This document discusses Netronome's Agilio server-based networking solutions that use SmartNICs to offload networking functions from server CPUs. This allows more server cores to be used for applications and reduces data center costs. Specifically, it can achieve 5x higher throughput and use 80% less CPU resources compared to legacy server-based networking solutions. Netronome aims to help data center operators innovate more rapidly and lower costs through its intelligent server networking approach.
In this talk, we outline a kernel and upstream centric approach to data plane acceleration using an upstream SmartNIC BPF JIT. This allows extended Berkeley Packet Filter (eBPF) bytecode to be transparently offloaded to the SmartNIC from either the Traffic Control (TC) or Express Data Path (XDP) hooks in the kernel and could be used for applications such as DoS protection, load balancing and software switching e.g., Open vSwitch (OVS). We then follow this by outlining the proposed ICONICS OCP contribution related to an open approach for reconfiguration using directly compiled SmartNIC programs in situations where BPF bytecode alone is not sufficient to accommodate changing semantics in the network.
Netronome invented the flexible network flow processor and hardware-accelerated server-based networking. Learn more from Netronome's Corporate Brochure.
Kernel advantages for Istio realized with CiliumCynthia Thomas
Istio brings a myriad of options to provide routing rules, encryption, and monitoring for microservices, typically in container environments. Cilium provides accelerated network security using a modern kernel technology called BPF. Put the two together and what do you get? A distributed security solution enabling microservices traffic management, security, and monitoring while enforcing policy as close to the microservices as possible.
Cynthia Thomas and Romain Lenglet discuss the architectural and performance benefits of using Cilium with Istio and provide a demo of this BPF-based, Linux kernel technology. Cilium provides an API-aware security solution that can make a decision on every single microservice flow, with the ability to enforce protocols such as HTTP, Kafka, and gRPC. By addressing security policy at the API layer, you can enforce policy efficiently with kernel capabilities while reducing the attack surface in a microservices deployment.
Leveraging Network Offload to Accelerate SDN and NFV DeploymentsNetronome
Ron Renwick, Director of Product Marketing and Product Line Manager, presents "Leveraging Network Offload to Accelerate SDN and NFV Deployments," at Layer123 SDN NFV World Congress 2017. Watch the video replay on the Netronome YouTube channel: https://youtu.be/V7cRv12pDsc
Unifying Network Filtering Rules for the Linux Kernel with eBPFNetronome
At the core of fast network packet processing lies the ability to filter packets, or in other words, to apply a set of rules on packets, usually consisting of a pattern to match (L2 to L4 source and destination addresses and ports, protocols, etc.) and corresponding actions (redirect to a given queue, or drop the packet, etc.). Over the years, several filtering frameworks have been added to Linux. While at the lower level, ethtool can be used to configure N-tuple rules on the receive side for the hardware, the upper layers of the stack got equipped with rules for firewalling (Netfilter), traffic shaping (TC), or packet switching (Open vSwitch for example).
In this presentation, Quentin Monnet reviewed the needs for those filtering frameworks and the particularities of each one. Then focuses on the changes brought by eBPF and XDP in this landscape: as BPF programs allow for very flexible processing and can be attached very low in the stack—at the driver level, or even run on the NIC itself—they offer filtering capabilities with no precedent in terms of performance and versatility in the kernel. Lastly, the third part explores potential leads in order to create bridges between the different rule formats and to make it easier for users to build their filtering eBPF programs.
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...44CON
Data Center security has been forced to reinvent itself as software complexity increases, networking capabilities grow more agile, and attack complexity turns unmanageable. With this change, the need for security policy enforcement to be handled at the edge has pushed functionality onto host compute systems, resulting in inherent performance loss and security weakness due to consolidation of resources.
In the first part of the talk we will be presenting a SmartNIC-based model for data-center security that solves both the performance problem and the security problems of edge-centric policy models. The model features a more robust isolation of responsibilities, superior offload capabilities, significantly better scaling of policy, and unique visibility opportunities.
To illustrate this, we present a SmartNIC-based reference architecture for network layout, as well as examples of SmartNIC security controls and their resulting threat models.
The second part of the talk will unveil a new innovative technique for tamper proof host introspection as SmartNICs are in a unique position to analyze and inspect the memory of the host to which they are attached. Normally, this functionality is reserved for a hypervisor, where it is known as ‘guest introspection’ or ‘virtual-machine introspection’. With host introspection, security controls no longer live in the hypervisor, but on the SmartNIC itself, on a separate trust domain. In this way, the visibility normally achieved with guest introspection can be performed for the entire host memory in an isolated and secure area. In order for host introspection to work in the same way as guest introspection, memory is DMA transferred in bursts over the PCI-e bus that attaches the SmartNIC to the host. As this method can be subverted to hide unwanted software, we will demonstrate a novel approach to tamper proof the acquisition of memory and for performing live introspection.
Host introspection complements the network controls implemented using the SmartNIC by enabling the measurement of the integrity and the behavior of workloads (virtual machines, containers, bare metal servers) to identify possible indicators of compromise. The visibility and context gained also enhances the granularity of network controls, resulting in measurably better security for the data center compared to traditional software-only based controls.
Pankur Agarwal and Muthurajan (M Jay) Jayakumar offered a hands-on lab for Network Service Benchmarking (NSB). NSB extends the yardstick framework to do VNF characterization and benchmarking in three different execution environments - bare metal i.e., native Linux environment, standalone virtual environment, and managed virtualized environment (e.g., OpenStack, etc.). This is part 1 - the introduction.
In this talk, we outline a kernel and upstream centric approach to data plane acceleration using an upstream SmartNIC BPF JIT. This allows extended Berkeley Packet Filter (eBPF) bytecode to be transparently offloaded to the SmartNIC from either the Traffic Control (TC) or Express Data Path (XDP) hooks in the kernel and could be used for applications such as DoS protection, load balancing and software switching e.g., Open vSwitch (OVS). We then follow this by outlining the proposed ICONICS OCP contribution related to an open approach for reconfiguration using directly compiled SmartNIC programs in situations where BPF bytecode alone is not sufficient to accommodate changing semantics in the network.
Netronome invented the flexible network flow processor and hardware-accelerated server-based networking. Learn more from Netronome's Corporate Brochure.
Kernel advantages for Istio realized with CiliumCynthia Thomas
Istio brings a myriad of options to provide routing rules, encryption, and monitoring for microservices, typically in container environments. Cilium provides accelerated network security using a modern kernel technology called BPF. Put the two together and what do you get? A distributed security solution enabling microservices traffic management, security, and monitoring while enforcing policy as close to the microservices as possible.
Cynthia Thomas and Romain Lenglet discuss the architectural and performance benefits of using Cilium with Istio and provide a demo of this BPF-based, Linux kernel technology. Cilium provides an API-aware security solution that can make a decision on every single microservice flow, with the ability to enforce protocols such as HTTP, Kafka, and gRPC. By addressing security policy at the API layer, you can enforce policy efficiently with kernel capabilities while reducing the attack surface in a microservices deployment.
