metron nfv service chains at the true speed of the ...georgios p. katsikas 2017 metron nfv service...

Georgios P. Katsikas 2017

MetronNFV Service Chains at the True

Speed of the Underlying Hardware

Georgios P. Katsikas1,3, Tom Barbette2, Dejan Kostic3,

Rebecca Steinert1, and Gerald Q. Maguire Jr.3

1RISE SICS 2University of Liege 3KTH Royal Institute of Technology

Georgios P. Katsikas 2017 2

High throughput and low latency

Web

Video

...

Analytics

Introduction


IPSec LB

...

Web

Analytics

Video

Firewall DPIRouter Router

NAT IDS Monitor

Service Chains of Network Functions


IPSec LB

...

Web

Analytics

Video

Firewall DPIRouter Router

NAT IDS Monitor

Service Chains of Network Functions

Minimize the performance impact of service chains


Source: D. Firestone et al. Hardware-Accelerated Networks

at Scale in the Cloud, Microsoft Azure, SIGCOMM 2017Motivation


Motivation Source: D. Firestone et al. Hardware-Accelerated Networks at Scale in the Cloud, Microsoft Azure, SIGCOMM 2017


Motivation Source: D. Firestone et al. Hardware-Accelerated Networks at Scale in the Cloud, Microsoft Azure, SIGCOMM 2017

Service chains today greatly

rely on CPU performance!


Can existing NFV systems operate at these emerging link speeds

(i.e., at 100 Gbps)?

8


Generator Processor

1x100GbE

Mellanox Connect-X4

Total Throughput

100 Gbps

Router NAPT LB

Deployment at 100 Gbps


Hardware Limit

Hardware Limit at 100 Gbps

76


Performance degradation

Emulated E2Hardware Limit

Existing NFV Solutions at 100 Gbps

76


Emulated E2Hardware Limit OpenBox

Existing NFV Solutions at 100 Gbps

76



13

Hardware

offloading

Accurate CPU

core dispatching

0 inter-core transfers

Metron

Metron – Hardware-level Performance

76



14

Metron

Hardware

performance

6.5x better efficiency

Metron – Hardware-level Performance

76


Why do existing NFV systems lose performance?

