Stephen Finucane ([email protected]) OpenStack Software Engineer, Intel Shannon 

Intel Legal Notices and Disclaimers Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at intel.com, or from the OEM or retailer. No computer system can be absolutely secure. Tests document performance of components on a particular test, in specific systems. Differences in hardware, software, or configuration will affect actual performance. Consult other sources of information to evaluate performance as you consider your purchase. For more complete information about performance and benchmark results, visit http://www.intel.com/performance. Intel, the Intel logo and others are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. © 2016 Intel Corporation. 2 

3 Previous BrightTALK Talks ▪ EPA Features in OpenStack Kilo – https://www.brighttalk.com/webcast/12229/181563 ▪ Enabling ODL for Network Operators – https://www.brighttalk.com/webcast/12229/203981 ▪ Open vSwitch with DPDK in OVS 2.4.0 – https://www.brighttalk.com/webcast/12229/194949 ▪ DPDK 16.04 New Features – https://www.brighttalk.com/webcast/12229/198051 

4 Previous “Other” Talks ▪ Noobs Guide to OVS-DPDK (FOSDEM) – https://fosdem.org/2016/schedule/event/n00b_dpdk/ ▪ OVS, DPDK and Software Dataplane Acceleration (OVS Conference) – https://fosdem.org/2016/schedule/event/ovs_dpdk/ ▪ OVS in OPNFV (OVS Conference) – https://www.youtube.com/watch?v=vPmenYdCWsg ▪ OVS Learn Action Firewall (OpenStack Austin Summit) – https://www.openstack.org/videos/video/tired-of-iptables-based-security-groups- heres-how-to-gain-tremendous-speed-with-open-vswitch-instead 

No content

6 NFV, n. Abbreviation for Network Functions Virtualization: an initiative to virtualize the network services that are now being carried out by proprietary, dedicated hardware. 

7 NFV, n. Abbreviation for Network functions virtualization: an initiative to virtualize the network services that are now being carried out by proprietary, dedicated hardware. tl;dr: Telco != Enterprise 

8 Enterprise vs. Telco Primary Use Cases Enterprise Apps Telco VNFs Networking 10 Gig, Varied Packets 40 Gig, Small Packets Scale Local or Limited Massively Distributed Regulation Little or None High Hardware Offload ✘ ✔ Software Out-of-Box Custom* Why? Lowered costs, improved agility, … 

9 An NFV Platform Open Source Software Stack OpenStack OVS + DPDK QEMU + libvirt Linux + KVM 

10 An NFV Platform Open Source Software Stack OpenStack OVS + DPDK QEMU + libvirt Linux + KVM 

Why? 0 1 2 3 4 5 6 7 8 9 10 64 256 Throughput (Mbps) Phy-VM-Phy Performance Comparison Native OVS OVS with DPDK (One Core) OVS with DPDK (One core, HT) 11 

Why? 0 1 2 3 4 5 6 7 8 9 10 64 256 Throughput (Mbps) Phy-VM-Phy Performance Comparison Native OVS OVS with DPDK (One Core) OVS with DPDK (One core, HT) 12 

13 DPDK + OVS + (OpenStack) Neutron DPDK (fast, userspace packet processing libraries) + OVS (the leading open source virtual switch in OpenStack) + Neutron (Networking-as-a-Service for OpenStack) = Fast, DPDK-accelerated network interfaces in OpenStack 

No content

What is networking-ovs-dpdk 15 

16 networking-ovs-dpdk’s evolution Kilo Deployment OVS agent ML2 driver Liberty Deployment OVS agent ML2 driver SG driver Mitaka Deployment OVS agent ML2 driver SG driver Newton TBD… 

17 networking-ovs-dpdk ❑ Deployment scripts ▪ DevStack ❑ OVS-DPDK agent ❑ ML2 driver neutron n/a Initial release (Kilo) 

18 networking-ovs-dpdk ❑ Deployment scripts ▪ DevStack, Puppet ❑ ML2 driver ❑ SG driver neutron ❑ OVS agent support Liberty release cycle 

19 networking-ovs-dpdk ❑ Deployment scripts ▪ DevStack, Puppet ❑ SG driver neutron ❑ OVS agent support ❑ ML2 driver support Mitaka release cycle 

20 OVS Agent OVS Host OVS Agent OVSDB Server Controller Neutron Server ML2 OVS Mech Driver AMQP 

21 OVS-DPDK and Neutron datapath_types=[netdev, ...] iface_types=[dpdkvhostuser, ...] …becomes... vif_type=vif_vhostuser OVSDB Neutron 

22 Using it… neutron port-create $NETWORK_ID nova interface-attach --port-id $PORT_ID $INSTANCE_ID 

23 iptables-based Security Group Driver Linux Bridge tap vEth br-int (OVS) vEth 

24 iptables-based Security Group Driver Linux Bridge tap vEth br-int (OVS) vEth 

25 iptables-based Security Group Driver Linux Bridge tap vEth br-int (OVS) vEth 

26 “Learn action”-based Security Group Driver br-int (OVS) tap 

27 Performance 0 1 2 3 4 5 6 7 8 9 10 64 128 256 512 1024 1280 1518 Throughput (Mbps) Security Group Performance Comparison OVS 2.4, iptables DPDK, no firewall, OVS 2.4 DPDK, "learn action" implementation, OVS 2.4 

28 In summary, networking-ovs-dpdk… WAS a fork of the OVS agent and a new ML2 driver IS a collection of deployment scripts and a security group driver (everything else is upstream) 

No content

30 The short version enable_plugin networking-ovs-dpdk \ https://github.com/openstack/networking-ovs-dpdk \ master 

31 The long version 1. Install OVS with DPDK 2. Configure Neutron, e.g. ml2_conf.ini [OVS] datapath_type=netdev ... 3. Start Neutron Open vSwitch agent 4. Configure VM to use huge pages openstack flavor set FLAVOR_NAME hw:mem_page_size=large 5. Boot VMs 

32 Useful info ▪ Flavour aggregates – OVS and OVS-DPDK can coexist peacefully ▪ DevStack vs. Puppet – Deployment or development? ▪ Multi-queue support – Can be configured – nice performance boost ▪ L3 support (e.g. DVR) – Performance is currently sub-optimal 

33 Other projects ▪ networking-odl – OpenDaylight (ODL) caches datapath type and supported interfaces – networking-odl replaces the OVS agent – query the ODL topology API instead ▪ networking-ovn – Supports configurable VIF type – all or nothing 

34 Future work ▪ Accelerate L3 networking (example: DVR) – Performance is currently sub-optimal ▪ Upstream security group driver for OVS with DPDK – This is out-of-tree currently – need to compare with conntrack solutions ▪ Integrate of vif_vhostuser into os-vif ▪ Add support for OVS-DPDK powered QoS in Neutron ▪ Add support for VLAN-aware VMs in Neutron ▪ Add support for other deployment methods 

35 Call to action 

36 Call to action 

37 Call to action 

Stephen Finucane ([email protected]), OpenStack Software Engineer, Intel Shannon 

No content