This presentation will cover the basics of performance testing. Configuring systems correctly is essential to characterizing the performance of SmartNICs. The configuration of BIOS, CPU allocation, OS and VM parameters will be covered. Also, choices of traffic generators and typical test topologies will be described.
Accelerating Networked Applications with Flexible Packet ProcessingOpen-NFP
The recent surge of network I/O performance has put enormous pressure on memory and software I/O processing subsystems for many cloud and data center applications, such as key-value stores and real-time analytics frameworks. A major reason for the high memory and processing overheads is the inefficient use of these resources by network interface cards. Offloading functionality to a programmable NIC can help, but what to offload needs to be carefully chosen.
This presentation will cover a number of reusable offloading mechanisms that can help data center software processing efficiency. It will show how to implement these mechanisms in the P4 programming language and discuss their efficiency using experiments run on the Netronome Agilio-CX NIC.
Network Measurement with P4 and C on Netronome AgilioOpen-NFP
Network measurement has been playing a crucial role in network operations since it cannot only detect the anomalies, but also facilitate traffic engineering. With the recent development of P4 language, network measurement is one of the data plane applications that can benefit from the programmability enabled by P4. However, P4 does not support general purpose language structures such as for-loop, and the if-statement can only be used in its control block, and it has only a limited set of primitive actions. Hence, the current P4 has its limitations to support complicated measurement functions. In this webinar, we implement and evaluate the Count-Min sketch (used for heavy hitter detection) using the combination of P4 and C on a Netronome NFP NIC. We plan to demonstrate the flexibility and performance of the design and the C plug-in feature of Netronome NFP.
Transparent eBPF Offload: Playing Nice with the Linux KernelOpen-NFP
Netronome is developing transparent kernel acceleration based on XDP and BPF. This allows bytecode intended for kernel applications to be directly offloaded using the upstreamed nfp_bpf_jit. The talk will focus on the basics of getting an XDP environment up and running, a couple of use cases and a simple demo of Netronome’s BPF offload in action.
Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...Open-NFP
o protect the privacy of sensitive application data, we encrypt it before sending it over networks. However, we do not treat sensitive information about the network in the same way. Instead, headers are sent in plain text and leak sensitive information about the network – especially valid host addresses, type of service markings. In our research, we are developing a protocol to also encrypt Layer 3 headers. Using P4, we are able to rapidly stand up and prototype our proposed solution in real code running across real devices. In this webinar, I will introduce our approach and how we used and extended P4 functionality to stand up a prototype.
Mark Matties
The Johns Hopkins University Applied Physics Lab
Mark Matties is the Chief Scientist in the Communication and Networking Systems group at JHU APL, where he develops and evaluates SDN solutions to improve network security and performance. He holds a B.S. in Chemistry and a Ph.D. in Polymer Science and has worked for over 20 years in computing, networking, and security.
OpenContrail, Real Speed: Offloading vRouterOpen-NFP
The OpenContrail project aims to produce an open-source platform that delivers high performance software-defined networking while integrating cleanly with existing networking equipment. Netronome has added support for transparent hardware acceleration of OpenContrail's vRouter dataplane using Agilio hardware. This talk discusses the architecture of the system as well as the components we hope to open up to the broader community. We will discuss how to support transparent offload in the context of a split dataplane as well as provisioning of NFP resources required to produce a performant solution.
Stacks and Layers: Integrating P4, C, OVS and OpenStackOpen-NFP
Smart Network Interface Cards (SmartNICs) are increasingly being deployed in cloud data centers to offload inline network processing tasks from server CPUs, thereby improving system throughput while freeing up server CPU cycles for application processing. The match/action and tunnel handling semantics of SmartNIC datapaths can be either expressed directly in the P4 language, be defined by virtual switching software like Open vSwitch (implementing the semantics of a specification like OpenFlow), or by using a combination of these. This presentation compares these approaches, considering aspects like the expressiveness and performance of the resulting datapath as well how these datapath variants can be integrated into existing cloud management systems (e.g. OpenStack).
Johann Tönsing
Chief Architect & SVP, Software, Netronome
Johann is a recognized industry expert in SDN, Linux-based networking technologies, network virtualization, security, and NFV. Johann has been an active contributing member and has been nominated to leadership roles in multiple standards bodies related to SDN and NFV. As Netronome’s Chief Architect, Johann leads all aspects of Netronome’s product design and development, with heavy emphasis on advanced and open server-based networking technologies where he also holds multiple patents. He holds a Masters of Engineering in Electronics.
