P4 for Custom Identification, Flow Tagging, Monitoring and ControlOpen-NFP
This tutorial will show the use of P4 on an Agilio CX intelligent server adapter (ISA) to enable identification and custom tagging for the rerouting of elastic traffic within a telecoms data center for virtualized compute nodes. The identification is done using real time dynamic measurements of flows on the ISA. Real time dynamic measurement of flows on the ISA is critical for cloud centric service models and service automation. Enabling applications such as security, root cause analysis, big data analytics, and traffic engineering to adjust the depth and complexity of flow monitoring could enable a new wave of sophisticated features and opportunities. The purpose of the talk is to illustrate how these types of applications would benefit from a P4 framework through utilizing P4 interfaces for advanced and customized flow measurements.
Nic Viljoen
Software Engineer
Nic Viljoen is a Software Engineer at Netronome, focusing on the enablement of real time analytics at the compute node in the data plane using intelligent server adapters. He is currently collaborating with the CORD project at ON.Lab to apply this within the context of the next generation mobile edge network (MCORD). Nic spent four years at the University of Cambridge where he received his undergraduate degree and an MEng in Information Engineering, focusing on Causality and Machine Learning.
Accelerating Networked Applications with Flexible Packet ProcessingOpen-NFP
The recent surge of network I/O performance has put enormous pressure on memory and software I/O processing subsystems for many cloud and data center applications, such as key-value stores and real-time analytics frameworks. A major reason for the high memory and processing overheads is the inefficient use of these resources by network interface cards. Offloading functionality to a programmable NIC can help, but what to offload needs to be carefully chosen.
This presentation will cover a number of reusable offloading mechanisms that can help data center software processing efficiency. It will show how to implement these mechanisms in the P4 programming language and discuss their efficiency using experiments run on the Netronome Agilio-CX NIC.
Stacks and Layers: Integrating P4, C, OVS and OpenStackOpen-NFP
This document discusses integrating programmable packet processing (P4), traditional software (C), and hardware acceleration using Agilio SmartNICs with OpenStack networking. It reviews traditional OpenStack networking options and their performance issues. It then discusses how P4, C extensions, and SmartNICs can provide flexible, high-performance networking by offloading or extending the OpenStack networking datapaths like OVS and Contrail vRouter. Examples are provided of running P4/C firmware on the SmartNIC to implement a virtual switch or extending existing software. Integration with OpenStack and implications are discussed throughout.
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server AdaptersOpen-NFP
Commodity servers equipped with intelligent server adapters (ISAs) are being used as platforms for Network Functions Virtualization (NFV). The network traffic processing required by a specific use case is frequently expressed by forming a chain of Virtual Network Functions (VNFs). This demonstration illustrates that VNFs in the chain can be hosted on the server CPU or on the ISA. It furthermore illustrates that VNFs can be decomposed into components called Micro-VNFs, with the components again being hosted on the server CPU and/or the ISA. A P4 program (compiled to native code running on the ISA) defines the overall semantics of the datapath within an ISA equipped server and expresses how VNFs and Micro-VNFs should be composed within this platform. We show how mechanisms like tunnels and service headers programmed using P4 are employed to establish the VNF service chain across multiple network nodes.
David George
Lead Engineer, Netronome
David George is a lead engineer on the Netronome SDK team and is primarily responsible for Netronome's P4 data plane. He has previously been worked on the SDK simulator and x86 data plane components. He holds a Masters of Electrical Engineering from the University of Cape Town.
Transparent eBPF Offload: Playing Nice with the Linux KernelOpen-NFP
Netronome is developing transparent kernel acceleration based on XDP and BPF. This allows bytecode intended for kernel applications to be directly offloaded using the upstreamed nfp_bpf_jit. The talk will focus on the basics of getting an XDP environment up and running, a couple of use cases and a simple demo of Netronome’s BPF offload in action.
The Paxos protocol is the foundation for building many fault-tolerant distributed systems and services. Given the importance of Paxos, and performance improvements to the protocol would have a significant impact on data-center infrastructure. We argue that implementing Paxos in network devices would significantly improve its performance. This talk describes an implementation of Paxos in P4, as well as our on-going efforts to evaluate the implementation on Netronome intelligent server adapters. Implementing Paxos provides a critical use case for P4, and will help drive the requirements for data plane languages in general. In the long term, we imagine that consensus could someday be offered as a network service.
Huynh Tu Dang
Italian University of Switzerland
Huynh Tu Dang is a second-year Ph.D. student in the Faculty of Informatics at Università della Svizzera Italiana. His research focuses on fault-tolerant distributed systems and application of software-defined networking (SDN). Previously, he worked as a research assistant at Ho Chi Minh International University and was an intern at INRIA, Nice-Sophia Antipolis on BtrPlace project. He received his Bachelor's degree from the School of Computer Science and Engineering at Ho Chi Minh International University.
Data Plane and VNF Acceleration Mini Summit Open-NFP
This event will deliver technical sessions related to the acceleration of server-based networking data planes and VNFs using SmartNIC hardware within the framework of the NFVi and orchestration components in the OPNFV Danube software platform. Virtual switching data planes using Open vSwitch (OVS) and FD.IO (with VPP) will be discussed and offload architectures for such data planes into SmartNIC platforms will be presented. Extension of such data planes for VNF specific requirements utilizing micro-VNF sandbox functions utilizing P4 and/or C language programming will be presented and discussed. Early work defining VNF acceleration architectures and APIs for SmartNIC-accelerated data planes and VNF sandbox extensions will be presented and discussed, followed by a proposal to create a collaborative project to complete the definition of such an API within the frameworks of OPNFV and ETSI. In addition, a proposal for a Pharos community lab related VNF acceleration will be put forward by the Open-NFP organization.
