SlideShare une entreprise Scribd logo

LF_OVS_17_IPSEC and OVS DPDK

L
LF_OpenvSwitch

This document discusses proposed IPsec functionality for securing VXLAN traffic in a datacenter. It describes using IPsec in transport mode with AES-CBC and HMAC-SHA1-96 to provide confidentiality, integrity and authentication. A new "vxlanipsec" interface type is proposed to handle VXLAN encapsulation/decap and ESP encapsulation/decap using DPDK cryptodev for hardware acceleration. Performance metrics show encap rates of 2.7-7.1 million packets per second for a single PMD instance on Intel hardware. Future work includes supporting GCM mode, IPsec tunnels, dynamic key re-keying and integrating with OVS and RTE_Security.

Technologie
1  sur  17
Télécharger pour lire hors ligne
IPsec and OVS DPDK Ian Stokes Intel November 16-17, 2017 | San Jose, CA
Notices & Disclaimers Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at intel.com. No computer system can be absolutely secure. Tests document performance of components on a particular test, in specific systems. Differences in hardware, software, or configuration will affect actual performance. Consult other sources of information to evaluate performance as you consider your purchase. For more complete information about performance and benchmark results, visit http://www.intel.com/benchmarks . Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit http://www.intel.com/benchmarks . Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice. Cost reduction scenarios described are intended as examples of how a given Intel-based product, in the specified circumstances and configurations, may affect future costs and provide cost savings. Circumstances will vary. Intel does not guarantee any costs or cost reduction. Intel does not control or audit third-party benchmark data or the web sites referenced in this document. You should visit the referenced web site and confirm whether referenced data are accurate. © 2017 Intel Corporation. Intel, the Intel logo, and Intel Xeon are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as property of others.
Content • Use Case Overview • Proposed IPsec functionality • Design Considerations • Performance Metrics • Future Work
Hypervisor Server 1 IP Network Hypervisor Server 2 Use Case Overview Datacenter VM 1-1 VM 1-2 VM 1-3 VM 1-4 VM 2-1 VM 2-2 VM 2-3 VM 2-4 • Traffic is not ISOLATED. ! • Traffic is not CONFIDENTIAL. ! • Traffic integrity is not PROTECTED. ! • Traffic is not AUTHENTICATED. ! Do you trust the network?
Hypervisor Server 1 IP Network Hypervisor Server 2 Use Case Overview cont. Datacenter : VXLAN VM1-1 VNI 12 VM1-2 VNI 22 VM1-3 VNI 32 VM1-4 VNI 42 VM2-1 VNI 12 VM2-2 VNI 22 VM2-3 VNI 32 VM2-4 VNI 42 BD BD BD BD BD BD BD BD VTEP VTEP VXLAN 12 VXLAN 22 VXLAN 32 VXLAN 42 • Traffic is isolated. ü • Traffic is not CONFIDENTIAL. ! • Traffic integrity is not PROTECTED. ! • Traffic is not AUTHENTICATED. !
Hypervisor Server 1 IP Network Hypervisor Server 2 Use Case Overview cont. Datacenter : VXLAN + IPsec VM1-1 VNI 12 VM1-2 VNI 22 VM1-3 VNI 32 VM1-4 VNI 42 VM2-1 VNI 12 VM2-2 VNI 22 VM2-3 VNI 32 VM2-4 VNI 42 BD BD BD BD BD BD BD BD VTEP VTEP VXLAN 12 VXLAN 22 VXLAN 32 VXLAN 42 IPsec termination point IPsec termination point • Traffic is isolated. ü • Traffic is confidential. ü • Traffic integrity is protected. ü • Traffic is authenticated. ü
Proposed IPsec functionality Payload L4 Header IP Header Ethernet Header Payload L4 Header IP Header Ethernet Header ESP Header ESP Trailer ESP Digest ESP Padding Given standard IPv4 packet: What IPsec functionality is required to provide: • Confidentiality • Integrity • Authenticity IPsec •Protocol: ESP (Encapsulating Security Protocol) •Mode: Transport Encrypted • Encryption Ciphers • AES-CBC • AES-GCM with 16 octet ICV (Combined) Authenticated • Authentication Cipher • HMAC-SHA1-96
