Time Sensitive Networking in the Linux Kernelhenrikau
Time Sensitive Networking provides mechanisms for sending data accross the network with very low latency, low jitter and low framedrops, opening up a whole range of new applications.
This talk primarily focuses on media, but the driver should be interesting for industrial applications and automotive as well.
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondAnne Nicolas
Berkeley Packet Filter is an old friend for most people that deal with network under Linux. But its extended version eBPF is completely redefining the scope of usage and interaction with the kernel. It can indeed be used to instrument most parts of the kernel. This goes from network tracing to process or I/O monitoring.
This talk will provide an overview of eBPF, from concept to tools like BCC. It will then focus on XDP for eXtreme Data Path and the possible applications in term of networking provided by this new framework.
Eric Leblond, Stamus Network
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
Container runtimes cause Linux to return to its original purpose: to serve applications interacting directly with the kernel. At the same time, the Linux kernel is traditionally difficult to change and its development process is full of myths. A new efficient in-kernel programming language called eBPF is changing this and allows everyone to extend existing kernel components or glue them together in new forms without requiring to change the kernel itself.
Kernel Recipes 2013 - Nftables, what motivations and what solutionsAnne Nicolas
Iptables and Netfilter were introduced in 2001 along with Linux 2.4 as the full layer for firewall. The functionalities and the codes changed quite a lot during this decade, but nothing like what has been done with nftables.
The motivation for this change is to overcome the limitations of iptables that was beginning to date both foncionnal level and in the code design: problem with the system update rules (very expensive when the number of rules increases which has become a problem to manage not static rules), code duplication, problematic for code maintenance and users.
Nftables is a replacement for iptables that has been developed since 2008 by Patri ck McHardy who is the head of the Netfilter project. After a period of sleep, the developments around the project resumed in 2012 and a team of developers was formed and is working on the project.
Nftables solves the problem of updates performance using a communication message between the kernel and user space. Infrastructure Netlink was used because it is the basis of the latest major Netfilter developments.
The most notable changes:
incremental update and atomic rules guaranteeing the performance and consistency of the set of rules
expression of the rules using a pseudo machine for avoiding complex operations of writing core modules and additional extensions
Nftables exceeds the limitations of iptables and brings news that should resolve elegant and efficient way many problems. The work is already significant and only the high-level library has not yet been developed. Given the remaining work, the first official release is planned for late 2013.
Kernel Recipes 2014 - What’s new in nftables?Anne Nicolas
Nftables is a new packet filtering framework which aims at replacing iptables. It has been developed by the Netfilter team who wanted after 10 years of development to get rid of iptables. After a successful introduction in the 3.13 kernel and more than one year in vanilla kernel, nftables evolution has been important. If the main concepts did not change a lot of technical problem and improvement have been made.
This talk will do a summary of these changes describing the one being the most challenging at the technical level. It will alsod focus on the decisions and orientations chosen during the Netfilter workshop in July.
Eric Leblond, Stamus Networks
Time Sensitive Networking in the Linux Kernelhenrikau
Time Sensitive Networking provides mechanisms for sending data accross the network with very low latency, low jitter and low framedrops, opening up a whole range of new applications.
This talk primarily focuses on media, but the driver should be interesting for industrial applications and automotive as well.
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondAnne Nicolas
Berkeley Packet Filter is an old friend for most people that deal with network under Linux. But its extended version eBPF is completely redefining the scope of usage and interaction with the kernel. It can indeed be used to instrument most parts of the kernel. This goes from network tracing to process or I/O monitoring.
This talk will provide an overview of eBPF, from concept to tools like BCC. It will then focus on XDP for eXtreme Data Path and the possible applications in term of networking provided by this new framework.
Eric Leblond, Stamus Network
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
Container runtimes cause Linux to return to its original purpose: to serve applications interacting directly with the kernel. At the same time, the Linux kernel is traditionally difficult to change and its development process is full of myths. A new efficient in-kernel programming language called eBPF is changing this and allows everyone to extend existing kernel components or glue them together in new forms without requiring to change the kernel itself.
Kernel Recipes 2013 - Nftables, what motivations and what solutionsAnne Nicolas
Iptables and Netfilter were introduced in 2001 along with Linux 2.4 as the full layer for firewall. The functionalities and the codes changed quite a lot during this decade, but nothing like what has been done with nftables.
