtual Infrastructure
by6WIND
 
PDF
Netronome Corporate Brochure
byCarly Steele
 
PPTX
FlowER Erlang Openflow Controller
byHolger Winkelmann
 
PPTX
2017 dagstuhl-nfv-rothenberg
byChristian Esteve Rothenberg
 
PDF
SDN/OpenFlow #lspe
byChris Westin
 
PPTX
SDN :: Software Defined Networking –2017 Executive Overview
byChristian Esteve Rothenberg
 
PDF
LF_DPDK17_OpenNetVM: A high-performance NFV platforms to meet future communic...
byLF_DPDK
 
Using Agilio SmartNICs for OpenStack Networking Acceleration
byNetronome
 
BPF Hardware Offload Deep Dive
byNetronome
 
Leveraging Network Offload to Accelerate SDN and NFV Deployments
byNetronome
 
Netronome Corporate Brochure
byNetronome
 
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
byOpen-NFP
 
Summit 16: ARM Mini-Summit - NXP QorIQ NFV Solutions - NXP Semiconductors
byOPNFV
 
pps Matters
byBangladesh Network Operators Group
 
High performance and flexible networking
byJohn Berkmans
 
Week_3.pptxmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
byNavumGupta1
 
Open vSwitch Implementation Options
byNetronome
 
SoC Solutions Enabling Server-Based Networking
byNetronome
 
From Fixed-Function to Programmable Switching Chip for Network Packet Broker ...
byJunho Suh
 
VSPERF BEnchmarking the Network Data Plane of NFV VDevices and VLinks
byOPNFV
 
Platforms for Accelerating the Software Defined and Virtual Infrastructure
by6WIND
 
Netronome Corporate Brochure
byCarly Steele
 
FlowER Erlang Openflow Controller
byHolger Winkelmann
 
2017 dagstuhl-nfv-rothenberg
byChristian Esteve Rothenberg
 
SDN/OpenFlow #lspe
byChris Westin
 
SDN :: Software Defined Networking –2017 Executive Overview
byChristian Esteve Rothenberg
 
LF_DPDK17_OpenNetVM: A high-performance NFV platforms to meet future communic...
byLF_DPDK
 

More from Netronome

PDF
Massively Parallel RISC-V Processing with Transactional Memory
byNetronome
 
PDF
eBPF/XDP
byNetronome
 
PDF
DPDK Support for New HW Offloads
byNetronome
 
PDF
OVS Hardware Offload with TC Flower
byNetronome
 
PDF
Flexible and Scalable Domain-Specific Architectures
byNetronome
 
PDF
eBPF Tooling and Debugging Infrastructure
byNetronome
 
PDF
eBPF Debugging Infrastructure - Current Techniques
byNetronome
 
PDF
Comprehensive XDP Off‌load-handling the Edge Cases
byNetronome
 
PDF
ODSA Sub-Project Launch
byNetronome
 
PPTX
Demystify eBPF JIT Compiler
byNetronome
 
PDF
Open vSwitch Offload: Conntrack and the Upstream Kernel
byNetronome
 
PDF
Offloading Linux LAG Devices Via Open vSwitch and TC
byNetronome
 
PDF
Quality of Service Ingress Rate Limiting and OVS Hardware Offloads
byNetronome
 
PDF
Efficient JIT to 32-bit Arches
byNetronome
 
PDF
Offloading TC Rules on OVS Internal Ports
byNetronome
 
PDF
The Power of SmartNICs
byNetronome
 
PDF
LFSMM Verifier Optimizations and 1 M Instructions
byNetronome
 
PDF
eBPF & Switch Abstractions
byNetronome
 
PDF
Using Network Acceleration for an Optimized Edge Cloud Server Architecture
byNetronome
 
