This document discusses various topics related to high-performance packet processing, including software and hardware switches/routers, ASICs, kernel bypass techniques like DPDK and netmap, and frameworks like pf_ring and FD.IO. It compares x86 CPUs to ASICs, discusses challenges of packet processing on general-purpose OSes, and explains how techniques like zero-copy, RDMA, and TCP offloading can improve performance.
An overview of Haystack's security features for low power IoT networks. Unlike most IoT stacks, when Haystack invented DASH7, security was an a priori principle and led to the most secure networking stack available in the low power, wide area networking (LPWAN) space today.
Description of Microsoft Silverlight technology.
Advantages over "standard streaming", download and progressive download methods.
Silverlight session description and analysis using wireshark
Accelerated dataplanes integration and deploymentOPNFV
Ā
Tim Rozet, Red Hat, Feng Pan, Red Hat
This session will explore the challenges and lessons learned with integrating accelerated dataplanes into OPNFV deployments. More specifically the talk will focus on FD.IO (VPP) and OVS DPDK integration into Apex, including different types of configuration options, platform requirements, performance tuning, and deployment challenges. This talk will also provide context to how OpenStack functions differently with these types of dataplanes, and how integration with the OpenDaylight controller works.
An overview of Haystack's security features for low power IoT networks. Unlike most IoT stacks, when Haystack invented DASH7, security was an a priori principle and led to the most secure networking stack available in the low power, wide area networking (LPWAN) space today.
Description of Microsoft Silverlight technology.
Advantages over "standard streaming", download and progressive download methods.
Silverlight session description and analysis using wireshark
Accelerated dataplanes integration and deploymentOPNFV
Ā
Tim Rozet, Red Hat, Feng Pan, Red Hat
This session will explore the challenges and lessons learned with integrating accelerated dataplanes into OPNFV deployments. More specifically the talk will focus on FD.IO (VPP) and OVS DPDK integration into Apex, including different types of configuration options, platform requirements, performance tuning, and deployment challenges. This talk will also provide context to how OpenStack functions differently with these types of dataplanes, and how integration with the OpenDaylight controller works.
Harvard HPC Seminar Series
Theresa Kaltz, PhD, High Performance Technical Computing, FAS, Harvard
Due to the wide availability and low cost of high speed networking, commodity clusters have become the de facto standard for building high performance parallel computing systems. This talk will introduce the leading technology for high speed interconnects called Infiniband and compare its deployment and performance to Ethernet. In addition, some emerging interconnect technologies and trends in cluster networking will be discussed.
Ariel Waizel discusses the Data Plane Development Kit (DPDK), an API for developing fast packet processing code in user space.
* Who needs this library? Why bypass the kernel?
* How does it work?
* How good is it? What are the benchmarks?
* Pros and cons
Ariel worked on kernel development at the IDF, Ben Gurion University, and several companies. He is interested in networking, security, machine learning, and basically everything except UI development. Currently a Solution Architect at ConteXtream (an HPE company), which specializes in SDN solutions for the telecom industry.
DPDK Summit 2015 - Aspera - Charles ShiflettJim St. Leger
Ā
DPDK Summit 2015 in San Francisco.
Presentation by Charles Shiflett, Aspera.
For additional details and the video recording please visit www.dpdksummit.com.
Running Applications on the NetBSD Rump Kernel by Justin Cormack eurobsdcon
Ā
Abstract
The NetBSD rump kernel has been developed for some years now, allowing NetBSD kernel drivers to be used unmodified in many environments, for example as userspace code. However it is only since last year that it has become possible to easily run unmodified applications on the rump kernel, initially with the rump kernel on Xen port, and then with the rumprun tools to run them in userspace on Linux, FreeBSD and NetBSD. This talk will look at how this is achieved, and look at use cases, including kernel driver development, and lightweight process virtualization.
Speaker bio
Justin Cormack has been a Unix user, developer and sysadmin since the early 1990s. He is based in London and works on open source cloud applications, Lua, and the NetBSD rump kernel project. He has been a NetBSD developer since early 2014.
Disaggregated Container Attached Storage - Yet Another Topology with What Pur...DoKC
Ā
The storage topology in vogue seems to cycle every few years. Internal storage is followed by centralized Storage Area Networks only to be superseded by one-size-fits-all Hyperconverged models - until scalability constraints led to distributed storage. Then comes NVMe, offering blistering speeds that all of these storage stacks struggle with. Kubernetes inspires Container Attached Storage aspiring to be the perfect model, so why is disaggregated storage now making an appearance?
