OpenStack Enhancements to Support NFV Use Cases Steve Gordon, Red Hat Adrian Hoban, Intel Alan Kavanagh, Ericsson Agenda
o OpenStack Engagement Model for NFV
o Kilo Extensions for NFV
o Evolving the Cloud to Support NFV
2 OpenStack Engagement Model for NFV
●Decoder ring: oEuropean Telecommunication Standards Institute oNetwork Function Virtualization oIndustry Specification Group ●Putting the standards in standards body!
●Phase 1: oConvergence on network operator requirements oIncluding applicable existing standards oDeveloping new requirements to stimulate innovation and open ecosystem of vendors
●Phase 2: oGrow an interoperable VNF ecosystem oThoroughly specify reference points and requirements defined in Phase 1 oAchieve broader industry engagement oClarify how NFV intersects with SDN and related standards/industry/open source initiatives.
●Establishing open source reference platform including: oNFV Infrastructure (NFVI) oVirtual Infrastructure Management (VIM) ●Focused on: oConsistency, performance, interoperability between components. oWorking with existing upstream communities.
Initial OPNFV Focus
●Growing list of projects: oRequirements projects .E.g. Fault Management oIntegration and Testing projects .E.g. IPv6 enabled OPNFV oCollaborative Development projects .E.g. Software Fastpath Service Quality Metrics oDocumentation projects
●Mission: oIdentify Telco/NFV use cases oDefine and prioritize requirements internally oHarmonize inputs into OpenStack projects .Blueprint/patch creation, submission, and review. ●Move discussion closer to OpenStack projects.
●Large community of technical contributors in wide array of loosely governed projects. ●NFV requirements fall across many of these. ●Require buy in from these diverse groups of contributors.
●Most projects moving to “specification” process for approval of major changes ●Ingredients of a good specification: oProblem description incl. use cases oConcrete design proposal oSomeone to implement!
Success!
●Overlap exists between various groups in: oMission oMembership oScope oActivities ●Navigating can be tough!
19 Non Uniform Memory Architecture (NUMA) o Memory Proximity o Performance and latency characteristics differ depending on the core a process is executing on and where the memory a process is accessing is located.
CORE CORE CORE CORE Application Process Processor Processor
Socket 0 Socket 1
Memory Memory CORE CORE CORE CORE Application Application Application Process Process Process Server Optimising placement for memory proximity enables greater performance & efficiency 20 Filter Extensions: NUMA o numa_topology_filter o Helps to co-locate CPU core allocations to a single socket (when possible) o Resource tracks core/socket consumption and filters to available subset of suitable platforms.
CORE CORE CORE CORE Application Process Processor Processor
Socket 0 Socket 1
Memory Memory CORE CORE CORE CORE Application Application Application Process Process Process Server Co-location helps with cache efficiency for faster inter-process data communication 21 Filter Extensions: NUMA o numa_topology_filter o Helps to co-locate CPU core allocations to a single socket (when possible) o Resource tracks core/socket consumption and filters to available subset of suitable platforms.
CORE CORE CORE CORE Application Application Process Process Processor Processor
Socket 0 Socket 1
Memory Memory CORE CORE CORE CORE Application Application Process Process Server Enables the OSes to allocate local memory for greater performance & efficiency 22 Filter Extensions: NUMA – I/O Awareness
o Adds ability to select the socket based on the I/O device requirement o E.g. What if you’d prefer network access on NIC B
CORE CORE CORE CORE Application Application Process Process Processor Processor
Socket 0 Socket 1
Memory Memory CORE CORE CORE CORE Application Application Process Process
NIC A NIC B Server
23 Filter Extensions: NUMA – I/O Awareness
o Adds ability to select the socket based on the I/O device requirement o E.g. What if you’d prefer/require network access on NIC B?
