Cisco and Intel: Innovative Delivery of High-Performance Vnfs on Cisco NFV Infrastructure

Cisco and Intel: Innovative Delivery of High-Performance VNFs on Cisco NFV Infrastructure

Ranga Maddipudi, Product Line Manager, Cisco John DiGiglio, Packet Processing Software Manager, Intel

PSOSPG-1000 Cisco Spark

Questions? Use Cisco Spark to chat with the speaker after the session

How 1. Find this session in the Cisco Live Mobile App 2. Click “Join the Discussion” 3. Install Spark or go directly to the space 4. Enter messages/questions in the space

Cisco Spark spaces will be cs.co/ciscolivebot#PSOSPG-1000 available until July 3, 2017.

• Introduction

• Carrier Class NFV Infrastructure (NFVI)

• Virtual Topology System (VTS)

• Intel innovations for high performance VNFs

• Cisco and Intel - performance benchmarking and tuning

• Conclusion

SFR NTT-DoCoMo Verizon “has an aggressive roadmap “Cisco showed a deep “Cisco shares our vision for in place for 2017 to understanding of our vision the network of the future, virtualize additional mobile and priority to maintain a powered by 5G“ services, utilizing its Cisco- complex network with “on-boarding and based SDN/NFV core agility and flexibility, to operational simplification platform. With 50 percent of increase our market for virtual network functions the mobile traffic already competitiveness as we enter (VNFs) that help enable running on its virtualized the virtualization, IoT, and individual applications to be platform and 80 percent 5G mobile communication ” delivered to customers in planned by end of 2017” real-time”

Altice Makes Bold Moves Cisco to Automate NTT Verizon and Cisco to Virtualize Its Global DOCOMO’s Network Device Bring 5G Innovations Mobile Network With Cisco Provisioning to the Enterprise

Virtual Infrastructure Management Fast Data Plane on x86 Data Models and Automation

TOSCA SR-IOV NETCONF/YANG

Infrastructure and OS SDN Controller Chaining and Connectivity & Network Integration

VTS ACI NSH/Service Chaining (MP-BGP/VXLAN) Segment Routing

End-to-End Requirements for NFV

North Bound APIs NFVO, Resource Orchestration & VNF Service Orchestration

Network Services Orchestrator (NSO) enabled by Tail-f

Virtual Network Functions (Cisco and 3rd Party) VNF Manager Elastic Services CSR ASAv Ultra rd VMS Video XRv vWSA 3 Party Controller (ESC)

Virtual Infrastructure VIM

API Virtual Compute Virtual Storage Virtual Network Red Hat OSP (RHEL) (Ceph) (OVS, VTF, SR-IOV)

Lifecycle Manager Management Infrastructure Abstraction with RHEL, KVM/Qemu, Host Packages, vSwitches GUI Cisco Physical Infrastructure

Optional Network VIM Unified Management Unified

Monitoring and AssuranceandMonitoring Compute (UCS) Network (Nexus) Storage (UCS) (VTS or ACI) Infrastructure

Cisco NFVI Scope

Business Services Mobility Other VNFs 3rd party VNFs (e.g. Cisco vMS) (e.g. Ultra) (e.g. Media, vPE/vBNG) (e.g. vIMS, vLB)

Open APIs for Platform Consumption

Virtual Infrastructure VIM

API Virtual Compute Virtual Storage Virtual Network Red Hat OSP (RHEL) (Ceph) (OVS, VTF, SR-IOV)

Lifecycle Manager Management Infrastructure Abstraction with RHEL, KVM/Qemu, Host Packages, vSwitches GUI Cisco Physical Infrastructure

Optional Network VIM Unified Management Unified

Monitoring and AssuranceandMonitoring Compute (UCS) Network (Nexus) Storage (UCS) (VTS or ACI) Infrastructure

