Open Source for Networking the FD.Io/VPP Example

#CLUS Open Source for Networking The FD.io/VPP example

Giles Heron, Principal Engineer, Cisco BRKSDN-2262

#CLUS Agenda

• The Open-Source Networking Landscape • Open-Source and Standards Bodies

• OpenDaylight & ONAP

• Fd.io VPP - The Universal Dataplane

• VPP with VMs and Containers

• What’s Next?

Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the speaker after the session How 1 Find this session in the Cisco Events App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot#BRKSDN-2262 by the speaker until June 18, 2018.

Orchestration

SDN Controllers

Analytics Routing Control/Management Plane Stacks

Data-Plane Test & Integration

Zebra ONAP Orchestration OSM Quagga OpenDaylight bird SDN Controllers PNDA Routing ONOS Analytics Stacks Routing Honeycomb Control/Management Plane ExaBGPStacks

GoBGP OpenFlow OVS OPNFV Data-Plane Test & Integration P4 VPP

• Lots of SDOs. • Fighting for turf and for relevance • Which will be relevant going forward?

Claiming standardization responsibility for technology that has already been “defacto” standardized by an OSS community.

• There are a LOT of OSS “sources” and partners: • Foundations - at least 8 major foundations for networking projects • Loose Projects - lots of unaffiliated projects under Github • Massive Organizations - use open source as a market moving force

• OSS as strategic market and tech development tool by large organizations is unstoppable • Interdependency requires SDOs to develop competencies, cultures and communities and outreach of their own • Liaison Mechanism Failure

#CLUS BRKSDN-2262 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 OpenDaylight and ONAP #CLUS BRKSDN-2262 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 OpenDaylight – Simplified Architecture

Network Applications Applications Orchestration & Services

NETCONF Server RESTCONF APIs

Service Functions Base Network Functions Controller Platform Configuration Statistics Forwarding TopologyTopology ... InventoryInventory ... PCEP TopologyExporter InventoryManager Subsystem Manager Rules Manager ExporterExporter ManagerManager

Model-Driven Service Abstraction Layer (MD-SAL)

OpenFlow Netconf Southbound Interfaces 1.0/1.3 BGP-LS PCEP OVSDB LISP Controller Client & Protocol Plugins

Network Devices

#CLUS BRKSDN-2262 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 fd.io VPP: The Universal Dataplane fd.io VPP: The Universal Dataplane • Project at Linux Foundation • fd.io Scope: • Multi-party • Network IO - NIC/vNIC <-> cores/threads • Multi-project • Packet Processing – Classify/Transform/Prioritize/Forward/Terminate • Software Dataplane • Dataplane Management Agents - Control Plane • High throughput • Low Latency • Feature Rich Bare Metal/VM/Container • Resource Efficient Dataplane Management Agent • Bare Metal/VM/Container • Multi-platform Packet Processing

Network IO

Orchestration

Network Controller

Data Plane Services Dataplane Packet Network IO Management Agent Processing

Operating System

Hardware

Integrators

Qiniu Yandex

Dataplane Management Agent Honeycomb hc2vpp Testing/Support CSIT P4VPP GoVPP Packet Processing puppet-fdio NSH_SFC ONE TLDK CICN odp4vpp Sandbox trex VPP

Network IO deb_dpdk rpm_dpdk

Bare-metal / VM / Container Packet Processing Software Platform • High performance Dataplane Management Agent • Linux user space • Runs on compute CPUs: Packet Processing - And “knows” how to run them well !

Shipping at volume in server & embedded Network IO products

22 #CLUS BRKSDN-2262 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 fd.io VPP – How does it work? Compute Optimized SW Network Platform Packet processing is decomposed … packets move through … graph nodes are optimized 1 2 3 into a directed graph of nodes … graph nodes in vector … to fit inside the instruction cache … Packet 0 vhost-user- af-packet- dpdk-input input input Packet 1 Microprocessor ethernet- Packet 2 input Packet 3 3 Instruction Cache Packet 4 arp-inputcdp-input l2-input ip4-input ip6-input lldp-input ...-no- mpls-input Packet 5 checksum Packet 6 4 Data Cache ip4-lookup- ip4-lookup* mulitcast Packet 7

Packet 8 mpls-policy- ip4-load- ip4-rewrite- ip4- encap balance transit midchain Packet 9 … packets are pre-fetched 4 Packet 10 into the data cache. interface- output

* Each graph node implements a “micro-NF”, a “micro-NetworkFunction” processing packets. Makes use of modern Intel® Xeon® Processor micro-architectures. Instruction cache & data cache always hot  Minimized memory latency and usage.