OpenContrail, Real Speed: Offloading vRouterOpen-NFP
The OpenContrail project aims to produce an open-source platform that delivers high performance software-defined networking while integrating cleanly with existing networking equipment. Netronome has added support for transparent hardware acceleration of OpenContrail's vRouter dataplane using Agilio hardware. This talk discusses the architecture of the system as well as the components we hope to open up to the broader community. We will discuss how to support transparent offload in the context of a split dataplane as well as provisioning of NFP resources required to produce a performant solution.
P4 for Custom Identification, Flow Tagging, Monitoring and ControlOpen-NFP
This tutorial will show the use of P4 on an Agilio CX intelligent server adapter (ISA) to enable identification and custom tagging for the rerouting of elastic traffic within a telecoms data center for virtualized compute nodes. The identification is done using real time dynamic measurements of flows on the ISA. Real time dynamic measurement of flows on the ISA is critical for cloud centric service models and service automation. Enabling applications such as security, root cause analysis, big data analytics, and traffic engineering to adjust the depth and complexity of flow monitoring could enable a new wave of sophisticated features and opportunities. The purpose of the talk is to illustrate how these types of applications would benefit from a P4 framework through utilizing P4 interfaces for advanced and customized flow measurements.
Nic Viljoen
Software Engineer
Nic Viljoen is a Software Engineer at Netronome, focusing on the enablement of real time analytics at the compute node in the data plane using intelligent server adapters. He is currently collaborating with the CORD project at ON.Lab to apply this within the context of the next generation mobile edge network (MCORD). Nic spent four years at the University of Cambridge where he received his undergraduate degree and an MEng in Information Engineering, focusing on Causality and Machine Learning.
Accelerating Networked Applications with Flexible Packet ProcessingOpen-NFP
The recent surge of network I/O performance has put enormous pressure on memory and software I/O processing subsystems for many cloud and data center applications, such as key-value stores and real-time analytics frameworks. A major reason for the high memory and processing overheads is the inefficient use of these resources by network interface cards. Offloading functionality to a programmable NIC can help, but what to offload needs to be carefully chosen.
This presentation will cover a number of reusable offloading mechanisms that can help data center software processing efficiency. It will show how to implement these mechanisms in the P4 programming language and discuss their efficiency using experiments run on the Netronome Agilio-CX NIC.
Stacks and Layers: Integrating P4, C, OVS and OpenStackOpen-NFP
This document discusses integrating programmable packet processing (P4), traditional software (C), and hardware acceleration using Agilio SmartNICs with OpenStack networking. It reviews traditional OpenStack networking options and their performance issues. It then discusses how P4, C extensions, and SmartNICs can provide flexible, high-performance networking by offloading or extending the OpenStack networking datapaths like OVS and Contrail vRouter. Examples are provided of running P4/C firmware on the SmartNIC to implement a virtual switch or extending existing software. Integration with OpenStack and implications are discussed throughout.
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server AdaptersOpen-NFP
Commodity servers equipped with intelligent server adapters (ISAs) are being used as platforms for Network Functions Virtualization (NFV). The network traffic processing required by a specific use case is frequently expressed by forming a chain of Virtual Network Functions (VNFs). This demonstration illustrates that VNFs in the chain can be hosted on the server CPU or on the ISA. It furthermore illustrates that VNFs can be decomposed into components called Micro-VNFs, with the components again being hosted on the server CPU and/or the ISA. A P4 program (compiled to native code running on the ISA) defines the overall semantics of the datapath within an ISA equipped server and expresses how VNFs and Micro-VNFs should be composed within this platform. We show how mechanisms like tunnels and service headers programmed using P4 are employed to establish the VNF service chain across multiple network nodes.
David George
Lead Engineer, Netronome
David George is a lead engineer on the Netronome SDK team and is primarily responsible for Netronome's P4 data plane. He has previously been worked on the SDK simulator and x86 data plane components. He holds a Masters of Electrical Engineering from the University of Cape Town.
Transparent eBPF Offload: Playing Nice with the Linux KernelOpen-NFP
Netronome is developing transparent kernel acceleration based on XDP and BPF. This allows bytecode intended for kernel applications to be directly offloaded using the upstreamed nfp_bpf_jit. The talk will focus on the basics of getting an XDP environment up and running, a couple of use cases and a simple demo of Netronome’s BPF offload in action.
The Paxos protocol is the foundation for building many fault-tolerant distributed systems and services. Given the importance of Paxos, and performance improvements to the protocol would have a significant impact on data-center infrastructure. We argue that implementing Paxos in network devices would significantly improve its performance. This talk describes an implementation of Paxos in P4, as well as our on-going efforts to evaluate the implementation on Netronome intelligent server adapters. Implementing Paxos provides a critical use case for P4, and will help drive the requirements for data plane languages in general. In the long term, we imagine that consensus could someday be offered as a network service.
