DOCSLIB.ORG

Resilient and Highly Performant Network Architecture for Virtualized Data Centers Danilo Cerovic

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Resilient and Highly Performant Network Architecture for Virtualized Data Centers Danilo Cerovic Resilient and highly performant network architecture for virtualized data centers Danilo Cerovic To cite this version: Danilo Cerovic. Resilient and highly performant network architecture for virtualized data cen- ters. Networking and Internet Architecture [cs.NI]. Sorbonne Université, 2019. English. NNT : 2019SORUS478. tel-02931840 HAL Id: tel-02931840 https://tel.archives-ouvertes.fr/tel-02931840 Submitted on 7 Sep 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE DE DOCTORAT DE LA SORBONNE UNIVERSITÉ Spécialité Informatique École doctorale Informatique, Télécommunications et Électronique de Paris Présentée par Danilo CEROVIC´ Pour obtenir le grade de DOCTEUR de la SORBONNE UNIVERSITE Sujet de la thèse : Architecture réseau résiliente et hautement performante pour les datacenters virtualisés soutenue le 7 février 2019 devant le jury composé de : M.RaoufBOUTABA Rapporteur Professeur-UniversitédeWaterloo M.OlivierFESTOR Rapporteur Directeur-TélécomNancy M.DjamalZEGHLACHE Examinateur Professeur-TélécomSudParis M.ChristianJACQUENET Examinateur ReferentExpert,Networks of the Future - Orange Labs Mme.MichelleSIBILLA Examinateur Professeur-IRIT M.MarceloDIAS DE AMORIM Examinateur DirecteurdeRecherche - CNRS M.GuyPUJOLLE Directeurdethèse Professeur-SorbonneUniversité M.KamelHADDADOU Encadrant DirecteurdeRechercheetDéveloppement - Gandi À la mémoire de mon père 4 Abstract The amount of traffic in data centers is growing exponentially and it is not expected to stop growing any time soon. This brings about a vast amount of advancements in the networking field. Network interface throughputs supported today are in the range of 40Gbps and higher. On the other hand, such high interface throughputs do not guarantee higher packet processing speeds which are limited due to the overheads imposed by the architecture of the network stack. Nevertheless, there is a great need for a speedup in the forwarding engine, which is the most important part of a high-speed router. For this reason, many software-based and hardware-based solutions have emerged recently with a goal of increasing packet process- ing speeds. The networking stack of an operating system is not conceived for high-speed networking applications but rather for general purpose communications. In this thesis, we investigate various approaches that strive to improve packet processing performance on server-class network hosts, either by using software, hardware, or the combi- nation of the two. Some of the solutions are based on the Click modular router which offloads its functions on different types of hardware like GPUs, FPGAs or different cores among differ- ent servers with parallel execution. Furthermore, we explore other software solutions which are not based on the Click modular router. We compare software and hardware packet pro- cessing solutions based on different criteria and we discuss their integration possibilities in virtualized environments, their constraints and their requirements. As our first contribution, we propose a resilient and highly performant fabric network architecture. Our goal is to build a layer 2 mesh network that only uses directly connected hardware acceleration cards that perform packet processing instead of routers and switches. We have decided to use the TRILL protocol for the communication between these smart NICs as it provides a better utilization of network links while also providing least-cost pair-wise data forwarding. The data plane packet processing is offloaded on a programmable hardware with parallel processing capability. Additionally, we propose to use the ODP API so that packet processing application code can be reused by any other packet processing solution that supports the ODP API. As our second contribution, we designed a data plane of the TRILL protocol on the MPPA (Massively Parallel Processor Array) smart NIC which supports the ODP API. Our experi- mental results show that we can process TRILL frames at full-duplex line-rate (up to 40Gbps) for different packet sizes while reducing latency. 