Leveraging Network Offload to Accelerate SDN and NFV DeploymentsNetronome
Ron Renwick, Director of Product Marketing and Product Line Manager, presents "Leveraging Network Offload to Accelerate SDN and NFV Deployments," at Layer123 SDN NFV World Congress 2017. Watch the video replay on the Netronome YouTube channel: https://youtu.be/V7cRv12pDsc
Unifying Network Filtering Rules for the Linux Kernel with eBPFNetronome
At the core of fast network packet processing lies the ability to filter packets, or in other words, to apply a set of rules on packets, usually consisting of a pattern to match (L2 to L4 source and destination addresses and ports, protocols, etc.) and corresponding actions (redirect to a given queue, or drop the packet, etc.). Over the years, several filtering frameworks have been added to Linux. While at the lower level, ethtool can be used to configure N-tuple rules on the receive side for the hardware, the upper layers of the stack got equipped with rules for firewalling (Netfilter), traffic shaping (TC), or packet switching (Open vSwitch for example).
In this presentation, Quentin Monnet reviewed the needs for those filtering frameworks and the particularities of each one. Then focuses on the changes brought by eBPF and XDP in this landscape: as BPF programs allow for very flexible processing and can be attached very low in the stack—at the driver level, or even run on the NIC itself—they offer filtering capabilities with no precedent in terms of performance and versatility in the kernel. Lastly, the third part explores potential leads in order to create bridges between the different rule formats and to make it easier for users to build their filtering eBPF programs.
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...44CON
Data Center security has been forced to reinvent itself as software complexity increases, networking capabilities grow more agile, and attack complexity turns unmanageable. With this change, the need for security policy enforcement to be handled at the edge has pushed functionality onto host compute systems, resulting in inherent performance loss and security weakness due to consolidation of resources.
In the first part of the talk we will be presenting a SmartNIC-based model for data-center security that solves both the performance problem and the security problems of edge-centric policy models. The model features a more robust isolation of responsibilities, superior offload capabilities, significantly better scaling of policy, and unique visibility opportunities.
To illustrate this, we present a SmartNIC-based reference architecture for network layout, as well as examples of SmartNIC security controls and their resulting threat models.
The second part of the talk will unveil a new innovative technique for tamper proof host introspection as SmartNICs are in a unique position to analyze and inspect the memory of the host to which they are attached. Normally, this functionality is reserved for a hypervisor, where it is known as ‘guest introspection’ or ‘virtual-machine introspection’. With host introspection, security controls no longer live in the hypervisor, but on the SmartNIC itself, on a separate trust domain. In this way, the visibility normally achieved with guest introspection can be performed for the entire host memory in an isolated and secure area. In order for host introspection to work in the same way as guest introspection, memory is DMA transferred in bursts over the PCI-e bus that attaches the SmartNIC to the host. As this method can be subverted to hide unwanted software, we will demonstrate a novel approach to tamper proof the acquisition of memory and for performing live introspection.
Host introspection complements the network controls implemented using the SmartNIC by enabling the measurement of the integrity and the behavior of workloads (virtual machines, containers, bare metal servers) to identify possible indicators of compromise. The visibility and context gained also enhances the granularity of network controls, resulting in measurably better security for the data center compared to traditional software-only based controls.
Pankur Agarwal and Muthurajan (M Jay) Jayakumar offered a hands-on lab for Network Service Benchmarking (NSB). NSB extends the yardstick framework to do VNF characterization and benchmarking in three different execution environments - bare metal i.e., native Linux environment, standalone virtual environment, and managed virtualized environment (e.g., OpenStack, etc.). This is part 1 - the introduction.
Lightweight Virtualized Containers For Open Platform for NFV* (OPNFV*)Michelle Holley
We will examine the current state of container (and Kubernetes) support in Open Platform for Network Function Virtualization (OPNFV). We will also examine new container technologies that use lightweight virtual machines for containerized workloads, as exemplified by Intel Clear Containers and the upcoming Kata Containers project. We’ll look at the components of container management systems, with an eye towards the integration of lightweight virtualization into OPNFV’s container support. Finally, we’ll have a hands-on lab session in which you’ll be able to install Kubernetes with cc-runtime, the Intel Clear Containers runtime engine for containers. We'll explore how it functions and the challenges and opportunities for integrating into OPNFV.
Lab instructions can be found at http://www.dragstroke.org.s3-website.us-east-2.amazonaws.com/
The Next Step ofOpenStack Evolution for NFV DeploymentsDirk Kutscher
NFV is now a well-known concept and in an early deployment stage, leveraging and adapting OpenStack and other Open Source Software systems. In the OPNFV project, a large group of industry peers is building a carrier-grade, integrated, open source reference platform for the NFV community. The telco industry has successfully adopted Open Source Software for carrier-grade deployments. It is now time for taking the next steps and to extend the colloaboration with upstream projects -- by opening up previously proprietary developments, by contributing code and other artifacts in order to create a ecosystem of NFV platforms, applications, and management/orchestration systems.
This talk shares some insights on how Red Hat and NEC are working together to foster collaboration in the NFV ecosystem by actively working with OpenStack and other upstream projects.
NEC has pioneered the adoption of Linux, KVM, Open vSwitch, and OpenStack for their mobile network core product line (virtualized EPC) and has gained significant experience through development work and deployments. NEC's extensions for high efficiency and high availability have led to contributions of new features to OpenStack, such as DPDK vSwitch control and CPU allocation features. For NEC, it is very important to have those features integrated into the mainstream code base for building reliable infrastructure systems.
Red Hat, one of main contributors to OpenStack, leads the development of those functions to meet NFV requirements in OpenStack, making critical and demanding applications run of top of open platforms. The presentation explains how NEC and Red Hat are integrating and optimizing Red Hat Enterprise Linux OpenStack Platform and NFV, along with contributions to open source communities, including OpenStack and Open Platform for NFV (OPNFV).
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...IO Visor Project
As microservices grow, traditional firewall rules based on network ACLs are no longer scalable and fall short of providing fine-grained enforcement. Group Based Policy (GBP) is a flexible policy language that allows users to specify policy enforcement based on intent, independent of network infrastructure and IP addressing. Using micro-segmented virtual domains, administrators can define policies at a centralized location and use IO Visor technology for distributed enforcement. This provides infrastructure independent rules, template-based policy definitions, and scale-out policy enforcement for a solution that secures and scales with microservices. This session will be presented by members of the IO Visor community and will cover how IO Visor technology can be used to define and enforce GBP. The discussion will also cover using GBP for cloud foundry application spaces where microservices are deployed and need scalable, efficient security policies.
Vector Packet Technologies such as DPDK and FD.io/VPP revolutionized software packet processing initially for discrete appliances and then for NFV use cases. Container based VNF deployments and it's supporting NFV infrastructure is now the new frontier in packet processing and has number of strong advocates among both traditional Comms Service Providers and in the Cloud. This presentation will give an overview of how DPDK and FD.io/VPP project are rising to meet the challenges of the Container dataplane. The discussion will provide an overview of the challenges, recent new features and what is coming soon in this exciting new area for the software dataplane, in both DPDK and FD.io/VPP!