Huynh Tu Dang
Italian University of Switzerland
Huynh Tu Dang is a second-year Ph.D. student in the Faculty of Informatics at Università della Svizzera Italiana. His research focuses on fault-tolerant distributed systems and application of software-defined networking (SDN). Previously, he worked as a research assistant at Ho Chi Minh International University and was an intern at INRIA, Nice-Sophia Antipolis on BtrPlace project. He received his Bachelor's degree from the School of Computer Science and Engineering at Ho Chi Minh International University.
Data Plane and VNF Acceleration Mini Summit Open-NFP
This event will deliver technical sessions related to the acceleration of server-based networking data planes and VNFs using SmartNIC hardware within the framework of the NFVi and orchestration components in the OPNFV Danube software platform. Virtual switching data planes using Open vSwitch (OVS) and FD.IO (with VPP) will be discussed and offload architectures for such data planes into SmartNIC platforms will be presented. Extension of such data planes for VNF specific requirements utilizing micro-VNF sandbox functions utilizing P4 and/or C language programming will be presented and discussed. Early work defining VNF acceleration architectures and APIs for SmartNIC-accelerated data planes and VNF sandbox extensions will be presented and discussed, followed by a proposal to create a collaborative project to complete the definition of such an API within the frameworks of OPNFV and ETSI. In addition, a proposal for a Pharos community lab related VNF acceleration will be put forward by the Open-NFP organization.
OpenContrail, Real Speed: Offloading vRouterOpen-NFP
The OpenContrail project aims to produce an open-source platform that delivers high performance software-defined networking while integrating cleanly with existing networking equipment. Netronome has added support for transparent hardware acceleration of OpenContrail's vRouter dataplane using Agilio hardware. This talk discusses the architecture of the system as well as the components we hope to open up to the broader community. We will discuss how to support transparent offload in the context of a split dataplane as well as provisioning of NFP resources required to produce a performant solution.
This presentation will cover the basics of performance testing. Configuring systems correctly is essential to characterizing the performance of SmartNICs. The configuration of BIOS, CPU allocation, OS and VM parameters will be covered. Also, choices of traffic generators and typical test topologies will be described.
Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...Open-NFP
o protect the privacy of sensitive application data, we encrypt it before sending it over networks. However, we do not treat sensitive information about the network in the same way. Instead, headers are sent in plain text and leak sensitive information about the network – especially valid host addresses, type of service markings. In our research, we are developing a protocol to also encrypt Layer 3 headers. Using P4, we are able to rapidly stand up and prototype our proposed solution in real code running across real devices. In this webinar, I will introduce our approach and how we used and extended P4 functionality to stand up a prototype.
Mark Matties
The Johns Hopkins University Applied Physics Lab
Mark Matties is the Chief Scientist in the Communication and Networking Systems group at JHU APL, where he develops and evaluates SDN solutions to improve network security and performance. He holds a B.S. in Chemistry and a Ph.D. in Polymer Science and has worked for over 20 years in computing, networking, and security.
Network Measurement with P4 and C on Netronome AgilioOpen-NFP
Network measurement has been playing a crucial role in network operations since it cannot only detect the anomalies, but also facilitate traffic engineering. With the recent development of P4 language, network measurement is one of the data plane applications that can benefit from the programmability enabled by P4. However, P4 does not support general purpose language structures such as for-loop, and the if-statement can only be used in its control block, and it has only a limited set of primitive actions. Hence, the current P4 has its limitations to support complicated measurement functions. In this webinar, we implement and evaluate the Count-Min sketch (used for heavy hitter detection) using the combination of P4 and C on a Netronome NFP NIC. We plan to demonstrate the flexibility and performance of the design and the C plug-in feature of Netronome NFP.
LF_DPDK17_GRO/GSO Libraries: Bring Significant Performance Gains to DPDK-base...LF_DPDK
This document provides an overview of GRO and GSO in DPDK. It discusses how GRO and GSO can be used to reduce packet processing overheads by merging or splitting packets. It describes the GRO and GSO algorithms used in DPDK to handle packets in a lightweight manner. It also outlines an experiment that shows the performance improvements of DPDK GRO and GSO compared to no offloading or Linux offloading.
LF_DPDK17_Accelerating P4-based Dataplane with DPDKLF_DPDK
This document discusses accelerating P4-based data planes using DPDK with BMv2. It presents BMAcc, which leverages DPDK for faster packet I/O compared to BMv2. BMAcc applies optimizations like removing redundant memory copies and using multithreading. Evaluation shows BMAcc achieves line rate performance and outperforms BMv2, especially for small packets. Further optimizations are needed to address parser impact on 64-byte packets. BMAcc is a practical approach for high performance P4 data planes on multicore platforms.
This work presents a P4 compiler backend targeting XDP, the eXpress Data Path. P4 is a domain-specific language describing how packets are processed by the data plane of a programmable network elements. XDP is designed for users who want programmability as well as performance.
https://github.com/williamtu/p4c-xdp/
This document provides an overview of the NCTU P4 Workshop. It discusses:
- The P4 programming language which allows specifying how switches process packets in a protocol-independent and target-independent way.
- Key concepts in P4 including headers, parsers, tables, actions, and the control flow.
- An example P4 architecture and how to define headers, parsers, tables, and the control flow.
- How to get started with P4 including setting up the behavioral model compiler and runtime environment and using Mininet to test P4 programs.
