Datacenter Network Solutions Group

Similar documents
Dataplane Networking journey in Containers

DPDK Summit China 2017

Achieve Low Latency NFV with Openstack*

CPU Pinning and Isolation in Kubernetes*

Are You Insured Against Your Noisy Neighbor Sunku Ranganath, Intel Corporation Sridhar Rao, Spirent Communications

Node Feature Discovery

Ed Warnicke, Cisco. Tomasz Zawadzki, Intel

Kubernetes networking in the telco space

Accelerating NVMe-oF* for VMs with the Storage Performance Development Kit

NFV Platform Service Assurance Intel Infrastructure Management Technologies

Demonstrating Data Plane Performance Improvements using Enhanced Platform Awareness

Agilio CX 2x40GbE with OVS-TC

The speed of containers, the security of VMs

Accelerating NVMe I/Os in Virtual Machine via SPDK vhost* Solution Ziye Yang, Changpeng Liu Senior software Engineer Intel

Data Path acceleration techniques in a NFV world

Intel s Architecture for NFV

MWC 2015 End to End NFV Architecture demo_

INSTALLATION RUNBOOK FOR Netronome Agilio OvS. MOS Version: 8.0 OpenStack Version:

Intel Speed Select Technology Base Frequency - Enhancing Performance

Akraino & Starlingx: a technical overview

Changpeng Liu. Senior Storage Software Engineer. Intel Data Center Group

The Work of Containerized NFV Infrastructure on Arm Platform

Changpeng Liu, Cloud Software Engineer. Piotr Pelpliński, Cloud Software Engineer

Jim Harris. Principal Software Engineer. Intel Data Center Group

NVMe Over Fabrics: Scaling Up With The Storage Performance Development Kit

Jim Harris. Principal Software Engineer. Data Center Group

Akraino & Starlingx: A Technical Overview

CLOUD ARCHITECTURE & PERFORMANCE WORKLOADS. Field Activities

State of OpenShift on Bare Metal

VDPA: VHOST-MDEV AS NEW VHOST PROTOCOL TRANSPORT

Accelerating Contrail vrouter

Leveraging OPNFV test tools beyond the NFV domain. Georg Kunz, Emma Foley & the OPNFV testing community

Reimagining OpenStack*

RIFT.io* and Intel Taking Virtual Network Functions to Hyperscale

Accelerating vrouter Contrail

NFV Infrastructure for Media Data Center Applications

TITANIUM CLOUD VIRTUALIZATION PLATFORM

Red Hat OpenStack Platform 13

WIND RIVER TITANIUM CLOUD FOR TELECOMMUNICATIONS

Software Defined. All The Way with OpenStack. T. R. Bosworth Senior Product Manager SUSE OpenStack Cloud

DEPLOYING NFV: BEST PRACTICES

DPDK Vhost/Virtio Performance Report Release 18.11

DPDK Vhost/Virtio Performance Report Release 18.05

SPDK China Summit Ziye Yang. Senior Software Engineer. Network Platforms Group, Intel Corporation

Agenda. Introduction Network functions virtualization (NFV) promise and mission cloud native approach Where do we want to go with NFV?

DPDK Intel NIC Performance Report Release 18.05

Performance Considerations of Network Functions Virtualization using Containers

CONTAINERS AND MICROSERVICES WITH CONTRAIL

SFQM and Doctor. Keeping My (Telco) Cloud Afloat. Emma Foley, Intel Maryam Tahhan, Intel Carlos Gonçalves, NEC Ryota Mibu, NEC

Building a Platform Optimized for the Network Edge

Container Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center

NFV go-live. Where are my containers? Franck Baudin Sr Principal Product Manager - OpenStack NFV May 9, 2018

Enabling DPDK Accelerated OVS in ODL and Accelerating SFC

KVM as The NFV Hypervisor

Intel Clear Containers. Amy Leeland Program Manager Clear Linux, Clear Containers And Ciao

Cisco Virtualized Infrastructure Manager

DPDK Performance Report Release Test Date: Nov 16 th 2016

Storage Performance Development Kit (SPDK) Daniel Verkamp, Software Engineer

How Container Runtimes matter in Kubernetes?