P4 for Custom Identification, Flow Tagging, Monitoring and ControlOpen-NFP
This tutorial will show the use of P4 on an Agilio CX intelligent server adapter (ISA) to enable identification and custom tagging for the rerouting of elastic traffic within a telecoms data center for virtualized compute nodes. The identification is done using real time dynamic measurements of flows on the ISA. Real time dynamic measurement of flows on the ISA is critical for cloud centric service models and service automation. Enabling applications such as security, root cause analysis, big data analytics, and traffic engineering to adjust the depth and complexity of flow monitoring could enable a new wave of sophisticated features and opportunities. The purpose of the talk is to illustrate how these types of applications would benefit from a P4 framework through utilizing P4 interfaces for advanced and customized flow measurements.
Nic Viljoen
Software Engineer
Nic Viljoen is a Software Engineer at Netronome, focusing on the enablement of real time analytics at the compute node in the data plane using intelligent server adapters. He is currently collaborating with the CORD project at ON.Lab to apply this within the context of the next generation mobile edge network (MCORD). Nic spent four years at the University of Cambridge where he received his undergraduate degree and an MEng in Information Engineering, focusing on Causality and Machine Learning.
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server AdaptersOpen-NFP
Commodity servers equipped with intelligent server adapters (ISAs) are being used as platforms for Network Functions Virtualization (NFV). The network traffic processing required by a specific use case is frequently expressed by forming a chain of Virtual Network Functions (VNFs). This demonstration illustrates that VNFs in the chain can be hosted on the server CPU or on the ISA. It furthermore illustrates that VNFs can be decomposed into components called Micro-VNFs, with the components again being hosted on the server CPU and/or the ISA. A P4 program (compiled to native code running on the ISA) defines the overall semantics of the datapath within an ISA equipped server and expresses how VNFs and Micro-VNFs should be composed within this platform. We show how mechanisms like tunnels and service headers programmed using P4 are employed to establish the VNF service chain across multiple network nodes.
David George
Lead Engineer, Netronome
David George is a lead engineer on the Netronome SDK team and is primarily responsible for Netronome's P4 data plane. He has previously been worked on the SDK simulator and x86 data plane components. He holds a Masters of Electrical Engineering from the University of Cape Town.
Accelerating Networked Applications with Flexible Packet ProcessingOpen-NFP
The recent surge of network I/O performance has put enormous pressure on memory and software I/O processing subsystems for many cloud and data center applications, such as key-value stores and real-time analytics frameworks. A major reason for the high memory and processing overheads is the inefficient use of these resources by network interface cards. Offloading functionality to a programmable NIC can help, but what to offload needs to be carefully chosen.
This presentation will cover a number of reusable offloading mechanisms that can help data center software processing efficiency. It will show how to implement these mechanisms in the P4 programming language and discuss their efficiency using experiments run on the Netronome Agilio-CX NIC.
Network Measurement with P4 and C on Netronome AgilioOpen-NFP
Network measurement has been playing a crucial role in network operations since it cannot only detect the anomalies, but also facilitate traffic engineering. With the recent development of P4 language, network measurement is one of the data plane applications that can benefit from the programmability enabled by P4. However, P4 does not support general purpose language structures such as for-loop, and the if-statement can only be used in its control block, and it has only a limited set of primitive actions. Hence, the current P4 has its limitations to support complicated measurement functions. In this webinar, we implement and evaluate the Count-Min sketch (used for heavy hitter detection) using the combination of P4 and C on a Netronome NFP NIC. We plan to demonstrate the flexibility and performance of the design and the C plug-in feature of Netronome NFP.
Transparent eBPF Offload: Playing Nice with the Linux KernelOpen-NFP
Netronome is developing transparent kernel acceleration based on XDP and BPF. This allows bytecode intended for kernel applications to be directly offloaded using the upstreamed nfp_bpf_jit. The talk will focus on the basics of getting an XDP environment up and running, a couple of use cases and a simple demo of Netronome’s BPF offload in action.
Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...Open-NFP
o protect the privacy of sensitive application data, we encrypt it before sending it over networks. However, we do not treat sensitive information about the network in the same way. Instead, headers are sent in plain text and leak sensitive information about the network – especially valid host addresses, type of service markings. In our research, we are developing a protocol to also encrypt Layer 3 headers. Using P4, we are able to rapidly stand up and prototype our proposed solution in real code running across real devices. In this webinar, I will introduce our approach and how we used and extended P4 functionality to stand up a prototype.
Mark Matties
The Johns Hopkins University Applied Physics Lab
Mark Matties is the Chief Scientist in the Communication and Networking Systems group at JHU APL, where he develops and evaluates SDN solutions to improve network security and performance. He holds a B.S. in Chemistry and a Ph.D. in Polymer Science and has worked for over 20 years in computing, networking, and security.