- A quick demo of a simple P4 program that uses a custom header to implement path routing and can be configured via the runtime
As containers are being deployed as part of multi tenant clusters, virtual multi layer switches become essential to interconnect containers while providing isolation guarantees. Assigning tenants their own private networks requires stateful network address translation (NAT) implemented in a scalable architecture to expose containers to public networks. Existing virtual switches integrated into the Linux kernel did not support stateful NAT so far. This presentation introduces a new virtual NAT service deployable as container built using existing kernel functionality such as network namespaces, routing rules and Netfilter to provide NAT services to existing virtual switches such as Open vSwitch and the Linux bridge but also the core L3 layer of Linux.
Host Data Plane Acceleration: SmartNIC Deployment ModelsNetronome
SIGCOMM 2018: This tutorial introduces multiple models for host data plane acceleration with SmartNICs, provides a detailed understanding of SmartNIC deployment models at hyperscale cloud vendors and telecom service providers, and introduces various open source resources available for research and product development in this space.
Presenter Bio
Simon focuses on upstream open source activities at Netronome. He is working on allowing offload of OVS offload on the Agilio platform as well as the broader question of how best to enable programming hardware offload in the Linux kernel and other upstream open source projects.
Kathará is a framework that allows easy configuration and deploy of arbitrary virtual networks with for SDN, NFV and traditional routing protocols. All empowered by container technology. This is our presentation from NOMS 2018.
Here is our published paper: https://ieeexplore.ieee.org/abstract/document/8406267/
The Lagopus Router is a modular, open-source software router developed by the Lagopus Project. It is written in C and Golang for high performance packet processing using DPDK. The router has a modular architecture that provides high extensibility for handling network protocols. Current supported protocols include L2, L3, tunneling and IPsec. The goal of the project is to develop an open-source, high performance software router that supports many protocols and can be customized for various network functions and services.
The Mellanox PMD allows DPDK applications to directly access Mellanox NICs using the Raw Ethernet Accelerated Verbs API from libibverbs. It provides a fast data path while the kernel still controls the NIC and handles the control plane. Unlike other PMDs, the Mellanox PMD is a separate userspace application. Multiple DPDK applications can also run on a single Mellanox device and steer traffic between each other and the kernel without needing SR-IOV.
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondAnne Nicolas
Berkeley Packet Filter is an old friend for most people that deal with network under Linux. But its extended version eBPF is completely redefining the scope of usage and interaction with the kernel. It can indeed be used to instrument most parts of the kernel. This goes from network tracing to process or I/O monitoring.
This talk will provide an overview of eBPF, from concept to tools like BCC. It will then focus on XDP for eXtreme Data Path and the possible applications in term of networking provided by this new framework.
Eric Leblond, Stamus Network
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
FirewallD provides firewall management as a service in RHEL 7, abstracting policy definition and handling configuration. The kernel includes new filtering capabilities like connection tracking targets and extended accounting. Nftables, a new packet filtering subsystem to eventually replace iptables, uses a state machine-based approach with unified nft user interface.
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
Container runtimes cause Linux to return to its original purpose: to serve applications interacting directly with the kernel. At the same time, the Linux kernel is traditionally difficult to change and its development process is full of myths. A new efficient in-kernel programming language called eBPF is changing this and allows everyone to extend existing kernel components or glue them together in new forms without requiring to change the kernel itself.
Cilium - Fast IPv6 Container Networking with BPF and XDPThomas Graf
We present a new open source project which provides IPv6 networking for Linux Containers by generating programs for each individual container on the fly and then runs them as JITed BPF code in the kernel. By generating and compiling the code, the program is reduced to the minimally required feature set and then heavily optimised by the compiler as parameters become plain variables. The upcoming addition of the Express Data Plane (XDP) to the kernel will make this approach even more efficient as the programs will get invoked directly from the network driver.
This document discusses power aware packet processing and moving DPDK towards more energy efficient operation. It describes how network traffic patterns can be mapped to power usage, and outlines considerations for evaluating energy efficiency like latency, loss, energy, and power state. The document then discusses DPDK's out of the box frequency management capabilities and how scaling core frequencies can save power while matching platform energy to network load. It proposes monitoring traffic to quickly scale performance up or down through frequency adjustments in response to network demand changes.
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...Netronome
From the Infra//Structure Conference May 2019 by Ron Renwick of Netronome
Disaggregation a Primer:
Optimizing design for Edge Cloud & Bare Metal applications
Hyperscalers and Edge Cloud providers have recognized economic value of disaggregated infrastructure. Netronome Agilio SmartNICs enable disaggregated architectures to perform with up to 30x lower tail latency while encrypting every session using KTLS security.
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...Puppet
Here are the slides from Rick Sherman's PuppetConf 2016 presentation called Why Network Automation Matters, and What You Can Do About It. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
This presentation will cover the basics of performance testing. Configuring systems correctly is essential to characterizing the performance of SmartNICs. The configuration of BIOS, CPU allocation, OS and VM parameters will be covered. Also, choices of traffic generators and typical test topologies will be described.
Protecting the Privacy of the Network – Using P4 to Prototype and Extend Netw...Open-NFP
o protect the privacy of sensitive application data, we encrypt it before sending it over networks. However, we do not treat sensitive information about the network in the same way. Instead, headers are sent in plain text and leak sensitive information about the network – especially valid host addresses, type of service markings. In our research, we are developing a protocol to also encrypt Layer 3 headers. Using P4, we are able to rapidly stand up and prototype our proposed solution in real code running across real devices. In this webinar, I will introduce our approach and how we used and extended P4 functionality to stand up a prototype.