The motivation for this change is to overcome the limitations of iptables that was beginning to date both foncionnal level and in the code design: problem with the system update rules (very expensive when the number of rules increases which has become a problem to manage not static rules), code duplication, problematic for code maintenance and users.
Nftables is a replacement for iptables that has been developed since 2008 by Patri ck McHardy who is the head of the Netfilter project. After a period of sleep, the developments around the project resumed in 2012 and a team of developers was formed and is working on the project.
Nftables solves the problem of updates performance using a communication message between the kernel and user space. Infrastructure Netlink was used because it is the basis of the latest major Netfilter developments.
The most notable changes:
incremental update and atomic rules guaranteeing the performance and consistency of the set of rules
expression of the rules using a pseudo machine for avoiding complex operations of writing core modules and additional extensions
Nftables exceeds the limitations of iptables and brings news that should resolve elegant and efficient way many problems. The work is already significant and only the high-level library has not yet been developed. Given the remaining work, the first official release is planned for late 2013.
Kernel Recipes 2014 - What’s new in nftables?Anne Nicolas
Nftables is a new packet filtering framework which aims at replacing iptables. It has been developed by the Netfilter team who wanted after 10 years of development to get rid of iptables. After a successful introduction in the 3.13 kernel and more than one year in vanilla kernel, nftables evolution has been important. If the main concepts did not change a lot of technical problem and improvement have been made.
This talk will do a summary of these changes describing the one being the most challenging at the technical level. It will alsod focus on the decisions and orientations chosen during the Netfilter workshop in July.
Eric Leblond, Stamus Networks
This presentation features a walk through the Linux kernel networking stack covering the essentials and recent developments a developer needs to know. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as segmentation offloading, TCP small queues, and low latency polling. We will cover APIs exposed by the kernel that go beyond use of write()/read() on sockets and will look into how they are implemented on the kernel side.
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
This presentation features a walk through the Linux kernel networking stack for users and developers. It will cover insights into both, existing essential networking features and recent developments and will show how to use them properly. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as networking namespaces, segmentation offloading, TCP small queues, and low latency polling and will discuss how to configure them.
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
The Linux packet filtering technology, iptables, has its roots in times when networking was relatively simple and network bandwidth was measured in mere megabits. Emerging technologies, such as distributed NAT, overlay networks and containers require enhanced functionality and additional flexibility. In parallel, the next generation of network cards with speeds of 40Gb and 100Gb will put additional pressure on performance.
In the upcoming Red Hat Enterprise Linux 7, a new dynamic firewall service, FirewallD, is planned to provide greater flexibility over iptables by eliminating service disruptions during rule updates, abstraction, and support for different network trust zones. Additionally, a new virtual machine-based packet filtering technology, nftables, addresses the functionality and flexibility requirements of modern network workloads.
In this session you’ll:
Deep dive into the newly introduced packet filtering capabilities of Red Hat Enterprise Linux 7 beta.
Learn best practices.
See the new set of configuration utilities that allow new optimization possibilities.
In this talk Elad Raz from Mellanox Technologies talks about his effort to open source switch development and transition from proprietary SDKs to a standard, in-kernel solution.
As containers are being deployed as part of multi tenant clusters, virtual multi layer switches become essential to interconnect containers while providing isolation guarantees. Assigning tenants their own private networks requires stateful network address translation (NAT) implemented in a scalable architecture to expose containers to public networks. Existing virtual switches integrated into the Linux kernel did not support stateful NAT so far. This presentation introduces a new virtual NAT service deployable as container built using existing kernel functionality such as network namespaces, routing rules and Netfilter to provide NAT services to existing virtual switches such as Open vSwitch and the Linux bridge but also the core L3 layer of Linux.
Cilium - API-aware Networking and Security for Containers based on BPFThomas Graf
Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes and Mesos.
The Linux kernel is undergoing the most fundamental architecture evolution in history and is becoming a microkernel. Why is the Linux kernel evolving into a microkernel? The potentially biggest fundamental change ever happening to the Linux kernel. This talk covers how companies like Facebook and Google use BPF to patch 0-day exploits, how BPF will change the way features are added to the kernel forever, and how BPF is introducing a new type of application deployment method for the Linux kernel.
Open vSwitch - Stateful Connection Tracking & Stateful NATThomas Graf
Update on status of connection tracking and stateful NAT addition to the Linux kernel datapath. Followed by a discussion on the topic to collect ideas and come up with next steps.