OpenContrail, Real Speed: Offloading vRouterOpen-NFP
The OpenContrail project aims to produce an open-source platform that delivers high performance software-defined networking while integrating cleanly with existing networking equipment. Netronome has added support for transparent hardware acceleration of OpenContrail's vRouter dataplane using Agilio hardware. This talk discusses the architecture of the system as well as the components we hope to open up to the broader community. We will discuss how to support transparent offload in the context of a split dataplane as well as provisioning of NFP resources required to produce a performant solution.
Stacks and Layers: Integrating P4, C, OVS and OpenStackOpen-NFP
Smart Network Interface Cards (SmartNICs) are increasingly being deployed in cloud data centers to offload inline network processing tasks from server CPUs, thereby improving system throughput while freeing up server CPU cycles for application processing. The match/action and tunnel handling semantics of SmartNIC datapaths can be either expressed directly in the P4 language, be defined by virtual switching software like Open vSwitch (implementing the semantics of a specification like OpenFlow), or by using a combination of these. This presentation compares these approaches, considering aspects like the expressiveness and performance of the resulting datapath as well how these datapath variants can be integrated into existing cloud management systems (e.g. OpenStack).
Johann Tönsing
Chief Architect & SVP, Software, Netronome
Johann is a recognized industry expert in SDN, Linux-based networking technologies, network virtualization, security, and NFV. Johann has been an active contributing member and has been nominated to leadership roles in multiple standards bodies related to SDN and NFV. As Netronome’s Chief Architect, Johann leads all aspects of Netronome’s product design and development, with heavy emphasis on advanced and open server-based networking technologies where he also holds multiple patents. He holds a Masters of Engineering in Electronics.
P4 for Custom Identification, Flow Tagging, Monitoring and ControlOpen-NFP
This tutorial will show the use of P4 on an Agilio CX intelligent server adapter (ISA) to enable identification and custom tagging for the rerouting of elastic traffic within a telecoms data center for virtualized compute nodes. The identification is done using real time dynamic measurements of flows on the ISA. Real time dynamic measurement of flows on the ISA is critical for cloud centric service models and service automation. Enabling applications such as security, root cause analysis, big data analytics, and traffic engineering to adjust the depth and complexity of flow monitoring could enable a new wave of sophisticated features and opportunities. The purpose of the talk is to illustrate how these types of applications would benefit from a P4 framework through utilizing P4 interfaces for advanced and customized flow measurements.
Nic Viljoen
Software Engineer
Nic Viljoen is a Software Engineer at Netronome, focusing on the enablement of real time analytics at the compute node in the data plane using intelligent server adapters. He is currently collaborating with the CORD project at ON.Lab to apply this within the context of the next generation mobile edge network (MCORD). Nic spent four years at the University of Cambridge where he received his undergraduate degree and an MEng in Information Engineering, focusing on Causality and Machine Learning.
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server AdaptersOpen-NFP
Commodity servers equipped with intelligent server adapters (ISAs) are being used as platforms for Network Functions Virtualization (NFV). The network traffic processing required by a specific use case is frequently expressed by forming a chain of Virtual Network Functions (VNFs). This demonstration illustrates that VNFs in the chain can be hosted on the server CPU or on the ISA. It furthermore illustrates that VNFs can be decomposed into components called Micro-VNFs, with the components again being hosted on the server CPU and/or the ISA. A P4 program (compiled to native code running on the ISA) defines the overall semantics of the datapath within an ISA equipped server and expresses how VNFs and Micro-VNFs should be composed within this platform. We show how mechanisms like tunnels and service headers programmed using P4 are employed to establish the VNF service chain across multiple network nodes.
David George
Lead Engineer, Netronome
David George is a lead engineer on the Netronome SDK team and is primarily responsible for Netronome's P4 data plane. He has previously been worked on the SDK simulator and x86 data plane components. He holds a Masters of Electrical Engineering from the University of Cape Town.
The Paxos protocol is the foundation for building many fault-tolerant distributed systems and services. Given the importance of Paxos, and performance improvements to the protocol would have a significant impact on data-center infrastructure. We argue that implementing Paxos in network devices would significantly improve its performance. This talk describes an implementation of Paxos in P4, as well as our on-going efforts to evaluate the implementation on Netronome intelligent server adapters. Implementing Paxos provides a critical use case for P4, and will help drive the requirements for data plane languages in general. In the long term, we imagine that consensus could someday be offered as a network service.
Huynh Tu Dang
Italian University of Switzerland
Huynh Tu Dang is a second-year Ph.D. student in the Faculty of Informatics at Università della Svizzera Italiana. His research focuses on fault-tolerant distributed systems and application of software-defined networking (SDN). Previously, he worked as a research assistant at Ho Chi Minh International University and was an intern at INRIA, Nice-Sophia Antipolis on BtrPlace project. He received his Bachelor's degree from the School of Computer Science and Engineering at Ho Chi Minh International University.
