OVS-DPDK Integration in OpenStack

Transcript

1. Stephen Finucane ([email protected]) OpenStack Software Engineer, Intel Shannon

2. Intel Legal Notices and Disclaimers Intel technologies’ features and benefits

   depend on system configuration and may require enabled hardware, software or service activation. Learn more at intel.com, or from the OEM or retailer. No computer system can be absolutely secure. Tests document performance of components on a particular test, in specific systems. Differences in hardware, software, or configuration will affect actual performance. Consult other sources of information to evaluate performance as you consider your purchase. For more complete information about performance and benchmark results, visit http://www.intel.com/performance. Intel, the Intel logo and others are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. © 2016 Intel Corporation. 2

3. 3 Previous BrightTALK Talks ▪ EPA Features in OpenStack Kilo

   – https://www.brighttalk.com/webcast/12229/181563 ▪ Enabling ODL for Network Operators – https://www.brighttalk.com/webcast/12229/203981 ▪ Open vSwitch with DPDK in OVS 2.4.0 – https://www.brighttalk.com/webcast/12229/194949 ▪ DPDK 16.04 New Features – https://www.brighttalk.com/webcast/12229/198051

4. 4 Previous “Other” Talks ▪ Noobs Guide to OVS-DPDK (FOSDEM)

   – https://fosdem.org/2016/schedule/event/n00b_dpdk/ ▪ OVS, DPDK and Software Dataplane Acceleration (OVS Conference) – https://fosdem.org/2016/schedule/event/ovs_dpdk/ ▪ OVS in OPNFV (OVS Conference) – https://www.youtube.com/watch?v=vPmenYdCWsg ▪ OVS Learn Action Firewall (OpenStack Austin Summit) – https://www.openstack.org/videos/video/tired-of-iptables-based-security-groups- heres-how-to-gain-tremendous-speed-with-open-vswitch-instead
5. None

6. 6 NFV, n. Abbreviation for Network Functions Virtualization: an initiative

   to virtualize the network services that are now being carried out by proprietary, dedicated hardware.

7. 7 NFV, n. Abbreviation for Network functions virtualization: an initiative

   to virtualize the network services that are now being carried out by proprietary, dedicated hardware. tl;dr: Telco != Enterprise

8. 8 Enterprise vs. Telco Primary Use Cases Enterprise Apps Telco

   VNFs Networking 10 Gig, Varied Packets 40 Gig, Small Packets Scale Local or Limited Massively Distributed Regulation Little or None High Hardware Offload ✘ ✔ Software Out-of-Box Custom* Why? Lowered costs, improved agility, …

9. 9 An NFV Platform Open Source Software Stack OpenStack OVS

   + DPDK QEMU + libvirt Linux + KVM

10. 10 An NFV Platform Open Source Software Stack OpenStack OVS

    + DPDK QEMU + libvirt Linux + KVM

11. Why? 0 1 2 3 4 5 6 7 8

    9 10 64 256 Throughput (Mbps) Phy-VM-Phy Performance Comparison Native OVS OVS with DPDK (One Core) OVS with DPDK (One core, HT) 11

12. Why? 0 1 2 3 4 5 6 7 8

    9 10 64 256 Throughput (Mbps) Phy-VM-Phy Performance Comparison Native OVS OVS with DPDK (One Core) OVS with DPDK (One core, HT) 12

13. 13 DPDK + OVS + (OpenStack) Neutron DPDK (fast, userspace

    packet processing libraries) + OVS (the leading open source virtual switch in OpenStack) + Neutron (Networking-as-a-Service for OpenStack) = Fast, DPDK-accelerated network interfaces in OpenStack
14. None

15. What is networking-ovs-dpdk 15

16. 16 networking-ovs-dpdk’s evolution Kilo Deployment OVS agent ML2 driver Liberty

    Deployment OVS agent ML2 driver SG driver Mitaka Deployment OVS agent ML2 driver SG driver Newton TBD…

17. 17 networking-ovs-dpdk ❑ Deployment scripts ▪ DevStack ❑ OVS-DPDK agent

    ❑ ML2 driver neutron n/a Initial release (Kilo)

18. 18 networking-ovs-dpdk ❑ Deployment scripts ▪ DevStack, Puppet ❑ ML2

    driver ❑ SG driver neutron ❑ OVS agent support Liberty release cycle

19. 19 networking-ovs-dpdk ❑ Deployment scripts ▪ DevStack, Puppet ❑ SG

    driver neutron ❑ OVS agent support ❑ ML2 driver support Mitaka release cycle

20. 20 OVS Agent OVS Host OVS Agent OVSDB Server Controller

    Neutron Server ML2 OVS Mech Driver AMQP

21. 21 OVS-DPDK and Neutron datapath_types=[netdev, ...] iface_types=[dpdkvhostuser, ...] …becomes... vif_type=vif_vhostuser

    OVSDB Neutron

22. 22 Using it… neutron port-create $NETWORK_ID nova interface-attach --port-id $PORT_ID

    $INSTANCE_ID

23. 23 iptables-based Security Group Driver Linux Bridge tap vEth br-int

    (OVS) vEth

24. 24 iptables-based Security Group Driver Linux Bridge tap vEth br-int

    (OVS) vEth

25. 25 iptables-based Security Group Driver Linux Bridge tap vEth br-int

    (OVS) vEth

26. 26 “Learn action”-based Security Group Driver br-int (OVS) tap

27. 27 Performance 0 1 2 3 4 5 6 7

    8 9 10 64 128 256 512 1024 1280 1518 Throughput (Mbps) Security Group Performance Comparison OVS 2.4, iptables DPDK, no firewall, OVS 2.4 DPDK, "learn action" implementation, OVS 2.4

28. 28 In summary, networking-ovs-dpdk… WAS a fork of the OVS

    agent and a new ML2 driver IS a collection of deployment scripts and a security group driver (everything else is upstream)
29. None

30. 30 The short version enable_plugin networking-ovs-dpdk \ https://github.com/openstack/networking-ovs-dpdk \ master

31. 31 The long version 1. Install OVS with DPDK 2.

    Configure Neutron, e.g. ml2_conf.ini [OVS] datapath_type=netdev ... 3. Start Neutron Open vSwitch agent 4. Configure VM to use huge pages openstack flavor set FLAVOR_NAME hw:mem_page_size=large 5. Boot VMs

32. 32 Useful info ▪ Flavour aggregates – OVS and OVS-DPDK

    can coexist peacefully ▪ DevStack vs. Puppet – Deployment or development? ▪ Multi-queue support – Can be configured – nice performance boost ▪ L3 support (e.g. DVR) – Performance is currently sub-optimal

33. 33 Other projects ▪ networking-odl – OpenDaylight (ODL) caches datapath

    type and supported interfaces – networking-odl replaces the OVS agent – query the ODL topology API instead ▪ networking-ovn – Supports configurable VIF type – all or nothing

34. 34 Future work ▪ Accelerate L3 networking (example: DVR) –

    Performance is currently sub-optimal ▪ Upstream security group driver for OVS with DPDK – This is out-of-tree currently – need to compare with conntrack solutions ▪ Integrate of vif_vhostuser into os-vif ▪ Add support for OVS-DPDK powered QoS in Neutron ▪ Add support for VLAN-aware VMs in Neutron ▪ Add support for other deployment methods

35. 35 Call to action

36. 36 Call to action

37. 37 Call to action

38. Stephen Finucane ([email protected]), OpenStack Software Engineer, Intel Shannon

39. None