15


Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM

Core 1 Core 2 Core 3 Core 4Software switch

dispatching


Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM

Core 1 Core 2 Core 3 Core 4

1Software switch

dispatching


Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


2Software switch

dispatching


Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


3Software switch

dispatching


Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


4Software switch

dispatching


Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


4 Inter-Core Transfers

Software switch

dispatching


Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


Rx Rx NF1+NF2 Tx

OutInRSS

Pipeline dispatching

with or without RSS

NFP, Flurries

Software switch

dispatching



Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


Rx Rx NF1+NF2 Tx

OutInRSS


with or without RSS

NFP, Flurries

Software switch

dispatching



Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


Rx Rx NF1+NF2 Tx

OutInRSS


with or without RSS

NFP, Flurries

Software switch

dispatching


1


Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


Rx Rx NF1+NF2 Tx

OutInRSS


with or without RSS

NFP, Flurries

Software switch

dispatching


2


Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


Rx Rx NF1+NF2 Tx

OutInRSS


with or without RSS

NFP, Flurries

Software switch

dispatching



Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


OutRSS In

Flow Director

Or

Rule or hash-based

hardware dispatchingRx+NF1 Idle NF2+Tx Idle

Rx Rx NF1+NF2 Tx

OutInRSS


with or without RSS

NFP, Flurries

OpenBox,

SNF, FastClick

Software switch

dispatching




Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


OutRSS In

Flow Director

Or

Rule or hash-based


Rx Rx NF1+NF2 Tx

OutInRSS


with or without RSS

NFP, Flurries

OpenBox,

SNF, FastClick

Software switch

dispatching




Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


OutRSS In

Flow Director

Or

Rule or hash-based


Rx Rx NF1+NF2 Tx

OutInRSS


with or without RSS

NFP, Flurries

OpenBox,

SNF, FastClick

Software switch

dispatching



1


Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


OutRSS In

Flow Director

Or

Rule or hash-based


Rx Rx NF1+NF2 Tx

OutInRSS


with or without RSS

NFP, Flurries

OpenBox,

SNF, FastClick

Software switch

dispatching




Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


OutRSS In

Flow Director

Or

Rule or hash-based


Rx Rx NF1+NF2 Tx

OutInRSS


with or without RSS

NFP, Flurries

OpenBox,

SNF, FastClick

Software switch

dispatching



1 Inter-Core Transfer


Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


OutRSS In

Flow Director

Or

Rule or hash-based


Rx Rx NF1+NF2 Tx

OutInRSS


with or without RSS

NFP, Flurries

OpenBox,

SNF, FastClick

Software switch

dispatching




Fastest system fewest inter-core transfers


Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


OutRSS In

Flow Director

Or

Rule or hash-based


Rx Rx NF1+NF2 Tx

OutInRSS


with or without RSS

NFP, Flurries

OpenBox,

SNF, FastClick

Software switch

dispatching




The available time to process 64-byte packets at

100 Gbps is ~5ns/packet


Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


OutRSS In

Flow Director

Or

Rule or hash-based


Rx Rx NF1+NF2 Tx

OutInRSS


with or without RSS

NFP, Flurries

OpenBox,

SNF, FastClick

Software switch

dispatching






But, all existing NFV systems transfer each packet

(one or more times) via DRAM or LLC


Switch NF1 NF2 Idle

OutIn

E2, ClickOS,

NetVM


OutRSS In

Flow Director

Or

Rule or hash-based


Rx Rx NF1+NF2 Tx

OutInRSS


with or without RSS

NFP, Flurries

OpenBox,

SNF, FastClick

Software switch

dispatching






But, all existing NFV systems transfer each packet

(one or more times) via DRAM or LLC

Such a transfer takes several nanoseconds itself!


Problems

Greatly underutilized hardware

Solutions

Challenges

Hardware heterogeneity

Unified hardware

management abstractions

Zero Inter-core Transfers with Metron


Problems


Too many inter-core transfers

Solutions

Challenges


Dynamic adaptation

Unified hardware


Dispatch traffic classes to

CPU cores using tags. Map

each tag to the correct core



Problems


Too many inter-core transfers

Solutions Results

Challenges


Dynamic adaptation

Unified hardware


Dispatch traffic classes to

CPU cores using tags. Map

each tag to the correct core

Up to 4.7x lower latency

Up to 7.8x higher throughput

2.75-6.5x better efficiency



Metron

Controller

41

Firewall DPI

ServerCore 1

Core 2

Input service

chain to the

controller

Source


Metron

Controller

Synthesized NF

42

Katsikas et al.

