SlideShare une entreprise Scribd logo

LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel

L
LF_OpenvSwitch

Open vSwitch Fall Conference 2017

Technologie
1  sur  10
Télécharger pour lire hors ligne
Open vSwitch Offload: Conntrack and the Upstream Kernel John Hurley Open vSwitch 2017 Fall Conference
Open vSwitch Fall Conference, November 2017 2 Overview 1. Introduction to Conntrack in Open vSwitch Kernel 2. Current Open vSwitch and Conntrack offload approach 3. Offload results - benefits of offload 4. Open Source offload of Open vSwitch (TC flower) 5. Netfilter Conntrack and Open vSwitch offload 6. Current work on Conntrack offload (upstream) 7. Advantages of Conntrack offload approach
Open vSwitch Fall Conference, November 2017 3 Open vSwitch and Netfilter Conntrack ● Conntrack support integrated with Open vSwitch from version 2.5 ● Operates at kernel level by calling nf_conntrack functions ● Includes nf_conntrack NAT support from version 2.6 ovs-vswitchd Openvswitch.ko nf_conntrack.koMatch Action User-space Kernel
Open vSwitch Fall Conference, November 2017 4 Open vSwitch/Conntrack Offload ● Custom patches applied to kernel Open vSwitch to offload rules ● All Conntrack applied on SmartNIC ovs-vswitchd Openvswitch.ko Netronome Conntrack Offload Match Action User-space Kernel Netronome Offload Modules NFP SmartNIC Match Action Conntrack
Open vSwitch Fall Conference, November 2017 5 Offload Performance - CT + NAT Results OVS Rules Applied: 1. ct_state=-trk,in_port=2,ip,action= ct(commit,zone=1,nat(src=10.0.0.1),table=0) 2. ct_state=+trk+new,in_port=2,ip,action=1 Test Server Spec: Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz Thread(s) per core: 2 Core(s) per socket: 10 Socket(s): 2
Open vSwitch Fall Conference, November 2017 6 Offload without Patches - TC and OVS-TC ● Open vSwitch patches merged upstream - experimental in 2.8 ● TC ingress qdisc and flower filter ● TC offload hooks in upstream kernel ovs-vswitchd Openvswitch.ko Match Action User-space Kernel NFP Driver NFP Match Action SmartNIC TC Flower
Open vSwitch Fall Conference, November 2017 7 OVS-TC and Netfilter Conntrack ● TC filter imitates Open vSwitch kernel Conntrack match/action ● Initial packets of all flows pass through Kernel Conntrack ovs-vswitchd Openvswitch.ko Match Action User-space Kernel NFP Driver NFP Match Action SmartNIC TC Flower Netfilter Conntrack Conntrack Table
Open vSwitch Fall Conference, November 2017 8 Netfilter Conntrack Offload - Pablo Neira Ayuso ‘Not offloading Conntrack, but offloading flows’ (RFC patches on netfilter-devel mailing list) ● Flag to mark a flow as offloaded ▶ Do not timeout ▶ Report flow as offloaded ● Only offload flows in Established state ▶ First packet/s go via kernel ▶ TCP state tracking interpreted ● Choose which flows to offload ▶ Flexibility for the user ▶ Helper processing in the kernel
Open vSwitch Fall Conference, November 2017 9 Key Advantages of Approach ● Kernel still makes key decisions ▶ Established state determination ▶ See all flows whether offloaded or not - e.g. IP selection for NAT ▶ Lessen code complexity on SmartNIC ● Not restricted by SmartNIC resources ▶ Can support ‘unlimited’ flows ▶ Choose to support TCP win/seq/ack tracking ● Offload is not transparent ▶ User still gets Netfilter Conntrack - visible offloads ▶ Key point in the Netfilter community ● Synchronisation between Conntrack tables ▶ Resolves issue with full table offload ▶ User-space utilities should still work (minor patches required)
10©2017 Open-NFP Dataplane Acceleration Developer Day (DXDD) ▪ Date: December 11-12 (Monday & Tuesday) ▪ Time: 8:30 a.m. – 8:00 p.m. ▪ Location: Computer Science Museum (Mountain View, CA) ▪ Why should you attend? • Discussions about recent dataplane acceleration development – P4-16 introduction – TC offload introduction – eBPF introduction • Extensive hands-on training – P4-14 labs – TC labs ▪ Register: https://open-nfp.org/dxdd-2017

Recommandé

LF_OVS_17_State of the OVN
LF_OVS_17_State of the OVNLF_OVS_17_State of the OVN
LF_OVS_17_State of the OVN
LF_OpenvSwitch
 
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration MethodologiesLF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OpenvSwitch
 