About the speaker: Ray Kinsella has been working on Linux and various other open source technologies for about twenty years. He is recently active in open source communities such as VPP and DPDK but is a constant lurker in many others. He is interested in the software dataplane and optimization, virtualization, operating system design and implementation, communications and networking.
Orchestrating NFV Workloads in Multiple CloudsMichelle Holley
Open Network Automation Platform (ONAP) is missioned to deploy and manage VNFs on multiple infrastructure environments, including virtualized infrastructure and cloud native. Workload deployment and orchestration in multiple clouds is expected to play an essential role in ONAP operational success. This talk introduces overall ONAP architecture and orchestration workflow, and related supporting functions such as homing and optimization.
Speaker: Bin Hu, Bin is an innovation thought-leader in NFV, SDN and Cloud. He is the Convener of OPNFV's Technical Community, PTL of IPv6 and PTL of Gluon in OpenStack for the next generation of NFV networking services. He was the Winner of OPNFV 2015 Annual Award.
Host Data Plane Acceleration: SmartNIC Deployment ModelsNetronome
SIGCOMM 2018: This tutorial introduces multiple models for host data plane acceleration with SmartNICs, provides a detailed understanding of SmartNIC deployment models at hyperscale cloud vendors and telecom service providers, and introduces various open source resources available for research and product development in this space.
Presenter Bio
Simon focuses on upstream open source activities at Netronome. He is working on allowing offload of OVS offload on the Agilio platform as well as the broader question of how best to enable programming hardware offload in the Linux kernel and other upstream open source projects.
The Need for Complex Analytics from Forwarding Pipelines Netronome
Nic Viljoen, Research Engineer, (including Tom Tofigh and Bryan Sullivan form AT&T) presentation from ONS 2016 at Santa Clara Convention Center in Santa Clara, CA.
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Michelle Holley
This demo/lab will guide you to install and configure FD.io Vector Packet Processing (VPP) on Intel® Architecture (AI) Server. You will also learn to install TRex* on another AI Server to send packets to the VPP, and use some VPP commands to forward packets back to the TRex*.
Speaker: Loc Nguyen. Loc is a Software Application Engineer in Data Center Scale Engineering Team. Loc joined Intel in 2005, and has worked in various projects. Before joining the network group, Loc worked in High-Performance Computing area and supported Intel® Xeon Phi™ Product Family. His interest includes computer graphics, parallel computing, and computer networking.
This presentation discusses the design and evaluation of two open-source implementations of the LTE EPC, one based on SDN principles and the other based on NFV, and presents a performance comparison of the two approaches. Speaker: Mythili Vutukuru
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!OPNFV
Freedom of choice is one of the key concepts in the SDN and NFV revolution we are seeing today. OPNFV is at the heart of this revolution yet very limited freedom of choice has existed on the hardware architecture side. However, with the work done in the Armband project, ARM servers are now an alternative hardware architecture for Brahmaputra deployments. The Armband team has ported the OPNFV Fuel Project to support deployments on ARM servers. The necessary code changes have been upstreamed through the OPNFV armband project. End users are now able to download or build their own Brahmaputra OPNFV ISO ready for ARM and install it using available OPNFV documentation. In addition to this and to further the OPNFV VNF ecosystem, a full specification OPNFV Pharos lab based on ARM servers was built by Enea for running continuous integration (CI) and continuous deployment (CD). In this presentation, we will walk you through the experiences gained in this process, the challenges and how they were overcome and what is coming next.
Development, test, and characterization of MEC platforms with Teranium and Dr...Michelle Holley
Mobile edge computing delivers cloud computing at the edge of the cellular network to drive services quality and innovation. The ability for CSPs and ISVs to effectively develop, deliver, and deploy MEC services on a given platform directly correlates with the availability and maturity of associated tools and test environment. Dronava is a hyper-connected, web-scale network reference design for the 5G mobile network, suitable for use as a test and development socket for cloud applications developed for MEC platforms with tools such as the Intel NEV SDK. With Dronava, developers can drive the application with real traffics from the network edge to the EPC core, and if need be, connect with services in the core network in order to fully characterize the functionalities, latency, and throughput of the platform and application.Teranium is an integrated development environment that simplifies the development, packaging, and deployment/management of cloud applications. Teranium can be utilized to develop and deploy MEC applications on a number of platforms. Together with Dronava, Teranium helps to reduce complexity and improve efficiency in the ability of CSPs and ISVs to adopt and deploy MEC-base services.
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Linaro
Speakers: Gilad Shainer and Scot Schultz
Company: Mellanox Technologies
Talk Title: Intelligent Interconnect Architecture to Enable Next
Generation HPC
Talk Abstract:
The latest revolution in HPC interconnect architecture is the development of In-Network Computing, a technology that enables handling and accelerating application workloads at the network level. By placing data-related algorithms on an intelligent network, we can overcome the new performance bottlenecks and improve the data center and applications performance. The combination of In-Network Computing and ARM based processors offer a rich set of capabilities and opportunities to build the next generation of HPC platforms.
Gilad Shainer Bio:
Gilad Shainer has served as Mellanox's vice president of marketing since March 2013. Previously, Mr. Shainer was Mellanox's vice president of marketing development from March 2012 to March 2013. Mr. Shainer joined Mellanox in 2001 as a design engineer and later served in senior marketing management roles between July 2005 and February 2012. Mr. Shainer holds several patents in the field of high-speed networking and contributed to the PCI-SIG PCI-X and PCIe specifications. Gilad Shainer holds a MSc degree (2001, Cum Laude) and a BSc degree (1998, Cum Laude) in Electrical Engineering from the Technion Institute of Technology in Israel.
Scot Schultz Bio:
Scot Schultz is a HPC technology specialist with broad knowledge in operating systems, high speed interconnects and processor technologies. Joining the Mellanox team in 2013, Schultz is 30-year veteran of the computing industry. Prior to joining Mellanox, he spent the past 17 years at AMD in various engineering and leadership roles in the area of high performance computing. Scot has also been instrumental with the growth and development of various industry organizations including the Open Fabrics Alliance, and continues to serve as a founding board-member of the OpenPOWER Foundation and Director of Educational Outreach and founding member of the HPC-AI Advisory Council.
Lightweight Virtualized Containers For Open Platform for NFV* (OPNFV*)Michelle Holley
We will examine the current state of container (and Kubernetes) support in Open Platform for Network Function Virtualization (OPNFV). We will also examine new container technologies that use lightweight virtual machines for containerized workloads, as exemplified by Intel Clear Containers and the upcoming Kata Containers project. We’ll look at the components of container management systems, with an eye towards the integration of lightweight virtualization into OPNFV’s container support. Finally, we’ll have a hands-on lab session in which you’ll be able to install Kubernetes with cc-runtime, the Intel Clear Containers runtime engine for containers. We'll explore how it functions and the challenges and opportunities for integrating into OPNFV.