The speed of containers, the security of VMs. KataContainers.io

A Brief Guide to Virtual Switching Franck Baudin (Red Hat) Billy O Mahony (Intel)

Changpeng Liu. Cloud Storage Software Engineer. Intel Data Center Group

Exploring Cloud Security, Operational Visibility & Elastic Datacenters. Kiran Mohandas Consulting Engineer

DPDK Intel NIC Performance Report Release 17.08

Data and Intelligence in Storage Carol Wilder Intel Corporation

Future of datacenter STORAGE. Carol Wilder, Niels Reimers,

Network Function Virtualization over Open DC/OS Yung-Han Chen

Nova Scheduler: Optimizing, Configuring and Deploying NFV VNF's on OpenStack

Launching StarlingX. The Journey to Drive Compute to the Edge Pilot Project Supported by the OpenStack

K8s(Kubernetes) and SDN for Multi-access Edge Computing deployment

OpenStack Networking: Where to Next?

DPDK Intel NIC Performance Report Release 18.02

Bridging the gap between hardware functionality in DPDK applications and vendor neutrality in the open source community

How to build scalable, reliable and stable Kubernetes cluster atop OpenStack.

Network Function Virtualization Using Data Plane Developer s Kit

Munara Tolubaeva Technical Consulting Engineer. 3D XPoint is a trademark of Intel Corporation in the U.S. and/or other countries.

Merging Enterprise Applications with Docker* Container Technology

How to abstract hardware acceleration device in cloud environment. Maciej Grochowski Intel DCG Ireland

ONAP VNF Developer Experience. Eric Multanen - Intel. ONAP Developer Forum June 20, 2018

Barometer beyond service assurance

Provisioning Intel Rack Scale Design Bare Metal Resources in the OpenStack Environment

Network Services Benchmarking: Accelerating the Virtualization of the Network

The.pdf version of this slide deck will have missing info, due to use of animations. The original.pptx deck is available here:

Fast and Easy Persistent Storage for Docker* Containers with Storidge and Intel

AMD EPYC Processors Showcase High Performance for Network Function Virtualization (NFV)

Virtual Infrastructure: VMs and Containers

Fast-track Hybrid IT Transformation with Intel Data Center Blocks for Cloud

Contrail Networking: Evolve your cloud with Containers

Andreas Schneider. Markus Leberecht. Senior Cloud Solution Architect, Intel Deutschland. Distribution Sales Manager, Intel Deutschland

Survey of ETSI NFV standardization documents BY ABHISHEK GUPTA FRIDAY GROUP MEETING FEBRUARY 26, 2016

Full Scalable Media Cloud Solution with Kubernetes Orchestration. Zhenyu Wang, Xin(Owen)Zhang

Open vswitch - architecture

Ziye Yang. NPG, DCG, Intel

THE STORAGE PERFORMANCE DEVELOPMENT KIT AND NVME-OF

Intel Network Builders Solution Brief. Etisalat* and Intel Virtualizing the Internet. Flexibility

OPENSTACK Building Block for Cloud. Ng Hwee Ming Principal Technologist (Telco) APAC Office of Technology

Red Hat OpenStack Platform 10

Introduction to Cisco and Intel NFV Quick Start

Project Kuryr. Antoni Segura Puimedon (apuimedo) Gal Sagie (gsagie)

Zhang Tianfei. Rosen Xu

Transcription:

1

Enabling NFV features in kubernetes IVAN COUGHLAN IVAN.COUGHLAN@INTEL.COM Software Architect Kuralamudhan Ramakrishnan kuralamudhan.ramakrishnan@intel.com Senior Software Engineer Data Center Network Solution Group Intel

Legal Notices and Disclaimers Intel technologies features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at intel.com, or from the OEM or retailer. No computer system can be absolutely secure. Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit http://www.intel.com/performance. Intel, the Intel logo, Xeon, and others are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. 2017 Intel Corporation. 3

What will you learn today? 1. Containers Deployment Models for NFV ecosystem 2. Addressing Data Plane Scalability in Containers: Container Bare Metal Reference Architecture Compute Network 4

Containers networking deployments considerations CLOUD NATIVE COMPUTING FOUNDATION VNFs vcmts vims vepc vcpe vsbc NFV Orchestration NFVi- Network SR-IOV VM Containers Bare Metal Hybrid VM VM Containers Containers Unified 5

