The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous Multicore Architectures
-
Upload
scarisbrick -
Category
Documents
-
view
553 -
download
0
description
Transcript of The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous Multicore Architectures
Vi t li d I/O i H tVirtualized I/O in Heterogeneous Multicore Architectures
Scaling x86 embedded designs to 40 Gbps and beyondScaling x86 embedded designs to 40 Gbps and beyond
Daniel ProchDirector Product ManagementDirector, Product Management
and Field Applications [email protected]
Linley Tech Spring ConferenceMay 18-19, 2010 – San Jose, CA
© Netronome Systems Inc MMX
Next-Generation Computing Trends
• Network and security application vendors need to scale performance with embedded multicore IA/x86
• Virtualization is seen as the key to the convergence of networking andthe convergence of networking and computing in the data center
• Networking functionality collapsing• Networking functionality collapsing into servers from discrete devices in data centers
A new processing paradigm is required to support these t d d l 86 t t 40 Gb d b dtrends and scale x86 systems to 40 Gbps and beyond
2© Netronome Systems Inc MMX
Network Virtualization• Virtualized networks have been around for years• Allows a single set of physical resources to be shared
amongst a diverse group of users
Access Services
amongst a diverse group of users • With isolation, performance guarantees and security
Eth t VLANAggregation
Edge Backbone
xDSL
GigE
DSLAM
Se ces
Voice
• Ethernet VLANs• IP Sec VPNs• SSL VPNs g
IPMSAN
WWW• MPLS, RFC2547• Frame Relay• ATM
FRATM
• PWE3
Video
3© Netronome Systems Inc MMX
Server Virtualization• For data center consolidation, a single physical machine
supports multiple guest OSsI th ffi i d il bilit f d• Improves the efficiency and availability of resources and applications
• The “one server, one application” model is goneThe one server, one application model is gone
4© Netronome Systems Inc MMX
Data Center Collapse• With applications uniquely tied to
physical server resources, net-working happened outside the g ppserver
• L2/L3 switching• Network security y• Load balancers to spread traffic
across hosting platforms
Changing the ratio of applications to servers changes the way we need to architect products for the data center
5
architect products for the data center
© Netronome Systems Inc MMX
Virtualized Networking in x86 Need a
virtualized
• Multicore servers support many applications per
network in here!
many applications per physical device (whether virtualized or not)
• Networking functionality must now collapse inside the server
• Packet classification• Packet classification• Flow based load balancing• Active flow state and flow pinning• L2 switching• L2 switching • L3 forwarding• QoS
868686x86 serverx86 serverx86 server
6© Netronome Systems Inc MMX
x86 Networking Performance • Multicore x86 creates bottlenecks• Not optimized for network and
security processingsecurity processing• Processing done in “software”• Packet interrupt handling wastes CPU• Poor small packet performance
NFE
• Poor small packet performance• High power consumption
Load balancer
L2 S it hClassifier x86 server
L2 switchClassifierFlow Sate
L2 SwitchClassifier Flow State
x86 server
7© Netronome Systems Inc MMX
Enter I/O Virtualization• Hardware based network and security
processing in network flow processors• Workload-optimized NFPs and x86
VMVM
pprocessors are linked
• Efficient delivery of data to VMs at high rates (20+ Gbps)
NFEVM
VMVM
• High-performance, virtualization-aware communications path
• Zero-copy data delivery to virtual end VM
VM
pointsLoad balancer
IOV - the final link between
L2 switchClassifierFlow Sate
IOV the final link between virtualized networks, flow processors and general-purpose multicore x86 x86 serverFlow Satepurpose multicore x86
8© Netronome Systems Inc MMX
Comparing IOV Implementation OptionsIOV with multi-queue devicesSoftware IO Virtualization