Mark Matties
The Johns Hopkins University Applied Physics Lab
Mark Matties is the Chief Scientist in the Communication and Networking Systems group at JHU APL, where he develops and evaluates SDN solutions to improve network security and performance. He holds a B.S. in Chemistry and a Ph.D. in Polymer Science and has worked for over 20 years in computing, networking, and security.
Network Measurement with P4 and C on Netronome AgilioOpen-NFP
Network measurement has been playing a crucial role in network operations since it cannot only detect the anomalies, but also facilitate traffic engineering. With the recent development of P4 language, network measurement is one of the data plane applications that can benefit from the programmability enabled by P4. However, P4 does not support general purpose language structures such as for-loop, and the if-statement can only be used in its control block, and it has only a limited set of primitive actions. Hence, the current P4 has its limitations to support complicated measurement functions. In this webinar, we implement and evaluate the Count-Min sketch (used for heavy hitter detection) using the combination of P4 and C on a Netronome NFP NIC. We plan to demonstrate the flexibility and performance of the design and the C plug-in feature of Netronome NFP.
LF_DPDK17_GRO/GSO Libraries: Bring Significant Performance Gains to DPDK-base...LF_DPDK
This document provides an overview of GRO and GSO in DPDK. It discusses how GRO and GSO can be used to reduce packet processing overheads by merging or splitting packets. It describes the GRO and GSO algorithms used in DPDK to handle packets in a lightweight manner. It also outlines an experiment that shows the performance improvements of DPDK GRO and GSO compared to no offloading or Linux offloading.
LF_DPDK17_Accelerating P4-based Dataplane with DPDKLF_DPDK
This document discusses accelerating P4-based data planes using DPDK with BMv2. It presents BMAcc, which leverages DPDK for faster packet I/O compared to BMv2. BMAcc applies optimizations like removing redundant memory copies and using multithreading. Evaluation shows BMAcc achieves line rate performance and outperforms BMv2, especially for small packets. Further optimizations are needed to address parser impact on 64-byte packets. BMAcc is a practical approach for high performance P4 data planes on multicore platforms.
This work presents a P4 compiler backend targeting XDP, the eXpress Data Path. P4 is a domain-specific language describing how packets are processed by the data plane of a programmable network elements. XDP is designed for users who want programmability as well as performance.
https://github.com/williamtu/p4c-xdp/
This document provides an overview of the NCTU P4 Workshop. It discusses:
- The P4 programming language which allows specifying how switches process packets in a protocol-independent and target-independent way.
- Key concepts in P4 including headers, parsers, tables, actions, and the control flow.
- An example P4 architecture and how to define headers, parsers, tables, and the control flow.
- How to get started with P4 including setting up the behavioral model compiler and runtime environment and using Mininet to test P4 programs.
- A quick demo of a simple P4 program that uses a custom header to implement path routing and can be configured via the runtime
As containers are being deployed as part of multi tenant clusters, virtual multi layer switches become essential to interconnect containers while providing isolation guarantees. Assigning tenants their own private networks requires stateful network address translation (NAT) implemented in a scalable architecture to expose containers to public networks. Existing virtual switches integrated into the Linux kernel did not support stateful NAT so far. This presentation introduces a new virtual NAT service deployable as container built using existing kernel functionality such as network namespaces, routing rules and Netfilter to provide NAT services to existing virtual switches such as Open vSwitch and the Linux bridge but also the core L3 layer of Linux.
Host Data Plane Acceleration: SmartNIC Deployment ModelsNetronome
SIGCOMM 2018: This tutorial introduces multiple models for host data plane acceleration with SmartNICs, provides a detailed understanding of SmartNIC deployment models at hyperscale cloud vendors and telecom service providers, and introduces various open source resources available for research and product development in this space.
Presenter Bio
Simon focuses on upstream open source activities at Netronome. He is working on allowing offload of OVS offload on the Agilio platform as well as the broader question of how best to enable programming hardware offload in the Linux kernel and other upstream open source projects.
Kathará is a framework that allows easy configuration and deploy of arbitrary virtual networks with for SDN, NFV and traditional routing protocols. All empowered by container technology. This is our presentation from NOMS 2018.
Here is our published paper: https://ieeexplore.ieee.org/abstract/document/8406267/
The Lagopus Router is a modular, open-source software router developed by the Lagopus Project. It is written in C and Golang for high performance packet processing using DPDK. The router has a modular architecture that provides high extensibility for handling network protocols. Current supported protocols include L2, L3, tunneling and IPsec. The goal of the project is to develop an open-source, high performance software router that supports many protocols and can be customized for various network functions and services.
The Mellanox PMD allows DPDK applications to directly access Mellanox NICs using the Raw Ethernet Accelerated Verbs API from libibverbs. It provides a fast data path while the kernel still controls the NIC and handles the control plane. Unlike other PMDs, the Mellanox PMD is a separate userspace application. Multiple DPDK applications can also run on a single Mellanox device and steer traffic between each other and the kernel without needing SR-IOV.