SNF: synthesizing high performance NFV service chains

PeerJ Computer Science 2016

Firewall DPI

ServerCore 1

Core 2

Input service

chain to the

controller

Source


Metron

Controller

Launcher

43

Read Ops Write Ops

Splitter

Stateless Stateful

ServerCore 1

Core 2Source

Synthesized NFFirewall DPI

Input service

chain to the

controller


Metron

Controller

Launcher

Tagging

44

Read Ops Write Ops

Splitter

Stateless Stateful

ServerCore 1

Core 2Source


Input service

chain to the

controller


Metron

Controller

Launcher

Tagging

45

Read Ops Write Ops

Splitter

Stateless Stateful

HW Rules SW Ops

ServerCore 1

Core 2Source


Input service

chain to the

controller


Metron

Controller

Launcher

Tagging

46

Read Ops Write Ops

Splitter

Stateless Stateful

HW Rules SW Ops

ServerCore 1

Core 2Source


Input service

chain to the

controller


Core 1Server

Metron

Controller

Launcher

Tagging

47

Read Ops Write Ops

Splitter

Stateless Stateful

Monitoring and

Load Balancing

HW Rules SW Ops

Collect

run-time load

statistics from

switches and

servers

Tag 1

Core 2Source

Synthesized NFDPI

Input service

chain to the

controller

Firewall


Core 1Server

Metron

Controller

Launcher

Tagging

48

Read Ops Write Ops

Splitter

Stateless Stateful

Monitoring and

Load Balancing

HW Rules SW Ops

Collect

run-time load

statistics from

switches and

servers

Tag 1 Overloaded

Detect Imbalance

Core 2Source

Synthesized NFDPI

Input service

chain to the

controller

Firewall


Core 1Server

Metron

Controller

Launcher

Tagging

49

Read Ops Write Ops

Splitter

Stateless Stateful

Monitoring and

Load Balancing

HW Rules SW Ops

Detect Imbalance

Split

Traffic Classes

Tag 1 Overloaded

Core 2Source

Collect

run-time load

statistics from

switches and

servers

Synthesized NFDPI

Input service

chain to the

controller

Firewall


Core 1Server

Metron

Controller

Launcher

Tagging

50

Read Ops Write Ops

Splitter

Stateless Stateful

Monitoring and

Load Balancing

Update

HW Rules SW Ops

Detect Imbalance

Split

Traffic Classes

Tag 1 Overloaded

Core 2Source

Collect

run-time load

statistics from

switches and

servers

Synthesized NFDPI

Input service

chain to the

controller

Firewall


Core 1Server

Metron

Controller

Launcher

Tagging

51

Read Ops Write Ops

Splitter

Stateless Stateful

Monitoring and

Load Balancing

Update

HW Rules SW Ops

Detect Imbalance

Split

Traffic Classes

Tag 1 Overloaded

Core 2Source

Collect

run-time load

statistics from

switches and

servers

Synthesized NFDPI

Input service

chain to the

controller

Firewall

Georgios P. Katsikas 2017 Core 2

Core 1Server

Metron

Controller

Launcher

Tagging

52

Read Ops Write Ops

Splitter

Stateless Stateful

Monitoring and

Load Balancing

Update

HW Rules SW Ops

Detect Imbalance

Split

Traffic Classes

Tags 1, 2Source

Collect

run-time load

statistics from

switches and

servers

Synthesized NFDPI

Input service

chain to the

controller

Firewall

Balanced


PerformanceEvaluation

53


NoviSwitch (OpenFlow 1.4)

4x10GbE

Intel 82599

Generator Processor

Total Throughput

40 Gbps

4x10GbE

Intel 82599

Firewall DPI



Hardware Limit

Throughput at 40 Gbps

38


Emulated E2Hardware Limit


38

~1.70 Gbps/core, 16 cores, R2=0.94




38



Emulated E2Hardware Limit OpenBox Metron


38



~3x better efficiency



38


DPI cost



38


FW + DPI at the speed

of a 40 Gbps testbed



38


Metron achieves 35-97% lower latency


Latency at 40 Gbps



LatencyFW+DPI ~= LatencyMIN

Latency at 40 Gbps


Generator Processor

1x100GbE

Mellanox Connect-X4

Total Throughput

100 Gbps

Router NAPT LB



Metron

Metron Decomposition at 100 Gbps


Metron Metron w/o HW Offl. (O)


Hardware offloading disabled


Metron Metron w/o HW Offl. (O) Metron w/o HW Disp. (D)


Inaccurate CPU core dispatching

Inter-core communication cost


Metron Metron w/o HW Offl. (O) Metron w/o HW Disp. (D) Metron w/o O & w/o D


Hardware offloading +

accurate dispatching disabled


Firewall NAPT GW

NoviSwitch (OpenFlow 1.4)

1x10GbE

Intel 82599

Generator Processor

Total Throughput

10 Gbps

1x10GbE

Intel 82599



Input Load

Dynamic Load Balancing


Input Load Metron’s Throughput



Input Load Metron’s Throughput


Dynamic CPU core

allocation in the paper


Metron’s driver for managing commodity servers is now in ONOS

https://github.com/opennetworkinglab/onos/tree/master/drivers/server

https://github.com/gkatsikas/onos/tree/metron-driver

Metron’s high performance data plane extends FastClick

https://github.com/tbarbette/fastclick/tree/metron

Open Source Activities

https://github.com/opennetworkinglab/onos/tree/master/drivers/serverhttps://github.com/gkatsikas/onos/tree/metron-driverhttps://github.com/tbarbette/fastclick/tree/metron


NFV service chains at the speed of the hardware

Metron

Contributions

Orchestration of heterogeneous programmable hardware

Accurate CPU core dispatching

Low-cost placement

Hardware offloading

Quick and stable adaptation

Conclusion

metron nfv service chains at the true speed of the ...georgios p. katsikas 2017 metron nfv service...

Documents