DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home...

30
0 PUBLIC USE VCPE/NFV SOLUTION WITH LAYERSCAPE WES LI DIGITAL NETWORKING FAE DN TECH-DAY 2017

Transcript of DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home...

Page 1: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

0 PUBLIC USE

VCPE/NFV SOLUTION WITH LAYERSCAPE

WES LI

DIGITAL NETWORKING FAE

DN TECH-DAY 2017

Page 2: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

1

SECURE CONNECTIONS FOR A SMARTER WORLD

Everything

Connected

1B+ additional

consumers online,

30B+ connected devices

Everything

Smart

40B+ devices with

intelligence shipped

in 2020

,

Everything

Secure

Potential savings to

economy up to

half trillion dollars

Source: Euromonitor; Gartner; ARM Holdings; UBS; Center for Strategic and International Studies;

McAfee, NXP analysis, International Telecommunications Union

ProcessingConnectivity Security

Page 3: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

2

Who is Digital Networking…

Virtualization

Security (Trust & Protocol Acceleration)

Software Solutions and Services

Enabling Secure Infrastructure

with Cost- & Power-Efficient Solutions

and unique expertiseSwitch & Control

Storage

Cellular

& Wi-Fi

Gateway

Industrial

DN Targeted Solution Segments

Page 4: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

3

Enablement

Software

Software

Platforms

Mu

ltic

ore

Pro

cesso

rs

Silicon and Software Provide the Solutions our Customer Require

LS2088

LS2080

LS1088

LS1046

LS1043

LS1012

LS1021

Secure Embedded & Enterprise Linux Distributions

GW NFVvCPE Switch ITSWLANIOT &

Home

1W

35W

SD-WAN

Access NodeWi-Fi

Extender

Enterprise WAP

Carrier WAP

Services Routers

Retail

Router

High-End

GW

25Gbps

Services Switch

100Gbps

Services Switch

IOT

Gateway

Roadside

Infrastructure

Smart Home

vE-CPE NFV infrastructure

vCPE

Solutions deployed

by ODM and OEM partners

Page 5: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

4

Outline

• Introduction – SDN, Virtualization and NFV

• NXP Solution & Focus

• NXP Differentiation and Advantage

• NXP NFV Performance

• NXP Distributed Cloud Computing Architecture

• Virtualization Use Case #1 – Virtualized Gateway for multi-services (inc. IoT etc)

• Virtualization Use Case #2 – DCCA with IOT functions support

• Virtualization Use Case #3 – AWS Greengrass demo with industrial IOT

Page 6: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

5

INTRODUCTION

SDN, VIRTUALIZATION & NFV

Page 7: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

6

Software Defined Networking (SDN)

• Physical Separation of the network control layer from the forwarding plane, and where a control plane controls several devices

• Directly Programmable, Agile, Centrally managed, Programmatically configured and Open standards-based Architecture

• Spans all forms of Environments — Carrier, Enterprise Campus,

Cloud Services — residential, business, intent-based,

non-intent-based Resources — physical, virtual, compute, storage,

forwarding

• Enables Security Policy enforcement Information Hiding

Page 8: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

7

Software Defined Networking (SDN)

• Disaggregation of Layers

• Centralization of CP across multiple data

paths (SDN Controllers such as ODL,

OpenContrail) – Central Intelligence

• Centralized Management (Openstack

Neutron) – Single dash board

• North bound protocols

− JSON-over-HTTP, NetConf, OpFlex etc..

• South bound protocols

− Openflow 1.x (OF)

NXP Strategy

• SDN-optimized SoC• SDN/OF pipeline for fast path • Augment OF with L3-L4 Extensions

Data Path

Configuration / ManagementAgent

Control/Service Plane

Data Plane/Fast Path

Physical Network Function Appliance(Integrated control & Data)

North bound Protocols

South bound Protocols

SDN – Separation of Layers

Data Path

Control Plane

Service Plane (Normal Path)

Management Plane

Page 9: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

8

What is Virtualization?• Virtualization – Hardware and Software technologies that

provides an abstraction layer that enables running multiple operating systems on a single system

• A hypervisor is a software component that creates and manages virtual machines which can run operating systems.