5 6 As our third contribution, we provide a mathematical analysis of the impact of different network topologies on the control plane’s load. The data plane packet processing is performed on the MPPA smart NICs. Our goal is to build a layer 2 mesh network that only uses directly connected smart NIC cards instead of routers and switches. We have considered various network topologies and we compared their loads induced by the control plane traffic. We have also shown that hypercube topology is the most suitable for our PoP data center use case because it does not have a high control plane load and it has a better resilience than fat-tree while having a shorter average distance between the nodes. Keywords Networking, Packet processing, Cloud computing, ODP, MPPA, TRILL, Virtualization, DPDK. 7 8 Table of contents 1 Introduction 19 1.1 Motivation.................................... 19 1.2 Problematics .................................. 22 1.3 Contributions .................................. 24 1.4 Planofthethesis ................................ 26 2 State of the art 29 2.1 Introductoryremark. .. .. .. .. .. .. .. .. 30 2.2 SolutionsandProtocolsusedforfabricnetworks . ......... 30 2.2.1 Fabricnetworksolutions . 31 2.2.1.1 QFabric ........................... 31 2.2.1.2 FabricPath .......................... 32 2.2.1.3 BrocadeVCSTechnology. 32 2.2.2 Communicationprotocolsforfabricnetworks . ...... 33 2.2.2.1 TRILL............................ 33 2.2.2.2 SPB ............................. 33 2.3 Fastpacketprocessing .. .. .. .. .. .. .. .. 34 2.3.1 Terminology .............................. 34 2.3.1.1 FastPath........................... 34 2.3.1.2 SlowPath .......................... 36 2.3.2 Backgroundonpacketprocessing . 36 2.4 Softwareimplementations . .. 38 2.4.1 Click-basedsolutions. 38 2.4.1.1 Click............................. 38 2.4.1.2 RouteBricks ......................... 41 2.4.1.3 FastClick........................... 42 2.4.2 Netmap................................. 44 2.4.3 NetSlices ................................ 45 2.4.4 PF_RING(DNA)............................ 46 9 10 TABLE OF CONTENTS 2.4.5 DPDK.................................. 48 2.5 Hardwareimplementations . .. 50 2.5.1 GPU-basedsolutions . 50 2.5.1.1 Snap ............................. 50 2.5.1.2 PacketShader ........................ 51 2.5.1.3 APUNet ........................... 53 2.5.1.4 GASPP............................ 55 2.5.2 FPGA-basedsolutions . 55 2.5.2.1 ClickNP ........................... 55 2.5.2.2 GRIP............................. 56 2.5.2.3 SwitchBlade ......................... 58 2.5.2.4 Chimpp ........................... 60 2.5.3 Performance comparison of different IO frameworks . ....... 60 2.5.4 Otheroptimizationtechniques . .. 62 2.6 Integration possibilities in virtualized environments.............. 62 2.6.1 Packet processing in virtualized environments . ........ 62 2.6.2 Integration constraints and usage requirements . ........ 66 2.7 Latest approaches and future directions in packet processing ......... 70 2.8 Conclusion ................................... 72 3 Fabric network architecture by using hardware acceleration cards 75 3.1 Introduction................................... 76 3.2 Problems and limitations of traditional layer 2 architectures.......... 76 3.3 Fabricnetworks................................. 78 3.4 TRILL protocol for communication inside a data center . .......... 78 3.5 Comparison of software and hardware packet processing implementations . 80 3.5.1 Comparisonofsoftwaresolutions . .. 80 3.5.1.1 Operations in the user-space and kernel-space . ... 80 3.5.1.2 Zero-copytechnique. 81 3.5.1.3 Batchprocessing. 81 3.5.1.4 Parallelism.......................... 83 3.5.2 Comparisonofhardwaresolutions . .. 83 3.5.2.1 Hardwareused........................ 83 3.5.2.2 UsageofCPU ........................ 83 3.5.2.3 Connectiontype . 84 3.5.2.4 Operations in the user-space and kernel-space . ... 84 3.5.2.5 Zero-copytechnique. 84 3.5.2.6 Batchprocessing. 85 3.5.2.7 Parallelism.......................... 85 3.5.3 DiscussiononGPU-basedsolutions . .. 87 3.5.4 DiscussiononFPGA-basedsolutions . .. 88 3.5.5 Otherhardwaresolutions. 89 TABLE OF CONTENTS 11 3.6 KalrayMPPAprocessor. 90 3.6.1 MPPAarchitecture ........................... 90 3.6.2 MPPAAccessCoreSDK . 91 3.6.3 Reasons for choosing MPPA for packet processing .......... 92 3.7 ODP(OpenDataPlane)API. 93 3.7.1 ODPAPIconcepts ........................... 94 3.7.1.1 Packet ............................ 95 3.7.1.2 Thread............................ 95 3.7.1.3 Queue ............................ 96 3.7.1.4 PktIO............................. 96 3.7.1.5 Pool ............................. 96 3.8 Architecture of the fabric network by using the MPPA smartNICs ...... 96 3.9 Conclusion ................................... 98 4 Data plane offloading on a high-speed parallel processing architecture 101 4.1 Introduction................................... 101 4.2 Systemmodelandsolutionproposal . .. 102 4.2.1 Systemmodel.............................