CORE CORE CORE CORE Application Application Process Process Processor Processor
Socket 0 Socket 1
Memory Memory CORE CORE CORE CORE Application Application Process Process
NIC A NIC B Server Enables improved I/O performance 24 Simultaneous Multi-Threading (SMT) w/o SMT SMT
• SMT o On Intel platforms, run 2 threads at the same time per core • Take advantage of wide execution engine o Keep it fed with multiple threads o Hide latency of a single thread
• Power efficient performance feature Time (proc. cycles) (proc. Time o Very low die area cost o Can provide significant performance benefit Note: Each depending on application box represents o Much more efficient than adding an entire core a processor execution unit
SMT enhances performance and energy efficiency
25 Simultaneous Multi-Threading (SMT)
o Sample Linux enumeration of cores
o Linux scheduler (in the host) manages work load (process) allocation to CPUs
pCPU 0 pCPU 4 pCPU 1 pCPU 5 pCPU 8 pCPU 12 pCPU 9 pCPU 13 Execution Unit Execution Unit Execution Unit Execution Unit Processor Processor Socket 0 Socket 1
pCPU 2 pCPU 6 pCPU 3 pCPU 7 pCPU 10 pCPU 14 pCPU 11 pCPU 15 Execution Unit Execution Unit Execution Unit Execution Unit
Server
26 CPU Pinning – “Prefer” Policy (In Kilo)
Guest OS A Guest OS B
vCPU 0 vCPU 1 vCPU 0 vCPU 1
pCPU 0 pCPU 4 pCPU 1 pCPU 5 pCPU 8 pCPU 12 pCPU 9 pCPU 13 Execution Unit Execution Unit Execution Unit Execution Unit Processor Processor Socket 0 Socket 1
pCPU 2 pCPU 6 pCPU 3 pCPU 7 pCPU 10 pCPU 14 pCPU 11 pCPU 15 Execution Unit Execution Unit Execution Unit Execution Unit
Server Prefer Policy: Place vCPUs on pCPU siblings (when SMT is enabled) 27 CPU Pinning – “Separate” Policy (For Liberty)
Guest OS A Guest OS B
vCPU 0 vCPU 1 vCPU 0 vCPU 1
pCPU 0 pCPU4 pCPU 1 pCPU 5 pCPU 8 pCPU 12 pCPU 9 pCPU 13 Execution Unit Execution Unit Execution Unit Execution Unit Processor Processor Socket 0 Socket 1
pCPU 2 pCPU 6 pCPU 3 pCPU 7 pCPU 10 pCPU 14 pCPU 11 pCPU 15 Execution Unit Execution Unit Execution Unit Execution Unit
Server Separate Policy: Scheduler will not place vCPUs from same guest on pCPU siblings 28 CPU Pinning – “Isolate” Policy (For Liberty)
Guest OS A Guest OS B
vCPU 0 vCPU 1 vCPU 0 vCPU 1
pCPU 0 pCPU4 pCPU 1 pCPU 5 pCPU 8 pCPU 12 pCPU 9 pCPU 13 Execution Unit Execution Unit Execution Unit Execution Unit Processor Processor Socket 0 Socket 1
pCPU 2 pCPU 6 pCPU 3 pCPU 7 pCPU 10 pCPU 14 pCPU 11 pCPU 15 Execution Unit Execution Unit Execution Unit Execution Unit
Server Isolate Policy: Nova will not place vCPUs from any pCPU that has an allocated sibling 29 CPU Pinning – “Avoid” Policy (For Liberty)
Guest OS A Guest OS B
vCPU 0 vCPU 1 vCPU 0 vCPU 1
pCPU 0 pCPU 4 pCPU 1 pCPU 5 pCPU 8 pCPU 12 pCPU 9 pCPU 13 Execution Unit Execution Unit Execution Unit Execution Unit Processor Processor Socket 0 Socket 1
pCPU 2 pCPU 6 pCPU 3 pCPU 7 pCPU 10 pCPU 14 pCPU 11 pCPU 15 Execution Unit Execution Unit Execution Unit Execution Unit
Server Avoid Policy: Nova scheduler will not place the guest on a host with SMT enabled 30 Huge Page Tables Memory Address Translation Request • Translation Lookaside Buffer (TLB) o Memory component that Check TLB Cache accelerates address translation.