Linux Kernel Cryptographic API and Use CasesKernel TLV
The Linux kernel has a rich and modular cryptographic API that is used extensively by familiar user facing software such as Android. It's also cryptic, badly documented, subject to change and can easily bite you in unexpected and painful ways.
This talk will describe the crypto API, provide some usage example and discuss some of the more interesting in-kernel users, such as DM-Crypt, DM-Verity and the new fie system encryption code.
Gilad Ben-Yossef is a principal software engineer at ARM. He works on the kernel security sub-system and the ARM CryptCell engine. Open source work done by Gilad includes an experiment in integration of network processors in the networking stack, a patch set for reducing the interference caused to user space processes in large multi-core systems by Linux kernel “maintenance” work and on SMP support for the Synopsys Arc processor among others.
Gilad has co-authored O’Reilly’s “Building Embedded Linux Systems” 2nd edition and presented at such venues as Embedded Linux Conference Europe and the Ottawa Linux Symposium, as well as co-founded Hamakor, an Israeli NGO for the advancement for Open Source and Free Software in Israel. When not hacking on kernel code you can find Gilad meditating and making dad jokes on Twitter.
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverterAnne Nicolas
NDIV is a young, very simple, yet efficient network traffic diverter. Its purpose is to help build network applications that intercept packets at line rate with a very low processing overhead. A first example application is a stateless HTTP server reaching line rate on all packet sizes.
Willy Tarreau, HaproxyTech
This presentation features a walk through the Linux kernel networking stack covering the essentials and recent developments a developer needs to know. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as segmentation offloading, TCP small queues, and low latency polling. We will cover APIs exposed by the kernel that go beyond use of write()/read() on sockets and will look into how they are implemented on the kernel side.
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
This presentation features a walk through the Linux kernel networking stack for users and developers. It will cover insights into both, existing essential networking features and recent developments and will show how to use them properly. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as networking namespaces, segmentation offloading, TCP small queues, and low latency polling and will discuss how to configure them.
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
The Linux packet filtering technology, iptables, has its roots in times when networking was relatively simple and network bandwidth was measured in mere megabits. Emerging technologies, such as distributed NAT, overlay networks and containers require enhanced functionality and additional flexibility. In parallel, the next generation of network cards with speeds of 40Gb and 100Gb will put additional pressure on performance.
In the upcoming Red Hat Enterprise Linux 7, a new dynamic firewall service, FirewallD, is planned to provide greater flexibility over iptables by eliminating service disruptions during rule updates, abstraction, and support for different network trust zones. Additionally, a new virtual machine-based packet filtering technology, nftables, addresses the functionality and flexibility requirements of modern network workloads.
In this session you’ll:
Deep dive into the newly introduced packet filtering capabilities of Red Hat Enterprise Linux 7 beta.
Learn best practices.
See the new set of configuration utilities that allow new optimization possibilities.
In this talk Elad Raz from Mellanox Technologies talks about his effort to open source switch development and transition from proprietary SDKs to a standard, in-kernel solution.
As containers are being deployed as part of multi tenant clusters, virtual multi layer switches become essential to interconnect containers while providing isolation guarantees. Assigning tenants their own private networks requires stateful network address translation (NAT) implemented in a scalable architecture to expose containers to public networks. Existing virtual switches integrated into the Linux kernel did not support stateful NAT so far. This presentation introduces a new virtual NAT service deployable as container built using existing kernel functionality such as network namespaces, routing rules and Netfilter to provide NAT services to existing virtual switches such as Open vSwitch and the Linux bridge but also the core L3 layer of Linux.
Cilium - API-aware Networking and Security for Containers based on BPFThomas Graf
Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes and Mesos.
The Linux kernel is undergoing the most fundamental architecture evolution in history and is becoming a microkernel. Why is the Linux kernel evolving into a microkernel? The potentially biggest fundamental change ever happening to the Linux kernel. This talk covers how companies like Facebook and Google use BPF to patch 0-day exploits, how BPF will change the way features are added to the kernel forever, and how BPF is introducing a new type of application deployment method for the Linux kernel.
Open vSwitch - Stateful Connection Tracking & Stateful NATThomas Graf
Update on status of connection tracking and stateful NAT addition to the Linux kernel datapath. Followed by a discussion on the topic to collect ideas and come up with next steps.