PDF
LFSMM AF XDP Queue I-DS
byNetronome
 
Massively Parallel RISC-V Processing with Transactional Memory
byNetronome
 
eBPF/XDP
byNetronome
 
DPDK Support for New HW Offloads
byNetronome
 
OVS Hardware Offload with TC Flower
byNetronome
 
Flexible and Scalable Domain-Specific Architectures
byNetronome
 
eBPF Tooling and Debugging Infrastructure
byNetronome
 
eBPF Debugging Infrastructure - Current Techniques
byNetronome
 
Comprehensive XDP Off‌load-handling the Edge Cases
byNetronome
 
ODSA Sub-Project Launch
byNetronome
 
Demystify eBPF JIT Compiler
byNetronome
 
Open vSwitch Offload: Conntrack and the Upstream Kernel
byNetronome
 
Offloading Linux LAG Devices Via Open vSwitch and TC
byNetronome
 
Quality of Service Ingress Rate Limiting and OVS Hardware Offloads
byNetronome
 
Efficient JIT to 32-bit Arches
byNetronome
 
Offloading TC Rules on OVS Internal Ports
byNetronome
 
The Power of SmartNICs
byNetronome
 
LFSMM Verifier Optimizations and 1 M Instructions
byNetronome
 
eBPF & Switch Abstractions
byNetronome
 
Using Network Acceleration for an Optimized Edge Cloud Server Architecture
byNetronome
 
LFSMM AF XDP Queue I-DS
byNetronome
 

Recently uploaded

PDF
Adding Copilot+ PCs with Snapdragon to your HP fleet won’t require IT deploym...
byPrincipled Technologies
 
PPTX
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PDF
January Patch Tuesday
byIvanti
 
PDF
Top 5 Best Dedicated Server Providers in Los Angeles (Updated Edition)
byAtal Networks
 
PDF
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
PDF
Implementing A Data Lakehouse Using Iceberg & Spark
byAnass Nabil
 
PDF
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
PPTX
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
PPTX
Microsoft Azure News - January 2026 - BAUG
byDaniel Toomey
 
PPTX
WIFI Enabled 8 by 32 Matrix.pptx for final year project
bymdsabbirhossain524856
 
PDF
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 
PDF
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
PPTX
Becoming Frontier for Dynamics 365 Finance PPT
byjonbravetti
 
PDF
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
PDF
Presentation of Cybersecurity and data protection
bytarikaityahya2
 
PDF
Salesforce Sales Cloud and Generative AI Present a Fresh Approach to Personal...
byMinuscule Technologies
 
PPTX
congo red stain nd PAS STAIN histopathology
bybushrariaz1240
 
PPTX
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 
Adding Copilot+ PCs with Snapdragon to your HP fleet won’t require IT deploym...
byPrincipled Technologies
 
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
January Patch Tuesday
byIvanti
 
Top 5 Best Dedicated Server Providers in Los Angeles (Updated Edition)
byAtal Networks
 
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
Implementing A Data Lakehouse Using Iceberg & Spark
byAnass Nabil
 
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
Microsoft Azure News - January 2026 - BAUG
byDaniel Toomey
 
WIFI Enabled 8 by 32 Matrix.pptx for final year project
bymdsabbirhossain524856
 
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
Becoming Frontier for Dynamics 365 Finance PPT
byjonbravetti
 
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
Presentation of Cybersecurity and data protection
bytarikaityahya2
 
Salesforce Sales Cloud and Generative AI Present a Fresh Approach to Personal...
byMinuscule Technologies
 