• All traffic passes through management VM
• Multiplexing occurs inhardwarea age e t
• Multiplexing (and demux) in software
a d a e• Packets still traverse
management VM (adds latency)
9
• Poor performance and latency latency)
© Netronome Systems Inc MMX
Netronome Enhanced IOV
• PCI device direct assignment
Guest VMs can directly• Guest VMs can directly access hardware devices
• Eliminates IOV overheads
• Netronome IOV solution is SR-IOV-compliantis SR-IOV-compliant while providing flexible device support • Dumb NIC• Dumb NIC• Intelligent NIC• Crypto NIC or • Packet Capture (pcap) NIC• Packet Capture (pcap) NIC
10© Netronome Systems Inc MMX
• Application/control plane processing
• Deep packet inspection• Content inspection, behavioral heuristics,
forensics, PCREforensics, PCRE
• L2-L7 classification• Stateful flow processing
• Cryptography• PKI operations
• Flow-based load balancing• L2 switching to VMsL2 switching to VMs
• L2-L4 packet classification• Packet-based load balancing g
• Physical InterfacesI t t d b l
11
• Integrated bypass relays
© Netronome Systems Inc MMX
Deep Packet InspectionIn a heterogeneous multicore architecture
• Packets are classified on ingress
• Sent to x86 for DPI processingp g
• Results in application or protocol awarenessNew classification rule• New classification rule programmed to NFP for each flow
12© Netronome Systems Inc MMX
Reduction in CPU Utilization
• Up to 80% of the total CPU resources are dedicated to packet I/O with systems using standard adapters
• Leaves only 20% of CPU resources for application processingN t k fl b d• Network flow-based coprocessors give a 3-5xincrease in available CPU resourcesresources
Kernel CPU cycle useKernel CPU cycle use and interrupts are
significantly reduced
13© Netronome Systems Inc MMX
20 Gbps IPS Application Performance
•Computationally intense iprocessing
•~4000 PCRE rules•Variable packet sizes•Variable protocol mix• Inline measurements
14© Netronome Systems Inc MMX
Heterogeneous MulticoreMulticore
Processing ArchitectureArchitecture
15© Netronome Systems Inc MMX
www netronome comwww.netronome.com
16© Netronome Systems Inc MMX
Backup
17© Netronome Systems Inc MMX
NFP-3200 Summary• High performance
• 40 cores @ 1.4 GHz• 1,800 instructions / packet at 30M pps• 20 Gbps of packet, flow, and content
processing• I/O virtualization
• PCIe Gen2 with SR-IOV supportpp• Highly integrated design
• 20Gbps of line-rate security/crypto• Integrated MAC, PKI, PCIe, Interlaken, ARM
• Unmatched ease of use• Proven tools, software development kit,
product-ready software, reference platforms
40 – 100G Gbps Network
Flow Processor18© Netronome Systems Inc MMX
Netronome Network Flow EngineNFE-3240NFE 3240
• 20Gbps of line rate packet processing per NFE• 6x1GigE, 2x10GigE (SPF+), netmod interfacesg , g ( ),• PCIe Gen2 (8 lanes)• Nanosecond packet timestamping• Hardware cryptography supporta d a e c yptog ap y suppo t• Flexible/configurable memory options• TCAM based traffic filtering• Virtualized Linux drivers via SR-IOVVirtualized Linux drivers via SR IOV• Hardware-based stateful flow management• Dynamic flow-based load balancing to x86
Highly programmable, intelligent acceleration cards for network security appliances and serverscards for network security appliances and servers
19© Netronome Systems Inc MMX
World's Highest Performance Appliance PlatformO• Intelligent Network Optimized Virtualization Adapters
• 20 Gbps PCIe cards
• Flow processing solutions up to 200Gbps• Pluggable front facing I/O• Three layers of packet, flow and application processing
• Open APIs for application accelerationp pp• Snort, Bro, ntop, switching / routing• Custom applications
• Up to 200 Gbps minimum sized• Up to 200 Gbps minimum sized packet performance for network and security applications!
• Highest performance solution per $$$$$ in the world!pe $$$$$ t e o d
20© Netronome Systems Inc MMX