Cisco NFVI Scope

Integrated platform Design and Validation

Integration Partner

Certified by Red Hat Performance Acceleration, Joint Engineering Enhanced Platform Awareness

Virtual Infrastructure VIM

API Virtual Compute Virtual Storage Virtual Network Red Hat OSP (RHEL) (Ceph) (OVS, VTF, SR-IOV)

Lifecycle Manager Management Infrastructure Abstraction with RHEL, KVM/Qemu, Host Packages, vSwitches GUI Cisco Physical Infrastructure

Optional Network VIM Unified Management Unified

Monitoring and AssuranceandMonitoring Compute (UCS) Network (Nexus) Storage (UCS) (VTS or ACI) Infrastructure

Cisco NFVI Scope

Simple Access to Support Single Point of Contact

Virtual Infrastructure VIM

API Virtual Compute Virtual Storage Virtual Network Red Hat OSP (RHEL) (Ceph) (OVS, VTF, SR-IOV)

Lifecycle Manager Management Infrastructure Abstraction with RHEL, KVM/Qemu, Host Packages, vSwitches GUI Cisco Physical Infrastructure

Optional Network VIM Unified Management Unified

Monitoring and AssuranceandMonitoring Compute (UCS) Network (Nexus) Storage (UCS) (VTS or ACI) Infrastructure

Cisco NFVI Scope

PSOSPG-1000 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Cisco VTS What is Cisco Virtual Topology System (VTS)? Automated Datacenter Overlay Provisioning and Management System

Cisco Network • Automates fabric provisioning for both Services Orchestrator VMware vCenter GUI

virtual and bare metal workloads REST API • Integration with VMM (OpenStack and vCenter) and Orchestration

Cisco Virtual Topology systems (NSO) System

• High performance virtual switch MP-BGP EVPN & VXLAN based Overlays (Based on Open Source FD.io VPP) YANG CLI NX-API BGP-EVPN

Cisco Nexus 2000, 3000, 5000, and 7000 Series Cisco Nexus 9000 Series Cisco ASR 9000 Series • Programmable using Northbound Virtual Compute Environment VTF DVS REST and NETCONF APIs VM VM Automated OS OS DCI / WAN Bare Metal Virtualized

Openstack vCenter • Policy Plane (Based on NSO Engine) VTS GUI VTS plugin VTS plugin

• Inherits NSO benefits - multi-vendor capable, REST / NETCON transaction control, Fastmap etc. • Control Plane (XRv9000) VTS specific Policy plane (provides service YANG models models and fabric provisioning) • Centralized control plane for VTFs and Fastmap Embedded Tail-f • BGP EVPN Route Reflector (RR) NSO Control plane • Virtual Topology Forwarder (VTF) XRv9000 (provides routing control • High performance virtual switch (Based on VTF Driver plane and VTF Open source FD.io / VPP) provisioning) • L2 Switch or L3 VTEP VTS Controller (VTC) • OpenStack and vCenter integration DCI (VXLAN Phy ToR L2 Switch / L3 external gateway) (VXLAN leaf) • VTS GUI VTEP (VPP) ASR9k/Nexus7k Nexus 9k to 2k VTF

Border Leaf & DCI (Integrated or Separated) Orchestrator Cisco VTS

API DC Fabric MP-BGP SPINE EVPN

vCenter LEAF VTEP VTEP VTEP VTEP VTEP VTEP

OVS DVS VTEP VTF VTS GUI Tenant Tenant VM Bare Tenant VM Appliance VM Metal Tenant VM Workload or Tenant VM Tenant VM Service Tenant VM Service VM Service VM Host Host Host Host VMs with Physical Appliance VMs with VTF as VTEP OVS or Bare Metal DVS or L2 Switch

collaborating in advancing Open Source and Open Standard community NFV efforts Leading Data Center Leading Network Technology Provider Equipment Provider

SR-IOV

Open Source and Standards Joint Enabling Pre-Integrated and Validated Offering with Cooperation Engineering Ecosystem Partners