• Virtualization Use Cases

- Cost Reduction (Improved HW utilization)- Reliability & Protection- Flexibility & Scalability

Benefits:

• Isolation

• Dedicated Resources

• Migration –

• Auto Failover

• Load Balancing

• Legacy Software Support

Configuration / Managementgent

Control/Service Plane

Page 10: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

9

Virtualization Use Cases Configuration / Managementgent

Control/Service Plane

Page 11: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

10

NFV – Network Function Virtualization

pNF1

vNF1 vNF2 vNF3pNF2

Virtual Switch, KVM/LXC/Docker (NFVI)

pNF3

• NFV offers a new way to design, deploy and manage networking services/functions

• What you can do with NFV?- Run network functions on general-purpose common hardware- Take network functions in and out of service, and scale them up and down easily- Multiple network functions can share a NFV node (Compute Node) - Automate service delivery with orchestration

• Proven Cloud technologies for IT applications in data centers (same can be used for NFV)- Orchestration tools such as OpenStack, Opencontrail etc.- Hypervisors such as KVM,LXC,Dockers etc..- Virtual switch using OVS,DPDK-OVS etc.- Opencontrail using vrouter agent for Dynamic service chaining

Page 12: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

11

NFVI (NFV Infrastructure) Concept and Challenges

vNF1

vNF vNF3

• NFVI enables virtualization of hardware and exposes each virtual hardware to VMs

• NFVI consists of multiple SW modules

- Orchestration agent- Libvirt- Hypervisor such as KVM, LXC, Docker etc..- QEMU for emulating hardware

• Networking

- VxLAN – Overlay based virtualization- OVS – Virtual Switching- Firewall – Filtering traffic going to/from VMs.- Traffic Control- DDoS prevention- IPSec for security-on-wire

• Challenges

- More intelligence is being added to VMM, Intelligence is pushed to the edge

- Amount of traffic processed by vNFs is much higher than typical IT applications, therefore networking performance is important

Page 13: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

12

On-Demand Virtualized Network Appliances

• Reduce CapEx

• Reduce OpEX

• Accelerate Time-to-Market

• Deliver Agility and Flexibility

Page 14: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

13

NXP

SOLUTION & FOCUS

Page 15: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

14

Physical Hosts Virtual Hosts - Cores

Physical Network Virtual Network - Cores

Virtual Networking Models

Host

App

Host

App

Host

App

NIC

NIC

NIC

Cry

pto

Cry

pto

Switch

vHost

App

vHost

App

vHost

App

vN

IC

vN

IC

vN

IC

vC

ryp

to

vC

ryp

to

Switch

Virtual Hosts - Cores

Virtual Network – on Chip

vHost

App

vHost

App

vHost

App

vN

IC

vN

IC

vN

IC

vC

ryp

to

vC

ryp

to

Switch

Compute and

I/O virtualization

on cores

Network

virtualization

on cores

Compute

virtualization

on cores

Network and I/O

virtualization on

SoC

Traditional Networking

– multiple devices

Virtual Networking

emulated on cores

Virtual Networking

provided by hardware

LayerScape Architecture provides Complete Network Virtualization in Hardware

Page 16: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

15

Open Platform for NFV – Mapping to Hardware

• Expanded acceleration capability to

offload Hypervisor and VMs

VxLAN, OVS, Firewall, Traffic

Control, IPSec, Netflow, SDN

• Driving standardization

Linux, ODP, Virtio, DPDK

• Driving relevant open standards bodies

ETSI NFV, OPNFV, ONF, LNF

• Standard SW installation environment

• UEFI, ONIE, ACPI, uboot

Open, Scalable, Performance / Cost Optimized Solution

Software fully compatible with open standards

QorIQ Layerscape Platform

ARMv8ARMv8ARMv8

VM VM Container

MAC MAC MAC

Hypervisor Packet,

Crypto, TM

AccelerationInline Acceleration

Ethernet

Virtualized

Network

Function

General Purpose Processors

Virtualized

Network

Function

Web

Server

Software Virtualization & Partitioning Layer

Web

Server

Hardware Virtualization & Partitioning Layer

IO, Network Virtualization

vSwitch /

VMM

OpenFlow

Switch

Dumb

NIC

Smart

NIC

Network

Interface

Network

InterfaceNetwork IO High Speed Serial IO

Controller Controller

NFV Compute Node

Page 17: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

16

NXP’s NFV Solutions

Hardware

Silicon

Install/Deploy

Com

pute

I/O

Netw

ork

ing

Management

Orchestration

Open-Source vNF Customer vNF NXP vNF

vRouter

vVPN

vFirewall

vCPE vE-CPE

vRouter vEPC

vPE vRAN

vCPE

vVPN

vProxy

OP-NFV

- OpenStack

- Open DayLight

- Fuel, Apex

Cisco Virtual

Topology System

Juniper

OpenContrail

KVM

Docker

Ceph

DPDK

VirtIO

VFIO

OVS

OVS offload

VPP, Contrail

UEFI CentOS, Ubuntu, Debian Fuel, Apex

LS1043 LS1046 LS1088 LS2085 LS2088 LX2

RDB Blades, iNICs Servers

HW/SoC

Enablement SW

Commercial SW

OpenSource SW

Customer SW

Page 18: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

17

Layerscape Platform

NFV Solution Architecture

Veth-port

10G Eth

vVPN vRouter/Fwl

User Space

Kernel Space (Ubuntu)