Data Plane and VNF Acceleration Mini Summit Open-NFP
This event will deliver technical sessions related to the acceleration of server-based networking data planes and VNFs using SmartNIC hardware within the framework of the NFVi and orchestration components in the OPNFV Danube software platform. Virtual switching data planes using Open vSwitch (OVS) and FD.IO (with VPP) will be discussed and offload architectures for such data planes into SmartNIC platforms will be presented. Extension of such data planes for VNF specific requirements utilizing micro-VNF sandbox functions utilizing P4 and/or C language programming will be presented and discussed. Early work defining VNF acceleration architectures and APIs for SmartNIC-accelerated data planes and VNF sandbox extensions will be presented and discussed, followed by a proposal to create a collaborative project to complete the definition of such an API within the frameworks of OPNFV and ETSI. In addition, a proposal for a Pharos community lab related VNF acceleration will be put forward by the Open-NFP organization.
Comprehensive XDP Offload-handling the Edge CasesNetronome
While XDP is less complex to offload than other forms of kernel functionality due to the fact that it sits at the bottom of the stack, there are a number of items that lead to complexity when dealing with XDP offload. This talk will explore some of the ideas around how to implement these concepts as well as share some of the results we have seen while implementing offload on a 32 bit architecture.
In this talk we discuss the mechanisms of utilizing the eBPF language to perform hardware accelerated network packet manipulation and filtering. P4 programs can be compiled into eBPF scripts for offload in the Linux kernel using the Traffic Classifier (TC) subsystem. We demonstrate how, using eBPF as an intermediate language, it has been possible to extend the TC to either Just In Time (JIT) compile eBPF code to x86 assembler for software offload or to IXP byte code for execution in a trusted hardware environment within the Netronome Agilio intelligent server adapter. We finish by encouraging the audience to experiment with their own eBPF applications within the TC hardware accelerated system. The TC kernel patches are available on the Linux Kernel Networking mailing list as a Request For Comment (RFC) contribution.
Dinan Gunawardena, Director, Software Engineering, Netronome
Dinan Gunawardena is a Software Director focusing on running the driver team at Netronome. Previously, Dinan founded a software startup and was a Senior Research Engineer within the Operating Systems and Networking Group at Microsoft Research for 12 years, shipping technology in several versions of Microsoft Windows and the Bing Search Engine. Dinan has received over 20 patents and is a Chartered Software Engineer. Dinan has a Masters in Computer Science from University of Cambridge and a M.B.A. from WBS.
Jakub Kicinski, Software Engineering, Netronome
Jakub Kicinski is a Software Engineer specializing in the Linux Kernel drivers for Netronome SmartNICs. Jakub has previously worked as an intern for Intel Corporation. Jakub is also a researcher with expertise in Linux kernel. Experience in application development on complex multi-CPU and FPGA platforms. He is interested in high-performance software exploiting hardware capabilities and is passionate about networking. Jakub has a Masters in Computer Science from Gdansk University of Technology.
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...Netronome
From the Infra//Structure Conference May 2019 by Ron Renwick of Netronome
Disaggregation a Primer:
Optimizing design for Edge Cloud & Bare Metal applications
Hyperscalers and Edge Cloud providers have recognized economic value of disaggregated infrastructure. Netronome Agilio SmartNICs enable disaggregated architectures to perform with up to 30x lower tail latency while encrypting every session using KTLS security.
Cilium - Fast IPv6 Container Networking with BPF and XDPThomas Graf
We present a new open source project which provides IPv6 networking for Linux Containers by generating programs for each individual container on the fly and then runs them as JITed BPF code in the kernel. By generating and compiling the code, the program is reduced to the minimally required feature set and then heavily optimised by the compiler as parameters become plain variables. The upcoming addition of the Express Data Plane (XDP) to the kernel will make this approach even more efficient as the programs will get invoked directly from the network driver.
This work presents a P4 compiler backend targeting XDP, the eXpress Data Path. P4 is a domain-specific language describing how packets are processed by the data plane of a programmable network elements. XDP is designed for users who want programmability as well as performance.
https://github.com/williamtu/p4c-xdp/
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondAnne Nicolas
Berkeley Packet Filter is an old friend for most people that deal with network under Linux. But its extended version eBPF is completely redefining the scope of usage and interaction with the kernel. It can indeed be used to instrument most parts of the kernel. This goes from network tracing to process or I/O monitoring.
This talk will provide an overview of eBPF, from concept to tools like BCC. It will then focus on XDP for eXtreme Data Path and the possible applications in term of networking provided by this new framework.
Eric Leblond, Stamus Network
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
The Linux packet filtering technology, iptables, has its roots in times when networking was relatively simple and network bandwidth was measured in mere megabits. Emerging technologies, such as distributed NAT, overlay networks and containers require enhanced functionality and additional flexibility. In parallel, the next generation of network cards with speeds of 40Gb and 100Gb will put additional pressure on performance.