Joint Broadest Innovation Lab Combined Ecosystem

PSOSPG-1000 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Collaborating with Cisco on NFVI Based Intel Technology Unlocking Intel® Xeon Technology to Deliver value to customers

Mobility Video Business Services

Performance Service Assurance Security

Enhance Platform Monitoring, reporting Intel® QuickAssist Orchestration Awareness and policy-based Technology provisioning

DPDK framework Cache Allocation Application Intel® AES-NI FD.io-VPP Technology Intel® Boot Guard Intel® Ethernet NFV Intel® Virtualization Intel® Platform Trust Platform extensions Technology Technology

Intel Platform Technologies

Havana Juno Kilo Mitaka Newton Ocata Pike

Intel RDT: Memory Bandwidth Allocation (MBA) Intel RDT: Cache Allocation Technology (CAT), code and Data Prioritization (CDP), Memory Bandwidth Monitoring (MBM)

Intel® RDT: Cache Monitoring Technology (CMT)

CPU threading policies, Security Groups for OVS+DPDK (Stateless), Telemetry Capture (via collectd), OVS+DPDK (Merged with OVS agent), OVS+DPDK controlled by ODL, OVF Meta-Data Import

Hugepage support, CPU pinning, NUMA locality of PCI devices, OVDS+DPDK (Separate agent), Intel PTT, Intel TXT, TPM, Intel Boot Guard

NUMA awareness and placement

Host CPU feature request, PCI pass-through & SR-IOV Support

Every generation brings: • Increasing Core Count Next-gen improvements • Larger Caches • Enhanced memory and cache control Reduced instruction latencies New instructions (ADCX/ADOX) • Increasing memory and I/O capacity Larger L2 TLB & second L2 TLB Intel® RDT (CDP, MBM) • Reduced latency 256-bit Integer AVX Next-gen improvements Hardware Lock Elusion Haswell-NI Intel® RDT (CMT, CAT) Fast Cache Huge Page Tables (1 GB IOTLB) Faster DDR-4 memory Intel® Data Direct I/O (DDIO) Fast AES instructions Processor More PCI-e Gen 3 (40 Lanes) 4 Ch DDR4-2133

Integrated PCI-E Gen 3 (latency) More, faster DDR3 memory Platform 2013/14 2015/16 2016/17 2017/2018 Intel® Xeon®5-2600 V2 Intel® Xeon®E5-2600 V3 Intel® Xeon®E5-2600 V4 Intel® Xeon® Processor Scalable family

Scales on Intel® processor family from Atom to Xeon • Accesses all devices directly from Linux User Space • Software Optimization techniques • Framework abstracting application from platform • Sample application code to showcase key DPDK features

See backup slides for DPDK performance configuration details

Disclaimer: Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information, visit http://www.intel.com/performance/datacenter.

PSOSPG-1000 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 Example - Scaling Crypto and Compression Workloads Ideal choices for solutions targeting crypto and compression heavy workloads

FD.io VPP IPSec Encrypted Throughput (single core)* AES128-CBC HMAC-SHA1 1024B (Encrypt only) (Gbps) Intel offers ISA algorithm performance (AES-NI) and 25.814 Intel® Quickassist Technology for additional scale and workload efficiency • Cryptography (cipher and authentication operations) • Public key (RSA, Diffie-Hellman, and elliptic curve cryptography) 7.525 • Compression and decompression (DEFLATE and LZS)

1.767

Default OpenSSL OpenSSL OpenSSL + Intel® AES + Intel® QAT

See backup slides for “VPP IPSec Performance Configuration” performance configuration details Disclaimer: Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information, visit http://www.intel.com/performance/datacenter. PSOSPG-1000 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Joint Lab Build, Validate and Demonstrate Better-Together Solutions

Ansible Docker NFV-O & Resource Orchestration Container NSO – Network Services Orchestrator

