Performance Guarantees in Software Packet-Processors SPEAKERS: SEAN CHOI, TAL RUSAK, EYAL CIDON ADVISORS: NICK MCKEOWN AND SACHIN KATTI

1

Agenda  IntrotoNFV◦ WhatisNFV?◦ Performancegoals

 CurrentWork◦ FocusConsidera=ons◦ Ourapproach◦ Someresults

 Summary

2

Intro to Network Function Virtualization HOW I LEARNED TO STOP WORRYING AND LOVE THE NETWORK APPLIANCE

3

Network Function Virtualization [2]

4

Types of NFV Packet Processors[2]  Switchingelements:BNG,CG-NAT,routers.

 Mobilenetworknodes:HLR/HSS,MME,SGSN,GGSN/PDN-GW,RNC,NodeB,eNodeB.

 Func=onscontainedinhomeroutersandsettopboxestocreatevirtualisedhomeenvironments.

 Tunnellinggatewayelements:IPSec/SSLVPNgateways.

 Trafficanalysis:DPI,QoEmeasurement.

 ServiceAssurance,SLAmonitoring,TestandDiagnos=cs.

 NGNsignalling:SBCs,IMS.

 Convergedandnetwork-widefunc=ons:AAAservers,policycontrolandchargingpla\orms.

 Applica=on-levelop=misa=on:CDNs,CacheServers,LoadBalancers,Applica=onAccelerators.

 Securityfunc=ons:Firewalls,virusscanners,intrusiondetec=onsystems,spamprotec=on.

5

Why move to Cloud?  Highdeploymentandopera=oncosts

 Hardtomanagetrafficandupgrades

 Failuresinthemiddleboxesarehardtomanage

 Sherry,Jus=ne,etal."Makingmiddleboxessomeoneelse'sproblem:networkprocessingasacloudservice.”SIGCOMM2012[1]

6

NFV Deployment - Google

•  StolenfromJeffMogultalkinNetseminar

7

Research questions in NFV  Howtovirtualizecorrectly? Whenshouldwereplicate? Howtomanagestate? Howcanweu=lizeSDN? Whatcanwesayaboutprivacyandsecurity?

 Whatkindofnewfunc=onalitycanwemake? Andmanymore… *note:mostlymanagementques=ons

8

Current Work WHY AM I TELLING YOU ALL OF THIS!?

9

Poor appliance programmer

10

•  StolenfromSiliconValleyonHBO(MUSTWATCH!!!)

Framework Requirements

11

[3] [4]

Buying a Middlebox

12

[8]

What performance?  SLA’smaqer Quotes:◦ “QualityofExperienceQoEwillmakeorbreakSDNandNFVini=a=ves”[5]

◦ “runningthetrafficthroughhypervisorsandvirtualswitchesaddslatency…carriersgetreallybotheredknowingthatextralatencyisinthere”[6]

◦ “CommonconcernsIhearcenteraroundlatency,throughput,queuingcapabili=esandsecurity.ThesearevalidconcernssinceSP’shaveservicelevelagreement(SLA’s)withthetheircustomerswhichleadtopenal=esifperformancedropsbelowtheSLA.”[7]

13

SLA example

14

[16]

15

[14]

16

[15]

Building Blocks

17

SoswareAspects-  ProgramingAbstrac=ons

-  PerformanceAbstrac=ons

-  OS/Mul=processing-  Scheduling

HardwareAspects-  NIC-  MemoryAccess-  HardwareIsola=on

MovingData

Tools: Atomix [9]

18

Issues with Atomix  BasedonaDSP:◦ Fullyaddressablecacheandmemory◦ NoOS

 InaCPUenvironment:◦ NodirectcontrolofCache◦ WehaveanOS->mul=processing

 Invirtualenvironment◦ nohardwareguaranteesatall

19

Tools: IX [10]

20

Tools: VPP [11]

21

Our Experiment Design  Setup:◦  3.1GhzIntelXeonserver◦  82599ES10GbsSPF+IntelNIC

 HardwareLatency◦  NICLoopback◦  MoongenPacketgenerator[12]

 TransfertoUserSpaceLatency◦  NICLoopback

 SoswareLatency◦  Click[13]configura=ons◦  IP-Rewriter(NAT)◦  PacketClassifier◦  SoswareRouter

22

ServerIntelNIC

Experiment Overview  HardwareLatency◦  UsingMoongen◦ Mul=pleratesandpacketsizes◦  Packets=mestampedonNIC