This talk considers the motivations behind yet another storage topology and examines a modern, flexible architecture for delivering high-performance storage under Kubernetes.
This talk was given by Nick Connolly for DoK Day Europe @ KubeCon 2022.
Disaggregated Container Attached Storage - Yet Another Topology with What Pur...DoKC
Ā
Link: https://youtu.be/YhktX1W0geM
https://go.dok.community/slack
https://dok.community/
From the DoK Day EU 2022 (https://youtu.be/Xi-h4XNd5tE)
The storage topology in vogue seems to cycle every few years. Internal storage is followed by centralized Storage Area Networks only to be superseded by one-size-fits-all Hyperconverged models - until scalability constraints led to distributed storage. Then comes NVMe, offering blistering speeds that all of these storage stacks struggle with. Kubernetes inspires Container Attached Storage aspiring to be the perfect model, so why is disaggregated storage now making an appearance?
This talk considers the motivations behind yet another storage topology and examines a modern, flexible architecture for delivering high-performance storage under Kubernetes.
-----
Nick Connolly is a pioneer of storage virtualisation and the Chief Scientist at DataCore, where his background in real-time computing and multiprocessing led to the creation of a world-class high-performance storage stack on Windows. He holds patents ranging from highly scalable algorithms through to data protection techniques. Recently he has been working with OpenEBS to bring the power and performance of NVMe to Kubernetes.
Tuning Linux for your database FLOSSUK 2016Colin Charles
Ā
Some best practices about tuning Linux for your database workloads. The focus is not just on MySQL or MariaDB Server but also on understanding the OS from hardware/cloud, I/O, filesystems, memory, CPU, network, and resources.
Sharing High-Performance Interconnects Across Multiple Virtual Machinesinside-BigData.com
Ā
In this deck from the Stanford HPC Conference, Mohan Potheri from VMware presents: Sharing High-Performance Interconnects Across Multiple Virtual Machines.
"Virtualized devices offer maximum flexibility: sharing of hardware between virtual machines, the use of VMware vMotion to handle migration and take snapshots. However, when performance is the most critical requirement there are other options. VMware Direct Path I/O delivers excellent performance, but only for a single virtual machine. Single root I/O virtualization (SR-IOV), on the other hand, offers the performance of pass-through mode while allowing devices to be shared by multiple virtual machines.
This session introduces SR-IOV, explains how it is enabled in VMware vSphere, and provides details of specific use cases that important for machine learning and high-performance computing. It includes performance comparisons that demonstrate the benefits of SR-IOV and information on how to configure and tune these configurations."
Watch the video: https://youtu.be/-iYYmsBw8SU
Learn more: https://www.vmware.com
and
http://hpcadvisorycouncil.com
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
Introduction to HPC & Supercomputing in AITyrone Systems
Ā
Catch up with our live webinar on Natural Language Processing! Learn about how it works and how it applies to you. We have provided all the information in our video recording you would not miss out on.
Watch the Natural Language Processing webinar here!
Madhu Rangarajan will provide an overview of Networking trends they are seeing in Cloud, various network topologies and tradeoffs, and trends in the acceleration of packet processing workloads. They will also talk about some of the work going on in Intel to address these trends, including FPGAs in the datacenter.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Ā
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
Ā
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Ā
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But thereās more:
In a second workflow supporting the same use case, youāll see:
Your campaign sent to target colleagues for approval
If the āApproveā button is clicked, a Jira/Zendesk ticket is created for the marketing design team
Butāif the āRejectā button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
Ā
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. Whatās changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Ā
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
DevOps and Testing slides at DASA ConnectKari Kakkonen
Ā
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
Ā
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties ā USA
Expansion of bot farms ā how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks ā Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Ā
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
Ā
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Ā
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Ā
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as āpredictable inferenceā.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Ā