Load more

Recommended publications
  • ECE 435 – Network Engineering Lecture 15
    ECE 435 { Network Engineering Lecture 15 Vince Weaver http://web.eece.maine.edu/~vweaver [email protected] 25 March 2021 Announcements • Note, this lecture has no video recorded due to problems with UMaine zoom authentication at class start time • HW#6 graded • Don't forget HW#7 • Project Topics due 1 RFC791 Post-it-Note Internet Protocol Datagram RFC791 Source Destination If other than version 4, Version attach form RFC 2460. Type of Service Precedence high reliability Routine Fragmentation Offset high throughput Priority Transport layer use only low delay Immediate Flash more to follow Protocol Flash Override do not fragment CRITIC/ECP this bit intentionally left blank TCP Internetwork Control UDP Network Control Other _________ Identifier _______________________ Length Header Length Data Print legibly and press hard. You are making up to 255 copies. _________________________________________________ _________________________________________________ _________________________________________________ Time to Live Options _________________________________________________ Do not write _________________________________________________ in this space. _________________________________________________ _________________________________________________ Header Checksum _________________________________________________ _________________________________________________ for more info, check IPv4 specifications at http://www.ietf.org/rfc/rfc0791.txt 2 HW#6 Review • Header: 0x000e: 4500 = version(4), header length(5)=20 bytes ToS=0 0x0010: 0038 = packet length (56 bytes) 0x0012: 572a = identifier 0x0014: 4000 = fragment 0100 0000 0000 0000 = do not fragment, offset 0 0x0016: 40 = TTL = 64 0x0017: 06 = Upper layer protocol (6=TCP) 0x0018: 69cc = checksum 0x001a: c0a80833 = source IP 192.168.8.51 0x001e: 826f2e7f = dest IP 130.111.46.127 • Valid IPs 3 ◦ 123.267.67.44 = N ◦ 8.8.8.8 = Y ◦ 3232237569 = 192.168.8.1 ◦ 0xc0a80801 = 192.168.8.1 • A class-A allocation is roughly 224=232 which is 0.39% • 192.168.13.0/24.
    [Show full text]
  • FRR - a New Quagga Fork with a More Open Development
    FRR - A new Quagga fork with a more open development Martin Winter [email protected] 1 What is FRR ? (for the not so technical People) ‣ Open Source (GPLv2+) Routing Stack ‣ Implements RIP, RIPng, OSPF (v2&v3), ISIS, BGP, PIM, LDP ‣ Fork of Quagga ‣ Works on Linux and most BSD based systems ‣ For use in many Clouds as virtual routers, white box vendors and network providers (full routing stack) 2 FRR - Why a new fork? Community Driven Faster Development Open Development Model 3 FRR - Who is behind the Fork? 4 FRR - What’s different? ‣ Methodical vetting of submissions ‣ More automated testing of contributions ‣ Github centered development ‣ Elected Maintainers & Steering Committee ‣ Common Assets held in trust by Linux Foundation 5 FRR – Current Status First stable version (2.0) – out very soon BGP Zebra LDP (new) ‣ Performance & Scale fixes ‣ MPLS Support IPv4/v6 for static ‣ RFC 5036 (LDP Specification) LSPs ‣ AddPath Support ‣ RFC 4447 (Pseudowire Setup and Maintenance using LDP) ‣ Remote-AS internal/external ‣ 32-bit route-tags Support ‣ RFC 4762 – (Virtual Private LAN ‣ Nexthop Tracking Service (VPLS) using LDP) ‣ BGP Hostname support ‣ RFC 5549 (unnumbered) Support ‣ RFC 6720 - The Generalized TTL ‣ Update Groups Security Mechanism (GTSM) for ‣ RFC 5549 (unnumbered) Support LDP ‣ Nexthop tracking ‣ RFC 7552 - Updates to LDP for OSPF V2/V3 IPv6 ‣ 32-bit route-tags ‣ OpenBSD Support restored Others Testing ‣ 32-but route-tags ‣ JSON Support ‣ Dejagnu unittests changed to pytest ‣ RFC 5549 (unnumbered) Support ‣ VRF Lite (Linux VRF device support) for BGP and Zebra ‣ Topology Tests 6 ‣ Snapcraft Packaging FRR - Links ‣ Website (very soon!) • http://www.frrouting.org ‣ Github • http://github.com/freerangerouting/frr.git ‣ Issue Tracker • https://github.com/freerangerouting/frr/issues ‣ New feature list, test results etc (until web is up) • https://github.com/freerangerouting/frr/wiki 7.
