Accelerating the Path
to the Guest
Maryam Tahhan and Kevin Traynor
Intel
Legal Disclaimers
Intel processor numbers are not a measure of performance. Processor numbers differentiate features within each processor family, not
across different processor families: Go to: Learn About Intel® Processor Numbers
Intel, the Intel logo and Xeon are trademarks of Intel Corporation in the U.S. and/or other countries.
*Other names and brands may be claimed as the property of others.
Copyright © 2014 Intel Corporation. All rights reserved
2
TRANSFORMINGIntel
NETWORKING
Confidential & STORAGE
Agenda
• NFV
• Guest access methods
• Summary
• Q&A
3
TRANSFORMING NETWORKING & STORAGE
Network Function Virtualization (NFV)
By 2017 mobile traffic will have grown 13x in the space of 5 years.*
In 2017 there will be 3x more connected devices than people on earth.*
Service Providers are moving to virtualize the functionality of network components
in an effort to move away from custom ASICs, and operate on standard servers.
The network functions running on a guest require near native performance.
* http://www.intel.com/content/www/us/en/communications/internet-minute-infographic.html
4
TRANSFORMING NETWORKING & STORAGE
Legacy virtio-net
Guest
• virtio-net is a para-virtualized
network driver based on virtio.
• A guest with a virtio_net driver,
shares a number of virtqueues with
QEMU.
• The mechanism by which traffic is
passed is comprised of two parts:
•1 The datapath.
•2 The notification path.
Operating System
T
X
QEMU
Virtio Driver
R
X
1
2
Tap
OVS
Datapath
Eth X
KVM
Kernel Space
5
TRANSFORMING NETWORKING & STORAGE
Intel® Data Plane Development Kit and ivshmem
Intel® DPDK
Hugepage
s
Rings
ivshmem
• Physically contiguous
memory
• 1GB pages
• /dev/hugepages/rte_map0
• Lockless
• Efficient for IPC
• Rx/Tx pairs
ivshmem
QEMU
Patch
• aka Nahanni*
• QEMU* 1.4.0
• Host Initiated
• Command line
• hugepage location
• ivshmem device
6
TRANSFORMING NETWORKING & STORAGE
QEMU
Operating System
OVS client
DPDK Ring
API
PCI dev (04:00.0)
ivshmem
BAR2
Shared
Memory
Memory
R
X
1GB
T
X
DPDK Ring
API
OVS
mempoo
l
Datapath
DPDK PMD
Kernel Space
7
TRANSFORMING NETWORKING & STORAGE
Intel® DPDK rings and ivshmem Characteristics
Current
Performance
Security
Future
• Zero copy
• Fast performance
QEMU
• Guests can access host
memory
• Unsuitable for untrusted guests
• Upstream Patch
• Maintenance
Security
• Regions of memory
• Security groups
Live
migration
• Modifications needed
• Difficult
• Host initiated sharing
Live Migration • Shared at guest start up
Compatibility
• DPDK Guest application
8
TRANSFORMING NETWORKING & STORAGE
VhostNet
us-vhost
QEMU
QEMU
Operating System
Operating System
Virtio Driver
Virtio Driver
R
X
T
X
1
DPDK vhost
R
X
T
X
OVS
Datapath
2
1
IOCT
L
DPDK x
ioeventfd
vhost-net
irqfd
CUSE
KVM
Tap
OVS
Datapath
Eth X
KVM
2
eventfd
link
Kernel Space
ioeventfd
irqfd
Kernel Space
9
TRANSFORMING NETWORKING & STORAGE
us-vhost Characteristics
Current
Future
Performance
• zero copy
• Merge-able buffers
Security
• Virtqueues mapped to
vswitchd address
space.
Features
• virtio-net backend
enhancements
Live
Migration
• Solution exists.
us-vhost
Library
• Library provided by DPDK
Performanc
e
Compatibilit
y
• Less copies and
context switches.
• DPDK guest
application
• Virtio-net
QEMU
• vhost-user
10
TRANSFORMING NETWORKING & STORAGE
Use Case Comparison
Use
Case 1
Use
Case 2
Highest
performance
Trusted
Guests
DPDK VNF
No live
migration
Accelerated
performance
Untrusted
Guests
DPDK &
Virtio-net
VNFs
Live
migration
dpdkr &
ivshmem
us-vhost
11
TRANSFORMING NETWORKING & STORAGE
Summary
NFV requires high bandwidth, low latency interfaces into the Network
Function Virtualisation Infrastructure
2 accelerated paths to the guest recently enabled in netdev-dpdk
Trade off between performance, security, live migration and
compatibility
DPDK has an active community supporting it
12
TRANSFORMING NETWORKING & STORAGE
Q&A
13 13
TRANSITIONING
TRANSFORMINGNETWORKING
NETWORKING&&STORAGE
STORAGE