In the upcoming Red Hat Enterprise Linux 7, a new dynamic firewall service, FirewallD, is planned to provide greater flexibility over iptables by eliminating service disruptions during rule updates, abstraction, and support for different network trust zones. Additionally, a new virtual machine-based packet filtering technology, nftables, addresses the functionality and flexibility requirements of modern network workloads.
In this session you’ll:
Deep dive into the newly introduced packet filtering capabilities of Red Hat Enterprise Linux 7 beta.
Learn best practices.
See the new set of configuration utilities that allow new optimization possibilities.
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
Container runtimes cause Linux to return to its original purpose: to serve applications interacting directly with the kernel. At the same time, the Linux kernel is traditionally difficult to change and its development process is full of myths. A new efficient in-kernel programming language called eBPF is changing this and allows everyone to extend existing kernel components or glue them together in new forms without requiring to change the kernel itself.
This presentation introduces Data Plane Development Kit overview and basics. It is a part of a Network Programming Series.
First, the presentation focuses on the network performance challenges on the modern systems by comparing modern CPUs with modern 10 Gbps ethernet links. Then it touches memory hierarchy and kernel bottlenecks.
The following part explains the main DPDK techniques, like polling, bursts, hugepages and multicore processing.
DPDK overview explains how is the DPDK application is being initialized and run, touches lockless queues (rte_ring), memory pools (rte_mempool), memory buffers (rte_mbuf), hashes (rte_hash), cuckoo hashing, longest prefix match library (rte_lpm), poll mode drivers (PMDs) and kernel NIC interface (KNI).
At the end, there are few DPDK performance tips.
Tags: access time, burst, cache, dpdk, driver, ethernet, hub, hugepage, ip, kernel, lcore, linux, memory, pmd, polling, rss, softswitch, switch, userspace, xeon
Using open source tools for network device dataplane testing.
Our experiences from redGuardian DDoS mitigation scrubber testing.
Presented at PLNOG 20 (2018).
Cilium - Container Networking with BPF & XDPThomas Graf
This talk demonstrates that programmability and performance does not require user space networking, it can be achieved in the kernel by generating BPF programs and leveraging the existing kernel subsystems. We will demo an early prototype which provides fast IPv6 & IPv4 connectivity to containers, container labels based security policy with avg cost O(1), and debugging and monitoring based on the per-cpu perf ring buffer. We encourage a lively discussion on the approach taken and next steps.
Kernel Recipes 2018 - XDP: a new fast and programmable network layer - Jesper...Anne Nicolas
This talk will introduce XDP (eXpress Data Path), and explain how this is essentially a new (programmable) network layer in-front of the existing network stack. Then it will dive into the details of the new XDP redirect feature, which goes beyond forwarding packets out other NIC devices.
The eXpress Data Path (XDP) has been gradually integrated into the Linux kernel over several releases. XDP offers fast and programmable packet processing in kernel context. The operating system kernel itself provides a safe execution environment for custom packet processing applications, in form of eBPF programs, executed in device driver context. XDP provides a fully integrated solution working in concert with the kernel’s networking stack. Applications are written in higher level languages such as C and compiled via LLVM into eBPF bytecode which the kernel statically analyses for safety, and JIT translates into native instructions. This is an alternative approach, compared to kernel bypass mechanisms (like DPDK and netmap).
Slides at OpenStack Summit 2017 Sydney
Session Info and Video: https://www.openstack.org/videos/sydney-2017/100gbps-openstack-for-providing-high-performance-nfv
The Paxos protocol is the foundation for building many fault-tolerant distributed systems and services. Given the importance of Paxos, and performance improvements to the protocol would have a significant impact on data-center infrastructure. We argue that implementing Paxos in network devices would significantly improve its performance. This talk describes an implementation of Paxos in P4, as well as our on-going efforts to evaluate the implementation on Netronome intelligent server adapters. Implementing Paxos provides a critical use case for P4, and will help drive the requirements for data plane languages in general. In the long term, we imagine that consensus could someday be offered as a network service.
Huynh Tu Dang
Italian University of Switzerland
Huynh Tu Dang is a second-year Ph.D. student in the Faculty of Informatics at Università della Svizzera Italiana. His research focuses on fault-tolerant distributed systems and application of software-defined networking (SDN). Previously, he worked as a research assistant at Ho Chi Minh International University and was an intern at INRIA, Nice-Sophia Antipolis on BtrPlace project. He received his Bachelor's degree from the School of Computer Science and Engineering at Ho Chi Minh International University.