congo red stain nd PAS STAIN histopathology
bybushrariaz1240
 
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 

Host Data Plane Acceleration: SmartNIC Deployment Models

  • 1.
    © 2018 NETRONOMESYSTEMS, INC. Host Dataplane Acceleration: SmartNIC Deployment Models Simon Horman 20 August 2018
  • 2.
    © 2018 NETRONOMESYSTEMS, INC. 2 Agenda ●  Introduction ○  Hardware and Software Switching ○  SDN Programmability ○  Host Datapath Acceleration ●  Acceleration Models ○  Existing Host Datapath Acceleration ○  Extended Datapath Acceleration ○  New Datapath Acceleration ●  Closing Remarks
  • 3.
    © 2018 NETRONOMESYSTEMS, INC. Hardware and Software Switching
  • 4.
    © 2018 NETRONOMESYSTEMS, INC. 4 Historically Switching Done in Hardware ●  Dedicated physical switch ●  Fast ●  Fixed feature set ●  Inflexible
  • 5.
    © 2018 NETRONOMESYSTEMS, INC. 5 Virtualisation Moved Switching to Host ●  Desire to share network between hosts and VMs ●  Software bridging or user-space networking used to achieve this ●  Flexible ●  Slow
  • 6.
    © 2018 NETRONOMESYSTEMS, INC. 6 SR-IOV Moved Hardware Switching to the Host ●  Embedded switch between ○  Physical Port ○  “PF” network interfaces used by host ○  VF network interfaces used by VMs ●  Performance improvement over software based switching to VMs ●  Reduced flexibility
  • 7.
    © 2018 NETRONOMESYSTEMS, INC. 7 SDN Moved Host Switching Back into Software ●  Exploited flexibility of software ●  Many features emerged: f.e.: ○  Tunnel Termination ○  Rich flow key for matching on L2 ~ L4 ○  Packet modification possible: set packet header fields ○  Stateful Security Policies (Conntrack) ○  NAT ○  Increasing programmability ●  Slow/consumes CPU resources
  • 8.
    © 2018 NETRONOMESYSTEMS, INC. Datapath Programmability
  • 9.
    © 2018 NETRONOMESYSTEMS, INC. 9 SDN Programmability ●  Applications ○  Rich feature set but fixed function ○  Policy implemented at run-time, f.e. using match/action tables ○  Software is malleable, but new features require modification of application ○  f.e.: Open vSwitch, vRouter ●  Packet Movement Infrastructure ○  Allows programing of part of datapath ○  With fallback option ○  f.e.: eBPF ●  Tools ○  Allows full description of datapath ○  f.e.: P4
  • 10.
    © 2018 NETRONOMESYSTEMS, INC. 10 NEW Tools vs. Applications
  • 11.
    © 2018 NETRONOMESYSTEMS, INC. Host Datapath Acceleration
  • 12.
    © 2018 NETRONOMESYSTEMS, INC. 12 Host Datapath Acceleration ●  Combine flexibility of software with performance of hardware Hardware Software Pendulum motive credit: Rashid Khan, “Red Hat’s perspective on OVS HW Offload Status”, presented at Open vSwtich 2018 Conference Host Data Plane Acceleration Fast Inflexible Flexible Slow
  • 13.
    © 2018 NETRONOMESYSTEMS, INC. 13 Comprehensive and Proven SmartNIC Platform Agilio SmartNIC Family 10-100Gb/s, w/ 2-8GB DDR, up to 4 ARM Cores NFP Silicon Family with 36-120 cores, up to 960 processing threads Data Plane Programming Tools for Custom Feature Adds P4, C, eBPF/XDP-based Programming Layer Virtualization Layer and SDN (with standard offload) Inbox Open vSwitch (OVS) in RHEL 7.5; vRouter in Contrail Cloud 3.x/4.x Virtual Switching and Routing Next Gen EAGLE (In Concept) Next Gen KESTRE L (In Dev) VXLAN, MPLS, MPLS over GRE ACLs and Security Groups vProbes, In- band Telemetry DDoS and Load Bal Visibility using SSL-on-a-NIC Congestion and Tail Latency Reduction Basic NIC Upstreamed Linux Device Drivers Stateless Offloads, SR-IOV, DPDK, Express Virtio (XVIO) BasicNICFeatures OffloadNICFeatures ProgrammableNICFeatures NFP-5000 (In Dev)