    [Show full text]
  • Test-Beds and Guidelines for Securing Iot Products and for Secure Set-Up Production Environments
    IoT4CPS – Trustworthy IoT for CPS FFG - ICT of the Future Project No. 863129 Deliverable D7.4 Test-beds and guidelines for securing IoT products and for secure set-up production environments The IoT4CPS Consortium: AIT – Austrian Institute of Technology GmbH AVL – AVL List GmbH DUK – Donau-Universit t Krems I!AT – In"neon Technologies Austria AG #KU – JK Universit t Lin$ / Institute for &ervasive 'om(uting #) – Joanneum )esearch !orschungsgesellschaft mbH *+KIA – No,ia -olutions an. Net/or,s 0sterreich GmbH *1& – *1& -emicon.uctors Austria GmbH -2A – -2A )esearch GmbH -)!G – -al$burg )esearch !orschungsgesellschaft -''H – -oft/are 'om(etence 'enter Hagenberg GmbH -AG0 – -iemens AG 0sterreich TTTech – TTTech 'om(utertechni, AG IAIK – TU Gra$ / Institute for A((lie. Information &rocessing an. 'ommunications ITI – TU Gra$ / Institute for Technical Informatics TU3 – TU 3ien / Institute of 'om(uter 4ngineering 1*4T – 1-Net -ervices GmbH © Copyright 2020, the Members of the IoT4CPS Consortium !or more information on this .ocument or the IoT5'&- (ro6ect, (lease contact8 9ario Drobics7 AIT Austrian Institute of Technology7 mario:.robics@ait:ac:at IoT4C&- – <=>?@A Test-be.s an. guidelines for securing IoT (ro.ucts an. for secure set-up (ro.uction environments Dissemination level8 &U2LI' Document Control Title8 Test-be.s an. gui.elines for securing IoT (ro.ucts an. for secure set-u( (ro.uction environments Ty(e8 &ublic 4.itorBsC8 Katharina Kloiber 4-mail8 ,,;D-net:at AuthorBsC8 Katharina Kloiber, Ni,olaus DEr,, -ilvio -tern )evie/erBsC8 -te(hanie von )E.en, Violeta Dam6anovic, Leo Ha((-2otler Doc ID8 DF:5 Amendment History Version Date Author Description/Comments VG:? ?>:G?:@G@G -ilvio -tern Technology Analysis VG:@ ?G:G>:@G@G -ilvio -tern &ossible )esearch !iel.s for the -2I--ystem VG:> >?:G<:@G@G Katharina Kloiber Initial version (re(are.
