NFV with Openstack

NFV with OpenStack

Vincent Jardin Nick Barcet CTO VP Products 6Wind eNovance @VincentJardin @nijaba

1 Red Hat | NFV with OpenStack | October 2014 Hello? The technology behind

2 Red Hat | NFV with OpenStack | October 2014 Hello? The technology behind

3 Red Hat | NFV with OpenStack | October 2014 Hello? The technology behind

Proprietary hardware

4 Red Hat | NFV with OpenStack | October 2014 Hello? The technology behind Full re-deployment for each new generation network

5 Red Hat | NFV with OpenStack | October 2014 What if this went went virtual?

6 Red Hat | NFV with OpenStack | October 2014 What if this went went virtual?

What if this went scalable?

7 Red Hat | NFV with OpenStack | October 2014 What if this went went virtual?

What if this went scalable?

What if this was just like cloud?

8 Red Hat | NFV with OpenStack | October 2014 Creation of ETSI NFV

● In November 2012 seven of the world's leading telecoms network operators selected ETSI to be the home of the Industry Specification Group for NFV.

● 2 years later: 230 individual companies including 37 of the world's major service providers as well as representatives from both telecoms and IT vendors.

9 Red Hat | NFV with OpenStack | October 2014 NFV business opportunities

● Latest major disruption in the telco marketplace since IP introduction

● Create opportunities for service providers:

● To accelerate development of new services

● To implement Network and IT convergence

● Force NEP

● To change their business model (transform themselves as Software Providers)

● To redesign their software

10 Red Hat | NFV with OpenStack | October 2014 OpenStack NFV subteam

● NFV support for OpenStack aims to provide the best possible infrastructure for such workloads to be deployed in, while respecting the design principles of a IaaS cloud.

● In order for VNF to perform correctly in a cloud world, the underlying infrastructure needs to provide a certain number of functionalities which range from scheduling to networking and from orchestration to monitoring capacities.

● This means that to correctly support NFV use cases in OpenStack, implementations may be required across most, if not all, main OpenStack projects, starting with Neutron and Nova.

https://wiki.openstack.org/wiki/Teams/NFV

11 Red Hat | NFV with OpenStack | October 2014 3 main specific problems for NFVi

● North/South connectivity requirements

12 Red Hat | NFV with OpenStack | October 2014 3 main specific problems for NFVi

● North <-> South connectivity requirements

● High Service Level Agreement requirements

13 Red Hat | NFV with OpenStack | October 2014 3 main specific problems for NFVi

● North <-> South connectivity requirements

● High Service Level Agreement requirements

● East <-> West connectivity requirements

14 Red Hat | NFV with OpenStack | October 2014 NFV Simplified Architecture

Virtual Network Functions (VNFs)

VNF VNF VNF VNF VNF

Network Functions Virtualization Infrastructure (NFVi) NFV Management Virtual Virtual Virtual and Compute Storage Network Orchestration

Virtualization Layer

Compute Storage Network

Hardware resources

15 Red Hat | NFV with OpenStack | October 2014 Use Cases

Workload Type Description Characteristics Examples Data plane Tasks related to packet handing Intensive I/O requirements - CDN cache node in an end-to-end potentially millions of small VoIP Router communication between edge packets per second per core IPSec tunneller applications. Intensive memory R/W Session Border Controller - media relay requirements function

Control plane Any other communication Less intensive I/O and R/W PPP session management between network functions that requirements than data plane, Border Gateway Protocol (BGP) routing is not directly related to the due to lower packets per second Remote Authentication Dial In User end-to-end data communication More complicated transactions Service (RADIUS) authentication in a between edge applications. resulting in (potentially) higher Broadband Remote Access Server CPU load per packet. (BRAS) network function Session Border Controller - SIP signaling function IMS core functions (S-CSCF / I-CSCF / BGCF)

Signal processing All network function tasks Very sensitive to CPU processing Fast Fourier Transform (FFT) decoding related to digital processing capacity. Encoding in a Cloud-Radio Access Delay sensitive. Network (C-RAN) Base Band Unit (BBU) Audio transcoding in a Session Border Controller

Storage All tasks related to disk storage. Varying disk, SAN, or NAS, I/O Logger requirements based on Network probe applications, ranging from low to extremely high intensity.