Lab instructions can be found at http://www.dragstroke.org.s3-website.us-east-2.amazonaws.com/
The Next Step ofOpenStack Evolution for NFV DeploymentsDirk Kutscher
NFV is now a well-known concept and in an early deployment stage, leveraging and adapting OpenStack and other Open Source Software systems. In the OPNFV project, a large group of industry peers is building a carrier-grade, integrated, open source reference platform for the NFV community. The telco industry has successfully adopted Open Source Software for carrier-grade deployments. It is now time for taking the next steps and to extend the colloaboration with upstream projects -- by opening up previously proprietary developments, by contributing code and other artifacts in order to create a ecosystem of NFV platforms, applications, and management/orchestration systems.
This talk shares some insights on how Red Hat and NEC are working together to foster collaboration in the NFV ecosystem by actively working with OpenStack and other upstream projects.
NEC has pioneered the adoption of Linux, KVM, Open vSwitch, and OpenStack for their mobile network core product line (virtualized EPC) and has gained significant experience through development work and deployments. NEC's extensions for high efficiency and high availability have led to contributions of new features to OpenStack, such as DPDK vSwitch control and CPU allocation features. For NEC, it is very important to have those features integrated into the mainstream code base for building reliable infrastructure systems.
Red Hat, one of main contributors to OpenStack, leads the development of those functions to meet NFV requirements in OpenStack, making critical and demanding applications run of top of open platforms. The presentation explains how NEC and Red Hat are integrating and optimizing Red Hat Enterprise Linux OpenStack Platform and NFV, along with contributions to open source communities, including OpenStack and Open Platform for NFV (OPNFV).
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...IO Visor Project
As microservices grow, traditional firewall rules based on network ACLs are no longer scalable and fall short of providing fine-grained enforcement. Group Based Policy (GBP) is a flexible policy language that allows users to specify policy enforcement based on intent, independent of network infrastructure and IP addressing. Using micro-segmented virtual domains, administrators can define policies at a centralized location and use IO Visor technology for distributed enforcement. This provides infrastructure independent rules, template-based policy definitions, and scale-out policy enforcement for a solution that secures and scales with microservices. This session will be presented by members of the IO Visor community and will cover how IO Visor technology can be used to define and enforce GBP. The discussion will also cover using GBP for cloud foundry application spaces where microservices are deployed and need scalable, efficient security policies.
Vector Packet Technologies such as DPDK and FD.io/VPP revolutionized software packet processing initially for discrete appliances and then for NFV use cases. Container based VNF deployments and it's supporting NFV infrastructure is now the new frontier in packet processing and has number of strong advocates among both traditional Comms Service Providers and in the Cloud. This presentation will give an overview of how DPDK and FD.io/VPP project are rising to meet the challenges of the Container dataplane. The discussion will provide an overview of the challenges, recent new features and what is coming soon in this exciting new area for the software dataplane, in both DPDK and FD.io/VPP!
About the speaker: Ray Kinsella has been working on Linux and various other open source technologies for about twenty years. He is recently active in open source communities such as VPP and DPDK but is a constant lurker in many others. He is interested in the software dataplane and optimization, virtualization, operating system design and implementation, communications and networking.
Orchestrating NFV Workloads in Multiple CloudsMichelle Holley
Open Network Automation Platform (ONAP) is missioned to deploy and manage VNFs on multiple infrastructure environments, including virtualized infrastructure and cloud native. Workload deployment and orchestration in multiple clouds is expected to play an essential role in ONAP operational success. This talk introduces overall ONAP architecture and orchestration workflow, and related supporting functions such as homing and optimization.
Speaker: Bin Hu, Bin is an innovation thought-leader in NFV, SDN and Cloud. He is the Convener of OPNFV's Technical Community, PTL of IPv6 and PTL of Gluon in OpenStack for the next generation of NFV networking services. He was the Winner of OPNFV 2015 Annual Award.
Host Data Plane Acceleration: SmartNIC Deployment ModelsNetronome
SIGCOMM 2018: This tutorial introduces multiple models for host data plane acceleration with SmartNICs, provides a detailed understanding of SmartNIC deployment models at hyperscale cloud vendors and telecom service providers, and introduces various open source resources available for research and product development in this space.
Presenter Bio
Simon focuses on upstream open source activities at Netronome. He is working on allowing offload of OVS offload on the Agilio platform as well as the broader question of how best to enable programming hardware offload in the Linux kernel and other upstream open source projects.
The Need for Complex Analytics from Forwarding Pipelines Netronome
Nic Viljoen, Research Engineer, (including Tom Tofigh and Bryan Sullivan form AT&T) presentation from ONS 2016 at Santa Clara Convention Center in Santa Clara, CA.
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Michelle Holley
This demo/lab will guide you to install and configure FD.io Vector Packet Processing (VPP) on Intel® Architecture (AI) Server. You will also learn to install TRex* on another AI Server to send packets to the VPP, and use some VPP commands to forward packets back to the TRex*.
Speaker: Loc Nguyen. Loc is a Software Application Engineer in Data Center Scale Engineering Team. Loc joined Intel in 2005, and has worked in various projects. Before joining the network group, Loc worked in High-Performance Computing area and supported Intel® Xeon Phi™ Product Family. His interest includes computer graphics, parallel computing, and computer networking.
This presentation discusses the design and evaluation of two open-source implementations of the LTE EPC, one based on SDN principles and the other based on NFV, and presents a performance comparison of the two approaches. Speaker: Mythili Vutukuru
Summit 16: OPNFV on ARM - Hardware Freedom of Choice Has Arrived!OPNFV
Freedom of choice is one of the key concepts in the SDN and NFV revolution we are seeing today. OPNFV is at the heart of this revolution yet very limited freedom of choice has existed on the hardware architecture side. However, with the work done in the Armband project, ARM servers are now an alternative hardware architecture for Brahmaputra deployments. The Armband team has ported the OPNFV Fuel Project to support deployments on ARM servers. The necessary code changes have been upstreamed through the OPNFV armband project. End users are now able to download or build their own Brahmaputra OPNFV ISO ready for ARM and install it using available OPNFV documentation. In addition to this and to further the OPNFV VNF ecosystem, a full specification OPNFV Pharos lab based on ARM servers was built by Enea for running continuous integration (CI) and continuous deployment (CD). In this presentation, we will walk you through the experiences gained in this process, the challenges and how they were overcome and what is coming next.
Development, test, and characterization of MEC platforms with Teranium and Dr...Michelle Holley
Mobile edge computing delivers cloud computing at the edge of the cellular network to drive services quality and innovation. The ability for CSPs and ISVs to effectively develop, deliver, and deploy MEC services on a given platform directly correlates with the availability and maturity of associated tools and test environment. Dronava is a hyper-connected, web-scale network reference design for the 5G mobile network, suitable for use as a test and development socket for cloud applications developed for MEC platforms with tools such as the Intel NEV SDK. With Dronava, developers can drive the application with real traffics from the network edge to the EPC core, and if need be, connect with services in the core network in order to fully characterize the functionalities, latency, and throughput of the platform and application.Teranium is an integrated development environment that simplifies the development, packaging, and deployment/management of cloud applications. Teranium can be utilized to develop and deploy MEC applications on a number of platforms. Together with Dronava, Teranium helps to reduce complexity and improve efficiency in the ability of CSPs and ISVs to adopt and deploy MEC-base services.