Data Plane and VNF Acceleration Mini Summit Open-NFP
This event will deliver technical sessions related to the acceleration of server-based networking data planes and VNFs using SmartNIC hardware within the framework of the NFVi and orchestration components in the OPNFV Danube software platform. Virtual switching data planes using Open vSwitch (OVS) and FD.IO (with VPP) will be discussed and offload architectures for such data planes into SmartNIC platforms will be presented. Extension of such data planes for VNF specific requirements utilizing micro-VNF sandbox functions utilizing P4 and/or C language programming will be presented and discussed. Early work defining VNF acceleration architectures and APIs for SmartNIC-accelerated data planes and VNF sandbox extensions will be presented and discussed, followed by a proposal to create a collaborative project to complete the definition of such an API within the frameworks of OPNFV and ETSI. In addition, a proposal for a Pharos community lab related VNF acceleration will be put forward by the Open-NFP organization.
Comprehensive XDP Offload-handling the Edge CasesNetronome
While XDP is less complex to offload than other forms of kernel functionality due to the fact that it sits at the bottom of the stack, there are a number of items that lead to complexity when dealing with XDP offload. This talk will explore some of the ideas around how to implement these concepts as well as share some of the results we have seen while implementing offload on a 32 bit architecture.
In this talk we discuss the mechanisms of utilizing the eBPF language to perform hardware accelerated network packet manipulation and filtering. P4 programs can be compiled into eBPF scripts for offload in the Linux kernel using the Traffic Classifier (TC) subsystem. We demonstrate how, using eBPF as an intermediate language, it has been possible to extend the TC to either Just In Time (JIT) compile eBPF code to x86 assembler for software offload or to IXP byte code for execution in a trusted hardware environment within the Netronome Agilio intelligent server adapter. We finish by encouraging the audience to experiment with their own eBPF applications within the TC hardware accelerated system. The TC kernel patches are available on the Linux Kernel Networking mailing list as a Request For Comment (RFC) contribution.
Dinan Gunawardena, Director, Software Engineering, Netronome
Dinan Gunawardena is a Software Director focusing on running the driver team at Netronome. Previously, Dinan founded a software startup and was a Senior Research Engineer within the Operating Systems and Networking Group at Microsoft Research for 12 years, shipping technology in several versions of Microsoft Windows and the Bing Search Engine. Dinan has received over 20 patents and is a Chartered Software Engineer. Dinan has a Masters in Computer Science from University of Cambridge and a M.B.A. from WBS.
Jakub Kicinski, Software Engineering, Netronome
Jakub Kicinski is a Software Engineer specializing in the Linux Kernel drivers for Netronome SmartNICs. Jakub has previously worked as an intern for Intel Corporation. Jakub is also a researcher with expertise in Linux kernel. Experience in application development on complex multi-CPU and FPGA platforms. He is interested in high-performance software exploiting hardware capabilities and is passionate about networking. Jakub has a Masters in Computer Science from Gdansk University of Technology.
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...Netronome
From the Infra//Structure Conference May 2019 by Ron Renwick of Netronome
Disaggregation a Primer:
Optimizing design for Edge Cloud & Bare Metal applications
Hyperscalers and Edge Cloud providers have recognized economic value of disaggregated infrastructure. Netronome Agilio SmartNICs enable disaggregated architectures to perform with up to 30x lower tail latency while encrypting every session using KTLS security.
Cilium - Fast IPv6 Container Networking with BPF and XDPThomas Graf
We present a new open source project which provides IPv6 networking for Linux Containers by generating programs for each individual container on the fly and then runs them as JITed BPF code in the kernel. By generating and compiling the code, the program is reduced to the minimally required feature set and then heavily optimised by the compiler as parameters become plain variables. The upcoming addition of the Express Data Plane (XDP) to the kernel will make this approach even more efficient as the programs will get invoked directly from the network driver.
This work presents a P4 compiler backend targeting XDP, the eXpress Data Path. P4 is a domain-specific language describing how packets are processed by the data plane of a programmable network elements. XDP is designed for users who want programmability as well as performance.
https://github.com/williamtu/p4c-xdp/
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondAnne Nicolas
Berkeley Packet Filter is an old friend for most people that deal with network under Linux. But its extended version eBPF is completely redefining the scope of usage and interaction with the kernel. It can indeed be used to instrument most parts of the kernel. This goes from network tracing to process or I/O monitoring.
This talk will provide an overview of eBPF, from concept to tools like BCC. It will then focus on XDP for eXtreme Data Path and the possible applications in term of networking provided by this new framework.
Eric Leblond, Stamus Network
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
The Linux packet filtering technology, iptables, has its roots in times when networking was relatively simple and network bandwidth was measured in mere megabits. Emerging technologies, such as distributed NAT, overlay networks and containers require enhanced functionality and additional flexibility. In parallel, the next generation of network cards with speeds of 40Gb and 100Gb will put additional pressure on performance.
