OVS-DPDK Integration in OpenStack

Transcript

1. Stephen Finucane ([email protected])
   OpenStack Software Engineer, Intel Shannon
   

   View Slide

2. Intel Legal Notices and Disclaimers
   Intel technologies’ features and benefits depend on system configuration and may require
   enabled hardware, software or service activation. Learn more at intel.com, or from the OEM or
   retailer.
   No computer system can be absolutely secure.
   Tests document performance of components on a particular test, in specific systems. Differences
   in hardware, software, or configuration will affect actual performance. Consult other sources of
   information to evaluate performance as you consider your purchase. For more complete
   information about performance and benchmark results, visit
   http://www.intel.com/performance.
   Intel, the Intel logo and others are trademarks of Intel Corporation in the U.S. and/or other
   countries. *Other names and brands may be claimed as the property of others.
   © 2016 Intel Corporation.
   2
   

   View Slide

3. 3
   Previous BrightTALK Talks
   ▪ EPA Features in OpenStack Kilo
   – https://www.brighttalk.com/webcast/12229/181563
   ▪ Enabling ODL for Network Operators
   – https://www.brighttalk.com/webcast/12229/203981
   ▪ Open vSwitch with DPDK in OVS 2.4.0
   – https://www.brighttalk.com/webcast/12229/194949
   ▪ DPDK 16.04 New Features
   – https://www.brighttalk.com/webcast/12229/198051
   

   View Slide

4. 4
   Previous “Other” Talks
   ▪ Noobs Guide to OVS-DPDK (FOSDEM)
   – https://fosdem.org/2016/schedule/event/n00b_dpdk/
   ▪ OVS, DPDK and Software Dataplane Acceleration (OVS Conference)
   – https://fosdem.org/2016/schedule/event/ovs_dpdk/
   ▪ OVS in OPNFV (OVS Conference)
   – https://www.youtube.com/watch?v=vPmenYdCWsg
   ▪ OVS Learn Action Firewall (OpenStack Austin Summit)
   – https://www.openstack.org/videos/video/tired-of-iptables-based-security-groups-
   heres-how-to-gain-tremendous-speed-with-open-vswitch-instead
   

   View Slide

5. View Slide

6. 6
   NFV, n.
   Abbreviation for Network Functions Virtualization: an
   initiative to virtualize the network services that are now
   being carried out by proprietary, dedicated hardware.
   

   View Slide

7. 7
   NFV, n.
   Abbreviation for Network functions virtualization: an
   initiative to virtualize the network services that are now
   being carried out by proprietary, dedicated hardware.
   tl;dr: Telco != Enterprise
   

   View Slide

8. 8
   Enterprise vs. Telco
   Primary Use Cases Enterprise Apps Telco VNFs
   Networking 10 Gig, Varied Packets 40 Gig, Small Packets
   Scale Local or Limited Massively Distributed
   Regulation Little or None High
   Hardware Offload ✘ ✔
   Software Out-of-Box Custom*
   Why? Lowered costs, improved agility, …
   

   View Slide

9. 9
   An NFV Platform
   Open Source Software Stack
   OpenStack
   OVS + DPDK QEMU + libvirt
   Linux + KVM
   

   View Slide

10. 10
    An NFV Platform
    Open Source Software Stack
    OpenStack
    OVS + DPDK QEMU + libvirt
    Linux + KVM
    

    View Slide

11. Why?
    0
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    64 256
    Throughput (Mbps)
    Phy-VM-Phy Performance Comparison
    Native OVS OVS with DPDK (One Core) OVS with DPDK (One core, HT)
    11
    

    View Slide

12. Why?
    0
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    64 256
    Throughput (Mbps)
    Phy-VM-Phy Performance Comparison
    Native OVS OVS with DPDK (One Core) OVS with DPDK (One core, HT)
    12
    

    View Slide

13. 13
    DPDK + OVS + (OpenStack) Neutron
    DPDK (fast, userspace packet processing libraries)
    +
    OVS (the leading open source virtual switch in OpenStack)
    +
    Neutron (Networking-as-a-Service for OpenStack)
    =
    Fast, DPDK-accelerated network interfaces in OpenStack
    

    View Slide

14. View Slide

15. What is networking-ovs-dpdk
    15
    

    View Slide

16. 16
    networking-ovs-dpdk’s evolution
    Kilo
    Deployment
    OVS agent
    ML2 driver
    Liberty
    Deployment
    OVS agent
    ML2 driver
    SG driver
    Mitaka
    Deployment
    OVS agent
    ML2 driver
    SG driver
    Newton
    TBD…
    