Containers networking deployments considerations Collaborate with early movers, drive Open Source developments and enable the industry VNFs vcmts vims vepc vcpe vsbc NFV Orchestration CLOUD NATIVE COMPUTING FOUNDATION NFVi- Network SR-IOV Containers Bare Metal Containers Containers & VM Unified Infrastructure VM Containers 6

Data Plane challenges in containers Multiple network interfaces for VNFs High performance Data Plane (N-S) High performance Data Plane (E-W) High performance Data Plane (UI) Removing performance penalties for container in VM (UI) Ability to request/allocate platform capabilities CPU Core-Pinning for K8s pods Dynamic Huge Page allocation Platform telemetry information SR-IOV VHOST USER Master VM Kuryr- Kubernetes Node Feature Discovery CPU Manager for Kubernetes Native Huge page support for Kubernetes Scaling Open Source: CNI plug-in - V2.0 June 17 Upstream K8s: TBD Open Source: CNI plug-in - V2.0 April 17 Open Source: CNI plug-in - V1.0 Sep 17 In Development Kuryr-k8s v0.1.0: Jun 17 Open Source: Nov. 16 Upstream K8: Incubation Graduation TBD Open Source: V1.2 April 17 Upstream K8: Phase 1 - V1.8 Sept 17 Upstream K8: V1.8 Sept 17 Upstream collectd: V5.7.2 June 17 ; 5.8.0 ((Q4 2017 date TBD) Open Source: Available on Intel github https://github.com/intel-corp NFD at https://github.com/kubernetes-incubator/node-feature-discovery 7

Container Bare metal Experience Kits A library of best-practice development guidelines for Container bare metal orchestration Reference Architecture Enhance Platform Awareness Kubernetes Networking Platform Telemetry Reference Architectures Installation Scripts Reference Architecture User Guide Feature Brief White Paper Tech. Application Note Benchmark Test Report Feature Brief Tech. Application Note Demo Feature Brief Tech. Application Note Demo Demo Released throughout December, 2017 on: https://networkbuilders.intel.com/network-technologies/container-experience-kits 8

Container Networking GTM Intel is addressing key challenges to using containers for NFV use cases Many of these have been open sourced already Material will be made available throughout November https://networkbuilders.intel.com/network-technologies/intelcontainer-experience-kits CONTAINER NETWORKING Software community SCALE With PARTNERS CONTAINER CAPABILITIES OPEN SOURCE POC EXPERIENCE KITS Best Practice Guidelines VNF 9

Network Cloudification Containers Bare Metal vepc vnat VNFs vims vrouter vggsn vfirewall NFV Orchestration vcpe vrnc vhlr vsgsn vmme vids NFVi- Network SR-IOV Containers Bare Metal Orchestration Containerized Virtual Network Functions vcpe vrnc vcmts vsbc vepc vfirewall vims vrouter Host OS Docker Engine Hardware 10

Industry challenges in containers Bare Metal Multiple network interfaces for VNFs Support for high performance Data Plane (N-S) Support for high performance Data Plane(E-W) Ability to request/allocate platform capabilities Support for CPU Core-Pinning for K8s pods Dynamic Huge Page allocation SR-IOV VHOST USER Node Feature Discovery CPU Manager for Kubernetes Native Huge page support for Kubernetes 11

Flannel Linux Bridge Multiple Network Interface for VNFs Current Kubernetes Networking NFVI Requirement in Kubernetes Networking PROBLEM In NFV use cases, one key requirement is the functionality to provide multiple network interfaces to the virtualized operating environment of the Virtual Network Function (VNF). Kubernetes support only one Network interface eth0 USE CASES Functional separation of control and data network planes Container Container Container Pod eth0 interface Container Container Container Pod eth0 eth1 eth2 Link aggregation for redundancy of the network Support for implementation of different network protocol stacks and/or SLAs Network Control Flow with Multus KUBELET Pod Network Interfaces with Multus Kubernetes Pod Network segregation and Security REFERENCE Multus CNI https://github.com/intel-corp/multus-cni Logging vfirewall eth0 Native Kubernetes - Mailing list with details on discussions : https://groups.google.com/forum/#!forum/kubernetes-sig-network eth0 LINUX BRIDGE VF0 SR-IOV net0 SR-IOV net1 VF1 net0 net1 SR-IOV 12