Linux Kernel Cryptographic API and Use CasesKernel TLV
The Linux kernel has a rich and modular cryptographic API that is used extensively by familiar user facing software such as Android. It's also cryptic, badly documented, subject to change and can easily bite you in unexpected and painful ways.
This talk will describe the crypto API, provide some usage example and discuss some of the more interesting in-kernel users, such as DM-Crypt, DM-Verity and the new fie system encryption code.
Gilad Ben-Yossef is a principal software engineer at ARM. He works on the kernel security sub-system and the ARM CryptCell engine. Open source work done by Gilad includes an experiment in integration of network processors in the networking stack, a patch set for reducing the interference caused to user space processes in large multi-core systems by Linux kernel “maintenance” work and on SMP support for the Synopsys Arc processor among others.
Gilad has co-authored O’Reilly’s “Building Embedded Linux Systems” 2nd edition and presented at such venues as Embedded Linux Conference Europe and the Ottawa Linux Symposium, as well as co-founded Hamakor, an Israeli NGO for the advancement for Open Source and Free Software in Israel. When not hacking on kernel code you can find Gilad meditating and making dad jokes on Twitter.
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverterAnne Nicolas
NDIV is a young, very simple, yet efficient network traffic diverter. Its purpose is to help build network applications that intercept packets at line rate with a very low processing overhead. A first example application is a stateless HTTP server reaching line rate on all packet sizes.
Willy Tarreau, HaproxyTech
The goal of the project “An optic’s life” is, to predict the time when an optical transceiver will reach its real end-of-life-time based on the actual setup in the datacenter / colocation.
Pipelined Compression in Remote GPU Virtualization Systems using rCUDA: Early...Carlos Reaño González
Paper presented at the 2nd International Workshop on Deployment and Use of Accelerators (DUAC). Co-located with the 51st International Conference on Parallel Processing (ICPP). August 29, 2021 (virtual event). More information at: https://duac2022.wordpress.com/
The CMS openstack, opportunistic, overlay, online-cluster Cloud (CMSooooCloud)Jose Antonio Coarasa Perez
The CMS online cluster consists of more than 3000 computers. It has been exclusively used for the Data Acquisition of the CMS experiment at CERN, archiving around 20Tbytes of data per day.
An openstack cloud layer has been deployed on part of the cluster (totalling more than 13000 cores) as a minimal overlay so as to leave the primary role of the computers untouched while allowing an opportunistic usage of the cluster. This allows running offline computing jobs on the online infrastructure while it is not (fully) used.
We will present the architectural choices made to deploy an unusual, as opposed to dedicated, "overlaid cloud infrastructure". These architectural choices ensured a minimal impact on the running cluster configuration while giving a maximal segregation of the overlaid virtual computer infrastructure. Openvswitch was chosen during the proof of concept phase in order to avoid changes on the network infrastructure. Its use will be illustrated as well as the final networking configuration used. The design and performance of the openstack cloud controlling layer will be also presented together with new developments and experience from the first year of usage.
VMware NSX provides a platform for deployment of software-defined network (SDN) and network function virtualization (NFV) services across physical network devices in a way that is analogous to server virtualization.
Presentation by Mr. Vibin Chander, CEO, Shabari Software Solutions, CBE during the Faculty development Programm on NS2 organized by Department of Computer Science, Rathinam College of Arts and Computer Science (Autonomous), Eachanari, Coimbatore - 641021.
Flink Forward Berlin 2017: Dr. Radu Tudoran - Huawei Cloud Stream Service in ...Flink Forward
Huawei Cloud Stream Service uses Flink internally. Cloud Stream firstly uses Flink as an internal job executing engine. Kinesis use Storm, Alibaba Stream Compute service use Storm. At the end of this year we will support Flink run on the kubernetes and Mesos at cloud, also CEP on SQL and other features. The presentation will show how to create a serverless cloud service from zero, how to provide streaming features with Flink, how to operate the service with quantization and visualization (by collecting yarn/flink/os metrics in real-time). This service was developed from zero and only cost around three months.
In this deck, Ronald P. Luijten from IBM Research in Zurich presents: DOME 64-bit μDataCenter.
I like to call it a datacenter in a shoebox. With the combination of power and energy efficiency, we believe the microserver will be of interest beyond the DOME project, particularly for cloud data centers and Big Data analytics applications."