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Linaro
Speakers: Gilad Shainer and Scot Schultz
Company: Mellanox Technologies
Talk Title: Intelligent Interconnect Architecture to Enable Next
Generation HPC
Talk Abstract:
The latest revolution in HPC interconnect architecture is the development of In-Network Computing, a technology that enables handling and accelerating application workloads at the network level. By placing data-related algorithms on an intelligent network, we can overcome the new performance bottlenecks and improve the data center and applications performance. The combination of In-Network Computing and ARM based processors offer a rich set of capabilities and opportunities to build the next generation of HPC platforms.
Gilad Shainer Bio:
Gilad Shainer has served as Mellanox's vice president of marketing since March 2013. Previously, Mr. Shainer was Mellanox's vice president of marketing development from March 2012 to March 2013. Mr. Shainer joined Mellanox in 2001 as a design engineer and later served in senior marketing management roles between July 2005 and February 2012. Mr. Shainer holds several patents in the field of high-speed networking and contributed to the PCI-SIG PCI-X and PCIe specifications. Gilad Shainer holds a MSc degree (2001, Cum Laude) and a BSc degree (1998, Cum Laude) in Electrical Engineering from the Technion Institute of Technology in Israel.
Scot Schultz Bio:
Scot Schultz is a HPC technology specialist with broad knowledge in operating systems, high speed interconnects and processor technologies. Joining the Mellanox team in 2013, Schultz is 30-year veteran of the computing industry. Prior to joining Mellanox, he spent the past 17 years at AMD in various engineering and leadership roles in the area of high performance computing. Scot has also been instrumental with the growth and development of various industry organizations including the Open Fabrics Alliance, and continues to serve as a founding board-member of the OpenPOWER Foundation and Director of Educational Outreach and founding member of the HPC-AI Advisory Council.
GrassDew IT Solutions - Company ProfileShekhar Pawar
GrassDew is into Cossulting Services, Software Services (Customized Software Development, Software Maintanance and Production Support), Knowledge Services (Software Technical Training)
Deep Dive Research is a firm of Qualitative Consumer and Marketing Insights Specialists dedicated to providing manufacturers and service providers, who desire deep consumer connection, with insights and expert consulting to grow brands and businesses.
Go Deep Dive ... Insight For The Competitive Edge.
PSI is a Global IT Solutions company providing software product development, IT consulting and offshore outsourcing solutions to enterprises worldwide. We take pride in providing IT services in a dynamic environment where business and technology strategies converge into the objective of delivering "Value" to the business.
We adhere to guidelines under ISO certifications, to deliver reliable solutions, which fully meet client requirements and excel client expectations. PSI is a Microsoft Certified Partner and an active member of organizations of repute like ESC India, STPI, NASSCOM, DSCI, TiE and CII.
Imagine you're tackling one of these evasive performance issues in the field, and your go-to monitoring checklist doesn't seem to cut it. There are plenty of suspects, but they are moving around rapidly and you need more logs, more data, more in-depth information to make a diagnosis. Maybe you've heard about DTrace, or even used it, and are yearning for a similar toolkit, which can plug dynamic tracing into a system that wasn't prepared or instrumented in any way.
Hopefully, you won't have to yearn for a lot longer. eBPF (extended Berkeley Packet Filters) is a kernel technology that enables a plethora of diagnostic scenarios by introducing dynamic, safe, low-overhead, efficient programs that run in the context of your live kernel. Sure, BPF programs can attach to sockets; but more interestingly, they can attach to kprobes and uprobes, static kernel tracepoints, and even user-mode static probes. And modern BPF programs have access to a wide set of instructions and data structures, which means you can collect valuable information and analyze it on-the-fly, without spilling it to huge files and reading them from user space.
In this talk, we will introduce BCC, the BPF Compiler Collection, which is an open set of tools and libraries for dynamic tracing on Linux. Some tools are easy and ready to use, such as execsnoop, fileslower, and memleak. Other tools such as trace and argdist require more sophistication and can be used as a Swiss Army knife for a variety of scenarios. We will spend most of the time demonstrating the power of modern dynamic tracing -- from memory leaks to static probes in Ruby, Node, and Java programs, from slow file I/O to monitoring network traffic. Finally, we will discuss building our own tools using the Python and Lua bindings to BCC, and its LLVM backend.
Dongguan Shengjia Hardware Products Co.,Ltd, wholly-owned subsidiary of Shengjia Group Industrial Co.,Ltd, founded in 2003,which is a comprehensive manufacturer of design, production, sales and service, and specialize in punching various precision hardware, processing extruded aluminum heat sink, designing and manufacturing metal stamping dies.
Softengi Software Development Company ProfileSoftengi
Softengi is a Ukrainian IT outsourcing service provider, which made its start in 1995, with more than 150 IT professionals daily implementing the business needs of our customers all over the world.
The company is The 2014 Global Outsourcing 100 ranked outsourcer, a member of Intecracy Group IT-consortium and Microsoft Gold certified partner.
Softengi's main competencies are outsourcing software development, establishment of development centers, outsourcing of IT business processes, IT consulting, development of solutions for business (based on Microsoft SharePoint), as well as providing customers its personnel for specific projects (IT-outstuffing).
Among Softengi’s customers there are such world-known companies as Enviance Inc. (cooperating with McDonalds, DuPont, Walmart, Chevron and FujiFilm), Ingersoll-Rand, the Boeing Company, Peterbilt Inc., PZU, Zeppelin and others.
Our exclusive value is “Inspired software engineering” – Softengi makes thoughtful solutions, being totally focused on customer’s expectations and turning into reality the business dreams of our clients.
Versal Premium ACAP for Network and Cloud Accelerationinside-BigData.com
Today Xilinx announced Versal Premium, the third series in the Versal ACAP portfolio. The Versal Premium series features highly integrated, networked and power-optimized cores and the industry’s highest bandwidth and compute density on an adaptable platform. Versal Premium is designed for the highest bandwidth networks operating in thermally and spatially constrained environments, as well as for cloud providers who need scalable, adaptable application acceleration.
Versal is the industry’s first adaptive compute acceleration platform (ACAP), a revolutionary new category of heterogeneous compute devices with capabilities that far exceed those of conventional silicon architectures. Developed on TSMC’s 7-nanometer process technology, Versal Premium combines software programmability with dynamically configurable hardware acceleration and pre-engineered connectivity and security features to enable a faster time-to- market. The Versal Premium series delivers up to 3X higher throughput compared to current generation FPGAs, with built-in Ethernet, Interlaken, and cryptographic engines that enable fast and secure networks. The series doubles the compute density of currently deployed mainstream FPGAs and provides the adaptability to keep pace with increasingly diverse and evolving cloud and networking workloads.