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
Ā
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Ā
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
2. What is a switch/router?
ā¢ A switch forwards frame based on MAC address
ā¢ A router forwards packets based on IP address
3. What is a Software Switch/Router?
ā¢ Software based implementations
ā¢ Routers
ā¢ BIRD, FRR, Zebra, Quagga, ExaBGP
ā¢ Switches
ā¢ Open vSwitch
ā¢ Mostly installable in a Virtualized Environment or on a *nix environment
4. What is Hardware Switch/Router?
ā¢ Manufactured by big names like Cisco, Juniper, ARISTA, Extreme, Nokia
ā¢ Comes with Price Tag
ā¢ Sometime comes with really big size
ā¢ Has diļ¬erent and multiple ports
ā¢ * X 1/10/25/40/50/100/400GB
ā¢ So many jargons
ā¢ ASIC/Merchant Silicon
ā¢ GBPS/TBPS backplane capacity
ā¢ GBPS/TBPS forwarding capacity
ā¢ k/K/m/M pps forwarding
ā¢ line rate forwarding
5. What is ASIC/merchant Silicon?
ā¢ ASIC Miners - Just one example
ā¢ Application Speciļ¬c Integrated Circuits
ā¢ Some applications
ā¢ Bitcoin Miner
ā¢ Voice Recorder
ā¢ Cryptographic Accelerator
ā¢ Network Switches
ā¢ Firewalls
ā¢ New Lingo for DC Switches is Silicon
ā¢ Oļ¬ the shelf or Custom Built ASICs
ā¢ Broadcom, Cavium are some Silicon Manufacturers
ā¢ Broadcom Tomahawk is the ļ¬agship ASIC
6.
7. The BIG Questions
1. If there are open source switch/routers why do we need to buy price
tagged Vendor Devices?
2. Why use Silicon or chips instead of generic X86 processors
3. *nix OS can do anything. Why donāt we install those apps and get rid of
Hardware Vendors?
8. x86 vs ASIC
ā¢ x86
ā¢ Jack of all, master of none
ā¢ CPU and PCI interrupts
ā¢ Limited PCIe bandwidth and based on CPU arch
ā¢ ASIC
ā¢ Master of one
ā¢ No interrupts
ā¢ Sky is the limit for PCIe bandwidth
9. POSIX poses
ā¢ POSIX sockets evolved from Berkley Sockets
ā¢ BSD Sockets are still the defacto standard since 4.2 BSD Unix
ā¢ Adopted from Linux to Windows
ā¢ Basic life cycle
ā¢ socket(), bind(), listen(), accept(), sendmsg(), recvmsg()
ā¢ Network Stacks are implemented in-kernel
ā¢ So the functions are using system-call
ā¢ Higher overhead for Context Switch and CPU Cache Pollution
ā¢ Back-and-forth game in Multi-Core CPU and Multi Queue NIC
ā¢ socket buļ¬ers(skb) or network memory buļ¬er(mbuf) stresses OS memory
allocators
10. Mind the GAP
ā¢ Minimal pause required between packets or frames
ā¢ Interpacket GAP/Interframe spacing/Interframe GAP
ā¢ The standard is 96 bit times
ā¢ 9.6 Āµs for 10 Mbit/s Ethernet
ā¢ 0.96 Āµs for 100 Mbit/s (Fast) Ethernet
ā¢ 96 ns for Gigabit Ethernet
ā¢ 38.4 ns for 2.5 Gigabit Ethernet
ā¢ 19.2 ns for 5 Gigabit Ethernet
ā¢ 9.6 ns for 10 Gigabit Ethernet
ā¢ 2.4 ns for 40 Gigabit Ethernet
ā¢ 0.96 ns for 100 Gigabit Ethernet
11. run KERNEL run
ā¢ KERNEL processing time for 1538 bytes of frame
ā¢ at 10Gbit/s == 1230.4 ns between packets (815Kpps)
ā¢ at 40Gbit/s == 307.6 ns between packets (3.26Mpps)
ā¢ at 100Gbit/s == 123.0 ns between packets (8.15Mpps)
ā¢ Smallest frame size of 84 bytes
ā¢ at 10Gbit/s == 67.2 ns between packets (14.88Mpps)
ā¢ CPU budget
ā¢ 67.2ns => 201 cycles (@3GHz)
12. OS Limitation
ā¢ Most OS are jack of all and master of none
ā¢ Desktop, Mail Server, Web Server, DNS Server
ā¢ Graphics Rendering, Gaming, Day to Day work
ā¢ They are not designed for performance packet processing
ā¢ Not optimized for line rate packet processing
ā¢ Vyatta, bsdrp are to name a few
ā¢ Lots of other commercial os
ā¢ That is not the END GAME
14. zero-copy
ā¢ CPU skips task of copying Data from one memory area to another