The microserver’s team has designed and demonstrated a prototype 64-bit microserver using a PowerPC based chip from Freescale Semiconductor running Linux Fedora and IBM DB2. At 133 × 55 mm2 the microserver contains all of the essential functions of today’s servers, which are 4 to 10 times larger in size. Not only is the microserver compact, it is also very energy-efficient.
Watch the video: http://wp.me/p3RLHQ-gJM
Learn more: https://www.zurich.ibm.com/microserver/
Sign up for our insideHPC Newsletter: http://insideHPC/newsletter
Client server computing in mobile environments part 2Praveen Joshi
Client server computing in mobile environments. Versatile, Message based, Modular Infrastructure intended to improve usability, flexibility, interoperability and scalability as compared to Centralized, Mainframe, time sharing computing.
Intended to reduce Network Traffic.
Communication is using RPC or SQL
We leave in the era where the atomic building elements of silicon computers, e.g., transistors and wires, are no longer visible using traditional optical microscopes and their sizes are measured in just tens of Angstroms. In addition, power dissipation per unit volume is bounded by the laws of Physics that all resulted among others in stagnating processor clock frequencies. Adding more and more processor cores that perform simpler and simpler tasks in an attempt to efficiently fill the available on-chip area seems to be the current trend taken by the Industry.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
1. Deterministic Networking for Real-Time Systems
(Using TSN and DetNet)
Henrik Austad
haustad@cisco.com
Cisco Systems
Prague, Oct 25, 2017
2. about:henrik
Cisco Collaboration, Audio group at
Lysaker, Norway
All things Linux
Real-time tweaking and tuning
Staring at traces
AVB/TSN and DetNet
“I have a script for that somewhere..”
https://projectworkplace.cisco.com
SX80 Codec backplane
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 1 / 23
3. Real-time systems
Correctness of system not only depends on the logical result,
but also on time of arrival
When an rt-system fails, bad things typically happen
Not a trivial problem for simple systems
Quite difficult for multicore (this subject is an entire talk by
itself..)
Heterogenous multicore, because apparently pain is temporary..
“I want to make a distributed real-time system using a packet-switched network with
off-the-shelf hardware!”
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 2 / 23
4. Challenge 1 - Time
Real-time systems have very strict requirements. Adding distributed to the mix;
No 2 clocks ever run at the same rate
Complex SW introduces latencies, giving rise to more uncertainties
Unpredictable network delays add insult to injury
NTP can du sub-ms accuracy if LAN, low traffic, full moon, Saturn and Venus in phase etc
PTP has already fixed this, enabling sub µs accuracy
HW Support in both the network and in the end-stations is strongly preferred
We are not going to cover PTP in more detail in this talk.
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 3 / 23
5. Challenge 2 - Reliable1
Packet Switched Networks (PSN)
Acceptable for a PSN to drop a frame on collision
Bridges have finite buffers (can lead to framedrops)
Next frame out on a port is probably FIFO, perhaps it supports vlan pcp
Jumboframes will block all others until tx completes
Cannot express “arrive no later than” to the network
... nor indicate “send frame at time X” to the NIC
And not “give me Y kbps of bandwidth and never, ever drop a frame”
1
“Reliable” as in “real-time systems”-reliable
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 4 / 23
6. Challenge 3+n (where n ∈ N0
)
Your application will probably have
some other application-specific issues
that are amplified by being distributed.
These are left as an exercise for the reader ;)
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 5 / 23
8. Audio/Video Bridging - AVB
This started out as a set of open standards that aimed to solve the network
challenge for media over PSN.
Idea: AD/DAs are cheap. Ethernet MACs are cheap...
Why not handle A/V digitally as early as possible?
⇒ Started out as Pro Audio/Video only.
Media must have guaranteed delivery, best-effort not
acceptable
Allows for very flexible setups (can easily reroute and
duplicate streams)
High (audio-)capacity in a single cable
As units grow smaller with more processing power,
being restricted by the physical dimensions of the
backplane is not otimal
Can co-exist with BE traffic
Office network combined with movie streaming
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 6 / 23
9. AVB
Initial target was simple systems (mic, speakers, DSPs)
Started out with etherframes (L2) only
Specified PTPv2 profile (gPTP)
Uses Stream Reservation Protocol (SRP) to express requirements to the network
An easy way to connect end-stations (IEEE 1722.1)
Security not that important (subnet only)
Reliable, low-jitter streams with guaranteed BW most important
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 7 / 23
10. The Credit Based Shaper (CBS)
https://en.wikipedia.org/wiki/File:Traffic-shaping.pdf
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 8 / 23
11. TSN: Time Sensitive Networking
People started to use AVB for all sorts of crazy things, so “AVB” proved to be a
misnomer. Renamed to TSN in Nov. 2012
Pro-AV
Consumer AV
Infotainment systems (cars, messaging boards, theme-parks, ...)