Multus - Multi Networking in Kubernetes Setup CRD Network: kubectl Create Flannel-net Network SRIOV-net Network CRD Network Object Creation Kubernetes Master KUBE API SERVER CRD NETWORK OBJECT flannel-net PLUGIN CRD NETWORK OBJECT sriov-net Master Assign NGNIX POD Kubernetes Minion KUBELET CNI PLUGIN NGNIX POD annotation network: Pod Creation NGNIX POD spec annotation network: flannel-net sriov-net Out of cluster Communication Between Multus & Apiserver POD Net plugins 13

DPDK - SRIOV CNI Plugin PROBLEM No support for physical platform resource isolation guaranteeing network I/O performance & determinism No support for Data Plane Networking in userspace Kubernetes Pod Container VNF Application DPDK SOLUTION Enables NIC SR-IOV support in Kubernetes via a CNI plugin Supports two modes of operation: SR-IOV : SR-IOV VFs are allocated to pod network namespace DPDK : SR-IOV VFs are bounded to DPDK drivers in the userspace Kernel VF uio_pci_generic/igb_uio/vfio-pci VF VF REFERENCE https://github.com/intel-corp/sriov-cni SR-IOV Enabled Network Interface 14

Vhost user CNI Plugin PROBLEM No networking solution with software acceleration for inter-pod connectivity on same host (e.g. SFC use case) SOLUTION Virtio_user/ vhost_user gives boosted performance than VETH pairs Support VPP as well as DPDK OVS Vhost_user CNI plugin enables K8s to leverage data plane acceleration REFERENCE https://github.com/intel/vhost-user-net-plugin (V1.0 Sep 17) Kubernetes Pod Container VNF Application DPDK virtio_user vhostuser OVS- DPDK / VPP eth0 NIC 15

VHOSTUSER CNI PLUGIN Integration with MULTUS Kubernetes CNI Network Namespace LO Kubernetes Pod containers Multus CNI eth0 eth1 eth2 (virtio user) eth3 (virtio user) Flannel CNI DPDK - SRIOV CNI Vhostuser CNI Flannel veth pair DPDK OVS VPP (FIB) Mgnt plane Ctrl plane Data plane Legend VF SR-IOV Enabled Network Interface NIC 1 NIC 2 NIC 3 16

Node feature discovery(nfd) PROBLEM No way to identify hardware capabilities or configuration Inability for workload to request certain hardware feature SOLUTION Node feature Discovery brings Enhanced Platform Awareness (EPA) in K8s NFD detects resources on each node in a Kubernetes cluster and advertises those features Allows matching of workload to platform capabilities REFERENCE https://github.com/kubernetes-incubator/node-featurediscovery SRIOV AVX NGNIX POD label: SRIOV AVX Turbo boost Master ETCD Node 1 Node 2 Node Feature Discovery Label details Turboboost cc NODE 1 Node Feature Discovery in K8s Network Features SRIOV CPUID Features AVX Intel TurboBoost enabled DISCOVERY PODNODE 2 DISCOVERY POD NODE 1 DISCOVERY POD DISCOVERY POD SRIOV AVX Turbo boost 17

CPU Manager for Kubernetes CPU Pinning and Isolation PROBLEM Kubernetes has no mechanism to support core pinning and isolation Results in high priority workloads not achieving SLAs SOLUTION CPU-Manager-For-Kubernetes introduces core pinning and isolation to K8s without requiring changes to the k8s code base CMK guarantees high priority workloads are pinned to exclusive cores Gives a performance boost & determinism to high priority applications Negates the noisy neighbour* scenario REFERENCE https://github.com/intel-corp/cpu-manager-for- Kubernetes WITHOUT CMK: CPU Pinning and Isolation Core 0 CPU 0 CPU 1 Target Workload Noisy Neighbour Workload Core 1 CPU 2 CPU 3 WITH CMK: CPU Pinning and Isolation Core 0 CPU 0 CPU 1 Target Workload Core 1 CPU 2 CPU 3 Noisy Neighbour Workload Noisy Neighbour Workload * Noisy Neighbor Workload: An application that affects other applications sharing the infrastructure to suffer from nondeterministic performance e.g. context switching, cache affects 18