Vector of n packets

dpdk-input vhost-user-input af-packet-input … Packet Processing Graph Input Graph Node ethernet-input Graph Node

ip6-input ip4-input mpls-input … arp-input

ip6-lookup ip4-lookup ip6-rewrite ip6-local ip4-local ip4-rewrite

Vector of n packets

dpdk-input vhost-user-input af-packet-input … Packet Processing Graph Input Graph Node ethernet-input Graph Node

ip6-input ip4-input mpls-input … arp-input

ip6-lookup ip4-lookup ip6-rewrite ip6-local ip4-local ip4-rewrite

Vector of n packets Hardware Plugin

hw-accel-input dpdk-input vhost-user-input af-packet-input … Packet Processing Graph Input Graph Node ethernet-input Graph Node Skip sftw nodes where work is ip6-input ip4-input mpls-input arp-input done by … Plugins are: hardware Plugin First class citizens /usr/lib/vpp_plugins/foo.so already That can: ip4-lookup Add graph nodes ip6-lookup custom-1 Add API Rearrange graph ip6-rewrite ip6-local ip4-local ip4-rewrite custom-2 Can be built independently of VPP source tree #CLUS BRKSDN-2262 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 fd.io VPP - Architecture Programmability Example: Honeycomb

Control Plane Protocol Request Message NETCONF/YANG or RESTCONF 900k request/s

Linux Host Linux Host

Shared Memory Shared Memory … … Request Queue Honeycomb Request Queue Agent VPP Agent VPP … … Response Queue Response Queue

Can use C/Java/Python/Lua/Go Language bindings Async Response Message

With Universal Terabit* Network Data Plane FD.io Fast Network Data Plane Software Defined Network – Cloud Network Services, IPVPN and Internet Security

vNF Services Sites 1..N IPVPN and L2VPN Overlays*, IPSec/SSL Crypto

Enterprise1 vRouter vNF

vNF Services Sites 1..N IPVPN and L2VPN Overlays*, IPSec/SSL Crypto

Enterprise2 vRouter vNF SERVICE VIEW SERVICE vNF Services Sites 1..N IPVPN and L2VPN Overlays*, IPSec/SSL Crypto

Enterprise3 vRouter vNF

Host-1 – Server-SKL Host-2 – Server-SKL

2CPU 2CPU Network I/O 480 Gbps Network I/O 480 Gbps Crypto I/O 100 Gbps Crypto I/O 100 Gbps 4x 25GE IP Network 25GE x4 4x 4x 1x Private or Public 4x 4x 1x 2x 100GE 100GE x2 10GE 25GE 100GE 10GE 25GE 100GE

10GE 25GE 100GE 10GE 25GE 100GE

PHYSICAL VIEW PHYSICAL 1-4 5-8 9 1-4 5-8 9

IPv4/v6 IPv4/v6 IPv4/v6 IPv4/v6 IPv4/v6 IPv4/v6 Sites 1..N Sites 1..N Sites 1..N Services Services Services

#CLUS BRKSDN-2262 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 #CLUS BRKSDN-2262 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 VPP Universal Dataplane: Features

Hardware Platforms Routing Switching Network Services

Pure Userspace - X86,ARM 32/64,Power IPv4/IPv6 VLAN Support DHCPv4 client/proxy Raspberry Pi 14+ MPPS, single core Single/ Double tag DHCPv6 Proxy Hierarchical FIBs L2 forwd w/EFP/BridgeDomain concepts MAP/LW46 – IPv4aas Multimillion FIB entries VTR – push/pop/Translate (1:1,1:2, 2:1,2:2) MagLev-like Load Interfaces Source RPF Mac Learning – default limit of 50k addr Identifier Locator Addressing Thousands of VRFs Bridging NSH SFC SFF’s & NSH Proxy DPDK/Netmap/AF_Packet/TunTap Controlled cross-VRF lookups Split-horizon group support/EFP Filtering LLDP Vhost-user - multi-queue, reconnect, Multipath – ECMP and Unequal Cost Proxy Arp BFD Jumbo Frame Support Arp termination Policer IRB - BVI Support with RouterMac assigmt Multiple million Classifiers – Flooding Arbitrary N-tuple Language Bindings Segment Routing Input ACLs Interface cross-connect L2 GRE over IPSec tunnels C/Java/Python/Lua SR MPLS/IPv6 Including Multicast Inband iOAM Telemetry export infra (raw IPFIX) Tunnels/Encaps Security iOAM for VXLAN-GPE (NGENA) LISP SRv6 and iOAM co-existence GRE/VXLAN/VXLAN-GPE/LISP-GPE/NSH Mandatory Input Checks: iOAM proxy mode / caching IPSEC TTL expiration iOAM probe and responder Including HW offload when available LISP xTR/RTR header checksum L2 Overlays over LISP and GRE encaps L2 length < IP length Multitenancy ARP resolution/snooping Multihome ARP proxy Monitoring MPLS Map/Resolver Failover SNAT Source/Dest control plane support Ingress Port Range Filtering Simple Port Analyzer (SPAN) MPLS over Ethernet/GRE Map-Register/Map-Notify/RLOC-probing Per interface whitelists IP Flow Export (IPFIX) Deep label stacks supported Policy/Security Groups/GBP (Classifier) Counters for everything Lawful Intercept