In the upcoming Red Hat Enterprise Linux 7, a new dynamic firewall service, FirewallD, is planned to provide greater flexibility over iptables by eliminating service disruptions during rule updates, abstraction, and support for different network trust zones. Additionally, a new virtual machine-based packet filtering technology, nftables, addresses the functionality and flexibility requirements of modern network workloads.
In this session you’ll:
Deep dive into the newly introduced packet filtering capabilities of Red Hat Enterprise Linux 7 beta.
Learn best practices.
See the new set of configuration utilities that allow new optimization possibilities.
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
Container runtimes cause Linux to return to its original purpose: to serve applications interacting directly with the kernel. At the same time, the Linux kernel is traditionally difficult to change and its development process is full of myths. A new efficient in-kernel programming language called eBPF is changing this and allows everyone to extend existing kernel components or glue them together in new forms without requiring to change the kernel itself.
This presentation introduces Data Plane Development Kit overview and basics. It is a part of a Network Programming Series.
First, the presentation focuses on the network performance challenges on the modern systems by comparing modern CPUs with modern 10 Gbps ethernet links. Then it touches memory hierarchy and kernel bottlenecks.
The following part explains the main DPDK techniques, like polling, bursts, hugepages and multicore processing.
DPDK overview explains how is the DPDK application is being initialized and run, touches lockless queues (rte_ring), memory pools (rte_mempool), memory buffers (rte_mbuf), hashes (rte_hash), cuckoo hashing, longest prefix match library (rte_lpm), poll mode drivers (PMDs) and kernel NIC interface (KNI).
At the end, there are few DPDK performance tips.
Tags: access time, burst, cache, dpdk, driver, ethernet, hub, hugepage, ip, kernel, lcore, linux, memory, pmd, polling, rss, softswitch, switch, userspace, xeon
Using open source tools for network device dataplane testing.
Our experiences from redGuardian DDoS mitigation scrubber testing.
Presented at PLNOG 20 (2018).
Cilium - Container Networking with BPF & XDPThomas Graf
This talk demonstrates that programmability and performance does not require user space networking, it can be achieved in the kernel by generating BPF programs and leveraging the existing kernel subsystems. We will demo an early prototype which provides fast IPv6 & IPv4 connectivity to containers, container labels based security policy with avg cost O(1), and debugging and monitoring based on the per-cpu perf ring buffer. We encourage a lively discussion on the approach taken and next steps.
Kernel Recipes 2018 - XDP: a new fast and programmable network layer - Jesper...Anne Nicolas
This talk will introduce XDP (eXpress Data Path), and explain how this is essentially a new (programmable) network layer in-front of the existing network stack. Then it will dive into the details of the new XDP redirect feature, which goes beyond forwarding packets out other NIC devices.
The eXpress Data Path (XDP) has been gradually integrated into the Linux kernel over several releases. XDP offers fast and programmable packet processing in kernel context. The operating system kernel itself provides a safe execution environment for custom packet processing applications, in form of eBPF programs, executed in device driver context. XDP provides a fully integrated solution working in concert with the kernel’s networking stack. Applications are written in higher level languages such as C and compiled via LLVM into eBPF bytecode which the kernel statically analyses for safety, and JIT translates into native instructions. This is an alternative approach, compared to kernel bypass mechanisms (like DPDK and netmap).
Slides at OpenStack Summit 2017 Sydney
Session Info and Video: https://www.openstack.org/videos/sydney-2017/100gbps-openstack-for-providing-high-performance-nfv
Improving Kafka at-least-once performance at UberYing Zheng
At Uber, we are seeing an increasing demand for Kafka at-least-once delivery (asks=all). So far, we are running a dedicated at-least-once Kafka cluster with special settings. With a very low workload, the dedicated at-least-once cluster has been working well for more than a year. When trying to allow at-least-once producing on the regular Kafka clusters, the producing performance was the main concern. We spent some effort on this issue in the recent months, and managed to reduce at-least-once producer latency by about 80% with code changes and configuration tuning. When acks=0, these improvements also help increasing Kafka throughput and reducing Kafka end-to-end latency.
How Stream Processing Engines could take advantage of the modern hardware? What are the challenges and what the opportunities?
Presented by: Panagiotis Savvaidis, Andreas Kallinteris
Paper referred: https://jeyhunkarimov.github.io/assets/publications/zeuch-analyzing-efficient-stream-processing-on-modern-hardware.pdf
The linux kernel has two distinct ways of managing idle. The CPUidle framework for CPUs and for all other devices: runtime PM combined with generic power domains (genpd). In addition, CPUidle is not scaling well for multi-cluster SMP systems and heterogeneous systems like big.LITTLE. To better manage idle for modern SoCs with a hierarchical structure, we are exploring extending runtime PM and genpd to CPUs so there is a unified framework for managing idle across all devices.