  • 14.
    © 2018 NETRONOMESYSTEMS, INC. Existing Open vSwitch Datapath Acceleration
  • 15.
    © 2018 NETRONOMESYSTEMS, INC. 15 What is Open vSwitch (OVS)? ●  Production quality multilayer virtual switch ●  Widely used in conjunction with OpenStack ●  Allows policy to be describe using OpenFlow match/action tables
  • 16.
    © 2018 NETRONOMESYSTEMS, INC. 16 OVS Datapath Open vSwitch Subsystem OVS Agent OpenFlow Virtual Machine Virtual Machine Virtual Machine x86 Kernel x86 Userspace Virtual Machine Apps Flow table miss 2 2 OVS userspace agent populates kernel cache; instructs OVS kernel DP to execute packet 1 OVS Kernel DP Match/Act Miss 1
  • 17.
    © 2018 NETRONOMESYSTEMS, INC. 17 Agilio® OVS Datapath Acceleration Open vSwitch Subsystem OVS Agent OpenFlow Virtual Machine Virtual Machine Virtual Machine x86 Kernel x86 Userspace PCIe Virtual Machine SR-IOV Agilio SmartNIC Apps Flow table miss 2 2 OVS userspace agent populates kernel cache; instructs OVS kernel DP to execute packet 1 Open vSwitch Datapath Execute Action (e.g. Entunnel, Deliver to VM, Send to Port) 3 Offload datapath: copy match tables, sync stats 3 4 Flow tracking: per-microflow state learning 4 MissSelf Learning Exact Match Flow Tracker Miss Hit TC Kernel DP Match/Act OVS Kernel DP Match/Act Miss OVS Kernel DP Match/Act Miss 1 SR-IOV VFs / VirtIO
  • 18.
    © 2018 NETRONOMESYSTEMS, INC. Existing eBPF Datapath Acceleration
  • 19.
    © 2018 NETRONOMESYSTEMS, INC. 19 What is eBPF? eBPF is a simple way to extend the functionality of the kernel at runtime ●  Small kernel based machine ○  10 64bit registers ○  512 byte stack ○  Data structures known as maps (unlimited size) ○  4K BPF instructions (Bytecode) ●  Verifier to ensure kernel safe ○  no loops, not more than 4K insns, not more than 64 maps etc… ●  Can be JITed to ensure maximum performance
  • 20.
    © 2018 NETRONOMESYSTEMS, INC. 20 Used Within Hyperscale-Not a Toy! Those who have publicly stated they are using BPF or planning to use BPF include: ●  Facebook-Load Balancing, Security ●  Netflix-Network Monitoring ●  Cilium Project ●  Cloudflare-Security ●  OVS-Virtual Switching Due to its upstream safety and kernel support BPF provides a safe, flexible and scalable networking tool.
  • 21.
    © 2018 NETRONOMESYSTEMS, INC. 21 The Programming Model ●  LLVM is used to compile from supported languages ○  C, Go, P4 ●  When Programs are loaded ○  Verifier is called-ensure safety ○  Program is JITed-ensure perf ○  Can also be offloaded ■  nfp_bpf_jit upstream LL VM NFP verifier.c bpf_prog.go bpf_prog.elf bpf syscall USER JIT nfp_bfp_jit.c Host CPU KERNEL HARDWARE bpf_prog.p4 bpf_prog.c
  • 22.
    © 2018 NETRONOMESYSTEMS, INC. 22 Maps: What They Are ●  Maps are key value stores ○  Can be accessed from kernel or user space ○  Used for interaction between kernel and user space programs ●  Number of different types of maps ○  Used for interaction between kernel and user space programs bpf_user.c bpf_kern.c Map
  • 23.
    © 2018 NETRONOMESYSTEMS, INC. 23 BPF Kernel Hooks Many hooks with different purposes ●  kprobes ●  socket filters-tcpdump-old school! ●  seccomp ●  netfilter ●  TC ●  XDP(no skb-super fast!)
  • 24.