Learn more: https://insidehpc.com/2020/03/xilinx-announces-versal-premium-acap-for-network-and-cloud-acceleration/
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
Intel® Ethernet Series Delivering Real-World Value. As computing and networking scale in performance, interconnect technologies play a critical role in ensuring systems reach their full potential in the speed at which they move data. Intel has been at the forefront of research and development into interconnect technologies since the dawn of the PC era. Today in the data center, Intel is working to deliver greater levels of intelligence within its connectivity solutions to overcome network bottlenecks and accelerate applications. Between PC and peripherals, Intel is heavily involved with the industry as it brings the latest technologies to market for the best user experiences. At the chip level, Intel is leading the industry in advanced packaging with technologies that connect chiplets and modules in order to deliver Moore’s Law advances, while also working to reduce latency between memory and CPU. From “Microns to Miles,” Intel’s investments in interconnect technologies are among the broadest in the industry.
This overview of IBM's PureSystems™ family will highlight how key components of IBM Flex System Solutions and PureFlex offerings can save you time and money with:
1. System availability
2. Power consumption
3. Virtualization
4. Multiple platforms and operating systems
PureSystems brings together built-in expertise, integrated components, and simplified management to take IT into the next decade. We think that deserves a sigh of relief, and so will you.
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...Netronome
From the Infra//Structure Conference May 2019 by Ron Renwick of Netronome
Disaggregation a Primer:
Optimizing design for Edge Cloud & Bare Metal applications
Hyperscalers and Edge Cloud providers have recognized economic value of disaggregated infrastructure. Netronome Agilio SmartNICs enable disaggregated architectures to perform with up to 30x lower tail latency while encrypting every session using KTLS security.
The fourth-generation Cisco ASR 9000 Aggregation Services Routers series is our best yet. Not only does it sport high-density, 100-GE-port line cards; it also offers a flexible, pay-as-you-grow consumption model. Service providers can now use only the bandwidth they need and increase it at any time to meet traffic demands.
Learn the business and technical considerations of our latest ASR 9000, including:
• The pay-as-you-grow consumption model commercial terms
• Software license portability and permitting capacity
• Real-life customer case studies
Resources:
Watch the related TechWiseTV episode: http://cs.co/9008Dfyik
TechWiseTV: http://cs.co/9009DzrjN
White Box Hardware Challenges in the 5G & IoT Hyperconnected EraCharo Sanchez
The development of an agile mobile network that supports a massive number of connected devices, low latencies, broadband speeds, network slicing, and edge intelligence is the result of a number of technologies that form the 5G vision. Advantech 5G Edge Servers and Universal Edge Appliances have been designed for the network edge to meet high availability network needs providing an open virtual infrastructure for seamless network transformation toward cloud native 5G architectures. From SD-WAN and private networks to virtual RAN, Central Office and Edge Cloud, Advantech is enabling the co-creation of products and services that will form the backbone of the new 5G & IoT economy.
www.advantech.com/nc/spotlight/5G
Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and moreinside-BigData.com
In this deck from the 2018 Swiss HPC Conference, Erez Cohen from Mellanox presents: Advanced Networking: The Critical Path for HPC, Cloud, Machine Learning and more.
"While InfiniBand, RDMA and GPU-Direct are an HPC mainstay, these advanced networking technologies are increasingly becoming a core differentiator to the data center. In fact, within just a few short years so far, where only a handful of bleeding edge industrial leaders emulated classic HPC disciplines, today almost every commercial market is usurping HPC technologies and disciplines in mass. Additionally, with the rampant adoption of demanding workloads like Machine Learning, cloud to on premise providers are now deploying the same advanced networking technologies and delivering the same core capabilities and performance as traditional HPC environments. These same data centers embracing AI are also driving the increased adoption of complex technologies including containers and virtualization that must also be optimized for performance, optimal profit and operational efficiency. In this talk we explore how high performance networking has emerged from HPC to become the critical path for the cloud, machine learning and much more."
Watch the video: https://wp.me/p3RLHQ-ixP
Learn more: http://mellanox.com
and
http://www.hpcadvisorycouncil.com/events/2018/swiss-workshop/agenda.php
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
Higher Speed, Higher Density, More Flexible SAN SwitchingTony Antony
Cisco enhanced storage networking portfolio to grow, consolidate, converge and simplify operations for SMBs, Enterprise and Cloud customers, with industry’s highest port density 16G SAN Director, converged storage offerings, and data centers based on open standards with REST-API’s for programmability. These innovations future-proof storage connectivity for small and large enterprise customers, while preserving current IT operations and knowledge.
The number of internet-connected devices is growing exponentially, enabling an increasing number of edge applications in environments such as smart cities, retail, and industry 4.0. These intelligent solutions often require processing large amounts of data, running models to enable image recognition, predictive analytics, autonomous systems, and more. Increasing system workloads and data processing capacity at the edge is essential to minimize latency, improve responsiveness, and reduce network traffic back to data centers. Purpose-built systems such as Supermicro’s short-depth, multi-node SuperEdge, powered by 3rd Gen Intel® Xeon® Scalable processors, increase compute and I/O density at the edge and enable businesses to further accelerate innovation.
Join this webinar to discover new insights in edge-to-cloud infrastructures and learn how Supermicro SuperEdge multi-node solutions leverage data center scale, performance, and efficiency for 5G, IoT, and Edge applications.
Fujitsu World Tour 2017 - Compute Platform For The Digital WorldFujitsu India
Significant performance increase combined with a rich feature set based on cutting edge technology results in compelling benefits across a broad variety of application scenarios.
Intel, en el corazón del Software Defined Datacenter:
La nueva familia de procesadores Intel Xeon E5 v3
y la visión de Intel en relación con la nube híbrida y el Software Defined Infrastructure
Using Network Acceleration for an Optimized Edge Cloud Server ArchitectureNetronome
With the rise of cloud-native principles, applications are increasingly able to take advantage of diverse, specialized and distributed infrastructure. The emergence of Edge Cloud solutions promises faster and more immersive application experiences, as well as infrastructure primitives for 5G, IoT, mobility, and more. However, this new resource comes with space and power constraints that can only be overcome by using new disaggregated architectures that leverage network acceleration and optimally sized CPUs. The session will highlight how the capabilities unleashed by hardware offload of eBPF in edge cloud microservers will enable developers to efficiently leverage the massive amounts of data on the edge and to create next-generation real-time applications.
The charter of the ODSA (Open Domain Specification Architecture) Workgroup is to define an open specification that enables building of Domain Specific Accelerator silicon using best-of-breed components from the industry made available as chiplet dies that can be integrated together as Lego blocks on an organic substrate packaging layer. The resulting multi-chip module (MCM) silicon can be produced at significantly lower development and manufacturing costs, and will deliver much needed performance per watt and performance per dollar efficiencies in networking, security, machine learning and other applications. The ODSA Workgroup also intends to deliver implementations of the specification as board-level prototypes, RTL code and libraries.