 TransfertoUserSpaceLatency◦  UsingCrawsockets◦  Packetsgeneratedandreceivedinuserspace

 SoswareLatency◦  Separatetest◦  Tested3differentClickelements◦  Clickelementsrunaloneonthemachine◦ Wetestusingfakepackets

23

NICHW

KernelSpace

UserSpace

Applica=on-ClickrouterTest3

Test1

Test2

24

Results – NIC Timing PacketSize\Rate 1Mbps 1000Mbps 10000Mbps64Bytes Mean:314.002ns

StdDev:7.1363nsMean:320.270nsStdDev:4.7557ns

N/A

128Bytes Mean:320.398nsStdDev:7.3491ns

N/A Mean:322.738nsStdDev:6.5288ns

512Bytes Mean:320.379nsStdDev:7.376ns

N/A Mean:324.348nsStdDev:7.8508ns

25

Results – Transfer to Userspace

26

PacketSize\Rate

10packetspersec

100pps 1000pps 10000pps

Mean[usec] 118.8470 124.3690 83.3880 13.6720StdDiv[usec] 13.9282 11.9445 23.5484 9.1839

Results – Packet TX/RX

27

Results - Software

28

Results - Software

29

Plan  Moremo=va=on–moretests,moredata

 Burningques=ons:

◦  Howtotransferpacketstouser-space?IX/VPP/RDMA/DPDK?

◦  Howdowedomemoryandcachemanagement?

◦  Howtodealwithlookuptables?

30

Summary  Whyisthisprojectinteres=ng:◦  NFVisahotareaofresearch

◦  Nostandardwaytomigratenetworkappliancestososware

◦  Performanceguaranteesforpacketprocessorsseemimportant

◦  Thereares=llhardwareques=onstounderstand

31

PvP

The Predictable Virtual Packet-Processor

32

References  [1]Sherry,Jus=ne,etal."Makingmiddleboxessomeoneelse'sproblem:networkprocessingasacloudservice.”SIGCOMM2012 [2]NetworkFunc=onsVirtualisa=onWhitepaper–ETSI,SDNandOpenFlowWorldCongress2012 [3]hqp://4.bp.blogspot.com/_xvIMpAYhy6c/TT06NYEJoBI/AAAAAAAAD-s/vOU0I6x998Y/s1600/dt-improved-performance.jpg [4]hqp://95tvdbxmdo-flywheel.netdna-ssl.com/wp-content/uploads/2015/02/Ease-of-Use.jpg [5]”End-to-EndServiceManagementforSDN&NFV”hqp://www.heavyreading.com/spit/details.asp?sku_id=3191&skuitem_itemid=1559 [6]”DebunkingSomeMythsAbout‘CarrierGrade’NFV”hqps://www.sdxcentral.com/ar=cles/contributed/carrier-grade-nfv-myths-charlie-ashton/2015/11/ [7]”ScalingNFV–ThePerformanceChallenge”hqp://blogs.cisco.com/enterprise/scaling-nfv-the-performance-challenge [8]hqp://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-genera=on-firewalls/datasheet-c78-733916.pdf [9]Bansal,Manu,AaronSchulman,andSachinKa�."Atomix:aframeworkfordeployingsignalprocessingapplica=onsonwirelessinfrastructure."12thUSENIXSymposiumonNetworkedSystemsDesignandImplementa=on(NSDI15).2015. [10]Belay,Adam,etal."IX:Aprotecteddataplaneopera=ngsystemforhighthroughputandlowlatency."11thUSENIXSymposiumonOpera=ngSystemsDesignandImplementa=on(OSDI14).2014. [11]FD.io {12]Emmerich,Paul,etal."MoonGen:AScriptableHigh-SpeedPacketGenerator."Proceedingsofthe2015ACMConferenceonInternetMeasurementConference.ACM,2015. [13]Morris,Robert,etal."TheClickmodularrouter."ACMTransac=onsonComputerSystems.2000. [14]hqps://www.hpe.com/h20195/v2/default.aspx?cc=us&lc=en&oid=5443163 [15]NetworkFunc=onsVirtualiza=on(NFV);NFVPerformance&PortabilityBestPrac=ces,ETSIGSNFV-PER001V1.1.1(2014-06) [16]hqp://www.nq.net/english/service/sla_ts.html

33