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondAnne Nicolas
Berkeley Packet Filter is an old friend for most people that deal with network under Linux. But its extended version eBPF is completely redefining the scope of usage and interaction with the kernel. It can indeed be used to instrument most parts of the kernel. This goes from network tracing to process or I/O monitoring.
This talk will provide an overview of eBPF, from concept to tools like BCC. It will then focus on XDP for eXtreme Data Path and the possible applications in term of networking provided by this new framework.
Eric Leblond, Stamus Network
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
FirewallD provides firewall management as a service in RHEL 7, abstracting policy definition and handling configuration. The kernel includes new filtering capabilities like connection tracking targets and extended accounting. Nftables, a new packet filtering subsystem to eventually replace iptables, uses a state machine-based approach with unified nft user interface.
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
Container runtimes cause Linux to return to its original purpose: to serve applications interacting directly with the kernel. At the same time, the Linux kernel is traditionally difficult to change and its development process is full of myths. A new efficient in-kernel programming language called eBPF is changing this and allows everyone to extend existing kernel components or glue them together in new forms without requiring to change the kernel itself.
Cilium - Fast IPv6 Container Networking with BPF and XDPThomas Graf
We present a new open source project which provides IPv6 networking for Linux Containers by generating programs for each individual container on the fly and then runs them as JITed BPF code in the kernel. By generating and compiling the code, the program is reduced to the minimally required feature set and then heavily optimised by the compiler as parameters become plain variables. The upcoming addition of the Express Data Plane (XDP) to the kernel will make this approach even more efficient as the programs will get invoked directly from the network driver.
This document discusses power aware packet processing and moving DPDK towards more energy efficient operation. It describes how network traffic patterns can be mapped to power usage, and outlines considerations for evaluating energy efficiency like latency, loss, energy, and power state. The document then discusses DPDK's out of the box frequency management capabilities and how scaling core frequencies can save power while matching platform energy to network load. It proposes monitoring traffic to quickly scale performance up or down through frequency adjustments in response to network demand changes.
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...Netronome
From the Infra//Structure Conference May 2019 by Ron Renwick of Netronome
Disaggregation a Primer:
Optimizing design for Edge Cloud & Bare Metal applications
Hyperscalers and Edge Cloud providers have recognized economic value of disaggregated infrastructure. Netronome Agilio SmartNICs enable disaggregated architectures to perform with up to 30x lower tail latency while encrypting every session using KTLS security.
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...Puppet
Here are the slides from Rick Sherman's PuppetConf 2016 presentation called Why Network Automation Matters, and What You Can Do About It. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
1. The document discusses building a small data center network for Dyn, focusing on lessons learned from two design iterations.
2. The first design used MPLS VPNs but had issues with routing and IPv6 support. The second design used virtual routing and forwarding with multiple routing tables to separate traffic and improve service mobility.
3. Key lessons included validating designs before deploying, automating network operations, and moving security policies to instances rather than the network to improve agility and isolate impacts.
OVNC 2015-Software-Defined Networking: Where Are We Today?NAIM Networks, Inc.
[Open & Virtual Networking Conference 2015]
- Software-Defined Networking: Where Are We Today? (VMware Guido Appenzeller 네트워크 및 보안 부문 최고 기술전략책임자(CTSO))
- 2015.02.05 (목) 09:10~17:50
- 양재동 엘타워
The document provides an overview of adding IEEE 802.15.4 and 6LoWPAN support to an embedded Linux device. It discusses the motivation, including the header size problem in IEEE 802.15.4 frames and how 6LoWPAN addresses this. It then describes the Linux-wpan project, supported hardware, configuration tools, and communication with RIOT and Contiki operating systems.
George Grey, CEO of Linaro, discusses Linaro's mission of leading collaboration in the ARM ecosystem. He outlines trends like ARM expanding from mobile into other areas like sensors and data centers. Linaro's focus is on building shared open source software platforms to enable cross-vendor support and security updates. Future plans include reference platforms for IoT devices, gateways and digital homes to help products "just work" together and receive long term support.
LAS16-100K1: Welcome Keynote
Speakers: George Grey
Date: September 26, 2016
★ Session Description ★
George Grey, CEO of Linaro will welcome attendees to the conference and give an update on the latest projects taking place at Linaro.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-100k1
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-100k1/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
Internet Of Things: Hands on: YOW! nightAndy Gelme
Introduction to the Internet Of Things ... using the MeshThing hardware running Contiki mesh-networking software for IPv6 / 6LoWPAN. Also, Daryl Wilding McBride (@darylwmcb) covers building a quadcopter for the Outback Joe competition.
The document discusses running IEEE 802.15.4 low-power wireless networks under Linux. It describes the linux-wpan project, which provides native support for 802.15.4 radio devices and the 6LoWPAN standard in the Linux kernel. It also discusses the wpan-tools userspace utilities. The document outlines how to set up basic communication between Linux, RIOT and Contiki operating systems for IoT devices using the virtual loopback driver or USB dongles. It also covers link layer security, IPv6 routing protocols like RPL, and areas for future work such as mesh networking support.
1. Open Ethernet is an alternative to closed network solutions that allows users to choose their switch hardware, operating system, and software stack.
2. It enables freedom of choice, lower costs through scale, and a diversity of solutions through open source development.
3. Mellanox is leading the generation of Open Ethernet through its SwitchX silicon and open Ethernet switch portfolio that supports open operating systems and software defined networking.