IKE StrongSwan

so

cke

t

User Space

Kernel Space (OpenWRT)

Route, dhcp, etc

so

cke

t

fpm

DPDK

Open fastpath

3rd-Party vNF

User Space

Kernel Space (Ubuntu)

so

cke

t

3rd-Party App

OP-NFV(Orchestration,

Mgmt)

Open

Contrail,

Daylight

Open Stack

Fuel, Apex

Installer

Compute Virt

KVM

Qemu

libvirt

Do

cke

rs, C

ep

h

I/O and Network Virt

OVS -

kernel

10G Eth

OVS -

DPDK

Virtio-net

vhost-user

OVS, Service-

Chaining – HW

Packet Engine

OP-NFV • Colorado 3.0

• Fuel 9.0

DPDK • 16.07

OVS • v2.6.1

• DPDK 16.07 in VM

• OVS Packet-Engine

KVM • v2.2

Qemu • v2.6

Libvirt • 1.3.5

Linux • LTS Kernel 4.1.35

Orchestration • OpenStack (Mitaka)

• OpenDaylight (Boron)

Reference

vNFs

Open Source

• vRouter,

• vFW (iptables),

• vVPN (strongSwan)

Distro • UEFI

• CentOS

• Ubuntu

• Yocto

NFV Development Kit

UEFI, CentOS

Re-use from

OP-NFV

community and

run un-modified

NXP enablement for NFV

– upstreamed to

community, competitive

performance

NXP HW

assists for

extra

performance

Virtio (Qemu)

Virtio-

crypto

VFIO (direct)

Virtual

NIC, SEC

virtio vfio

DPDK

virtio vfio

NXP Sample vNF

User Space

Kernel Space (CentOS)

Virtio-net,crypto

NW Stack

socket DPDK

virtio vfio

Virtio-net,crypto

NW Stack

Virtio-net,crypto

NW Stack

Virtio-net,crypto

NW Stack (ipsec)

net

perf

OSSL

speed-

test

L3-

Fwd

IPSec

Fwd

SECARMv8

Re-use from 3rd-

Party sources

and run un-

modified

Service-chain

Kernel virt User-space virt HW assisted

Packet Engine

Page 19: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

18

NXP Virtualization Platform Focus- Smart Access, Intelligent Edge

Internet Service Provider

Cloud

QorIQ LS 20xx/x86

LS1043/LS1046LS 1012

Edge of the ISP Cloud

Customer Premise

vCPE

On Demand Adaptive End-to-End Distribution of

Virtualized Network Services (vNFs)

Clients

Service

Chaining

Cloud

Orchestration

vCPE

LS1088/LS20xx

vCPE

Single Cortex-A53

DataCenter

Cloud

Smart

Edge

Smart

Access

Optimized

vNFs

Optimized

vNFs

vNFs – Virtual Network Functions

Page 20: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

19

NXP NFV Solution offering

• ARMv8: LS1043, LS1046, LS1048, LS1088, LS2080, LS2088Standard Hardware Platforms

• CentOS, UEFI, Debian, UbuntuStandard Linux Distro

• KVM, QEMU, Docker, CephStandard Virtualization

components

• OP-NFV: OpenDayLight, OpenStack, Open ContrailStandard Orchestration and

Management

• DPDK, ODP, OVS, VirtioStandard API and libraries

• vFirewall, vNAT, vRouter, vVPN, vTrendMicroVirtual Network Functions

• Benchmarks, User-guide, DocumentationOut-of-the-Box Experience

Page 21: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

20

NXP DIFFERENTIATION AND

ADVANTAGE

Page 22: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

21

NFV Solutions

AIOP Acceleration

Hardware Acceleration

High vNF Coremark/W

Page 23: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

22

Layerscape AIOP – A New Architecture for a New Network

60

MUST HAVE:50

40

Advance Packet Processing

• Tightly coupled accelerators

called as C functions

• H/W preloaded task state,

headers, stack frame

• Customer programmable

30

20

10

0

PQ3 P Series T Series Layerscape

Network IO DDR CPU Acceleration CPU + NPU + Accel

• Run-to-completion modelusing standard C (C99)