ā¢ Saves CPU cycles
ā¢ Saves memory bandwidth
ā¢ OS elements
ā¢ Device Driver
ā¢ File Systems
ā¢ Network Protocol Stack
ā¢ zero-copy versions
ā¢ Reduces number of mode switching between kernel space and user space
applications
ā¢ mostly uses raw sockets with mmap(Memory Map)
ā¢ kernel bypass utilizes zero-copy and they arre not the same
15. RDMA
ā¢ Remote Direct Memory Access
ā¢ Implemented over high speed, low-latency networks(fabrics)
ā¢ Direct access to remote hostās memory
ā¢ Dramatically reduces latency and CPU overhead
ā¢ Requires specialized hardware specially NIC with support for RDMA
ā¢ Bypass remote or local operating system
ā¢ Transfers data in between wire and application memory
ā¢ Bypasses CPU, cache and context switching
ā¢ Transfer continues parallel with OS operations without aļ¬ecting OS
performance
ā¢ Applications can or cannot be RDMA aware
16. RDMA(continued)
ā¢ Link Layer protocol can be
ā¢ Ethernet
ā¢ iWARP(internet Wide Area
RDMA Protocol) combines with
TCP Oļ¬oad Engine
ā¢ NVMe over Fabrics(NVMEoF)
ā¢ iSCSI Extensions over
RDMA(iSER)
ā¢ SMB Direct
ā¢ Sockets Direct Protocol(SDP)
ā¢ SCSI RDMA Protocol(SRP)
ā¢ NFS over RDMA
ā¢ GPUDirect
ā¢ Link Layer protocol can be
ā¢ Inļ¬niBand
ā¢ Oldest RDMA
implementations
ā¢ Main manufacturers were
Intel and Mellanox
ā¢ Mostly used in Super
Computing environment
ā¢ Ethernet can be run over
Inļ¬niBand
ā¢ Omni-Path
ā¢ Low Latency Networking
Architecture by Intel
17. RoCE
ā¢ RDMA over Converged Ethernet
ā¢ Two versions
ā¢ RoCEv1 focuses on Ethernet Link Layer mainly Ethertype 0x8915
ā¢ RoCEv2 focuses on Internet Layer mainly UDP/IPv4 and UDP/IPv6
ā¢ Routable RoCE is the other lingo of v2 due to itās routable capability
ā¢ Also runs over non-converged Ethernet
ā¢ RoCE vs Inļ¬niBand
ā¢ RoCE requires lossless Ethernet
ā¢ RoCE vs iWARP
ā¢ RoCE performs RDMA over Ethernet/UDP whereas iWARP uses TCP
ā¢ Some of the vendors are
ā¢ Nvidia -> Mellanox
ā¢ Broadcom -> Emulex
ā¢ Cavium -> QLogic/Marvel Technology
18. The Cool People of Internet
ā¢ Connection Establishment (SYN;SYN-ACK;ACK)
ā¢ Acknowledgement of traļ¬c receipt
ā¢ Checksum and Sequence
ā¢ Sliding Window Calculation
ā¢ Congestion Control
ā¢ Connection Termination
19. TOE(TCP Ofļ¬oad Engine)
ā¢ Oļ¬oads kernel TCP stacks in NIC
ā¢ Free up host CPU cycles
ā¢ Reduces PCI traļ¬c in between PCI bus and host CPU
ā¢ Types
ā¢ Parallel-Stack Full Oļ¬oad
ā¢ Host OS TCP/IP stack and parallel stack with āvampire tapā
ā¢ HBA full Oļ¬oad
ā¢ Host Bus Adapter used mainly in iSCSI host adapters
ā¢ Besides TCP it also oļ¬oads iSCSI functions
ā¢ TCP chimney partial Oļ¬oad
ā¢ Mainly a Microsoft lingo; but mostly used alternatively
ā¢ Selective TCP stacks are oļ¬oaded
20. tso/lro
ā¢ TCP Segmentation Oļ¬oad
ā¢ Big chunks of data are split into multiple packets by NIC before
transmission
ā¢ The size depends on MTU of a link in between networking devices
ā¢ NIC calculates and splits the data when oļ¬oaded from host OS
ā¢ Large Receive Oļ¬oad
ā¢ Just the opposite
ā¢ Multiple packets of single stream are aggregated into single buļ¬er
before handing over to host OS reducing CPU cycle
21. chksum
ā¢ Although a weak check compared to modern checksum methods but TCP
needs error checking
ā¢ Uses oneās complement algorithm
ā¢ This is CPU intensive work
ā¢ But can be oļ¬oaded into NIC if supported
ā¢ And it has some disadvantages:
ā¢ If used along with packet analyzers; it will report invalid checksums for
packets received
ā¢ If used with some virtualization platform which do not have checksum
oļ¬oad capacity in itās virtual nic driver