    [Show full text]
  • Institutionalizing Freebsd Isolated and Virtualized Hosts Using Bsdinstall(8), Zfs(8) and Nfsd(8)
    Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8), zfs(8) and nfsd(8) [email protected] @MichaelDexter BSDCan 2018 Jails and bhyve… FreeBSD’s had Isolation since 2000 and Virtualization since 2014 Why are they still strangers? Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8), zfs(8) and nfsd(8) Integrating as first-class features Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8), zfs(8) and nfsd(8) This example but this is not FreeBSD-exclusive Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8), zfs(8) and nfsd(8) jail(8) and bhyve(8) “guests” Application Binary Interface vs. Instructions Set Architecture Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8), zfs(8) and nfsd(8) The FreeBSD installer The best file system/volume manager available The Network File System Broad Motivations Virtualization! Containers! Docker! Zones! Droplets! More more more! My Motivations 2003: Jails to mitigate “RPM Hell” 2011: “bhyve sounds interesting...” 2017: Mitigating Regression Hell 2018: OpenZFS EVERYWHERE A Tale of Two Regressions Listen up. Regression One FreeBSD Commit r324161 “MFV r323796: fix memory leak in [ZFS] g_bio zone introduced in r320452” Bug: r320452: June 28th, 2017 Fix: r324162: October 1st, 2017 3,710 Commits and 3 Months Later June 28th through October 1st BUT July 27th, FreeNAS MFC Slips into FreeNAS 11.1 Released December 13th Fixed in FreeNAS January 18th 3 Months in FreeBSD HEAD 36 Days
    [Show full text]
  • Laboratory 2 ARP; Zebra Routing Daemon Part1. Introduction
    Facultatea de Electronică şi Telecomunicaţii Communications Network Laboratory 1 Laboratory 2 ARP; Zebra routing daemon Part1. Introduction ARP Address Resolution Protocol, ARP, is used by a system, which wants to send data an IP address on the local network, and it doesn’t know the destination MAC address. Systems keep an ARP look-up table where they store information about the association between the IP and MAC addresses. If the MAC address is not in the ARP table, then ARP protocol is used it knowing the destination IP addresss. ARP operation for communications inside the local network: • System checks its ARP table for the MAC address associated with the IP address. • If the MAC address is not in the ARP table, an ARP request is broadcasted in the local network, requesting the MAC address for the specified IP address. • The machine with the requested IP address will reply with an ARP packet containing its MAC address. • Thepacket is sent to the learned MAC address. ARP operation for communication between hosts located in different networks • System determines that the IP address does not belong to the local network and decides to send the packet to the gateway. It has to determine the MAC address of the gateway. • It broadcast an ARP request asking for the MAC address of the IP address belonging to the gateway. It knows the gateway’s IP address from the static route specifying the default gateway. • The gateway will reply with its MAC address. • The packet is sent to the gateway. • The gateway will be in charge with sending the packet to the next hop towards the destination.
    [Show full text]
  • Vector Packet Processor Documentation Release 0.1
    Vector Packet Processor Documentation Release 0.1 John DeNisco Aug 10, 2018 Contents 1 Overview 3 1.1 What is VPP?...............................................3 1.2 Features..................................................5 1.3 Performance............................................... 10 1.4 Architectures and Operating Systems.................................. 12 2 Getting Started 13 2.1 Users................................................... 13 2.2 Developers................................................ 51 2.3 Writing VPP Documentation....................................... 77 3 Use Cases 99 3.1 FD.io VPP with Containers....................................... 99 3.2 FD.io VPP with Virtual Machines.................................... 106 3.3 Using VPP as a Home Gateway..................................... 114 3.4 vSwitch/vRouter............................................. 118 4 Troubleshooting 119 4.1 How to Report an Issue......................................... 119 4.2 CPU Load/Usage............................................. 122 5 User Guides 125 5.1 Progressive VPP Tutorial......................................... 125 5.2 API User Guides............................................. 149 6 Events 151 6.1 Conferences............................................... 151 6.2 Summits................................................. 153 6.3 Meetings................................................. 163 6.4 Calls................................................... 165 6.5 Fd.io Training Event..........................................
    [Show full text]
  • Thread Scheduling in Multi-Core Operating Systems Redha Gouicem
    Thread Scheduling in Multi-core Operating Systems Redha Gouicem To cite this version: Redha Gouicem. Thread Scheduling in Multi-core Operating Systems. Computer Science [cs]. Sor- bonne Université, 2020. English. tel-02977242 HAL Id: tel-02977242 https://hal.archives-ouvertes.fr/tel-02977242 Submitted on 24 Oct 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Ph.D thesis in Computer Science Thread Scheduling in Multi-core Operating Systems How to Understand, Improve and Fix your Scheduler Redha GOUICEM Sorbonne Université Laboratoire d’Informatique de Paris 6 Inria Whisper Team PH.D.DEFENSE: 23 October 2020, Paris, France JURYMEMBERS: Mr. Pascal Felber, Full Professor, Université de Neuchâtel Reviewer Mr. Vivien Quéma, Full Professor, Grenoble INP (ENSIMAG) Reviewer Mr. Rachid Guerraoui, Full Professor, École Polytechnique Fédérale de Lausanne Examiner Ms. Karine Heydemann, Associate Professor, Sorbonne Université Examiner Mr. Etienne Rivière, Full Professor, University of Louvain Examiner Mr. Gilles Muller, Senior Research Scientist, Inria Advisor Mr. Julien Sopena, Associate Professor, Sorbonne Université Advisor ABSTRACT In this thesis, we address the problem of schedulers for multi-core architectures from several perspectives: design (simplicity and correct- ness), performance improvement and the development of application- specific schedulers.