o Caches a subset of address Page Yes translations from the page Entry in table. Cache? Fast No • Huge page table sizes (e.g. 1 GB) Translation o TLB caches a greater range of Fetch Page Table memory translations from memory o Helps reduces TLB misses. TLB Cache Small (4KB) & Huge (1GB) Page Entries Small page table entries (4KB) can result in a greater number of TLB misses 31 Optimize Host for NFV - Huge Page Table and CPU Isolation Compute Node(s) • Edit /etc/default/grub • GRUB_CMDLINE_LINUX="intel_iommu=on default_hugepagesz=2MB hugepagesz=1G hugepages=8 isolcpus= 1, 2, 3, 5, 6, 7, 9, 10, 11, 13, 14, 15” • sudo grub-mkconfig -o /boot/grub/grub.cfg • sudo reboot
32 Optimize for NFV: Create Host Aggregate • Create aggregate for NFV usage • nova aggregate-create nfv-aggregate • nova aggregate-set-metadata nfv-aggregate nfv=true
• Add hosts to the NFV aggregate
33 Optimize for NFV: Create Host Aggregate • N.B.: Good practice to create an aggregate for non-NFV use cases • nova aggregate-create default-usage • nova aggregate-set-metadata default-usage nfv=false • Update all other flavours to include the meta-data • nova flavor-key
• Add hosts to the default aggregate
34 Optimize for NFV: /etc/nova/nova.conf
[default] pci_alias={"name":"niantic",”vendor_id”: ”8086”, "product_id":"10fd"} pci_passthrough_whitelist={"address":"00 00:08:00.0","physical_network":“physnetN FV"}
35 Optimize for NFV: /etc/nova/nova.conf
[default] scheduler_default_filters = RamFilter, ComputeFilter, AvailabilityZoneFilter, ComputeCapabilitiesFilter, ImagePropertiesFilter, AggregateInstanceExtraSpecFilter, PciPassthroughFilter, NUMATopologyFilter
36 Optimize for NFV: /etc/nova/nova.conf
[libvirt] cpu_mode=host-model or host-passthrough vcpu_pin_set=1,2,3,5,6,7,9,10,11,13,14,15
37 Optimize for NFV: ml2_conf.ini
• Configure /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] tenant_network_types = vlan type_drivers = vlan mechanism_drivers = openvswitch,sriovnicswitch [ml2_type_vlan] network_vlan_ranges = physnetNFV:50:100
38 Optimize for NFV: ml2_conf_sriov.ini
• Configure /etc/neutron/plugins/ml2/ml2_conf_sriov.ini [ml2_sriov] supported_pci_vendor_devs = 8086:10fb agent_required = False [sriov_nic] physical_device_mappings = physnetNFV:eth1
39 Optimize for NFV: Create VNF Flavor • nova flavor-create nfv-node auto 1024 0 4
• nova flavor-key nfv-node set hw:cpu_policy=dedicated hw:cpu_threads_policy=prefer capabilities:cpu_info:features=aes pci_passthrough:alias=niantic:1 aggregate_instance_extra_specs:nfv=true
40 Optimize for NFV: Create VNF Flavor • nova flavor-key nfv-node set hw:numa_nodes=1 hw:numa_cpus.0=0,1,2,3 hw:numa_mempolicy=strict hw:numa_mem.0=1024 hw:mem_page_size=2048
41 Optimize for NFV: Create Network • neutron net-create –provider:physical_network =physnetNFV -provider:network_type=vlan NFV- network
• neutron subnet-create NFV-network
• neutron port-create NFV-network -- binding:vnic-type direct
42 Optimize for NFV: Boot VNF VM
• nova boot --flavor nfv-node --image
43 VM virtio Other Notable Changes: qemu
• New ML2 OVS driver for ovs- ovs+netdev-dpdk switchd vHost o DPDK High Performance User Space User Space Forwarding netdev DPDK based vSwitching Libraries Polled Mode o High Performance path to the VM Tunnels netdev Driver (vHost User), with new VIF type in TAP socket Nova. Kernel Packet NIC Processing • Available on stackforge/networking-ovs-dpdk
• Supports DVR in VLAN and VXLAN modes
44 Other Notable Changes:
o VLAN Trunking API Extension o New network property that indicates requirement for transparent VLANs o ML2 drivers that indicate that they do not support transparent VLANs or do not have the attribute will fail to create the transparent network. o LB, VXLAN and GRE drivers support VLAN transparent networks o The VLAN and OVS drivers do not support VLAN transparent networks
o Service VM Port Security (Disable) Extension o Neutron's security group always applies anti-spoof rules on the VMs. o This allows traffic to originate and terminate at the VM as expected, but prevents traffic to pass through the VM. Disabling security is required in cases where the VM routes traffic through it.