Flexible and Scalable Domain-Specific ArchitecturesNetronome
This talk introduces the concept of a domain-specific architecture (DSA) using the Netronome Flow Processor (NFP) as an example, it will cover the motivation, design and implementation. It will explore how this architecture’s flexibility has been leveraged in the past to handle unique platforms such as the Facebook Yosemite v2 Platform. Finally approaches for designing flexible chipsets in the future will be explored, including the value of system wide computational modeling.
Massively Parallel RISC-V Processing with Transactional MemoryNetronome
In this talk, we discuss some of the background, and describe the example of a thousand RISC-V harts performing the processing required in a SmartNIC. We show how a RISC-V solution can be tailored with a suitable choice of instruction set features, privilege modes and debug methodology.
Offloading Linux LAG Devices Via Open vSwitch and TCNetronome
Converting Open vSwitch (OVS) kernel rules to TC Flower rules has become the standard way to offload the datapath to SmartNICs and other hardware devices. Binding such TC rules to 'offloadable' ports (such as SmartNIC representers) has been shown to enable the acceleration of packet processing while saving CPU resources on the hosting server. However, one scenario not yet well defined is the case where offloadable ports are bound to a higher level Link Aggregation (LAG) netdev, such as a Linux Bond or Team device, and where this netdev is added to an OVS bridge.
This talk describes an implementation that offloads rules that either ingress or egress to a LAG device. It highlights changes made to OVS (included in v2.9) as well as to core TC code and the driver layer in the Linux kernel. Rather than introduce new features into the kernel to handle LAG offload, the design expands upon recent, independently added kernel features including the concept of TC blocks. It is shown how, with slight modification, TC blocks can be used by OVS to represent LAG devices.
eBPF Debugging Infrastructure - Current TechniquesNetronome
eBPF (extended Berkeley Packet Filter), in particular with its driver-level hook XDP (eXpress Data Path), has increased in importance over the past few years. As a result, the ability to rapidly debug and diagnose problems is becoming more relevant. This talk will cover common issues faced and techniques to diagnose them, including the use of bpftool for map and program introspection, the use of disassembly to inspect generated assembly code and other methods such as using debug prints and how to apply these techniques when eBPF programs are offloaded to the hardware.
The talk will also explore where the current gaps in debugging infrastructure are and suggest some of the next steps to improve this, for example, integrations with tools such as strace, valgrind or even the LLDB debugger.
eBPF has 64-bit general purpose registers, therefore 32-bit architectures normally need to use register pair to model them and need to generate extra instructions to manipulate the high 32-bit in the pair. Some of these overheads incurred could be eliminated if JIT compiler knows only the low 32-bit of a register is interested. This could be known through data flow (DF) analysis techniques. Either the classic iterative DF analysis or "path-sensitive" version based on verifier's code path walker.
In this talk, implementations for both versions of DF analyzer will be presented. We will see how a def-use chain based classic eBPF DF analyser looks first, and will see the possibility to integrate it with previous proposed eBPF control flow graph framework to make a stand-alone eBPF global DF analyser which could potentially serve as a library. Then, another "path-sensitive" DF analyser based on the existing verifier code path walker will be presented. We will discuss how function calls, path prune, path switch affect the implementation. Finally, we will summarize pros and cons for each, and will see how could each of them be adapted to 64-bit and 32-bit architecture back-ends.
Also, eBPF has 32-bit sub-register and ALU32 instructions associated, enable them (-mattr=+alu32) in LLVM code-gen could let the generated eBPF sequences carry more 32-bit information which could potentially easy flow analyser. This will be briefly discussed in the talk as well.
eBPF (extended Berkeley Packet Filter) has been shown to be a flexible kernel construct used for a variety of use cases, such as load balancing, intrusion detection systems (IDS), tracing and many others. One such emerging use case revolves around the proposal made by William Tu for the use of eBPF as a data path for Open vSwitch. However, there are broader switching use cases developing around the use of eBPF capable hardware. This talk is designed to explore the bottlenecks that exist in generalising the application of eBPF further to both container switching as well as physical switching.
eBPF Tooling and Debugging InfrastructureNetronome
eBPF, in particular with its driver-level hook XDP, has increased in importance over the past few years. As a result, the ability to rapidly debug and diagnose problems is becoming more relevant. This session will cover common issues faced and techniques to diagnose them, including the use of bpftool for map and program introspection, the disassembling of programs to inspect generated eBPF instructions and other methods such as using debug prints and how to apply these techniques when eBPF programs are offloaded to the hardware.
The first version of eBPF hardware offload was merged into the Linux kernel in October 2016 and became part of Linux v4.9. For the last two years the project has been growing and evolving to integrate more closely with the core kernel infrastructure and enable more advanced use cases. This talk will explain the internals of the kernel architecture of the offload and how it allows seamless execution of unmodified eBPF datapaths in HW.
This slide deck focuses on eBPF JIT compilation infrastructure and how it plays an important role in the entire eBPF life cycle inside the Linux kernel. First, it does quite a number of control flow checks to reject vulnerable programs and then JIT compiles the eBPF program to either host or offloading target instructions which boost performance. However, there is little documentation about this topic which this slide deck will dive into.
Netronome's half-day tutorial on host data plane acceleration at ACM SIGCOMM 2018 introduced attendees to models for host data plane acceleration and provided an in-depth understanding of SmartNIC deployment models at hyperscale cloud vendors and telecom service providers.
Presenter Bios
Jakub Kicinski is a long term Linux kernel contributor, who has been leading the kernel team at Netronome for the last two years. Jakub’s major contributions include the creation of BPF hardware offload mechanisms in the kernel and bpftool user space utility, as well as work on the Linux kernel side of OVS offload.
David Beckett is a Software Engineer at Netronome with a strong technical background of computer networks including academic research with DDoS. David has expertise in the areas of Linux architecture and computer programming. David has a Masters Degree in Electrical, Electronic Engineering at Queen’s University Belfast and continues as a PhD student studying Emerging Application Layer DDoS threats.
Netronome's half-day tutorial on host data plane acceleration at ACM SIGCOMM 2018 introduced attendees to models for host data plane acceleration and provided an in-depth understanding of SmartNIC deployment models at hyperscale cloud vendors and telecom service providers.
Presenter Bio
Jaco Joubert is a Software Engineer at Netronome focusing on P4 and its applications on the Netronome SmartNIC. He recently started investigating network acceleration for Deep Learning on distributed systems. Prior to Netronome he worked on mobile application development and was a researcher at Telkom SA focusing on the mobile core after completing his Masters Degree in Computer, Electronic Engineering in 2014.
SmartNICs are a new generation of intelligent Network Interface Cards (NICs). This intelligence allows NICs to offload virtual switching or other data plane functions in high-performance cloud data center servers.
Fully programmable SmartNICs allow new offloads like OVS, eBPF, P4 or vRouter, and the Linux kernel is changing for supporting them. Having these same offloads when using DPDK is a possibility although the implications are not clear yet. Alejandro Lucero presented Netronome’s perspective for adding such a support to DPDK mainly for OVS and eBPF.