    [Show full text]
  • Challenges in Testing How Opensourcerouting Tests Quagga
    Proceedings of NetDev 1.1: The Technical Conference on Linux Networking (February 10th-12th 2016. Seville, Spain) Sevilla, Spain Feb 10-12, 2016 Challenges in Testing How OpenSourceRouting tests Quagga Martin Winter Feb 10, 2016 1 Proceedings of NetDev 1.1: The Technical Conference on Linux Networking (February 10th-12th 2016. Seville, Spain) Who is OpenSourceRouting ? ‣ Who is Open Source Routing ? • www.opensourcerouting.org • Project by NetDEF (Network Device Education Foundation) - www.netdef.org - Non-Profit Company based in California • Working on Quagga Routing ‣ Who is Martin Winter ? • Co-Founder of NetDEF • Focusing on Testing Quagga • Previously worked for Equipment Vendor & large ISP 2 Proceedings of NetDev 1.1: The Technical Conference on Linux Networking (February 10th-12th 2016. Seville, Spain) What is Quagga ? ‣ Routing Protocol Stack • RIP / RIPNG / OSPFv2 / OSPFv3 / ISIS / BGP / PIM • Running on Linux / FreeBSD / NetBSD / OpenBSD / Solaris • Used on low-end OpenWRT boxes, physical and virtual software routers, SDN deployments, distributed routers • Originally derived from Zebra • GPLv2+ Open Source / “Community” owned & controlled 3 Proceedings of NetDev 1.1: The Technical Conference on Linux Networking (February 10th-12th 2016. Seville, Spain) Quagga Community How it works today No single entity behind Quagga No Large community of “contributers” “Owner” Maintainer = person with commit access Main source git on Savannah Simple Single master branch with Git Model development branch merged into every few months Email Code
    [Show full text]
  • Vyos Documentation Release Current
    VyOS Documentation Release current VyOS maintainers and contributors Jun 04, 2019 Contents: 1 Installation 3 1.1 Verify digital signatures.........................................5 2 Command-Line Interface 7 3 Quick Start Guide 9 3.1 Basic QoS................................................ 11 4 Configuration Overview 13 5 Network Interfaces 17 5.1 Interface Addresses........................................... 18 5.2 Dummy Interfaces............................................ 20 5.3 Ethernet Interfaces............................................ 20 5.4 L2TPv3 Interfaces............................................ 21 5.5 PPPoE.................................................. 23 5.6 Wireless Interfaces............................................ 25 5.7 Bridging................................................. 26 5.8 Bonding................................................. 27 5.9 Tunnel Interfaces............................................. 28 5.10 VLAN Sub-Interfaces (802.1Q)..................................... 31 5.11 QinQ................................................... 32 5.12 VXLAN................................................. 33 5.13 WireGuard VPN Interface........................................ 37 6 Routing 41 6.1 Static................................................... 41 6.2 RIP.................................................... 41 6.3 OSPF................................................... 42 6.4 BGP................................................... 43 6.5 ARP................................................... 45 7
    [Show full text]
  • Segment Routing: a Comprehensive Survey of Research Activities, Standardization Efforts and Implementation Results
    SUBMITTED TO IEEE COMMUNICATIONS SURVEYS & TUTORIALS 1 Segment Routing: a Comprehensive Survey of Research Activities, Standardization Efforts and Implementation Results Pier Luigi Ventre, Stefano Salsano, Marco Polverini, Antonio Cianfrani, Ahmed Abdelsalam, Clarence Filsfils, Pablo Camarillo, Francois Clad Revision R2 - June 2020 Abstract—Fixed and mobile telecom operators, enterprise net- APIs, Northbound APIs, Open Source, Software Defined Net- work operators and cloud providers strive to face the challenging working, SDN, Service Function Chaining, SFC, Standards demands coming from the evolution of IP networks (e.g. huge bandwidth requirements, integration of billions of devices and millions of services in the cloud). Proposed in the early 2010s, I. INTRODUCTION Segment Routing (SR) architecture helps face these challenging demands, and it is currently being adopted and deployed. SR Egment Routing (SR) is based on the loose Source architecture is based on the concept of source routing and S Routing concept. A node can include an ordered list of has interesting scalability properties, as it dramatically reduces instructions in the packet headers. These instructions steer the the amount of state information to be configured in the core forwarding and the processing of the packet along its path in nodes to support complex services. SR architecture was first implemented with the MPLS dataplane and then, quite recently, the network. with the IPv6 dataplane (SRv6). IPv6 SR architecture (SRv6) The single instructions are called segments, a sequence of has been extended from the simple steering of packets across instructions can be referred to as a segment list or as an SR nodes to a general network programming approach, making it Policy.