Automotive (ABS breaks, control systems, monitoring, etc)
Industrial applications (e.g. Control systems/Robotics, IIoT - “Industry 4.0”)
Combine Operation Technology (OT) networks with IT networks
Focus no longer on just to provide reliabe, jitter-free streams, but also on time of
transmission, frame preemption, larger networks, path redundancy.
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 9 / 23
12. IETF and Deterministic Networking (DetNet) WG
(https://datatracker.ietf.org/wg/detnet/about/)
Large network oriented (WAN support important)
Pseudo-wire encapsulation (invisible to the end-station)
Set of guidelines to achieve deterministic behavior (rather than hard requirements)
Multipath routing (replication and elimination)
Requires Central controller (not like 1722.1 where ’anyone’ can configure)
Brings a somewhat larger security concern to the table
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 10 / 23
13. DetNet motivation
Broadcasting (digital TV, PA at large venues)
Blockchain (to accelerate the consensus process)
Building Automation Systems (sensors, HVAC)
Electrical utilities (SmartGrid, coordinate producers, grid frequency)
Extremely low packet loss ratio (10−9
− 10−12
)
When end-to-end latency is important
Replacing proprietary deterministic networks
Same network for both critical and Best-Effort traffic
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 11 / 23
14.
15. TSN in the Linux kernel
Previous approach was media centric
A lot of central pieces missing (hacked into network and media)
Mostly done via SW inside kernel (timing and best-effort tx of frames)
Made it possible to use whatever media-app to play audio over the network,
which was fun.
TSN is more than stream reservation.
Currently, only Intel’s i210 is available in a PCI-e formfactor, so this is the NIC
used for kernel testing.
But things are happening!
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 12 / 23
16. Time-triggered TSN driver
Author: Richard Cochrane
https://lkml.org/lkml/2017/9/18/76
A Time-triggered transmit approach (not bandwith centric)
Uses i210’s LaunchTime (32ns granularity time-triggered tx)
New socket option: so txtime (can specify “send frame at time X”)
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 13 / 23
17. /∗
∗ C r e d i t s : Richard Cochran <r c o c h r a n @ l i n u t r o n i x . de>
∗
∗ Lots l e f t out , only the e s s e n t i a l s are back
∗/
i n t setup ( void )
{
i n t fd = socket ( PF INET , SOCK DGRAM, IPPROTO UDP ) ;
/∗ more i n i t , and tag with SO TXTIME ∗/
s e t s o c k o p t ( fd , SOL SOCKET , SO TXTIME , &on , s i z e o f ( on ) ) ;
return fd ;
}
i n t send ( i n t fd , void ∗buf , i n t len , u64 txtime )
{
/∗ . . . ∗/
/∗ s e t txtime i n a cmsg , part of the message ∗/
cmsg = CMSG FIRSTHDR(&msg ) ;
cmsg−>c m s g l e v e l = SOL SOCKET ;
cmsg−>cmsg type = SO TXTIME ;
cmsg−>cmsg len = CMSG LEN( s i z e o f ( u64 ) ) ;
∗(( u64 ∗) CMSG DATA( cmsg )) = txtime ;
/∗ f i n a l l y , send i t , w i l l be sent at txtime ∗/
sendmsg ( fd , &msg , 0 ) ;
}
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 14 / 23
18. so txtime test
2 machines, time synchronized using PTP, connected via crossover cat5)
DUT running PREEMPT RT 4.9.40-rt30
Using i210 NIC
Look at time of arrival compared to expected arrival
Compares 2 modes, sw triggered tx-time (set a timer, send a frame) and HW
triggered tx.