16 Red Hat | NFV with OpenStack | October 2014 Blueprints implemented in Juno

Description Project(s) Status

Support two interfaces from Nova Design Approved / Implemented one VM attached to the same network

SR-IOV Networking Support Nova Design Approved / Needs Code Review

Virt driver guest vCPU topology Nova Design Approved / Implemented configuration

Evacuate instance to Nova Approved / Implemented (juno-2) scheduled host

17 Red Hat | NFV with OpenStack | October 2014 What's brewing for Kilo? (Highest Priority)

Description Project(s) Status

● VLAN trunking networks for NFV Neutron New ● VLAN tagged traffic transmissible over a tenant network ● decomposition of VLAN trunks to virtual networks ● VLAN tagged traffic to a physical appliance ● management of VLANs on ports as sub- ports

Permit unaddressed interfaces for NFV use Neutron New cases

18 Red Hat | NFV with OpenStack | October 2014 What's brewing for Kilo (the rest)

Description Project(s) Status Description Project(s) Status

Discless VM Nova Under discussion Port mirroring Neutron Under discussion

Framework for Advanced Neutron Under Discussion Schedule vms per flavour Nova New Services in Virtual cpu overcommit Machines

I/O (PCIe) Based NUMA Nova Design Approved / Needs Snabb NFV mechanism Neutron Approved Scheduling Code Review driver

Network QoS API Neutron Under discussion Solver Scheduler - Nova Design review in progress complex constraints scheduler with NFV use cases

Neutron Services Neutron Design Approved / Needs Support userspace vhost Nova Design review in progress Insertion, Chaining, and Code Review in ovs vif bindings Steering

NIC state aware Nova Rejected Traffic Steering Abstraction Neutron Design review in progress scheduling

Open vSwitch to use patch Neutron Superseded / Unknown VIF_VHOSTUSER (qemu Nova Approved ports in place of veth pairs vhost-user) support for vlan n/w

Open vSwitch-based Neutron Design review in progress Virt driver guest NUMA Nova Design Approved / Needs Security Groups: Open node placement & Code Review vSwitch Implementation of topology FirewallDriver

OVF Meta-Data Import via Glance New Virt driver large page Nova Design Approved / Needs Glance allocation for guest RAM * Code Review

Persist scheduler hints Nova Design review in progress Virt driver pinning guest Nova Design Approved / Needs vCPUs to host pCPUs Code Review

19 Red Hat | NFV with OpenStack | October 2014 Openstack related challenges

● Cultural Changes:

● Introduction of devops, Continuous Integration, …

● Work with opensource communities

● No more standards...

● 80% is good enough...

● Technical, R&D:

● Openstack is evolving very fast (major release every 6 months)

● Limited availability of skills

● Redesign of application to become cloud application

● Operation:

● Need to educate/train people

20 Red Hat | NFV with OpenStack | October 2014 North ↔ South East ↔ West

Virtual Network Performances With 6WIND

21 Red Hat | NFV with OpenStack | October 2014 Performance first High Performance East-West Communications

Virtual Machine Virtual Machine Virtual Machine Virtual Machine

Application Application Application Application

Linux Windows Any Any OS OS

Hypervisor Throughput

Virtual Switch Hardware Independence

High Performance East-West Communications

Virtual Machine Virtual Machine Virtual Machine Virtual Machine

Application Application Application Application

Linux Windows Any Any OS OS

Throughput Hypervisor SR-IOV Hardware Independence

Virtual Virtual Machine Machine 4 Virtual Machine Bottleneck Application Application Software Software 3Communication Bottleneck - Host vs Guest OS Hypervisor Virtual Switch 2 Virtual Switch Bottleneck

Server Platform 1 Driver Level Bottleneck

Architecture-independent “Fast Path Modules” • Generic, processor-independent source code • Cycle-level and pipeline-level optimizations Data Fast Path Plane

FPN-SDK FPN-SDK FPN-SDK Architecture-specific "Fast Path Networking SDK" FPN-SDK • Zero-overhead API for fast path modules • Support for processor-specific features and resources • Leverages processor suppliers' SDKs