    [Show full text]
  • Building a Virtualisation Appliance with Freebsd/Bhyve/Openzfs Jason Tubnor ICT Senior Security Lead Introduction
    Building a virtualisation appliance with FreeBSD/bhyve/OpenZFS Jason Tubnor ICT Senior Security Lead Introduction Building an virtualisation appliance for use within a NGO/NFP Australian Health Sector About Me Latrobe Community Health Service (LCHS) Background Problem Concept Production Reiteration About Me 26 years of IT experience Introduced to Open Source in the mid 90’s Discovered OpenBSD in 2000 A user and advocate of OpenBSD and FreeBSD Life outside of computers: Ultra endurance gravel cycling Latrobe Community Health Service (LCHS) Originally a Gippsland based NFP/NGO health service ICT manages 900+ users Servicing 51 sites across Victoria, Australia Covering ~230,000km2 Roughly the size of Laos in Aisa or Minnesota in USA “Better health, Better lifestyles, Stronger communities” Background First half of 2016 awarded contract to provide NDIS services Mid 2016 – deployment of initial infrastructure MPLS connection L3 switch gear ESXi host running a Windows Server 2016 for printing services Background – cont. Staff number grew We hit capacity constraints on the managed MPLS network An offloading guest was added to the ESXi host VPN traffic could be offloaded from the main network Using cheaply available ISP internet connection Problem Taking stock of the lessons learned in the first phase We needed to come up with a reproducible device Device required to be durable in harsh conditions Budget constraints/cost savings Licensing model Phase 2 was already being negotiated so a solution was required quickly Concept bhyve [FreeBSD] was working extremely well in testing Excellent hardware support Liberally licensed OpenZFS Simplistic Small footprint for a type 2 hypervisor Hardware discovery phase FreeBSD Required virtualisation components in CPU Concept – cont.
    [Show full text]
  • Bhyve - Improvements to Virtual Machine State Save and Restore
    bhyve - Improvements to Virtual Machine State Save and Restore Darius Mihai Mihai Carabas, University POLITEHNICA of Bucharest University POLITEHNICA of Bucharest Splaiul Independent, ei 313, Bucharest, Romania, 060042 Splaiul Independent, ei 313, Bucharest, Romania, 060042 Email: [email protected] Email: [email protected] Abstract—As more complex tasks are delegated to distributed Regardless of their exact function, a periodic task is a routine servers, virtual machine hypervisors need to adapt and provide that will have to be called at (or as close as possible) a set features that allow redundancy and load balancing. One such interval. mechanism is the virtual machine save and restore through sys- sleep tem snapshots. A snapshot should allow the complete restoration For example, the basic Unix command can be used of the state that the virtual machine was in when the snapshot to perform an operation every N seconds if sleep $N is was created. Since the snapshot should encapsulate the entire called in a script loop. Since it is safe to assume that all state of the virtualized system, the guest system should not be modern processors have hardware timekeeping components able to differentiate between the moment a snapshot was created implemented, sleep will request from the operating system and the moment when the system was restored, regardless of how much real time has passed between the two events. This that a software timer (i.e., one that is implemented by the paper will present how the time management and block devices operating system as an abstraction [1]) to be set for N are saved and restored for bhyve, FreeBSD’s virtual machine seconds in the future and will yield the processor, without hypervisor.
    [Show full text]