    © 2018 NETRONOMESYSTEMS, INC. 24 Agilio eBPF Acceleration Instantiation eBPF Subsystem eBPF Agent Virtual Machine Virtual Machine Virtual Machine x86 Kernel x86 Userspace eBPF Datapath eBPF Prog. PCIe Virtual Machine SR-IOV VFs Agilio SmartNIC Apps Apps Linux Network Stack XDP eBPF Prog. vRouter Forwarding cls_bpf eBPF Prog. 1 1 Programs pre-emptively loaded into Kernel 2 JIT program, offload program and maps 2 Apps SR-IOV Apps Apps Apps Apps
  • 25.
    © 2018 NETRONOMESYSTEMS, INC. 25 Agilio eBPF Acceleration Fallback Path eBPF Subsystem eBPF Agent Virtual Machine Virtual Machine Virtual Machine x86 Kernel x86 Userspace eBPF Datapath eBPF Prog. PCIe Virtual Machine SR-IOV Agilio SmartNIC Apps Apps Linux Network Stack XDP eBPF Prog. Miss vRouter Forwarding cls_bpf eBPF Prog. Miss SR-IOV Apps Apps Apps Apps Miss
  • 26.
    © 2018 NETRONOMESYSTEMS, INC. 26 Offload Existing Datapath: Characteristics ●  Flexibility defined by server’s existing datapath software ○  OVS: Configure match/action tables (forwarding/policies) ○  Tungsten Fabric vRouter: Configure forwarding and policies separately ●  Integration via drivers/plugins ○  OVS: OpenStack ML2 plugin (with/without SDN controller) ○  OVS: OpenStack driver for OVN ○  TF vRouter: OpenStack driver for TF ●  Extend OpenStack to support new concept — SR-IOV path directly to VM while offloading virtual switching to NIC
  • 27.
    © 2018 NETRONOMESYSTEMS, INC. Extended and New Datapath Acceleration
  • 28.
    © 2018 NETRONOMESYSTEMS, INC. 28 ●  P4 is a domain specific language for describing datapaths ●  Description may be compiled into datapath What is P4?
  • 29.
    © 2018 NETRONOMESYSTEMS, INC. Plug-in Datapath
  • 30.
    © 2018 NETRONOMESYSTEMS, INC. 30 Extending OVS using P4/C Plugins Open vSwitch Subsystem OVS Agent OpenFlow x86 Kernel x86 Userspace PCIe Agilio SmartNIC Flow table miss OVS userspace agent populates kernel cache; instructs OVS kernel DP to execute packet Execute Action Open vSwitch Datapath Execute Action (e.g. Entunnel, Deliver to VM, Send to Port) Virtual Machine Virtual Machine Virtual Machine Offload datapath: copy match tables, sync stats OVS Kernel DP Match/Act OVS Kernel DP Match/Act Fallback Fallback Virtual Machine SR-IOV / Virtio VFs Apps netdev or DPDK Datapath Extension or Plugin P4 / C in Sandbox DP Ext. Datapath extension software SR-IOV Apps netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK 2 4 3 1 2 4 1 3 4
  • 31.
    © 2018 NETRONOMESYSTEMS, INC. 31 Plugin in Datapath: Characteristics ●  Some flexibility ○  Easy to implement custom actions ○  Difficult to implement custom classification ○  Can implement inner protocols ●  Integration effort varies ○  Can model as custom port ○  Can model as custom action
  • 32.
    © 2018 NETRONOMESYSTEMS, INC. P4 Datapath on SmartNIC
  • 33.
    © 2018 NETRONOMESYSTEMS, INC. 33 Virtual Machine Virtual Machine Virtual Machine x86 Kernel x86 Userspace OVS “on” SmartNIC P4 Datapath Open vSwitch Subsystem OVS Agent OpenFlow PCIe Virtual Machine SR-IOV / Virtio VFs SR-IOV Agilio SmartNIC Apps Apps netdev or DPDK netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK Execute Action P4 Generated Datapath Execute P4 Action OVS Kernel DP Match/Act P4 Matching Fallback Fallback
  • 34.
    © 2018 NETRONOMESYSTEMS, INC. 34 P4 Datapath on SmartNIC: Characteristics ●  Some flexibility ○  In theory easy to implement offloaded behavior ○  However, OpenFlow matching is more flexible ○  Limited to what OVS on host supports ●  Integration effort modest ○  Already done if offloading existing OVS code ○  Must extend OpenFlow and OVSDB or OVN if enhancing OVS