Slide at OpenStack Summit 2018 Vancouver
Session Info and Video: https://www.openstack.org/videos/vancouver-2018/can-we-boost-more-hpc-performance-integrate-ibm-power-servers-with-gpus-to-openstack-environment
This session will cover performance-related developments in Red Hat Gluster Storage 3 and share best practices for testing, sizing, configuration, and tuning.
Join us to learn about:
Current features in Red Hat Gluster Storage, including 3-way replication, JBOD support, and thin-provisioning.
Features that are in development, including network file system (NFS) support with Ganesha, erasure coding, and cache tiering.
New performance enhancements related to the area of remote directory memory access (RDMA), small-file performance, FUSE caching, and solid state disks (SSD) readiness.
The engineering challenges of designing for low latency execution include tightly controlling the time it takes to detect the onset of latency excursion and a diagnosis of its most likely cause. In modern x-as-a-service (XaaS) forms of distributed applications, the points at which latency is experienced by a service consumer are separated by many layers of modular abstractions from the underlying system hardware. This separation makes it difficult to pinpoint the causes of latency pushouts and to apply corrective actions in a timely manner. The classic performance methodology to profile ‘cycles’ of work may be broadly successful in extracting higher levels of latency, but not very effective in determining causes of short-duration latency surges; and, to determine that, it is frequently necessary to:
• trace execution
• pinpoint when a significant latency stretch out occurs
• establish its correlation with a nearby precursor or a set of precursor events
Each of these steps can incur significant overheads; further, one has to be concerned that even modest overheads from tracing risk contributing to tail latencies. Not just the detection of the onset of a latency excursion, but the identification of why it occurs must be completed quickly so that if a corrective action is possible, it can be taken promptly. Similarly, if no recourse to curb the latency of a slice of computation is available at some point in time, then it is ideal that steps to minimize the impact of the exception are put into effect as early as possible
In our talk, we present an approach that complements the very low overhead software tracing provided by KUtrace. It uses eBPF to trigger a collection of additional data at very low overhead from the hardware performance monitoring unit (PMU) so that latency excursions within a span of execution can be examined in a timely manner. We will describe the use of PMU capabilities like precise events-based sampling (PEBS) and timed last branch records (Timed LBRs) in close proximity to events of interest to extract critical clues. We will further discuss planned future work to integrate in-band network telemetry (INT) into these tracing flows.
In the last two years, Netflix has seen a mass migration to Spark from Pig and other MR engines. This talk will focus on the challenges of that migration and the work that has made it possible. This will include contributions that Netflix has made to Spark to enable wider adoption and on-going projects to make Spark appeal to a broader range of analysts, beyond data and ML engineers.
Speaker Ryan Blue
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farmAnne Nicolas
Building a full kernel takes time but is often necessary during development or when backporting patches. The nature of the kernel makes it easy to distribute its build on multiple cheap machines. This presentation will explain how to set up a build farm based on cost, size, and performance.
Willy Tarreau, HaProxy
Many companies build new-age KVM clouds, only to find out that their applications & workloads do not perform well. In this talk we’ll show you how to get the most out of your KVM cloud and how to optimize it for performance: You’ll understand why performance matters and how to measure it properly. We’ll teach you how to optimize CPU and memory for ultimate performance and how to tune the storage layer for performance. You’ll find out what are the main components of an efficient new-age cloud and which network components work best. In addition, you’ll learn how to select the right hardware to achieve unmatched performance for your new-age cloud and applications.
Venko Moyankov is an experienced system administrator and solutions architect at StorPool storage. He has experience with managing large virtualizations, working in telcos, designing and supporting the infrastructure of large enterprises. In the last year, his focus has been in helping companies globally to build the best storage solution according to their needs and projects.
Optimizing Servers for High-Throughput and Low-Latency at DropboxScyllaDB
I'm going to discuss the efficiency/performance optimizations of different layers of the system. Starting from the lowest levels like hardware and drivers: these tunings can be applied to pretty much any high-load server. Then we’ll move to Linux kernel and its TCP/IP stack: these are the knobs you want to try on any of your TCP-heavy boxes. Finally, we’ll discuss library and application-level tunings, which are mostly applicable to HTTP servers in general and nginx/envoy specifically.
For each potential area of optimization I’ll try to give some background on latency/throughput tradeoffs (if any), monitoring guidelines, and, finally, suggest tunings for different workloads.
Also, I'll cover more theoretical approaches to performance analysis and the newly developed tooling like `bpftrace` and new `perf` features.
Similar to Measuring a 25 and 40Gb/s Data Plane (20)
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar