Varun Sethi, Balaji Patnala Freescale Semiconductor...Open vSwitch Linux Kernel Quantum Plug-in Nova- API Nova - Network Async Message Queue Linux Kernel KVM Libvirt Driver Nova Compute

TM

Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, Energy

Efficient Solutions logo, Kinetis, mobileGT, PowerQUICC, Processor Expert, QorIQ, Qorivva,

StarCore, Symphony and VortiQa are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat.

& Tm. Off. Airfast, BeeKit, BeeStack, ColdFire+, CoreNet, ColdFire+, Flexis, Layerscape, MagniV,

MXC, Platform in a Package, QorIQ Qonverge, QUICC Engine, Ready Play, SafeAssure,

SMARTMOS, TurboLink, Vybrid and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All

other product or service names are the property of their respective owners. The Power Architecture

and Power.org word marks and the Power and Power.org logos and related marks are trademarks

and service marks licensed by Power.org. © 2013 Freescale Semiconductor, Inc.

Varun Sethi, Balaji Patnala

Freescale Semiconductor

TM

Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, Energy Efficient Solutions logo, Kinetis, mobileGT, PowerQUICC, Processor

Expert, QorIQ, Qorivva, StarCore, Symphony and VortiQa are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. Airfast, BeeKit, BeeStack,

ColdFire+, CoreNet, ColdFire+, Flexis, Layerscape, MagniV, MXC, Platform in a Package, QorIQ Qonverge, QUICC Engine, Ready Play, SafeAssure, SMARTMOS,

TurboLink, Vybrid and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. The

Power Architecture and Power.org word marks and the Power and Power.org logos and related marks are trademarks and service marks licensed by Power.org. © 2013

Freescale Semiconductor, Inc.

2

• Network Infrastructure Virtualization

• Virtualization on Embedded Power Architecture SOCs

• Network Function Virtualization using Embedded Power Architecture KVM

• Network connectivity of NFV

• Network Function Virtualization Deployment

TM







3

Network Infrastructure Virtualization

TM







4

• Dynamic network service launch restricted by existing hardware

− Increased capital investment

• New infrastructure = Increased power requirement

− Increased cost of energy

• Shorter procure-design-integrate-deploy cycle due to rapidly evolving hardware

− Shorter hardware lifecycles

TM







5

• Network Functions

− Data plane and Control plane

Firewall, VPN , UTM etc.

• Virtualization

− Hypervisors

KVM

• IT virtualization technology

to consolidate network equipment .

OS

Network

Function

Network

Function

Network

Function

hardware

OS OS

Hypervisor

TM







6

• Allows for consolidation multiple independent network equipment types

• Applicable to any data plane

packet processing and control plane function

• Benefits:

− Reduced Equipment Cost

− Increased speed of Time to Market

− Availability of network appliance multi-version and multi-tenancy

SSL

Termination IPS

WAN

Optimizer Firewall

Integrated Service Switch

Server Load

Balancer

Secure Load

Balancer

Integrated

Access Router

TM







7

Virtualization on Embedded Power Architecture SOCs

TM







8

• Good power to performance characteristics

• Network processing acceleration framework

− offloads available for packet parsing and classification

− offloads available for security processing

• Hardware based network packet distribution

Parallel Packet Processing

PN

Power Architecture™

Core

D-Cache I-Cache

L2 Cache

P1

Power Architecture™

Core

D-Cache I-Cache

L2 Cache

P2

P1

P3

Frame Parsing

TM







9

• Enterprise Networking

− Routers and Switches

− UTM / Security Appliance

− Line card controllers across applications

• Wireless

− Femtocell, Macrocell solutions

TM







10

• Software:

− Present:

KVM support available for

e500mc/e5500 and e500v2 cores

Virtio support available for I/O

virtualization

− Work In Progress:

KVM support for e6500 cores

VFIO based direct device

assignment

Support for libvirt

Virtual Machine 1

App

QEMU

Virtual Machine 2

OS

App

OS

App

QEMU

Linux® Kernel / KVM

tun/tap

network

stack

eth0

Virtio net

TM







11

• Hardware:

− Core

Hypervisor privilege level

Partition ID / extended

virtual address space

Shadow registers

− IOMMU support for I/O isolation

User

MSR[PR]=1

MSR[GS]=0

Hypervisor

MSR[PR]=0

MSR[GS]=0

Guest Kernel

MSR[PR]=0

MSR[GS]=1

Guest User

MSR[PR]=1

MSR[GS]=1

KVM

Linux®

Kernel

QEMU App App

Guest

OS

MPIC

I/O

Access

Denied

I/O

CPU

Memory

IOMMU Access

OK

TM







12

• Direct device assignment for network processing accelerator hardware

− Assignment via VFIO

• Reducing interrupt latency

− In kernel interrupt controller emulation (under KVM)

• Libvirt Integration

TM







13

Network Function Virtualization using Embedded Power Architecture

KVM

TM







14

Open vSwitch Linux

Kernel

Quantum

Plug-in

Nova- API

Nova - Network

Async

Message

Queue

Linux

Kernel

KVM

Libvirt

Driver

Nova

Compute

Open vSwitch

Quantum

Agent

VM 1

VM 2

TM







15

• Common layer of abstraction and control for virtual machines deployed within many different hypervisors.

• Supports a large number of Hypervisors including:

QEMU/KVM (Kernel based Virtual

Machine)

LXC (Linux Containers)

User-Mode Linux

Qemu

Libvirt Driver

Linux

Kernel KVM

User

Space

Kernel

Space

TM







16

• Open Stack Nova-compute does start/stop/shutdown/destroy operations on VM instances using python bindings of libvirt API.

• Nova-compute will generate a libvirt XML with data provided by the controller with respective networking.

• The Libvirt XML provides information on Guest OS Image location ,Interface details, display details etc.

• Nova-compute calls libvirt API to define VM instances.

Libvirt will create a KVM - QEMU command using the XML provided which in-

turn creates the VM instance.

TM







17

• Virtual Machine Spin-up on Power Architecture Platforms.

• Deployment of Network Services using Open Source Cloud OS like OpenStack®.

− Enhancements for NFV Configuration relay.

• Power Architecture Platform advantages for NFV deployment

TM







18

Network Connectivity of NFV

TM







19

Quantum is an OpenStack ® project to provide "networking as a service"

between interface devices (e.g., vNICs) managed by other OpenStack

services (e.g., nova).

source: wiki.openstack.org/Quantum

Provides a building block for sophisticated cloud network topologies

TM







20

Quantum provides network connectivity as a service" between interface

devices managed by other OpenStack services (most likely Nova). The

service works by allowing users to create their own networks and then

attach interfaces to them. Quantum has a pluggable architecture to

support many popular networking vendors and technologies.

• Multitenancy: Isolation, Abstraction and Full control over virtual Networks,

• Technology-agnostic: API specifies service, vendor provides its

implementation. Extensions for vendor-specific features.

• Loose Coupling: Standalone service, not exclusive to OpenStack

TM







21

• A Multi-Layer Virtual Switch

• Flexible Controller in User-space.

− Controller is configured via a JSON database.

− Database and thus configuration is persistent across reboots.

• Fast Datapath in Kernel.

• An Implementation of OpenFlow.

• Open source, Commercial-friendly Apache 2 License.

TM







22

Compute Node

Controller

Qu

an

tum

Plu

g-in

Age

nt

Virtual Switch

VM VM VM

Qu

an

tum

Plu

g-in

API + Plug-in = Quantum

Service

API Extensions

Quantum

API

Qu

an

tum

Plu

g-in

Age

nt

Virtual Switch

VM VM VM

Nova

AP

I/H

orizo

n G

UI

Quantu

m

Plu

g-in

Code that communicates with network devices to implement a particular set of API calls. The role of the Quantum plugin

is to translate logical network

modifications received from the

Quantum Service API and map

them to specific operations on

the switching infrastructure.

TM







23

It’s the component where the ‘virtual networking’ magic happens. Fulfils

API contract by implementing the ‘Plug-in Interface’

Available Quantum Plugins

● Open vSwitch

– Builds isolated networks with OVS and L2-in-L3 tunnels.

● Cisco UCS

– Isolation based on VLAN and net-profiles applied to Cisco UCS converged

network adapters

● Linux Bridge

– Build isolated networks with VLAN interfaces and linux bridge

– Works with every Linux Distro

● NTT-Data Ryu

– Acts as a proxy for the NTT Ryu platform

● Nicira NVP

– Acts as a proxy for the Nicira NVP platform

TM







24

• Need for supporting KVM features in Open Source Cloud Software

• KVM - Internal features support for OpenStack - Nova

− Virtio-Serial

− VFIO

• Changes in Libvirt driver for Guest and Host communication.

• Fast and Secure way of communication with Guest VM and Host.

TM







25

NFV Deployment Scenarios

TM







26

• Network Functions Virtualization is independent of the type of Network like SDN networks and non-SDN networks.

NFV Appliances deployment in non-SDN networks for scale up ,

scale down and automatic initialization of Network Services based on

the traffic load.

• NFV appliances deployment is highly complimentary to SDN networks

Leverage on the Network Abstractions of SDN

Reduces CAPEX,OPEX

Reduces Power Consumption

Reduces Space Occupancy compared to Hardware Devices

TM







27

Management

Network Traffic load balanced onto Web servers

based on the HAProxy NFV Configuration

OpenStack - Folsom

Controller Node

Eth 0

Quantum –

OpenVSwitch

Plug-in

Quantum

Linux

Namespace -

NAT Router Br-

Eth1

Br-

Int

Br-

Ex

Eth

2

Freescale

Compute Node

Compute Node

[Web Servers]

Tenant -1

VM_2

Tenant - 2

VM_4

Web Server -2

Tenant - 2

VM_3

Web Server-1

Eth 0

Br -

Int

Tenant -2

VM_1

[ IPTables ]

Tenant -2

VM_2

[ HAProxy –

SLB ]

Tenant -1

VM_1

Br-

Int

switch-

I

Br-

Eth1

Br-

Eth1

switch -

II

Eth 1 Eth 0 Eth 1

Internet

Eth 1 Eth 1 Eth 0 Eth 0 Eth 0

External

Network

Data

Network

Eth 1

Eth 0

Traffic coming from End-User [Internet] to

FIREWALL NFV Appliance after processing

ACL,NAT rules, Forwarded to HAPROXY

NFV Appliance

Network Node

Eth

1

Keystone

Glance

Nova

Quantum

Server

Quantum-DHCP Agent

Quantum-OVS-Agent

Quantum-L3-Agent

OpenStack – REST API Interface

Quantum –

NFVService

Infrastructure

Eth 0

OVS-Data Path

Horizon

TM







28

Internet

/VPN/

ISP

OS

App

OS

App

Eth1 Eth0

Switch-I Switch-II

OS

HAProxy –

NFV - Web

OS

HAProxy –

NFV - App

OS

HAProxy –

NFV - DB

Freescale QorIQ - Compute Node

Eth1 Eth0

OS

DB

OS

DB

Eth0 Eth1

Application Server Farm Database Server Farm

OpenStack

Network Node OpenStack

Controller

Eth0 Eth1 Eth1 Eth0 Eth2

External

Network

Management

Network

Data

Network Rest API Interface

Vlan 10

Vlan 20

Vlan 30

Vlan 40

Eth

1

Eth

0

Vlan 20

Vlan 30 Vlan 40

Eth

0

Eth

1

Eth

0

Eth

1

Quantum

Linux Namespace -

NAT Router

10.232.91.33

OS

Web

OS

Web

Eth0 Eth1

Web Server Farm – Blade Servers

10.232.90.62

10.232.90.219 10.232.90.220

10.232.90.184 10.232.90.221

TM







29

Internet

/VPN/

ISP

Switch-I Switch-II

Freescale QorIQ - Compute Node

Eth1 Eth0

Web Server Farm – Blade Servers

Application Server Farm Database Server Farm

OpenStack

Network Node OpenStack

Controller

Eth0 Eth1 Eth1 Eth0 Eth2

External

Network

Management

Network

Data

Network Rest API Interface

OS

Web

OS

Web

Eth0 Eth1

OS

App

OS

App

Eth1 Eth0

OS

HAProxy –

NFV - Web

OS

HAProxy –

NFV - App

OS

HAProxy –

NFV - DB

OS

DB

OS

DB

Eth0 Eth1

Vlan 10

Vlan 20

Vlan 30

Vlan 40

Eth

1

Eth

0

Vlan 20

Vlan 30 Vlan 40

Eth

0

Eth

1

Eth

0

Eth

1

Traffic from Internet

Traffic load balancing for

WebServer VMs

Interface VLAN 10

IP: 10.10.10.2

VIP:10.232.90.184

Interface VLAN 20

IP: 20.20.20.2

Interface VLAN 20

IP: 20.20.20.3

Interface VLAN 20

IP: 20.20.20.4

Interface VLAN 30

IP: 30.30.30.4

Interface VLAN 30

IP: 30.30.30.3

Interface VLAN 40

IP: 40.40.40.4

Interface VLAN 40

IP: 40.40.40.3

Interface VLAN 20

IP: 20.20.20.5

Interface VLAN 30

IP: 30.30.30.5

Interface VLAN 30

IP: 30.30.30.2

Interface VLAN 40

IP: 40.40.40.2

Traffic flow between WebServer

VMs & App Server VMs Traffic load balancing

for App Server VMs

Traffic flow between

App Server VMs &

DB Server VMs

Traffic load balancing

for DB Server VMs

TM







30

• Elasticity of Network Functions deployment based on Network requirements.

• Service velocity is improved by provisioning remotely in software without any site visits required to install new hardware.

• Enabling a wide variety of eco-systems and encouraging openness to pure software entrants, big players and as well small players.

• Assignment of resources to network functions automatically and in near real time could provide protection against failures.

• Multi-tenancy

• Orchestration, Automatic instantiation and assigning NFV to the correct

CPU core, memory and interfaces and re-use of VM builds.

• Open APIs for management and data plane control, like

OpenFlow,OpenStack.

TM

Documents

Varun Sethi, Balaji Patnala Freescale Semiconductor...Open vSwitch Linux Kernel Quantum Plug-in Nova- API Nova - Network Async Message Queue Linux Kernel KVM Libvirt Driver Nova Compute