Proposed IPsec functionality: Vxlanipsec interface Hypervisor 1 (vxlan) VM 1 Br-int vxlan0 Br0 dpdk0 Introduce new tunnel interface type ‘vxlanipsec’ Hypervisor 1 (vxlanipsec) Vxlanipsec DPDK Cryptodev QAT VDEV PMD • Note: Cryptodev can utilise • HW: Intel ® QuickAssist (QAT) • SW: VDEV crypto PMD VM 1 Br-int Vxlan ipsec 0 Br0 dpdk0 • Associated DPDK Cryptodev for • Cipher encrypt/decrypt . • Digest generation/verification. • Handles vxlan encap/decap. • Handles ESP encap/decap.
Proposed IPsec functionality: Vxlanipsec Encap Hypervisor 1 VM 1 Br-int Vxlan ipsec 0 Br0 dpdk0 Hypervisor 2 VM 2 Br-int Vxlan ipsec 1 Br1 dpdk1 Vhu-0 Vhu-1
Proposed IPsec functionality: Vxlanipsec Encap Hypervisor 1 VM 1 Br-int Vxlan ipsec 0 Br0 dpdk0 Vhu-0 Payload L4 Header IP Header Ethernet Header • Packet Arrives at ‘vhu-0’ as follows • Packet arrives at ‘vxlan-ipsec0’ Outer IP Header Outer Ethernet Header ESP Header IV UDP Header VXLAN Header VXLAN ETH/IP UDP/VXLAN Headers ESP Header/Initialization Vector Original packet • Encap packet trailer built as follows Original packet Cipher Padding ESP Trailer ESP Digest • Encap packet header built as follows Padding/ESP trailer/Digest
Proposed IPsec functionality: Vxlanipsec Decap Hypervisor 2 VM 2 Br-int Vxlan ipsec 1 Br1 dpdk1 Vhu-1 • Packet arrives at dpdk1 as follows: ESP Header Encrypted Payload ESP Digest Outer IP Header Outer Ethernet Header IV UDP Header VXLAN Header Original packet Cipher Padding ESP Trailer • Encrypted Payload consists of: • Packet routed to ‘vxlanipsec1’ for decap • Use crypto dev to: Payload L4 Header IP Header Ethernet Header • Validate Digest ü • Decrypt payload ü • Extract tunnel metadata. • Pop vxlan/ESP headers and trailers for recirculation.
Design Considerations Intel ® QAT VDEV Crypto PMDCrypto Dev Creation • Virtual Function attached by user to userspace driver prior to Open vSwitch launch. • Created at runtime via VDEV init API. RX Queue Pair Capabilities • 2 queue pairs max per VF. • 8 queue pairs max by default DPDK PMD requirements • Intel ® QAT device. • CONFIG_RTE_LIBRTE_PMD_QAT • Intel ® Multi-Buffer Crypto for IPSec. • CONFIG_RTE_LIBRTE_PMD_AESNI_MB • CONFIG_RTE_LIBRTE_PMD_AESNI_GCM
Design Considerations cont. Asynchronous Operations • Cryptodev Operations are asynchronous regardless of HW/SW device i.e. DPDK Cryptodev • User configures 6 crypto ops and enqueues them to crypto device • User requests to dequeue the 6 crypto ops from the crypto device • May not receive 6 crypto ops on dequeue. rte_cryptodev_enqueue_burst() rte_cryptodev_dequeue_burst()
Design Considerations cont. Security Association Establishment Security Association • Crypto transform • Cipher Key • Authentication Key Security Consideration • Where should Cipher/Authentication keys be stored? • OVSDB? • User owned file?
Performance Metrics * Test and System Configurations: Estimates are based on internal Intel analysis using Intel® Server Board S2600WT, Intel® Xeon® CPU E5-2695 v3 @ 2.30GHz, Intel®, Ethernet Converged Network Adapter X710-DA4, AESNI_MB_PMD. 0 2,000 4,000 6,000 8,000 10,000 64 byte 256 byte 512 byte 1024 byte Test TX Rate (Line Rate) 7,619 9,275 9,624 9,808 Encap Rate 2,763 4,320 5,654 7,060 Mbps Test Tx rate VS Encap Rate Encap – 1 PMD - Vdev (AES-CBC & HMAC-SHA1-96) Test TX Rate (Line Rate) Encap Rate
Future Work • Add GCM combined mode support. • Add IPsec Tunnel support • IKEv2: Support for dynamic re-keying • Integrating with StrongSwan userspace plugin • Community opinion on 3rd party support for feature. • OVS architecture changes • Packet batching with tunnels to replace single encap/decap. • Integration with RTE_Security • Enables HW acceleration for inline crypto.
Questions and Contact Info • Contact info – Email: ian.stokes@intel.com

Recommandé

LF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OpenvSwitch
 
LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membe...
LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membe...LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membe...
LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membe...LF_OpenvSwitch
 
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.LF_OpenvSwitch
 
Ovs dpdk hwoffload way to full offload
Ovs dpdk hwoffload way to full offloadOvs dpdk hwoffload way to full offload
Ovs dpdk hwoffload way to full offloadKevin Traynor
 
LF_OVS_17_Red Hat's perspective on OVS HW Offload Status
LF_OVS_17_Red Hat's perspective on OVS HW Offload StatusLF_OVS_17_Red Hat's perspective on OVS HW Offload Status
LF_OVS_17_Red Hat's perspective on OVS HW Offload StatusLF_OpenvSwitch
 
Intel(r) Quick Assist Technology Overview
Intel(r) Quick Assist Technology OverviewIntel(r) Quick Assist Technology Overview
Intel(r) Quick Assist Technology OverviewMichelle Holley
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Michelle Holley
 

Recommandé

LF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OpenvSwitch
 
LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membe...
LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membe...LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membe...
LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membe...LF_OpenvSwitch
 
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.LF_OpenvSwitch
 
Ovs dpdk hwoffload way to full offload
Ovs dpdk hwoffload way to full offloadOvs dpdk hwoffload way to full offload
Ovs dpdk hwoffload way to full offloadKevin Traynor
 
LF_OVS_17_Red Hat's perspective on OVS HW Offload Status
LF_OVS_17_Red Hat's perspective on OVS HW Offload StatusLF_OVS_17_Red Hat's perspective on OVS HW Offload Status
LF_OVS_17_Red Hat's perspective on OVS HW Offload StatusLF_OpenvSwitch
 
Intel(r) Quick Assist Technology Overview
Intel(r) Quick Assist Technology OverviewIntel(r) Quick Assist Technology Overview
Intel(r) Quick Assist Technology OverviewMichelle Holley
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Michelle Holley
 
Quieting noisy neighbor with Intel® Resource Director Technology
Quieting noisy neighbor with Intel® Resource Director TechnologyQuieting noisy neighbor with Intel® Resource Director Technology
Quieting noisy neighbor with Intel® Resource Director TechnologyMichelle Holley
 
Dpdk Validation - Liu, Yong
Dpdk Validation - Liu, YongDpdk Validation - Liu, Yong
Dpdk Validation - Liu, Yongharryvanhaaren
 
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. GrayOVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. Grayharryvanhaaren
 
Accelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPAccelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPOdinot Stanislas
 
LF_OVS_17_OVN and Kelda
LF_OVS_17_OVN and KeldaLF_OVS_17_OVN and Kelda
LF_OVS_17_OVN and KeldaLF_OpenvSwitch
 
Netsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvNetsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvIntel
 
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELA Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELWalton Institute
 
Intel dpdk Tutorial
Intel dpdk TutorialIntel dpdk Tutorial
Intel dpdk TutorialSaifuddin Kaijar
 
Intel® Ethernet Update
Intel® Ethernet Update Intel® Ethernet Update
Intel® Ethernet Update Michelle Holley
 
Building a Router
Building a RouterBuilding a Router
Building a RouterHannes Gredler
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to HeroDhruv Sharma
 
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus NetworksLayer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus NetworksVikram G Hosakote
 
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel ArchitectureDPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel ArchitectureJim St. Leger
 
OVS v OVS-DPDK
OVS v OVS-DPDKOVS v OVS-DPDK
OVS v OVS-DPDKMd Safiyat Reza
 
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitchDPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitchJim St. Leger
 
Hannes end-of-the-router-tnc17
Hannes end-of-the-router-tnc17Hannes end-of-the-router-tnc17
Hannes end-of-the-router-tnc17Hannes Gredler
 
Advanced Traffic Engineering (TE++)
Advanced Traffic Engineering (TE++)Advanced Traffic Engineering (TE++)
Advanced Traffic Engineering (TE++)Pravin Bhandarkar
 
Symmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan DohertySymmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan Dohertyharryvanhaaren
 
Intel® RDT Hands-on Lab
Intel® RDT Hands-on LabIntel® RDT Hands-on Lab
Intel® RDT Hands-on LabMichelle Holley
 
CCNA4 Verson6 Chapter5
CCNA4 Verson6 Chapter5CCNA4 Verson6 Chapter5
CCNA4 Verson6 Chapter5Chaing Ravuth
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OpenvSwitch
 
LF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at NutanixLF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at NutanixLF_OpenvSwitch
 

Contenu connexe

Tendances

Quieting noisy neighbor with Intel® Resource Director Technology
Quieting noisy neighbor with Intel® Resource Director TechnologyQuieting noisy neighbor with Intel® Resource Director Technology
Quieting noisy neighbor with Intel® Resource Director TechnologyMichelle Holley
 
Dpdk Validation - Liu, Yong
Dpdk Validation - Liu, YongDpdk Validation - Liu, Yong
Dpdk Validation - Liu, Yongharryvanhaaren
 
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. GrayOVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. Grayharryvanhaaren
 
Accelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPAccelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPOdinot Stanislas
 
LF_OVS_17_OVN and Kelda
LF_OVS_17_OVN and KeldaLF_OVS_17_OVN and Kelda
LF_OVS_17_OVN and KeldaLF_OpenvSwitch
 
Netsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvNetsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvIntel
 
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELA Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELWalton Institute
 
Intel® Ethernet Update
Intel® Ethernet Update Intel® Ethernet Update
Intel® Ethernet Update Michelle Holley
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to HeroDhruv Sharma
 
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus NetworksLayer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus NetworksVikram G Hosakote
 
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel ArchitectureDPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel ArchitectureJim St. Leger
 
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitchDPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitchJim St. Leger
 
Hannes end-of-the-router-tnc17
Hannes end-of-the-router-tnc17Hannes end-of-the-router-tnc17
Hannes end-of-the-router-tnc17Hannes Gredler
 
Advanced Traffic Engineering (TE++)
Advanced Traffic Engineering (TE++)Advanced Traffic Engineering (TE++)
Advanced Traffic Engineering (TE++)Pravin Bhandarkar
 
Symmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan DohertySymmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan Dohertyharryvanhaaren
 
Intel® RDT Hands-on Lab
Intel® RDT Hands-on LabIntel® RDT Hands-on Lab
Intel® RDT Hands-on LabMichelle Holley
 
CCNA4 Verson6 Chapter5
CCNA4 Verson6 Chapter5CCNA4 Verson6 Chapter5
CCNA4 Verson6 Chapter5Chaing Ravuth
 

Tendances (20)

Quieting noisy neighbor with Intel® Resource Director Technology
Quieting noisy neighbor with Intel® Resource Director TechnologyQuieting noisy neighbor with Intel® Resource Director Technology
Quieting noisy neighbor with Intel® Resource Director Technology
 
Dpdk Validation - Liu, Yong
Dpdk Validation - Liu, YongDpdk Validation - Liu, Yong
Dpdk Validation - Liu, Yong
 
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. GrayOVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
 
Accelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPAccelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONP
 
LF_OVS_17_OVN and Kelda
LF_OVS_17_OVN and KeldaLF_OVS_17_OVN and Kelda
LF_OVS_17_OVN and Kelda
 
Netsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvNetsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfv
 
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELA Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
 
Intel dpdk Tutorial
Intel dpdk TutorialIntel dpdk Tutorial
Intel dpdk Tutorial
 
Intel® Ethernet Update
Intel® Ethernet Update Intel® Ethernet Update
Intel® Ethernet Update
 
Building a Router
Building a RouterBuilding a Router
Building a Router
 
Introduction to nexux from zero to Hero
Introduction to nexux from zero to HeroIntroduction to nexux from zero to Hero
Introduction to nexux from zero to Hero
 
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus NetworksLayer-3 BFD Optimization Proposals for Enterprise and Campus Networks
Layer-3 BFD Optimization Proposals for Enterprise and Campus Networks
 
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel ArchitectureDPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
 
OVS v OVS-DPDK
OVS v OVS-DPDKOVS v OVS-DPDK
OVS v OVS-DPDK
 
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitchDPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
 
Hannes end-of-the-router-tnc17
Hannes end-of-the-router-tnc17Hannes end-of-the-router-tnc17
Hannes end-of-the-router-tnc17
 
Advanced Traffic Engineering (TE++)
Advanced Traffic Engineering (TE++)Advanced Traffic Engineering (TE++)
Advanced Traffic Engineering (TE++)
 
Symmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan DohertySymmetric Crypto for DPDK - Declan Doherty
Symmetric Crypto for DPDK - Declan Doherty
 
Intel® RDT Hands-on Lab
Intel® RDT Hands-on LabIntel® RDT Hands-on Lab
Intel® RDT Hands-on Lab
 
CCNA4 Verson6 Chapter5
CCNA4 Verson6 Chapter5CCNA4 Verson6 Chapter5
CCNA4 Verson6 Chapter5
 

En vedette

LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OpenvSwitch
 
LF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at NutanixLF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at NutanixLF_OpenvSwitch
 
LF_OVS_17_State of the OVN
LF_OVS_17_State of the OVNLF_OVS_17_State of the OVN
LF_OVS_17_State of the OVNLF_OpenvSwitch
 
LF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OVS_17_OVS-DPDK Installation and GotchasLF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OVS_17_OVS-DPDK Installation and GotchasLF_OpenvSwitch
 
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OpenvSwitch
 
LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.LF_OpenvSwitch
 
LF_OVS_17_CORD: An open source platform to reinvent the network edge
LF_OVS_17_CORD: An open source platform to reinvent the network edgeLF_OVS_17_CORD: An open source platform to reinvent the network edge
LF_OVS_17_CORD: An open source platform to reinvent the network edgeLF_OpenvSwitch
 
LF_OVS_17_OVS-DPDK for NFV: go live feedback!
LF_OVS_17_OVS-DPDK for NFV: go live feedback!LF_OVS_17_OVS-DPDK for NFV: go live feedback!
LF_OVS_17_OVS-DPDK for NFV: go live feedback!LF_OpenvSwitch
 
LF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...software
LF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...softwareLF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...software
LF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...softwareLF_OpenvSwitch
 
LF_OVS_17_Conntrack + OvS
LF_OVS_17_Conntrack + OvSLF_OVS_17_Conntrack + OvS
LF_OVS_17_Conntrack + OvSLF_OpenvSwitch
 
LF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OpenvSwitch
 
LF_OVS_17_Day 1 Opening Remarks
LF_OVS_17_Day 1 Opening RemarksLF_OVS_17_Day 1 Opening Remarks
LF_OVS_17_Day 1 Opening RemarksLF_OpenvSwitch
 
LF_OVS_17_OvS manipulation with Go at DigitalOcean
LF_OVS_17_OvS manipulation with Go at DigitalOceanLF_OVS_17_OvS manipulation with Go at DigitalOcean
LF_OVS_17_OvS manipulation with Go at DigitalOceanLF_OpenvSwitch
 
LF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitchLF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitchLF_OpenvSwitch
 
LF_OVS_17_OvS Hardware Offload with TC Flower
LF_OVS_17_OvS Hardware Offload with TC FlowerLF_OVS_17_OvS Hardware Offload with TC Flower
LF_OVS_17_OvS Hardware Offload with TC FlowerLF_OpenvSwitch
 
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OpenvSwitch
 
LF_OVS_17_Day 2 Closing Remarks
LF_OVS_17_Day 2 Closing RemarksLF_OVS_17_Day 2 Closing Remarks
LF_OVS_17_Day 2 Closing RemarksLF_OpenvSwitch
 
LF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrack
LF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrackLF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrack
LF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrackLF_OpenvSwitch
 
LF_OVS_17_Day 2 Opening Remarks
LF_OVS_17_Day 2 Opening RemarksLF_OVS_17_Day 2 Opening Remarks
LF_OVS_17_Day 2 Opening RemarksLF_OpenvSwitch
 

En vedette (19)

LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
 
LF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at NutanixLF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at Nutanix
 
LF_OVS_17_State of the OVN
LF_OVS_17_State of the OVNLF_OVS_17_State of the OVN
LF_OVS_17_State of the OVN
 
LF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OVS_17_OVS-DPDK Installation and GotchasLF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OVS_17_OVS-DPDK Installation and Gotchas
 
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
 
LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.
 
LF_OVS_17_CORD: An open source platform to reinvent the network edge
LF_OVS_17_CORD: An open source platform to reinvent the network edgeLF_OVS_17_CORD: An open source platform to reinvent the network edge
LF_OVS_17_CORD: An open source platform to reinvent the network edge
 
LF_OVS_17_OVS-DPDK for NFV: go live feedback!
LF_OVS_17_OVS-DPDK for NFV: go live feedback!LF_OVS_17_OVS-DPDK for NFV: go live feedback!
LF_OVS_17_OVS-DPDK for NFV: go live feedback!
 
LF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...software
LF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...softwareLF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...software
LF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...software
 
LF_OVS_17_Conntrack + OvS
LF_OVS_17_Conntrack + OvSLF_OVS_17_Conntrack + OvS
LF_OVS_17_Conntrack + OvS
 
LF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress Scheduling
 
LF_OVS_17_Day 1 Opening Remarks
LF_OVS_17_Day 1 Opening RemarksLF_OVS_17_Day 1 Opening Remarks
LF_OVS_17_Day 1 Opening Remarks
 
LF_OVS_17_OvS manipulation with Go at DigitalOcean
LF_OVS_17_OvS manipulation with Go at DigitalOceanLF_OVS_17_OvS manipulation with Go at DigitalOcean
LF_OVS_17_OvS manipulation with Go at DigitalOcean
 
LF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitchLF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitch
 
LF_OVS_17_OvS Hardware Offload with TC Flower
LF_OVS_17_OvS Hardware Offload with TC FlowerLF_OVS_17_OvS Hardware Offload with TC Flower
LF_OVS_17_OvS Hardware Offload with TC Flower
 
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
 
LF_OVS_17_Day 2 Closing Remarks
LF_OVS_17_Day 2 Closing RemarksLF_OVS_17_Day 2 Closing Remarks
LF_OVS_17_Day 2 Closing Remarks
 
LF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrack
LF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrackLF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrack
LF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrack
 
LF_OVS_17_Day 2 Opening Remarks
LF_OVS_17_Day 2 Opening RemarksLF_OVS_17_Day 2 Opening Remarks
LF_OVS_17_Day 2 Opening Remarks
 

Similaire à LF_OVS_17_IPSEC and OVS DPDK

Performance out of the box developers
Performance out of the box developersPerformance out of the box developers
Performance out of the box developersMichelle Holley
 
Introduction to container networking in K8s - SDN/NFV London meetup
Introduction to container networking in K8s - SDN/NFV London meetupIntroduction to container networking in K8s - SDN/NFV London meetup
Introduction to container networking in K8s - SDN/NFV London meetupHaidee McMahon
 
Extend HPC Workloads to Amazon EC2 Instances with Intel and Rescale (CMP373-S...
Extend HPC Workloads to Amazon EC2 Instances with Intel and Rescale (CMP373-S...Extend HPC Workloads to Amazon EC2 Instances with Intel and Rescale (CMP373-S...
Extend HPC Workloads to Amazon EC2 Instances with Intel and Rescale (CMP373-S...Amazon Web Services
 
Intel® Select Solutions for the Network
Intel® Select Solutions for the NetworkIntel® Select Solutions for the Network
Intel® Select Solutions for the NetworkLiz Warner
 
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...HPC DAY
 
Intel® Xeon® Scalable Processors Enabled Applications Marketing Guide
Intel® Xeon® Scalable Processors Enabled Applications Marketing GuideIntel® Xeon® Scalable Processors Enabled Applications Marketing Guide
Intel® Xeon® Scalable Processors Enabled Applications Marketing GuideIntel IT Center
 
Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...Michelle Holley
 
Xeon E5 Making the Business Case PowerPoint
Xeon E5 Making the Business Case PowerPointXeon E5 Making the Business Case PowerPoint
Xeon E5 Making the Business Case PowerPointIntel IT Center
 
Cloud Technology: Now Entering the Business Process Phase
Cloud Technology: Now Entering the Business Process PhaseCloud Technology: Now Entering the Business Process Phase
Cloud Technology: Now Entering the Business Process Phasefinteligent
 
ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...
ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...
ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...Kuralamudhan Ramakrishnan
 
Crooke CWF Keynote FINAL final platinum
Crooke CWF Keynote FINAL final platinumCrooke CWF Keynote FINAL final platinum
Crooke CWF Keynote FINAL final platinumAlan Frost
 
E5 Intel Xeon Processor E5 Family Making the Business Case
E5 Intel Xeon Processor E5 Family Making the Business Case E5 Intel Xeon Processor E5 Family Making the Business Case
E5 Intel Xeon Processor E5 Family Making the Business Case Intel IT Center
 
Intel xeon-scalable-processors-overview
Intel xeon-scalable-processors-overviewIntel xeon-scalable-processors-overview
Intel xeon-scalable-processors-overviewDESMOND YUEN
 
Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive...
Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive... Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive...
Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive...Databricks
 
Accelerating Apache Spark with Intel QuickAssist Technology
Accelerating Apache Spark with Intel QuickAssist TechnologyAccelerating Apache Spark with Intel QuickAssist Technology
Accelerating Apache Spark with Intel QuickAssist TechnologyDatabricks
 
Inside story on Intel Data Center @ IDF 2013
Inside story on Intel Data Center @ IDF 2013Inside story on Intel Data Center @ IDF 2013
Inside story on Intel Data Center @ IDF 2013Intel IT Center
 
Intel® Xeon® processor E7-8800/4800 v3 Application Showcase
Intel® Xeon® processor E7-8800/4800 v3 Application ShowcaseIntel® Xeon® processor E7-8800/4800 v3 Application Showcase
Intel® Xeon® processor E7-8800/4800 v3 Application ShowcaseIntel IT Center
 
Spring Hill (NNP-I 1000): Intel's Data Center Inference Chip
Spring Hill (NNP-I 1000): Intel's Data Center Inference ChipSpring Hill (NNP-I 1000): Intel's Data Center Inference Chip
Spring Hill (NNP-I 1000): Intel's Data Center Inference Chipinside-BigData.com
 
Accelerate Ceph performance via SPDK related techniques
Accelerate Ceph performance via SPDK related techniques Accelerate Ceph performance via SPDK related techniques
Accelerate Ceph performance via SPDK related techniques Ceph Community
 
NFF-GO (YANFF) - Yet Another Network Function Framework
NFF-GO (YANFF) - Yet Another Network Function FrameworkNFF-GO (YANFF) - Yet Another Network Function Framework
NFF-GO (YANFF) - Yet Another Network Function FrameworkMichelle Holley
 

Similaire à LF_OVS_17_IPSEC and OVS DPDK (20)

Performance out of the box developers
Performance out of the box developersPerformance out of the box developers
Performance out of the box developers
 
Introduction to container networking in K8s - SDN/NFV London meetup
Introduction to container networking in K8s - SDN/NFV London meetupIntroduction to container networking in K8s - SDN/NFV London meetup
Introduction to container networking in K8s - SDN/NFV London meetup
 
Extend HPC Workloads to Amazon EC2 Instances with Intel and Rescale (CMP373-S...
Extend HPC Workloads to Amazon EC2 Instances with Intel and Rescale (CMP373-S...Extend HPC Workloads to Amazon EC2 Instances with Intel and Rescale (CMP373-S...
Extend HPC Workloads to Amazon EC2 Instances with Intel and Rescale (CMP373-S...
 
Intel® Select Solutions for the Network
Intel® Select Solutions for the NetworkIntel® Select Solutions for the Network
Intel® Select Solutions for the Network
 
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...
 
Intel® Xeon® Scalable Processors Enabled Applications Marketing Guide
Intel® Xeon® Scalable Processors Enabled Applications Marketing GuideIntel® Xeon® Scalable Processors Enabled Applications Marketing Guide
Intel® Xeon® Scalable Processors Enabled Applications Marketing Guide
 
Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...
 
Xeon E5 Making the Business Case PowerPoint
Xeon E5 Making the Business Case PowerPointXeon E5 Making the Business Case PowerPoint
Xeon E5 Making the Business Case PowerPoint
 
Cloud Technology: Now Entering the Business Process Phase
Cloud Technology: Now Entering the Business Process PhaseCloud Technology: Now Entering the Business Process Phase
Cloud Technology: Now Entering the Business Process Phase
 
ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...
ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...
ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...
 
Crooke CWF Keynote FINAL final platinum
Crooke CWF Keynote FINAL final platinumCrooke CWF Keynote FINAL final platinum
Crooke CWF Keynote FINAL final platinum
 
E5 Intel Xeon Processor E5 Family Making the Business Case
E5 Intel Xeon Processor E5 Family Making the Business Case E5 Intel Xeon Processor E5 Family Making the Business Case
E5 Intel Xeon Processor E5 Family Making the Business Case
 
Intel xeon-scalable-processors-overview
Intel xeon-scalable-processors-overviewIntel xeon-scalable-processors-overview
Intel xeon-scalable-processors-overview
 
Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive...
Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive... Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive...
Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive...
 