This document provides an introduction to software-defined networking (SDN) concepts. It defines SDN as separating the control plane and data plane in network devices to make network implementation, scalability, and management easier. The document discusses SDN architectures using OpenFlow to define communication between the control and forwarding layers. It also covers SDN implementations using overlays like VXLAN and challenges around SDN protocols, scalability, and performance.
IBC2022 IPShowcase: Tips for Media-over-IP Network DesignKoji Oyama
This presentation provides you the design flow and some common pitfalls when broadcast network engineers consider their Media-over IP (MoIP) network architecture and configure its network switches. In addition to the essential technology such as VLAN, VRF, IGMP, PIM, and OSPF I introduced at the NAB 2022 IPShowcase, you can also know how to verity the network design, some issues that have happened in the design so far, and some key points you should be careful about your logical design.
This document provides an introduction to software defined networking (SDN). It discusses the history and disadvantages of traditional networking approaches. SDN aims to address these issues by separating the network control and forwarding functions, and enabling programmability of the network. The key components of an SDN architecture are described, including the OpenFlow protocol for communication between the control plane and data plane. Several SDN controllers and their programming languages are also mentioned. The document concludes with the objectives of running an SDN demonstration lab using Mininet to experiment with OpenFlow and SDN controllers like Ryu.
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITOpenStack
Audience: Advanced
About: Real world lessons and war stories about Catalyst IT’s experience in rolling out an OpenStack based public cloud in New Zealand.
This presentation will provide tips and advice that may save you a lot of time, money and nights of sleep if you are planning to run OpenStack in the future. It may also bring some insights to people that are already running OpenStack in production.
Topics covered will include: selection of hardware for optimal costs, techniques that drive quality and service levels up, common deployment mistakes, in place upgrades, how to identify the maturity level of each project and decide what is ready for production, and much more!
Speaker Bio: Bruno Lago – Entrepreneur, Catalyst IT Limited
Bruno Lago is a solutions architect that has been involved with the Catalyst Cloud (New Zealand’s first public cloud based on OpenStack) from its inception. He is passionate about open source software, cloud computing and disruptive technologies.
OpenStack Australia Day - Sydney 2016
https://events.aptira.com/openstack-australia-day-sydney-2016/
This document provides a summary of a meeting about CUDA parallel programming and gaming:
- The meeting covered topics like Nvidia news from CES, the Jetson TK1 board, parallel programming experience with CUDA, and announcements about upcoming meetups.
- Attendees learned about using the Jetson TK1 for projects involving drones, computer vision, and 3D printing. Demonstrations showed the Parrot drone working with the Jetson TK1.
- Resources were shared for installing CUDA and OpenCV on the Jetson TK1 along with links to documentation and tutorials. Questions were taken about potential research projects using the Jetson TK1.
OSDC 2014: Nat Morris - Open Network Install EnvironmentNETWAYS
ONIE defines an open source “install environment” that runs on this management subsystem utilizing facilities in a Linux/BusyBox environment. This environment allows end-users and channel partners to install the target network OS as part of data center provisioning, in the fashion that servers are provisioned.
ONIE enables switch hardware suppliers, distributors and resellers to manage their operations based on a small number of hardware SKUs. This in turn creates economies of scale in manufacturing, distribution, stocking, and RMA enabling a thriving ecosystem of both network hardware and operating system alternatives.
1) Google Cloud provides a global infrastructure with regions launching rapidly around the world. Its network is designed for scale and performance without bottlenecks.
2) BigQuery provides petabyte-scale analytics powered by Colossus storage, Capacitor compression, and the high-bandwidth Jupiter network. It can process queries involving trillions of rows in seconds.
3) Google invests heavily in security, offering layers of protection for networks, applications, and data from threats like DDoS attacks. It also has a large partner ecosystem around compliance, privacy, and security.
This document contains the slides for a webinar on Mikrotik RouterOS presented by GLC Networks. The webinar covers an introduction to RouterOS, its features, and a live practice session. It begins with reviewing prerequisite networking knowledge like the OSI model, TCP/IP protocols, routing tables, and network devices. It then introduces Mikrotik as a company and product line, and dives into the features and capabilities of RouterOS. The presentation concludes by advertising GLC Network's training courses and inviting questions.
Similar to Whitebox Switches Deployment Experience (20)
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
Geoff Huston, Chief Scientist at APNIC deliver keynote presentation on the 'Future Evolution of the Internet' at the Everything Open 2024 conference in Gladstone, Australia from 16 to 18 April 2024.
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
Paul Wilson, Director General of APNIC delivers a presentation on IP addressing and IPv6 to the Policymakers Program during IETF 119 in Brisbane Australia from 16 to 22 March 2024.
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
Tom Harrison, Product and Delivery Manager at APNIC presents at the Registration Protocols Extensions working group during IETF 119 in Brisbane, Australia from 16-22 March 2024
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
Che-Hoo Cheng, Senior Director, Development at APNIC presents on the "Benefits of doing Internet peering and running an Internet Exchange (IX)" at the Communications Regulatory Commission of Mongolia's IPv6, IXP, Datacenter - Policy and Regulation International Trends Forum in Ulaanbaatar, Mongolia on 7 March 2024
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
APNIC Senior Advisor, Membership and Policy, Sunny Chendi presented on APNIC updates and RIR Policies for ccTLDs at APTLD 85 in Goa, India from 19-22 February 2024.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
3. Introduction
● What is Open Network or Whitebox in Networking?