NetOS Simple Exec DPDK ZoL™

 Standard Linux functions are accelerated by 6WINDGate

Quagga

iptables iproute2

Protocol Tables

Fast Path Configuration Shared Memory

Fast Path Modules Linux Networking Statistics Stack Fast Path Statistics Linux Kernel Fast Path

Nova Neutron Say no to proprietary k

c plugins a t s

n Say no to SRIOV to e p

O be SDN ready. Accelerate Neutron

Link MPLS/VPLS Ethernet VLAN GRE h

t Aggregation Encapsulation Bridging K a D p S

- t s N IPv4/IPv6 IPv4/IPv6 Multi- Tunneling Filtering

a NAT P

f Forwarding cast (IPinIP) IPv4/IPv6

e e t t a a G G IPsec IPv4/IPv6 QoS Flow Inspection D D N N I I W W

6 OVS

6 VXLAN Acceleration

Mellanox

e Intel® QuickAssist Cavium NITROX VIRTIO Guest t ConnectX®-3 EN

a Crypto SDK 5.X Crypto XEN-KVM PMD

K Series PMD G D D P N I D Emulex

W Intel® Multi-Buffer VMXNET3 Guest

Virtual Virtual Virtual Appliance Appliance Appliance (DPDK- (Linux- (Other Drivers for Virtual Appliance based) based) OSs) • 6WIND drivers for high performance communications Fast VirtioG Fast Virtio • Standard drivers for existing Virtual Fast Virtio vNIC uest vNIC Guest Appliances vNIC Guest PMD PMD Linux Linux • Extensible for all OSs

Fast vNIC PMD Virtio Host PMD

OVS Acceleration VLAN VXLAN IPsec GRE LAG Filtering NAT Virtual Acceleration Ethernet Bridge Forwarding • 6WIND drivers for high performance communications Intel PMD Mellanox PMD Emulex PMD • Accelerated virtual switch and bridging • Extended network services • Dpdk.org with multi-vendor NIC support

NICs

IPv4/IPv6 Forwarding Virtual Machine

DPDK Fast

Path Fast vNIC PMD

Hypervisor Fast vNIC PMD

Fast Virtual Networking Path DPDK Linux kernel

R720 12 x 10G Ports

L2 Throughput Linux Based Virtual Bottleneck IPv4/IPv6 Forwarding Machine

Virtio Guest 7,2 Gbps Linux Bottleneck

Virtio Host Linux Hypervisor Bottleneck Linux kernel

Bottleneck Kernel Drivers

Limited Bandwidth To Linux Based Virtual R720 12 x 10G Machines Ports

L2 Throughput Linux Based Virtual Bottleneck IPv4/IPv6 Forwarding Machine

7,2 Gbps Fast vNIC Linux 59 Gbps Hypervisor Fast vNIC PMD

Virtual Fast Networking Path DPDK Linux kernel

9X Throughput R720 12 x 10G Performance Increase Ports

L2 Throughput IP Forwarding DPDK Based Virtual Machine Fast DPDK Path 7,2 Gbps Fast vNIC PMD 59 Gbps 118 Gbps Hypervisor Fast vNIC PMD

Virtual Fast Networking Path DPDK Linux kernel

Wire Speed R720 12 x 10G Performance Ports

Compute node/host: # yum install 6windgate*.rpm # systemctl enable 6windgate.service

Virtual Virtual Virtual Network Network Network Virtual Switching With 6WINDGate Function Function Function • Hardware independent virtual switching (NIC driver) 500 Gbps • Aggregate 500 Gbps bandwidth with low latency • No external limit to number of chained VNFs

6WINDGate Accelerated OVS Physical Switching Limitations 50 PCI Express • Hardware dependent switching Gbps (SR-IOV, RDMA, NIC embedded switching) Local NIC • Throughput is limited by PCI Express (50 Gbps) and faces PCI Express and DMA additional latencies External Switch • Available PCI slots limit the number of chained VNFs • At 30 Gbps a single VNF is supported per node!

38 Red Hat | NFV with OpenStack | October 2014