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 15 / 23
19. so txtime results
plain preempt rt @1ms so txtime @1ms txtime @ 250 us
min: 19 408 ns 472 ns 472 ns
max: 75 560 ns 568 ns 576 ns
pk-pk: 56 152 ns 96 ns 104 ns
mean: 32 928 ns 507.23 ns 507.36 ns
stddev: 6 514.709 13.10849 15.07144
count: 600 000 600 000 2400000
Results from R. Cochrane. 10min testrun, times are delta from expected arrival time for frames, all values positive (e.g. no frames arrived earlier than specified)
obtained from https: // lkml. org/ lkml/ 2017/ 9/ 18/ 76
Note: a 2m Cat5-cable has a 10ns propagation delay.
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 16 / 23
20. Credit Based Shaper
Authors: Andre Guedes, Ivan Briano, Jesus Sanchez-Palencia and Vinicius
Gomes (Intel)
Currently on v9 (based on netdev-next)
https://www.spinics.net/lists/netdev/msg460869.html
Solving constant bandwidth (“classic AVB”)
Implemented as a Qdisc scheduler and an update to i210 driver (via
.ndo setup tc)
Uses mqprio as root qdisc
Use tc to assign a pcp to a hw-queue
Tie sch cbs to each queue afterwards and specify cbs parameters
A socket with a given priority will be handled by this scheduler.
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 17 / 23
21. cbs hw offload
# Create 4 s e p a r a t e queues
tc q d i s c r e p l a c e dev eth2 parent root mqprio num tc 4
map 3 3 1 0 2 2 2 2 2 2 2 2 2 2 2 2 queues 1@0 1@1 1@2 1@3 hw 0
tc −g c l a s s show dev eth2
+−−−(8008: f f e 3 ) mqprio
| +−−−(8008:4) mqprio # Tx−3
|
+−−−(8008: f f e 2 ) mqprio
| +−−−(8008:3) mqprio # Tx−2
|
+−−−(8008: f f e 1 ) mqprio
| +−−−(8008:2) mqprio # Tx−1, have CBS and time−t r i g g e r e d launch
|
+−−−(8008: f f e 0 ) mqprio
+−−−(8008:1) mqprio # Tx−0, have CBS and time−t r i g g e r e d launch
tc q d i s c add dev eth2 parent 8008:1 cbs i d l e s l o p e 20000 s e n d s l o p e −980000
h i c r e d i t 30 l o c r e d i t −1470 o f f l o a d 1
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 18 / 23
22. /∗
∗ e x c e r p t from t s n t a l k e r
∗ Published by Guedes et . al , i n t e l 2017
∗
∗ h t t p s ://www. s p i n i c s . net / l i s t s / netdev /msg460869 . html
∗/
i n t send cbs ( void )
{
i n t fd , p r i o =3;
/∗ open socket and i n i t , removed f o r b r e v i t y ∗/
fd = socket (AF PACKET, SOCK DGRAM, htons (ETH P TSN ) ) ;
s e t s o c k o p t ( fd , SOL SOCKET , SO PRIORITY , &p r i o r i t y ,
s i z e o f ( p r i o r i t y ) ) ;
sendto ( fd , data , s i z e , 0 , s i z e , &addr , s i z e o f ( addr ) ) ;
c l o s e ( fd ) ;
}
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 19 / 23
23. Testing sch cbs (not up to scientific standards!)
Guedes et. al provided a set of scripts to test scheduler (tsn listener and tsn talker), that has
been slightly modified for the tests.
Device under Test:
old core2duo, 1.8GHz, 8GB, 7200rpm disk, running Linux v4.14-rc4 (netdev-next)
Intel i210 PCI-e NIC
chrt --fifo 50 ./tsn talker -i eth2 -d 14:da:e9:2b:0a:c1 -s1250 -p3
Generated load using “make -j16 all” of a Linux kernel
Receiver:
Intel i7 2700k, 16GB, Intel 82579V (e1000e), ssd, debian stable (linux v 3.16.0)
2 switches between (no vlan)
added tagging of trace marker to tsn listener
time sudo taskset -c 1 chrt --fifo 50 ./tsn listener -i eth2 -s 1250 -t
irq for eth2 bound to core 0
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 20 / 23
26. Future work
Better evaluation of sch cbs (my test was horrible)
Doing a “CBS-like” qdisc based on so txtime
Get merged into the kernel, they both serve a purpose
Accurate load measurements
Adapting the old tsn-driver to connect alsa to this
Henrik Austad (Cisco) TSN and Linux Prague, Oct 25, 2017 23 / 23