Huge page Native Support in Kubernetes PROBLEM No resource management of Huge Pages in kubernetes Responsibility of the cluster operator to handle it manually SOLUTION Huge Pages introduced as first class resource in kubernetes Support for hugepages via hugetlbfs enabled through a memory backed volume plugin Inherent accounting of Huge Pages Automatic relinquinshing of Huge Pages in case of unexpected process termination REFERENCE Alpha support for pre-allocated hugepages Hugetlbfs support based on empty dir volume plugin 19

Experience Kit Example: CPU Manager for Kubernetes Benchmark Test Core Isolation leads to performance consistency solving noisy workloads problem Up to x4 throughput increase Up to x55 latency decrease Core Isolation increase throughput of target-workload >200% for small packets in presence of Noisy Workload Core Isolation decrease latency of target workload up >x13 in presence of Noisy Workload Test are done with 16 Target Workloads (=16 Containers) and with or without Noisy Workload present 1 Core with 2 threads are assigned to each container. Noisy Workload uses any available (non-isolated) cores in the system Platform: Intel Xeon Gold Processor 20C@2.00 GHz (6138T); DPDK L2 Forwarding using XXV710 NICs Disclaimer: For more complete information about performance and benchmark results, visit http://www.intel.com/performance. ; Test configuration: Master & Minion Nodes: {mother board: Intel Corporation; S2600WFQ; CPU: Intel Xeon Gold Processor 6138T; 2.0 Ghz; 2 socket; 20 cores; 27.5 MB; 125 W; Memory: Micron MTA36ASF2G72PZ; 1 DIMM/Channel, 6 Channel/Socket; BIOS: Intel Corporation SE5C620.86B.0X.01.0007.060920171037; NIC: Intel Corporation; Ethernet Controller XXV710 for 2x25GbE Firmware version 5.50; SW: Ubuntu 16.04.2 64bit; Kernel 4.4.0-62-generic x86_64; DPDK 17.05}; IXIA* - IxNetwork 8.10.1046.6 EA; Protocols: 8.10.1105.9, IxOS 8.10.1250.8 EA-Patch1 20

Network Cloudification Container Unified Infrastructure Deployment Model CLOUD NATIVE COMPUTING FOUNDATION vepc vnat VNFs vims vrouter vggsn vfirewall NFV Orchestration vcpe vrnc vhlr vsgsn vmme vids NFVi- Network SR-IOV Containers Unified Infrastructure VM Guest OS Docker Engine Orchestration VM App App App App App App Guest OS Docker Engine Hypervisor Hardware VM Guest OS Docker Engine 21

Industry challenges in containers Unified Infrastructure Kuryr Kubernetes Removing Network performance penalties for container in VM Support for high performance Data Plane (E-W) Kuryr- Kubernetes MASTER VM Multiple network interfaces for VNFs Support for CPU Core pinning for Kuryr-K8s pods CPU Manager for Kubernetes Same as in Container Bare Metal 22

Master VM For Containers ENABLING DPDK in Nested Containers Master VM: Co-existence of Containers and Virtual Machines Leverage OpenStack Infra DPDK based vswitch to accelerate the Container Data Plane. OBJECTIVES One Virtual Machine to many Containers Target: 1k Containers per VM Container Data Plane performance Virtual Machine DPDK Pod Network Appliance Non DPDK Pod Socket App BSD Sockets API USE CASE Elasticity and scalability of containerized VNF application in VM BENEFITS VT-x ring de-privileging to move the VM and Container into userspace, making it accessible to the userspace vswitch with just a single copy. Virt I/O Nova Virt I/O Layer 4 Layer 3 Layer 2 Standard Virtio interface & control plane supporting both interrupt and poll modes, VNF and Cloud based applications. Standard Vhost shared memory interface between DPDK vswitch and VNF. SOLUTIONS Enabling DPDK support in nested containers Neutron With Kuryr DPDK plugin for Kubernetes 23

CALL to action We need feedback on the current ingredients e.g. Multus SR-IOV Vhost user Be active in K8s SIGs Network Resource Management 24

Talk to us For your containers Use case? ivan.coughlan@intel.com kuralamudhan.ramakrishnan@intel.com https://intel-corp.herokuapp.com thed00de rkamudhan 25

26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback