Software Datapath Acceleration for Stateless Packet Processing

Similar documents
OpenFlow with Intel Voravit Tanyingyong, Markus Hidell, Peter Sjödin

Cisco Integrated Services Routers Performance Overview

Programmable Networking with Open vswitch

Data and Control Plane Interconnect solutions for SDN & NFV Networks Raghu Kondapalli August 2014

Network Virtualization Technologies and their Effect on Performance

ODP Application proof point: OpenFastPath. ODP mini-summit

FlexPath Network Processor

Using Network Virtualization to Scale Data Centers

USB to SPI Device Driver Installation Instructions

Intel DPDK Boosts Server Appliance Performance White Paper

10 Gbit Hardware Packet Filtering Using Commodity Network Adapters. Luca Deri Joseph Gasparakis

Stateful vs. stateless traffic analysis

The Freescale Embedded Hypervisor

Ethernet Fabric Requirements for FCoE in the Data Center

Open Source Bandwidth Management: Introduction to Linux Traffic Control

Intro to Linux Kernel Firewall

Broadcom Ethernet Network Controller Enhanced Virtualization Functionality

Scaling Networking Applications to Multiple Cores

IINS Implementing Cisco Network Security 3.0 (IINS)

Use Cases for the NPS the Revolutionary C-Programmable 7-Layer Network Processor. Sandeep Shah Director, Systems Architecture EZchip

Open vswitch and the Intelligent Edge

Improving Quality of Service

Definition of a White Box. Benefits of White Boxes

Allocating Network Bandwidth to Match Business Priorities

Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, ColdFire+, C- Ware, the Energy Efficient Solutions logo, Kinetis,

White Paper Abstract Disclaimer

BROADCOM SDN SOLUTIONS OF-DPA (OPENFLOW DATA PLANE ABSTRACTION) SOFTWARE

Putting it on the NIC: A Case Study on application offloading to a Network Interface Card (NIC)

基 於 SDN 與 可 程 式 化 硬 體 架 構 之 雲 端 網 路 系 統 交 換 器

Implementing Cisco IOS Network Security

Wireshark in a Multi-Core Environment Using Hardware Acceleration Presenter: Pete Sanders, Napatech Inc. Sharkfest 2009 Stanford University

Achieving Low-Latency Security

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN

The Lagopus SDN Software Switch. 3.1 SDN and OpenFlow. 3. Cloud Computing Technology

How Linux kernel enables MidoNet s overlay networks for virtualized environments. LinuxTag Berlin, May 2014

Stateful Connection Tracking & Stateful NAT

Removing The Linux Routing Cache

QoS in PAN-OS. Tech Note PAN-OS 4.1. Revision A 2011, Palo Alto Networks, Inc.

Safety Lifecycle illustrated with exemplified EPS

High-Performance, Highly Secure Networking for Industrial and IoT Applications

Performance of Software Switching

Designing Firewall/VPN with the PowerQUICC III MPC8572E

Network Simulation Traffic, Paths and Impairment

Datacenter Operating Systems

Foundation for High-Performance, Open and Flexible Software and Services in the Carrier Network. Sandeep Shah Director, Systems Architecture EZchip

SDN. WHITE PAPER Intel Ethernet Switch FM6000 Series - Software Defined Networking. Recep Ozdag Intel Corporation

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

White Paper Increase Flexibility in Layer 2 Switches by Integrating Ethernet ASSP Functions Into FPGAs

Cisco CCNP Optimizing Converged Cisco Networks (ONT)

Accelerating the Data Plane With the TILE-Mx Manycore Processor

OpenFlow - the key standard of Software-Defined Networks. Dmitry Orekhov, Epam Systems

Telematics. 14th Tutorial - Proxies, Firewalls, P2P

Quality of Service (QoS)) in IP networks

Virtualization: TCP/IP Performance Management in a Virtualized Environment Orlando Share Session 9308

Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.

Where IT perceptions are reality. Test Report. OCe14000 Performance. Featuring Emulex OCe14102 Network Adapters Emulex XE100 Offload Engine

Lustre Networking BY PETER J. BRAAM

Implementing Cisco Quality of Service QOS v2.5; 5 days, Instructor-led

IMPLEMENTING CISCO QUALITY OF SERVICE V2.5 (QOS)

Improving DNS performance using Stateless TCP in FreeBSD 9

TCP Offload Engines. As network interconnect speeds advance to Gigabit. Introduction to

"Charting the Course to Your Success!" QOS - Implementing Cisco Quality of Service 2.5 Course Summary

OpenDataPlane Introduction and Overview

Linux KVM Virtual Traffic Monitoring

Lecture 17 - Network Security

An API for dynamic firewall control and its implementation for Linux Netfilter

Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family

Wave Relay System and General Project Details

4 Internet QoS Management

基 于 CompactPCI 网 络 开 放 式 平 台 系 统 开 发

Feature Comparison. Windows Server 2008 R2 Hyper-V and Windows Server 2012 Hyper-V

Radware s AppDirector and AppXcel An Application Delivery solution for applications developed over BEA s Weblogic

Prioritization of Important Mice Flows in a Software Defined Network (SDN Application)

Sockets vs. RDMA Interface over 10-Gigabit Networks: An In-depth Analysis of the Memory Traffic Bottleneck

Technical Brief. DualNet with Teaming Advanced Networking. October 2006 TB _v02

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Cisco RV 120W Wireless-N VPN Firewall

Software-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe

Network packet capture in Linux kernelspace

Quality of Service in the Internet. QoS Parameters. Keeping the QoS. Traffic Shaping: Leaky Bucket Algorithm

Software Defined Networking and the design of OpenFlow switches

Stateless Packet Filtering Firewall on the NIC & Address Based Filtering

Application Delivery Networking

A Transport Protocol for Multimedia Wireless Sensor Networks

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

APPLICATION NOTE 209 QUALITY OF SERVICE: KEY CONCEPTS AND TESTING NEEDS. Quality of Service Drivers. Why Test Quality of Service?

How To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses

Outline. Institute of Computer and Communication Network Engineering. Institute of Computer and Communication Network Engineering

Performance Evaluation of Linux Bridge

Configuring QoS in a Wireless Environment

Using Linux Traffic Control on Virtual Circuits J. Zurawski Internet2 February 25 nd 2013

What is SDN (Software Defined Networking) and Openflow? SDN/OF Part of Kernel / SoC to provide security, steering & monitoring

Cisco IOS Flexible NetFlow Technology

Operating Systems Design 16. Networking: Sockets

Bandwidth Management in MPLS Networks

Security Overview of the Integrity Virtual Machines Architecture

Software Defined Networking What is it, how does it work, and what is it good for?

HANIC 100G: Hardware accelerator for 100 Gbps network traffic monitoring

Transcription:

June 22, 2010 Software Datapath Acceleration for Stateless Packet Processing FTF-NET-F0817 Ravi Malhotra Software Architect Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink

Agenda What can be accelerated Stateless and stateful Various applications Sample TCP offload Soft Data Path Engine Architecture Feature set Packet flow DPE API Performance Soft DPE advantage Leverage key hardware offloads Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 2

Stateful Path and Stateless Packet Processing Most network packet processing protocols can be broken down into two paths Stateless path, also known as the data path, requires quick and efficient switching/routing of packets Can be broken down into packet identification (classification) and forwarding Stateful path, also known as the control path, requires more processing and has more inherent latency than the data path Stateful control path requires 90% of the code and is used 10% of the time. Stateless data path requires just 10% of the code and is used 90% of the time. This session focuses on how to accelerate the 10% of the code in the stateless path to increase packet processing performance. Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 3

Stateless Data Path for Different Applications Application Data Path Control Path Layer 2 bridging IPv4 forwarding NAPT FDB lookup, VLAN add/delete, Learning Dest-cache lookup, L2 modify 5-tuple lookup, IP/Port/L2 modify Aging, STP LPM route-table lookup, ARP, IP Options Connection setup/destroy, policy, ALG Firewall Access control list, pin-holes Stateful packet inspection, ALG IPSec QoS 5-tuple lookup, encap/decap + crypto Enforcement sched, police, congestion, shaper SA setup, security policy Policy, provisioning Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 4

Netfilter Connection Tracking Connection established/ assured event Connection destroyed Rule/Stream Tables DPA Control Module Event Handlers Connection Offload Success New Connection Connection Deleted request Aging status Connection Aging Subsystem Conn destroy/ageout Probe Status NetFilter Hooks Networking Stack Ack Create Rule Asynchronous Offload Mechanism Ack Create Stream Dynamic Connection Offloading with Soft DPA (L4 TCP NAPT flow, no QoS) Control Path Ageout Delete listrule Run Aging Delete Stream Lkup FIN/ACK Miss Hit Data Path (terminate pkt) Classifier/ Action Table Asynchronous Low Level API Stateless Data Path Engine Pkt Flow Ctrl Flow Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 5

Current Linux Forwarding Data Packet flow Control Packet flow Configuration flow Platform SoC P1, P2 P1010, P1020, P2020, 85xx, 83xx P3, P4, P5 P4080, P3040, P5020 Control Plane Applications (DHCP/DNS/IGMP etc) e500 Cores Linux User-space Linux Kernel Linux Network Stack SEC/ QM Driver SEC (QM) etsec/qm Driver etsec/qm Driver etsec or FM-QM-BM etsec or FM-BM-QM Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 6

Data Packet flow Control Packet flow Configuration flow Stateless Data Path Procesing in QE Platform SoC P1, P2 8323, 8360, 8569 e500 Core QE RISC Cores Linux User-space Linux Kernel RISC Microcode Control Plane Applications (DHCP/DNS/IGMP etc) UCC Network Driver Linux Network Stack Control Logic DPE API Interworking microcode UCC Completely re-used from Linux Existing Solution for 8360 and 8323 SEC Network Interface Network Interface Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 7

Stateless Data Path Processing in Software Data Packet flow Control Packet flow Configuration flow Platform SoC P1, P2 P1010, P1020, P2020, 85xx P3, P4, P5 N/A Control Plane Apps (DHCP/DNS/IGMP/IKE etc) VortiQa CP + NMS e500 Cores Linux User-space Linux Kernel Linux Network Stack Control Logic VortiQa Network Stack Completely re-used from QE based Platforms DPE API VeTSEC Driver Soft Data Path Engine VeTSEC Driver SEC Driver SEC VeTSEC VeTSEC Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 8

Soft Data Path Engine Feature List Stateless packet processing (all stateful processing including ALG, SPI firewall, ARP, routing, learning etc. done by control-path) Offloads following stateless processing IPv4 forwarding NAPT/firewall (ACL) processing Layer 2 switching with VLAN IPSec forwarding Quality of service Support for the following interfaces: Ethernet VLAN PPPoE WLAN Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 9

Soft Data Path Engine Feature List (cont.) Maintenance Per-flow statistics and aging Platform support Multicore support over VeTSEC Provides a standard configuration across platforms Integrates seamlessly with Linux networking stack and applications using SWANG package Integrates seamlessly with VortiQa networking stack and customer network stacks Leverages hardware acceleration (hashing, scheduling, classification, security) where available Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 10

Soft Data Path Engine Functional Model Control Plane (s) Application Offload Crypto, PME etc. Backplane Processing / Inter-plane/processor communication Ingress HM-ops Data Path Engine Egress HM ops Recycle Other Data Path Engine Recycle Policer Classification/ Lookup Scheduler/ Shaper Packet Parsing Rx Processing Tx Processing Network Interface Network Interface Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 11

Data Path Engine API Architecture Overview Buffer Manager 1 Bandwidth Manager 1 ETH Tx Q 2 PHY Logical HdrMan 2 Port 1 Tx Q 3 Stream 3 MAC Shaper Scheduler Tx Q 1 HdrMan 1 Stream 1 Stream 2 error traffic Send(data, stream3) Rx Queues Lookup Stream 4 Stream 5 Rx Q 1 Rx Q 2 Control Path PHY MAC ETH Logical Port 2 Shaper Scheduler Tx queues Classification Rule_1 Rule_2 Bandwidth Manager 2 Buffer Manager 2 Rule_3 Match HdrMan 3 Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 12

Soft Data Path Engine Performance Advantage Results on P2020 RDB - 1200/600/400 : 2-core SMP Linux 2000 IPv4 Linux IPv4 Soft DPA % Diff 2.50 NAPT Linux NAPT Soft DPA % Diff 2000 6.00 IPSec Linux IPSec Soft DPA % Diff 600 3.00 1500 2.00 1500 5.00 500 2.50 Throughput in Kpps 1000 1.50 1.00 % Increase Throughput in Kpps 1000 4.00 3.00 2.00 % Increase Throughput in Kpps 400 300 200 2.00 1.50 1.00 % Increase 500 0.50 500 1.00 100 0.50 0 0.00 0 0.00 0 0.00 64 390 1500 64 390 1500 64 390 1456 IPv4 NAPT IPSec Significant (2x to 5x) performance improvement over native Linux Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 13

Soft Data Path Engine Multicore Scaling Results on P2020 RDB - 1200/600/400: 1-core non-smp vs. 2-core SMP Linux Scaling Limited by SEC HW IPv4 NAPT IPSec Scaling factor of > 1.8x when migrating from 1-core to 2-core Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 14

Soft Data Path Engine Flow Scaling Results on P2020 RDB - 1200/600/400 : 2-core SMP Linux 64 byte traffic IPv4 NAPT IPSec Low performance degradation for handling multiple flows Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 15

Data Path Hardware Acceleration Core(s) Network Stack (SMP optimized) Autonomous aware Drivers/API Look-Aside Offload Generic Offload Ingress Offload Autonomous Processing Egress Offload Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 16

Hardware Acceleration Support Offload Feature Advantage Ingress Generic Hash calculation Coarse classification Packet parsing Hardware buffer management Hardware queue management Packet distribution to multiple cores, flow-pinning, table lookup Offload stateless ACL processing Avoid software overhead No buffer alloc/free operations in software Simpler packet Rx/Tx, efficient stashing (to L1/L2), leaves room in cache for other data Egress Hardware QoS Avoid software overhead, mitigate DoS attacks, prioritize CPU cycles Core Backside L2 cache Faster access for multiple flow tables Look- Aside Protocol-aware cryptography Offload protocol encapsulation/decapsulation, sequence tracking etc. Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 17

Hardware Acceleration Advantage Cycles Throughput (kpps) Absolute Tput % 300.00 Throughput in kpps 250.00 200.00 150.00 Relative speedup 100.00 Baseline IPv4 + QoS Shaping + WFQ WRED Policing Hash results in FD Parse results in FD HM ops in HW HW Buffer HW Queue Mgmt Mgmt Stash on Dequeue BS L2 cache Hardware Acceleration provides upto 2.5x improvement Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 18

Summary Software data path engine Optimized packet processing path Consistent interface across platforms Easy integration with network stacks Single solution across QorIQ LE/ULE platforms Performance advantage Flexibility to leverage hardware acceleration Optimized for multicore scaling Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMAROS, TurboLink 19

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information