    View Slide

17. 17
    networking-ovs-dpdk
    ❑ Deployment scripts
    ▪ DevStack
    ❑ OVS-DPDK agent
    ❑ ML2 driver
    neutron
    n/a
    Initial release (Kilo)
    

    View Slide

18. 18
    networking-ovs-dpdk
    ❑ Deployment scripts
    ▪ DevStack, Puppet
    ❑ ML2 driver
    ❑ SG driver
    neutron
    ❑ OVS agent support
    Liberty release cycle
    

    View Slide

19. 19
    networking-ovs-dpdk
    ❑ Deployment scripts
    ▪ DevStack, Puppet
    ❑ SG driver
    neutron
    ❑ OVS agent support
    ❑ ML2 driver support
    Mitaka release cycle
    

    View Slide

20. 20
    OVS Agent
    OVS Host
    OVS Agent
    OVSDB
    Server
    Controller
    Neutron
    Server
    ML2
    OVS Mech
    Driver
    AMQP
    

    View Slide

21. 21
    OVS-DPDK and Neutron
    datapath_types=[netdev, ...]
    iface_types=[dpdkvhostuser, ...]
    …becomes...
    vif_type=vif_vhostuser
    OVSDB
    Neutron
    

    View Slide

22. 22
    Using it…
    neutron port-create $NETWORK_ID
    nova interface-attach --port-id $PORT_ID $INSTANCE_ID
    

    View Slide

23. 23
    iptables-based Security Group Driver
    Linux Bridge
    tap
    vEth br-int (OVS)
    vEth
    

    View Slide

24. 24
    iptables-based Security Group Driver
    Linux Bridge
    tap
    vEth br-int (OVS)
    vEth
    

    View Slide

25. 25
    iptables-based Security Group Driver
    Linux Bridge
    tap
    vEth br-int (OVS)
    vEth
    

    View Slide

26. 26
    “Learn action”-based Security Group Driver
    br-int (OVS)
    tap
    

    View Slide

27. 27
    Performance
    0
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    64 128 256 512 1024 1280 1518
    Throughput (Mbps)
    Security Group Performance Comparison
    OVS 2.4, iptables DPDK, no firewall, OVS 2.4 DPDK, "learn action" implementation, OVS 2.4
    

    View Slide

28. 28
    In summary, networking-ovs-dpdk…
    WAS a fork of the OVS agent and a new ML2 driver
    IS a collection of deployment scripts and a security group driver
    (everything else is upstream)
    

    View Slide

29. View Slide

30. 30
    The short version
    enable_plugin networking-ovs-dpdk \
    https://github.com/openstack/networking-ovs-dpdk \
    master
    

    View Slide

31. 31
    The long version
    1. Install OVS with DPDK
    2. Configure Neutron, e.g. ml2_conf.ini
    [OVS]
    datapath_type=netdev
    ...
    3. Start Neutron Open vSwitch agent
    4. Configure VM to use huge pages
    openstack flavor set FLAVOR_NAME hw:mem_page_size=large
    5. Boot VMs
    

    View Slide

32. 32
    Useful info
    ▪ Flavour aggregates
    – OVS and OVS-DPDK can coexist peacefully
    ▪ DevStack vs. Puppet
    – Deployment or development?
    ▪ Multi-queue support
    – Can be configured – nice performance boost
    ▪ L3 support (e.g. DVR)
    – Performance is currently sub-optimal
    

    View Slide

33. 33
    Other projects
    ▪ networking-odl
    – OpenDaylight (ODL) caches datapath type and supported interfaces
    – networking-odl replaces the OVS agent – query the ODL topology API instead
    ▪ networking-ovn
    – Supports configurable VIF type – all or nothing
    

    View Slide

34. 34
    Future work
    ▪ Accelerate L3 networking (example: DVR)
    – Performance is currently sub-optimal
    ▪ Upstream security group driver for OVS with DPDK
    – This is out-of-tree currently – need to compare with conntrack solutions
    ▪ Integrate of vif_vhostuser into os-vif
    ▪ Add support for OVS-DPDK powered QoS in Neutron
    ▪ Add support for VLAN-aware VMs in Neutron
    ▪ Add support for other deployment methods
    

    View Slide

35. 35
    Call to action
    

    View Slide

36. 36
    Call to action
    

    View Slide

37. 37
    Call to action
    

    View Slide

38. Stephen Finucane ([email protected]),
    OpenStack Software Engineer, Intel Shannon
    

    View Slide

39. View Slide