Comprehensive XDP Offload-handling the Edge CasesNetronome
While XDP is less complex to offload than other forms of kernel functionality due to the fact that it sits at the bottom of the stack, there are a number of items that lead to complexity when dealing with XDP offload. This talk will explore some of the ideas around how to implement these concepts as well as share some of the results we have seen while implementing offload on a 32 bit architecture.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
2. 2
Netronome invented the flexible network flow processor and
hardware-accelerated server-based networking.
Netronome unites the speed and flexibility of software innovation with the performance and
efficiency of hardware. With Netronome, you get the efficiencies of mega-scale data centers in
your own commercial off-the-shelf (COTS) server and networking infrastructure.
3. 4
Alleviate Data Center Sprawl
Get 3 to 6X savings
through intelligent server-based networking
$ $
4. 5Bringing Software Innovation Velocity to Networking Hardware
Agilio® Server-Based Networking
Drives 5X CAPEX Reduction
Legacy server-based networking consumes as many as 12 cores, leaving only four cores for applications.
Output per server becomes restricted, significantly reducing efficiency and driving up CAPEX.
Agilio server-based networking consumes only one CPU core, leaving 15 cores for applications.
OVS +
Server-based
Networking
Applications
OVS
Applications
Legacy Server-Based
Networking
Agilio Server-Based
Networking
5. 6
SmartNICs
Server-based networking enables flexibility and rapid innovation by
leveraging the networking software used in servers. Netronome’s
SmartNICs solutions transparently offload and accelerate networking
functions with capabilities such as virtual switching, virtual routing,
connection tracking and virtual network functions, and Linux firewall
bringing the efficiencies of mega-scale data centers to businesses of all
sizes.
The Agilio CX 10GbE, 25GbE and 40GbE SmartNIC platforms fully and
transparently offload virtual switch and router datapath processing
for networking functions such as overlays, security, load balancing and
telemetry, enabling compute servers used for server-based networking
and cloud computing to save critical CPU cores for application
processing while delivering significantly higher performance. Netronome
Agilio CX platform features standard low-profile PCIe SmartNICs and
software, designed for general-purpose x86 commercial off-the-shelf
(COTS) rack servers, fitting needed operating system, power and form
factor requirements.
The Agilio LX family of SmartNICs are specifically designed for
virtualized and non-virtualized x86 server-based service nodes and
WAN Gateways. The solution delivers significant scaling and efficiencies
for networking functions such as security (e.g., IDS/IPS, NGFW, DDoS),
load balancing and gateway applications.
6. 7Bringing Software Innovation Velocity to Networking Hardware
Part Number ISA-4000-10-2-2 ISA-4000-25-2-2 ISA-4000-40-1-2 /
ISA-4000-40-2-2
Description 2-port 10 Gigabit Ethernet 2-port 25 Gigabit Ethernet 1/2-port 40 Gigabit Ethernet
Interface PCIe Gen3x8 PCIe Gen3x8 PCIe Gen3x8
Form Factor Low Profile Low Profile Low Profile
Optics SFP+ SFP28 QSFP
Part Number ISA-6480-40F-20-AA-2 ISA-6480-100CXP-10-AA-2
Description 2-port 40 Gigabit Ethernet,
optional 2xPCIe
1-port 100 Gigabit Ethernet,
optional 2xPCIe
Interface PCIe Gen3x8 PCIe Gen3x8
Form Factor Full Height Full Height
Optics QSFP CXP
Agilio CX SmartNICs
Agilio LX SmartNICs
7. 8
Offload and Accelerate
Server-Based Networking
Netronome Agilio Software works with the Agilio CX and Agilio LX family of SmartNICs, supporting compute
node and service node applications. It accelerates and scales critical server-based networking applications
such as network virtualization, security, load balancing and telemetry, which are provided using standard,
open source software such as Open vSwitch (OVS), vRouter, Linux IP Tables and Connection Tracking. Since
server-based networking applications such as OVS are transparently offloaded while keeping standard
interfaces such as OVSDB and OVS CLI intact, the Agilio high-performance solution can be seamlessly
provisioned using SDN controllers such as Open Daylight and cloud orchestration tools such as OpenStack.
This, combined with Extreme Virtio (XVIO), now brings the same performance to Virtio-based VM workloads.
Open vSwitch
Contrail vRouter
IP/NF Tables
VIRTUAL
MACHINES
CONTAINERS
AGILIO CONTROL PLANE AGILIO OPEN LINUX DRIVERS
AGILIO LOW LEVEL DRIVERS
AGILIO DATA PLANE
x86
Compute
SmartNIC
Agilio
Software
Architecture
8. 9Bringing Software Innovation Velocity to Networking Hardware
Whole Product Solutions:
For Telco, Cloud & Enterprise IT
Telco Grade
OpenStack
Cloud SDN
Controller
SDN
vSwitch (OVS)
OpenStack
Contrail
Controller
vRouter
Agilio
OVS
Platform
Agilio
vRouter
Platform
OpenStack
Liberty+
Open Daylight
Controller
OVN or OVS-Linux
Firewall
Agilio OVS-
Firewall
Platform
Delivers 5X higher VM performance
Lowers TCO by up to 6X
Adds Stateful Firewall Security
Lowers TCO by up to 6X
9. 10
• Seamless programming of SDN applications into the production Agilio solution
• Utilizes open source P4 compiler, language from the P4 Language Consortium
• Extensions enable optional C-based modules for sophisticated functions
Netronome Agilio P4/C SDK
Integrated Development Environment (IDE)
P4/C
Integrated
Development
Environment
(IDE)
P4 Code
C Code
(optional)
Netronome Programmer Studio 6.0 Agilio SmartNICs
10GbE, 25GbE, 40GbE, 100GbE
10. 11Bringing Software Innovation Velocity to Networking Hardware
Higher Developer Productivity and
Faster Time to Market
Delivers predictable development ROI and ensures investment protection
PRODUCTIVITY
Cuts the numer of lines of
code by more then 10X
OBSERVABILITY
Enhances ability to statefully
observe connections per
app by 10X
FLEXIBILITY
Dynamically monitor and respond
in real-time
COMPUTABILITY
Significantly reduces computation
data to what is most relevant
EXTENSIBILITY
Allows extension of production
Agilio software with custom features
PROTECTION
Utilizes standard and open source
P4 compiler and language
Bringing high-end capabilities within the economies of COTS servers
12. 3Bringing Software Innovation Velocity to Networking Hardware
Avoid Data Center Growing Pains
Data center operators in organizations of any size are challenged to do more with their compute
resources, to innovate more rapidly and at lower costs. They need new ways to deliver business
applications and services in a more agile and secure way, while driving down overall TCO.
How We Help
Netronome utilizes a unique flow-processing-optimized silicon and
software architecture that works in conjunction with standard and open
source server-based networking software. Netronome increases services
revenue and lowers data center CAPEX by delivering intelligent server
networking solutions that run on industry-standard servers.
5XHIGHER
THROUGHPUT
80%LOWER CPU
REQUIREMENTS
Limited Scale Slow Innovation Higher Cost