VNF Manager

Cisco ESC VNF Library

Virtual Infrastructure Manager

Cisco VIM based on Red Hat OpenStack Platform

Red Hat Enterprise Linux, KVM hypervisor, host packages, software-defined storage

Legend Cisco Physical Infrastructure

Compute (UCS) Network Storage Ceph

Performant NFVI Demo at the Intel Booth

vswitch level perf. benchmarking: vsperf, FD.io CSIT

• Tooling to automate NFVI network performance benchmarking using production deployment use cases

• Developed by Cisco and Open sourced under OPNFV • Shipping with Cisco NFVI 2.0 • Official OPNFV project (May 2017)

• Fully integrated and validated • OVS and OVS-DPDK (VLAN) • VTS (VXLAN) • ML2/VPP (VLAN) • SR-IOV

• Agnostic of OpenStack distribution and NFVI deployment HW/SW

Multi-Chaining

• CPU pinning and huge pages: use the same core for the job to keep its cache fresh

• NUMA-awareness: use memory attached to the same socket as the core so that it can be read faster

• Hyper-threading: enabled by default

• CPU isolation: stop other things running on the same CPU as VMs, which speeds up the VM and improves its jitter characteristics and improves overall drop rates.

• NFV performance is about reliable service delivery – NFVI cost is well spent only if it improves service delivery • NFV solutions should be compared with realistic customer traffic patterns in full systems • There are many aspects to tuning NFVI that work together to deliver efficient infrastructure • Cisco NFVI with VTS builds in these optimizations as standard out of the box

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card. • Complete your session surveys through the Cisco Live mobile app or on www.CiscoLive.com/us.

Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at www.CiscoLive.com/Online.

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Lunch & Learn

• Meet the Engineer 1:1 meetings

• Related sessions

Broadwell EP System Configuration Hardware Platform SuperMicro® - X10DRX CPU Intel® Xeon® Processor E5-2658 v4 Chipset Intel® C612 chipset Sockets 2 Cores per Socket 14 (28 threads) LL CACHE 30 MB QPI/DMI 9.6GT/s PCIe Gen3x8 DDR4 2400 MHz, 1Rx4 8GB (total 64GB), 4 Channel per MEMORY Socket

10 x Intel® Ethernet CNA XL710-QDA2PCI-Express Gen3 NIC x8 Dual Port 40 GbE Ethernet NIC (1x40G/card)

NIC Mbps 40,000 BIOS BIOS version: 1.0c (02/12/2015)

Software OS Debian 8.0 Kernel version 3.18.2 Other DPDK2.2.0

System Configuration Hardware Software Platform Broadwell EP Host OS Ubuntu 16.04 LTS Kernel version 4.4.0-66-generic CPU Intel(R) Xeon(R) CPU E5-2695 v4@ 2.10GHz Other vpp v17.04-rc0~418-g374e2c5 Chipset Lynx Chipset No of CPU 1 Cores per CPU 18(HT enabled) IPSec Configuration:

L3 cache (total) 46080K • 1 SA flow per port. • Fixed keys (no iKE) QPI/DMI Auto • No SA expiration CPU1 SLOT1 PCI-E 3.0 X8 Speed (QAT) PCIe CPU1 SLOT2 PCI-E 3.0 X8 Speed (FVL) • No anti-replay CPU1 SLOT3 PCI-E 3.0 X8 Speed (FVL) IXIA / DUT Port0 (to ixia), Port1 (to ixia), Connectivity Port1 (to dut), Port3 (to dut)

Micron* Part # 36ASF2G72PZ-2G3A3, DDR4-2400 @ 2400 MHz, MEMORY 16GB RDIMM, 1 DIMM per Channel, 4 Channels per Socket, 64 GB Total

2 x Intel Corporation Ethernet Controller X710 (Quad FVL Card) [8 NIC FVL Ports]

BIOS AMI Version 2.0 dated 12/17/2015