22. eco systems for fast packet processing
ā¢ There are lots of framework
ā¢ From open source to commercial
ā¢ Sometimes tightly coupled with a vendor
ā¢ Specially Network Interface Card vendor
ā¢ But there are open standards too
ā¢ Some eco systems are vnf friendly or oļ¬ers application development API
for building new solutions
ā¢ Commercial ones are really costly considering the price of NIC
23. xdp (eXpress Data Path)
ā¢ In Linux Kernel since 4.8
ā¢ eBPF based high performance Data path
ā¢ Similar to AF_PACKET a new address family AF_XDP
ā¢ Only supported in Intel and Mellanox cards
ā¢ eBPF is oļ¬oaded to NIC; in case drivers are unavailable then this is CPU
processed and performs slower
ā¢ 26 Mpps per core drop test has been checked successfully with
commodity hardware
ā¢ Designed for programmability
ā¢ This is not kernel bypass but rather integrated fast-path in kernel
ā¢ Works seamlessly with kernel TCP stack
24. pf_ring
ā¢ Available for Linux kernels 2.6.32 and newer
ā¢ Loadable kernel module
ā¢ 10 Gbit Hardware Packet Filtering using commodity network adapters
ā¢ Device driver independent
ā¢ Libpcap support for seamless integration with existing pcap-based applications.
ā¢ ZC version requires commercial license per mac
ā¢ User-space ZC (new generation DNA, Direct NIC Access) drivers for extreme packet capture/transmission speed as
the NIC NPU (Network Process Unit) is pushing/getting packets to/from userland without any kernel intervention.
Using the 10Gbit ZC driver you can send/received at wire-speed at any packet sizes.
ā¢ PF_RING ZC library for distributing packets in zero-copy across threads, applications, Virtual Machines.
ā¢ Support of Accolade, Exablaze, Endace, Fiberblaze, Inveatech, Mellanox, Myricom/CSPI, Napatech, Netcope and
Intel (ZC) network adapters
ā¢ Kernel-based packet capture and sampling
ā¢ Ability to specify hundred of header ļ¬lters in addition to BPF
ā¢ Content inspection, so that only packets matching the payload ļ¬lter are passed
ā¢ PF_RINGā¢ plugins for advanced packet parsing and content ļ¬ltering
ā¢ Works pretty well within ntop ecosystem
25. DPDK(Data Plane Development Kit)
ā¢ Set of Data Plane libraries and NIC drivers
ā¢ Maintained by Linux Foundation but BSD licensed
ā¢ Programming framework for x86, ARM and powerPC
ā¢ Environment Abstraction Layer(EAL) is created consisting of a set of
hardware/software environment
ā¢ Supports lots of hardware
ā¢ AMD, Amazon, Aquantia, Atomic Rules, Broadcom, Cavium, Chelsio,
Cisco, Intel, Marvell, Mellanox, NXP, Netcope, Solarļ¬are
ā¢ Extensible to diļ¬erent architecture and systems like Intel IA-32 and
FreeBSD
26. fd.io (Fast Data Input/Output)
ā¢ Run by LFN - The LF(Linux Foundation) Networking Fund
ā¢ Cisco has donated VPP(Vector Packet Processing) library to fd.io
ā¢ This library has been in production by Cisco since 2003
ā¢ Leverages DPDK capabilities
ā¢ Aligned to support NFV and SDN
ā¢ OPNFV is a sub-project of fd.io
27. netmap
ā¢ A novel framework which utilizes known techniques to reduce packet-
processing costs
ā¢ A fast packet I/O mechanism between the NIC and user-space
ā¢ Removes unnecessary metadata (e.g. sk_buf) allocation
ā¢ Amortized systemcall costs, reduced/removed data copies
ā¢ Supported both in FreeBSD and Linux as loadable kernel module
ā¢ Comes as default from FreeBSD 11.0
ā¢ Released with BSD-2CLAUSE; FreeBSD is the primary development platform
ā¢ Supported with Intel, Realtek and Chelsio cards
ā¢ 14.8 Mpps achieved in 10G NIC with a 900mhz CPU
ā¢ Chelsio has tested 100G traļ¬c in netmap mode with 99.99% success rate