Application Virtualized Network Connectivity Functions

VMs Networking-vpp Honeycomb

Containers Contiv-VPP Ligato

• HC core functionality is split into 2 layers:

1) Data processing layer • Pipeline processing data from northbound interfaces down to translation layer

2) Translation layer • Invoked by above layer to handle configuration updates or when polling operational state from VPP • Specific translation code lives in this layer in a form of extensions/plugins

#CLUS BRKSDN-2262 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 • Can deliver complete container networking solution entirely from userspace • Legacy apps can still use the kernel host stack Contiv-VPP Architecture in the same architecture • Replace all eth/kernel interfaces with memif/userspace interfaces. • Apps can add VCL library for Higher Performance (bypass Kernel host stack and use VPP TCP stack) K8s Master

High Performance Legacy Cloud- K8s State Cloud- Legacy High Performance Apps Apps Native VNFs Reflector Native VNFs Apps Apps

PodPod PodPod PodPod PodPod PodPod PodPod Pod Pod Pod Kubelet Kubelet Pod Pod Pod Envoy Sidecar App App VNF Contiv-VPP VNF App App Envoy Sidecar Etcd

VPP VPP Kernel Host stack CNI K8s policy & state CNI Kernel Host stack TCP TCP memif distribution memif Stack tapv2/veth tapv2/veth Stack

VPP Agent Agent VPP Contiv-VPP vswitch … Contiv-VPP vswitch IPv4/IPv6/SRv6 Network

Node 1 Kernel App App Node 3

Kernel App App Kernel App App tap-v2 BVI BD BVI BVI

BD VXLAN Mesh Single VNI BD Cloud (Overlay)Network

Data Plane Network

Create BD

Create VXLAN Tunnel (one per rmt node)

Create BVI

• Kubernetes does not provide a way to stitch micro-services together today • Ligato allows you to wire the data plane together into a service topology Define Define Define • Network functions can now become part of the service topology Topology Services Topology

K8s Master

High Performance Legacy Cloud- Apps Apps Native VNFs K8S State Ligato PodPod PodPod AgentPodPod Reflector Controller Pod Pod Pod Kubelet Envoy Sidecar App App VNF

VPP Kernel Host stack CNI TCP Contiv-VPP Etcd CRI Stack tapv2/veth memif

VPP Agent

Contiv-VPP vswitch

IPv4/IPv6/SRv6 Network

#CLUS BRKSDN-2262 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Service Function Chaining with Ligato Logical Representation Ingress Network Egress Network Ingress NF NF NF Egress Ingress Classifier Router 1 2 3 Router Egress Classifier

Placement (K8s) Rendering Topology

Physical Representation

CNF1 CNF2 CNF CNF CNF3 CNF VPP VPP … VPP VPP VPP … VPP

VPP vSwitch VPP vSwitch 10.1.0.127

Overlay Tunnel Overlay Tunnel Overlay Tunnel

Ingress Classifier Egress Classifier

Direct East/West Memif Memif via vSwitch

CNF1 CNF2 CNF1 CNF2 memif memif

vSwitch policy

Node 1 Node 2

CNF1 CNF2

memif memif policy VXLAN Tunnel policy vSwitch vSwitch Dedicated VNI

Data Plane Network

Create memif

Create VXLAN Tunnel

Create xConnect

• Firewall • Get the Code, Build the Code, Run the Code

• IDS • Try the vpp user demo

• Hardware Accelerators • Install vpp from binary packages • Control plane – support your (yum/apt) favorite SDN Protocol Agent • Install Honeycomb from binary packages • Spanning Tree • Read/Watch the Tutorials • DPI • Join the Mailing Lists • Test tools • Join the IRC Channels

• Explore the wiki

• Join FD.io as a member

Give us your feedback to be entered into a Daily Survey Drawing. Complete your session surveys through the Cisco Live mobile app or on www.CiscoLive.com/us.

Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at www.CiscoLive.com/Online.

#CLUS BRKSDN-2262 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 48 Continue Demos in Walk-in Meet the Related your the Cisco self-paced engineer sessions education campus labs 1:1 meetings

#CLUS #CLUS