Accelerating Apache Spark with Intel QuickAssist Technology
Accelerating Apache Spark with Intel QuickAssist TechnologyAccelerating Apache Spark with Intel QuickAssist Technology
Accelerating Apache Spark with Intel QuickAssist Technology
 
Inside story on Intel Data Center @ IDF 2013
Inside story on Intel Data Center @ IDF 2013Inside story on Intel Data Center @ IDF 2013
Inside story on Intel Data Center @ IDF 2013
 
Intel® Xeon® processor E7-8800/4800 v3 Application Showcase
Intel® Xeon® processor E7-8800/4800 v3 Application ShowcaseIntel® Xeon® processor E7-8800/4800 v3 Application Showcase
Intel® Xeon® processor E7-8800/4800 v3 Application Showcase
 
Spring Hill (NNP-I 1000): Intel's Data Center Inference Chip
Spring Hill (NNP-I 1000): Intel's Data Center Inference ChipSpring Hill (NNP-I 1000): Intel's Data Center Inference Chip
Spring Hill (NNP-I 1000): Intel's Data Center Inference Chip
 
Accelerate Ceph performance via SPDK related techniques
Accelerate Ceph performance via SPDK related techniques Accelerate Ceph performance via SPDK related techniques
Accelerate Ceph performance via SPDK related techniques
 
NFF-GO (YANFF) - Yet Another Network Function Framework
NFF-GO (YANFF) - Yet Another Network Function FrameworkNFF-GO (YANFF) - Yet Another Network Function Framework
NFF-GO (YANFF) - Yet Another Network Function Framework
 

Dernier

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Dernier (20)