Many-core processor approach is not

sustainable due to power, software

complexity and integration costs 4-6xPerformanceover general purpose coresin a lower power envelope

Need to provide right mix of highperformance and programmability

Confidential and Proprietary | 4

Page 24: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

23

Layerscape HW-Assist

User

Host

User

I/O & Network virtualization – Compatibility

User

Kernel

Host

Kernel

Layerscape

Hardware

Legacy User Application

Guest / VM

Host

User Application

VirtIO

Linux NW stack DPDK, ODP API

VirtIO VFIO

VirtIO

Kernel Drivers

OVS

VirtIO

ODP, DPDK

OVS

vSECvEth

OVS

Ethernet Port Security Accelerator

Front/Back-end Kernel/Kernel Kernel/User User/User User/HW

Portability Highest High High Medium

Performance Low Medium Medium Highest

Differentiation Low Medium Medium High

Easy Migration

for Legacy

Applications

Page 25: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

24

Layerscape HW-Assist

User

Host

User

I/O & Network virtualization – Differentiation

User

Kernel

Host

Kernel

Layerscape

Hardware

Legacy User Application

Guest / VM

Host

User Application

VirtIO

Linux NW stack DPDK, ODP API

VirtIO VFIO

VirtIO

Kernel Drivers

OVS

VirtIO

ODP, DPDK

OVS

vSECvEth

OVS

Ethernet Port Security Accelerator

Front/Back-end Kernel/Kernel Kernel/User User/User User/HW

Portability Highest High High Medium

Performance Low Medium Medium Highest

Differentiation Low Medium Medium High

NXP Differentiation

Hardware Assisted

NW Virtualization

Page 26: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

25

Layerscape HW-Assist

User

Host

User

I/O & Network virtualization – NXP Advantage

User

Kernel

Host

Kernel

Layerscape

Hardware

Legacy User Application

Guest / VM

Host

User Application

VirtIO

Linux NW stack DPDK, ODP API

VirtIO VFIO

VirtIO

Kernel Drivers

OVS

VirtIO

ODP, DPDK

OVS

vSECvEth

OVS

Ethernet Port Security Accelerator

Front/Back-end Kernel/Kernel Kernel/User User/User User/HW

Portability Highest High High Medium

Performance Low Medium Medium Highest

Differentiation Low Medium Medium High

NXP Advantage

Hybrid Model

Support

Page 27: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

26

Use Case Example: Power Efficient NFV with LS2088A

• VMM network and IO

virtualization consumes

CPU resources

• Most of it can be assisted by

the Layerscape packet

engine

• Therefore

− More cycles allocated to VM

− and better integration…

LS2 with AIOP E5-2618Lv3 Xeon-D 1548

Cores 8 @ 2GHz 8 @ 2.3GHz 8 @ 2 GHz

CoreMark/MHz/Core 5.4 8.2 8.2

Power (TDP) 35W 75W 45W

vNF Capability

Virtual Networking

NIC, Crypto Included +10W, +40W

Cores for Virtual NW, IO 2 4 5

vNF CoreMark 65k 75k 49k

Combined Power 35W 125W 45W

vNF CoreMark/W 1857 600 1089

Cores

Packet

Engine

Layerscape Architecture provides a 2x to 3x Performance/Watt advantage

Included

Virtual I/OCores

$779 $675$100

Page 28: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

27

SUMMARY

Page 29: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline

2828

NXP’s Virtualization Platform Solutions • SDN and OPN-NFV based open-source virtualization platform that

delivers Service velocity, CAPEX, OPEX Reduction,

and Scalable/Elastic networking

• Opensource platform easily supports integration with customers (COTs)

and partners commercial vNFs (For example, Trend Micro DPI security package)

• NXP Differentiation and Advantage

AIOP, Hardware Acceleration

• Full suite of OPN-NFV Virtualization Platform package optimized for

NXP Layerscape

supports dynamic service chaining, intelligent Edge

working with customers in vCPE, SD-WAN markets…etc

Page 30: DN TECH-DAY 2017 - Automotive, Security, IoT · IOT Gateway Roadside Infrastructure Smart Home vE-CPE NFV infrastructure vCPE Solutions deployed by ODM and OEM partners. 4 Outline