  • 35.
    © 2018 NETRONOMESYSTEMS, INC. P4 Datapath In Kernel
  • 36.
    © 2018 NETRONOMESYSTEMS, INC. 36 P4 “into” OVS Datapath Open vSwitch Subsystem OVS Agent OpenFlow Virtual Machine Virtual Machine Virtual Machine x86 Kernel x86 Userspace PCIe Virtual Machine SR-IOV / Virtio VFs SR-IOV Agilio SmartNIC Apps Apps netdev or DPDK netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK P4 Generated Datapath Execute P4/OVS Action Execute P4/OVS Action P4/OVS Matching or eBPF P4/OVS Matching or eBPF Fallback Fallback
  • 37.
    © 2018 NETRONOMESYSTEMS, INC. 37 P4 Datapath in Kernel: Characteristics ●  Mixed flexibility ○  Easy to implement behavior ○  However, OpenFlow matching is more flexible ■  Regenerate program on demand ■  Implement program based on assumed model ●  Integration effort considerable ○  Need to re-implement OVS on P4 ○  Offloading easier once infrastructure in place
  • 38.
    © 2018 NETRONOMESYSTEMS, INC. New Datapath
  • 39.
    © 2018 NETRONOMESYSTEMS, INC. 39 P4 or eBPF Datapath and Control Host Code Agent Virtual Machine Virtual Machine Virtual Machine x86 Kernel x86 Userspace PCIe Virtual Machine SR-IOV / Virtio VFs SR-IOV Agilio SmartNIC Apps Apps netdev or DPDK netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK Apps netdev or DPDK P4 Generated Datapath Execute Action Execute Action P4 or eBPF P4 Matching or eBPF… Fallback Fallback Open issues: ●  Control Protocol - could become a callable API ●  Downloading programs via OpenStack or other systems ●  Scheduling VMs to run on nodes with acceleration hardware or offloaded eBPF Calable API
  • 40.
    © 2018 NETRONOMESYSTEMS, INC. 40 New Datapath & Control: Characteristics ●  Full flexibility ○  Easy to implement behavior ○  Can deploy completely different control plane ●  Integration effort considerable ○  New infrastructure required in OpenStack ■  ML2 plugin, Southbound protocol or API, etc...
  • 41.
    © 2018 NETRONOMESYSTEMS, INC. Closing Remarks
  • 42.
    © 2018 NETRONOMESYSTEMS, INC. 42 OVS Frame Rate @64k Rules+Flows
  • 43.
    © 2018 NETRONOMESYSTEMS, INC. 43 OVS Frame Rate @64k Rules+Flows+VXLAN
  • 44.
    © 2018 NETRONOMESYSTEMS, INC. 44 Integration / Open Sourcing Activities Area Activities Linux Drivers Driver in upstream kernel v4.5, RHEL 7.4, Ubuntu 18.04 Representor netdevs for fallback processing and SmartNIC configuration CoreNIC, eBPF, OVS offload feature evolution FreeBSD Drivers Kernel device driver implemented DPDK Drivers Poll mode driver in upstream DPDK 2.2 Open vSwitch Acceleration Integration Present in upstream using kernel TC datapath Feature coverage iteration in progress OpenStack Integration Plugins and agents to support virtual switching acceleration present in upstream Integration for OVS in process present in upstream Integration for TF vRouter in process — Juniper etc... Participation Appreciated — Join us at Linux, Open vSwitch, TF vRouter, OpenStack, p4.org, OpenSourceSDN.org
  • 45.
    © 2018 NETRONOMESYSTEMS, INC. 45 Next Steps ●  Use Agilio SmartNICs with existing dataplanes ○  Use Agilio eBPF ○  Use Agilio OVS ○  Use Agilio vRouter ●  Program Agilio SmartNICs ○  Use APIs (on x86 servers) - with above dataplanes ○  Program in P4 and/or C (on SmartNIC/on x86) ●  Improve performance + free up server resources!
  • 46.
    © 2018 NETRONOMESYSTEMS, INC. Thank You! More information: netronome.com