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

LF_OVS_17_IPSEC and OVS DPDK

  • 1. IPsec and OVS DPDK Ian Stokes Intel November 16-17, 2017 | San Jose, CA
  • 2. Notices & Disclaimers Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at intel.com. No computer system can be absolutely secure. Tests document performance of components on a particular test, in specific systems. Differences in hardware, software, or configuration will affect actual performance. Consult other sources of information to evaluate performance as you consider your purchase. For more complete information about performance and benchmark results, visit http://www.intel.com/benchmarks . Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit http://www.intel.com/benchmarks . Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice. Cost reduction scenarios described are intended as examples of how a given Intel-based product, in the specified circumstances and configurations, may affect future costs and provide cost savings. Circumstances will vary. Intel does not guarantee any costs or cost reduction. Intel does not control or audit third-party benchmark data or the web sites referenced in this document. You should visit the referenced web site and confirm whether referenced data are accurate. © 2017 Intel Corporation. Intel, the Intel logo, and Intel Xeon are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as property of others.
  • 3. Content • Use Case Overview • Proposed IPsec functionality • Design Considerations • Performance Metrics • Future Work
  • 4. Hypervisor Server 1 IP Network Hypervisor Server 2 Use Case Overview Datacenter VM 1-1 VM 1-2 VM 1-3 VM 1-4 VM 2-1 VM 2-2 VM 2-3 VM 2-4 • Traffic is not ISOLATED. ! • Traffic is not CONFIDENTIAL. ! • Traffic integrity is not PROTECTED. ! • Traffic is not AUTHENTICATED. ! Do you trust the network?
  • 5. Hypervisor Server 1 IP Network Hypervisor Server 2 Use Case Overview cont. Datacenter : VXLAN VM1-1 VNI 12 VM1-2 VNI 22 VM1-3 VNI 32 VM1-4 VNI 42 VM2-1 VNI 12 VM2-2 VNI 22 VM2-3 VNI 32 VM2-4 VNI 42 BD BD BD BD BD BD BD BD VTEP VTEP VXLAN 12 VXLAN 22 VXLAN 32 VXLAN 42 • Traffic is isolated. ü • Traffic is not CONFIDENTIAL. ! • Traffic integrity is not PROTECTED. ! • Traffic is not AUTHENTICATED. !
  • 6. Hypervisor Server 1 IP Network Hypervisor Server 2 Use Case Overview cont. Datacenter : VXLAN + IPsec VM1-1 VNI 12 VM1-2 VNI 22 VM1-3 VNI 32 VM1-4 VNI 42 VM2-1 VNI 12 VM2-2 VNI 22 VM2-3 VNI 32 VM2-4 VNI 42 BD BD BD BD BD BD BD BD VTEP VTEP VXLAN 12 VXLAN 22 VXLAN 32 VXLAN 42 IPsec termination point IPsec termination point • Traffic is isolated. ü • Traffic is confidential. ü • Traffic integrity is protected. ü • Traffic is authenticated. ü
  • 7. Proposed IPsec functionality Payload L4 Header IP Header Ethernet Header Payload L4 Header IP Header Ethernet Header ESP Header ESP Trailer ESP Digest ESP Padding Given standard IPv4 packet: What IPsec functionality is required to provide: • Confidentiality • Integrity • Authenticity IPsec •Protocol: ESP (Encapsulating Security Protocol) •Mode: Transport Encrypted • Encryption Ciphers • AES-CBC • AES-GCM with 16 octet ICV (Combined) Authenticated • Authentication Cipher • HMAC-SHA1-96
  • 8. Proposed IPsec functionality: Vxlanipsec interface Hypervisor 1 (vxlan) VM 1 Br-int vxlan0 Br0 dpdk0 Introduce new tunnel interface type ‘vxlanipsec’ Hypervisor 1 (vxlanipsec) Vxlanipsec DPDK Cryptodev QAT VDEV PMD • Note: Cryptodev can utilise • HW: Intel ® QuickAssist (QAT) • SW: VDEV crypto PMD VM 1 Br-int Vxlan ipsec 0 Br0 dpdk0 • Associated DPDK Cryptodev for • Cipher encrypt/decrypt . • Digest generation/verification. • Handles vxlan encap/decap. • Handles ESP encap/decap.
  • 9. Proposed IPsec functionality: Vxlanipsec Encap Hypervisor 1 VM 1 Br-int Vxlan ipsec 0 Br0 dpdk0 Hypervisor 2 VM 2 Br-int Vxlan ipsec 1 Br1 dpdk1 Vhu-0 Vhu-1
  • 10. Proposed IPsec functionality: Vxlanipsec Encap Hypervisor 1 VM 1 Br-int Vxlan ipsec 0 Br0 dpdk0 Vhu-0 Payload L4 Header IP Header Ethernet Header • Packet Arrives at ‘vhu-0’ as follows • Packet arrives at ‘vxlan-ipsec0’ Outer IP Header Outer Ethernet Header ESP Header IV UDP Header VXLAN Header VXLAN ETH/IP UDP/VXLAN Headers ESP Header/Initialization Vector Original packet • Encap packet trailer built as follows Original packet Cipher Padding ESP Trailer ESP Digest • Encap packet header built as follows Padding/ESP trailer/Digest
  • 11. Proposed IPsec functionality: Vxlanipsec Decap Hypervisor 2 VM 2 Br-int Vxlan ipsec 1 Br1 dpdk1 Vhu-1 • Packet arrives at dpdk1 as follows: ESP Header Encrypted Payload ESP Digest Outer IP Header Outer Ethernet Header IV UDP Header VXLAN Header Original packet Cipher Padding ESP Trailer • Encrypted Payload consists of: • Packet routed to ‘vxlanipsec1’ for decap • Use crypto dev to: Payload L4 Header IP Header Ethernet Header • Validate Digest ü • Decrypt payload ü • Extract tunnel metadata. • Pop vxlan/ESP headers and trailers for recirculation.
  • 12. Design Considerations Intel ® QAT VDEV Crypto PMDCrypto Dev Creation • Virtual Function attached by user to userspace driver prior to Open vSwitch launch. • Created at runtime via VDEV init API. RX Queue Pair Capabilities • 2 queue pairs max per VF. • 8 queue pairs max by default DPDK PMD requirements • Intel ® QAT device. • CONFIG_RTE_LIBRTE_PMD_QAT • Intel ® Multi-Buffer Crypto for IPSec. • CONFIG_RTE_LIBRTE_PMD_AESNI_MB • CONFIG_RTE_LIBRTE_PMD_AESNI_GCM
  • 13. Design Considerations cont. Asynchronous Operations • Cryptodev Operations are asynchronous regardless of HW/SW device i.e. DPDK Cryptodev • User configures 6 crypto ops and enqueues them to crypto device • User requests to dequeue the 6 crypto ops from the crypto device • May not receive 6 crypto ops on dequeue. rte_cryptodev_enqueue_burst() rte_cryptodev_dequeue_burst()
  • 14. Design Considerations cont. Security Association Establishment Security Association • Crypto transform • Cipher Key • Authentication Key Security Consideration • Where should Cipher/Authentication keys be stored? • OVSDB? • User owned file?
  • 15. Performance Metrics * Test and System Configurations: Estimates are based on internal Intel analysis using Intel® Server Board S2600WT, Intel® Xeon® CPU E5-2695 v3 @ 2.30GHz, Intel®, Ethernet Converged Network Adapter X710-DA4, AESNI_MB_PMD. 0 2,000 4,000 6,000 8,000 10,000 64 byte 256 byte 512 byte 1024 byte Test TX Rate (Line Rate) 7,619 9,275 9,624 9,808 Encap Rate 2,763 4,320 5,654 7,060 Mbps Test Tx rate VS Encap Rate Encap – 1 PMD - Vdev (AES-CBC & HMAC-SHA1-96) Test TX Rate (Line Rate) Encap Rate
  • 16. Future Work • Add GCM combined mode support. • Add IPsec Tunnel support • IKEv2: Support for dynamic re-keying • Integrating with StrongSwan userspace plugin • Community opinion on 3rd party support for feature. • OVS architecture changes • Packet batching with tunnels to replace single encap/decap. • Integration with RTE_Security • Enables HW acceleration for inline crypto.
  • 17. Questions and Contact Info • Contact info – Email: ian.stokes@intel.com