45 VNF Deployment Considerations & Future Work
Ericsson | Page 46 Evolution of node delivery
Optimized App
Optimized App
Ericsson | Page 47 Customized application and Hardware
Application designed based APPLICATION on Custom hardware and OS Optimized Service Bin/Libs Host OS Optimized Host OS for custom hardware Custom Hardware Platform
Ericsson | Page 48 Application running on Industry Standard High Volume Standard
Application designed based Optimized APPLICATION on x86 Platform VNF on Bin/Libs Bare metal Host OS Optimized Host OS
Industry Standard Hardware
HDS 8000
Ericsson | Page 49 Type 2 Hardware Virtualization
VM VM App run inside VM
APP APP Virtual Bin/Libs Bin/Libs Machine Guest Guest Any Guest OS OS
Hypervisor H/w Emulation: Expose Instruction Host OS Set to Guest OS CPU Support for Virtualization Physical Server Intel® VT-x, Intel® VT-d: H/W Emulation
Ericsson | Page 50 Linux Containers
Linux Containers on bare metal Container Container
APP APP Application sharing common libraries and Kernel Bin/Libs Bin/Libs
Host OS Containers share same OS Kernel and are separated by “Name Spaces” Physical Server
Ericsson | Page 51 Containers inside VM VM-1 VM-2
Container Container Container Container
APP APP APP APP
Bin/Libs Bin/Libs Bin/Libs Bin/Libs
Guest OS Guest OS
Hypervisor
Physical Server
Ericsson | Page 52 WhichWhich deployment deployment option? option suits my vnf?
Hypervisor baremetal container answer
• Provides density and • Applications that • Suitable for VNF/Apps • All 3 Deployment isolation to run different consume all resources that can share a options are needed “Guest OS” on the blade and mission common kernel • Virtualising the h/w critical applications • VNF/Apps will • Offers high form of platform for VNF’s to • Infrastructure benefit differently density and removal of run on any x86 machine applications that perform in each multiple guest and high user plane and deployment option • Platform Resources e.g. hypervisor overheads CPU and Memory can control plane packet be shared or dedicated processing • H/W acceleration • By supporting all 3 support in progress deployment and allocated to • Dedicated resource different VNF’s isolation due to • Reduced isolation options in an IaaS regulatory requirement compared to VM’s Manager, we can support all • No hypervisor license fee, i.e.CAPEX possible VNF/Apps reduction, removes type deployment overhead and potential models
Ericsson | Page 53 layers of failure Summary
• Transparent collaboration between ETSI-NFV, OPNFV, Telco-WG and OpenStack core projects vital to enabling OpenStack for NFV.
• Making steady but meaningful progress on NFV enablement.
• Hypervisor, bare metal and container deployment options in an IaaS system are needed to support all possible VNF/Apps types.
54 Q&A
55 References - Contributing
●ETSI: ohttps://portal.etsi.org/TBSiteMap/NFV/NFVMembership.aspx ●OPNFV: ohttps://www.opnfv.org/developers/how-participate ●TelcoWG: ohttps://wiki.openstack.org/wiki/TelcoWorkingGroup ●OpenStack: ohttps://wiki.openstack.org/wiki/How_To_Contribute
Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at [intel.com]. Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. Intel, the Intel logo, Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. © 2015 Intel Corporation.
57