○ Whitebox = Bare-metal = Britebox = Open Network
● But still, what is it?
○ Hardware with merchant silicon without software. Same as servers.
● Another cheap and low performance switch range in the market?
○ Yes, they are comparatively cheaper but definitely not low performance
○ All switches are non-blocking
● Who are the vendors?
○ There are many
○ HP, Edgecore/Accton, Dell, Quanta
● What about software to run these switches?
○ Cumulus Linux, PicaOS etc
4. Why?
● Many options to choose from
● Multiple Operating Systems to Bring Out the Best of the Same Box
● Multiple Boxes to Bring out the best from Same Operating System
● Select the Software for your Needs Instead of Replacing Systems
● Select the hardware for your Needs without replacing the Operating System
● End to End Common Hardware/Software
● Unlock New Capabilities of Network Hardware
● Drive Down the Economics with Standardized Hardware
● Capture Fast Moving Merchant Silicon Innovation
● Simplify Support, Sparing, Logistics and Re-use
5. Under the hood
Operating System:
Chassis:
Operating System:
Any Network
Operating System
Open Standard
Hardware
Merchant Silicon
6. Hardware Specs - 10G Switches
Note: Specs taken from respective datasheets
Model Port Density CPU RAM Buffer ASIC
Dell S4048 48x10G SFP+
6x40G QSFP+
Intel x86 (C2338) 2GB 12MB Broadcom Trident II
Accton AS5712 48x10G SFP+
6x40G QSFP+
Intel x86 (C2538) 8GB 12MB Broadcom Trident II
Quanta T3048-LY8 48x10G SFP+
6x40G QSFP+
Intel x86 (C2538) 4GB 12MB Broadcom Trident II
7. Hardware Specs - 40G Switches
Model Port Density CPU RAM Buffer ASIC
Dell S6000 32x40G QSFP+ Intel x86 (S1220) 4GB 12MB Broadcom Trident II
Accton AS6712 32x40G QSFP+ Intel x86 (C2538) 8GB 12MB Broadcom Trident II
Quanta T5032-
LY6
32x40G QSFP+ Intel x86 (C2758) 4GB 12MB Broadcom Trident II
Note: Specs taken from respective datasheets
8. Vendor Selection
● Which vendor is providing better switch?
○ All vendors. Specs are almost similar
● Which hardware vendor should I pick?
○ Your choice. This is the whole idea behind whitebox. ‘Choice’
● Which Network OS should I select?
○ Your choice. Depends upon the functionality you need
○ Not all of them provide all features
○ PicOS and Cumulus both use debian kernel
○ PicOS provide QinQ, Cumulus doesn’t
○ Cumulus provide controller less VXLAN, PicOS doesn’t
○ PicOS CLI is IOS like, Cumulus is pure linux
9. Use Cases
● I’m not Facebook, Google, AWS or any other web scale giant, why should I
care?
○ Because you still need Top of the Rack (ToR) switches and/or Access/Aggregation switches in
your network
○ It’s all about economics, choice, scalability and nothing else
● Will it help me to do something related to SDN?
○ Yes, this is the first step towards something practical in the SDN world but let's not talk about it
○ Start with Software Assisted Networking (SAN)
● Great, where should I deploy?
○ Deploy as ToR in DC or as Access switch or anywhere you like. Start from somewhere
10. First Experience with Open Network Switches
Target: Establish Connectivity between multiple PoPs.
Media: Dark Fibre
Service Offering: Backhaul (Layer 2)
Budget: Challenging (Only because of this we were forced to look into white box
switches)
Project Timelines: Weeks rather months
POC: 4 PoPs
11. Selection of Hardware
Requirement: 24+ x 10G SFP+ ports and 2+ x 40G QSFP+ Ports
Available Options: Many [48x10G SFP+, 6x40G QSFP+] switches available from
different vendors as mentioned on previous slides
Selection Criteria [self imposed]:
● Who can deliver the switches ASAP?
● Who maintains local/regional inventory?
● Who has clueful local SEs?
Hardware Selected: Dell S-4048 ON (purely on above criteria)
12. Selection of Network OS
Requirement: Switch OS [all features required in a switch OS]
Available Options: Cumulus Linux and Pica8 (PicOS)
Selection Criteria [self imposed]:
● Who can provide demo OS?
● Who has some non-DC deployments closer to our scenario?
● Who has clueful local SEs?
NOS Selected: Cumulus Linux
● Cumulus VX available to try and evaluate for free
● An awesome Techfield Day event available on YouTube to understand the structure
● Local SEs available to share some knowledge
20. Design Summary
Ever growing Layer 2 network
Can’t change the existing network design
Achieved the goal by implementing VXLAN
But,
Broke LACP between existing network and 802.1p marking
Troubleshooting nightmare for operations team
22. Conclusion
● Whitebox Switches are good even in enterprise and ISPs as well
● CumulusLinux works well for almost everything you need in a Layer 3 switch
● VXLAN can solve many problems to help declutter layer 2 network. MTU can
be a killer though (50 extra Bytes to accommodate) and it breaks LACP,
LLDP, 802.1p (because of Trident II)
● Linux as switching OS is difficult for operations team to manage but tools like
Ansible are available to make it simple
● Evaluate your problem vs solution before jumping into another band wagon