LF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitchLF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OpenvSwitch
 
LF_OVS_17_Enabling Hardware Offload of OVS Control & Data plane using LiquidIO
LF_OVS_17_Enabling Hardware Offload of OVS Control & Data plane using LiquidIOLF_OVS_17_Enabling Hardware Offload of OVS Control & Data plane using LiquidIO
LF_OVS_17_Enabling Hardware Offload of OVS Control & Data plane using LiquidIO
LF_OpenvSwitch
 
LF_OVS_17_OvS manipulation with Go at DigitalOcean
LF_OVS_17_OvS manipulation with Go at DigitalOceanLF_OVS_17_OvS manipulation with Go at DigitalOcean
LF_OVS_17_OvS manipulation with Go at DigitalOcean
LF_OpenvSwitch
 
LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.
LF_OpenvSwitch
 
OVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerOVS Hardware Offload with TC Flower
OVS Hardware Offload with TC Flower
Netronome
 
Open vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream KernelOpen vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream Kernel
Netronome
 

Recommandé

LF_OVS_17_State of the OVN
LF_OVS_17_State of the OVNLF_OVS_17_State of the OVN
LF_OVS_17_State of the OVN
LF_OpenvSwitch
 
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration MethodologiesLF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OpenvSwitch
 
LF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitchLF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OpenvSwitch
 
LF_OVS_17_Enabling Hardware Offload of OVS Control & Data plane using LiquidIO
LF_OVS_17_Enabling Hardware Offload of OVS Control & Data plane using LiquidIOLF_OVS_17_Enabling Hardware Offload of OVS Control & Data plane using LiquidIO
LF_OVS_17_Enabling Hardware Offload of OVS Control & Data plane using LiquidIO
LF_OpenvSwitch
 
LF_OVS_17_OvS manipulation with Go at DigitalOcean
LF_OVS_17_OvS manipulation with Go at DigitalOceanLF_OVS_17_OvS manipulation with Go at DigitalOcean
LF_OVS_17_OvS manipulation with Go at DigitalOcean
LF_OpenvSwitch
 
LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.
LF_OpenvSwitch
 
OVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerOVS Hardware Offload with TC Flower
OVS Hardware Offload with TC Flower
Netronome
 
Open vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream KernelOpen vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream Kernel
Netronome
 
LF_OVS_17_Red Hat's perspective on OVS HW Offload Status
LF_OVS_17_Red Hat's perspective on OVS HW Offload StatusLF_OVS_17_Red Hat's perspective on OVS HW Offload Status
LF_OVS_17_Red Hat's perspective on OVS HW Offload Status
LF_OpenvSwitch
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW Offloads
Netronome
 
LF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OVS_17_OVS-DPDK Installation and GotchasLF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OpenvSwitch
 
TC Flower Offload
TC Flower OffloadTC Flower Offload
TC Flower Offload
Netronome
 
Open vSwitch Implementation Options
Open vSwitch Implementation Options Open vSwitch Implementation Options
Open vSwitch Implementation Options
Netronome
 
DPACC Acceleration Progress and Demonstration
DPACC Acceleration Progress and DemonstrationDPACC Acceleration Progress and Demonstration
DPACC Acceleration Progress and Demonstration
OPNFV
 
Leveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV DeploymentsLeveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV Deployments
Netronome
 
6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners
6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners
6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners
6WIND
 
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Thomas Graf
 
Accelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKAccelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDK
OPNFV
 
LinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVSLinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVS
Thomas Graf
 
LF_OVS_17_OVN and Kelda
LF_OVS_17_OVN and KeldaLF_OVS_17_OVN and Kelda
LF_OVS_17_OVN and Kelda
LF_OpenvSwitch
 
Accelerating Neutron with Intel DPDK
Accelerating Neutron with Intel DPDKAccelerating Neutron with Intel DPDK
Accelerating Neutron with Intel DPDK
Alexander Shalimov
 
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
nvirters
 
LF_DPDK17_ OpenVswitch hardware offload over DPDK
LF_DPDK17_ OpenVswitch hardware offload over DPDKLF_DPDK17_ OpenVswitch hardware offload over DPDK
LF_DPDK17_ OpenVswitch hardware offload over DPDK
LF_DPDK
 
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
LF_OpenvSwitch
 
DPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al SandersDPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al Sanders
Jim St. Leger
 
Cilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDPCilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDP
Thomas Graf
 
LF_DPDK17_Event Adapters - Connecting Devices to Eventdev
LF_DPDK17_Event Adapters - Connecting Devices to EventdevLF_DPDK17_Event Adapters - Connecting Devices to Eventdev
LF_DPDK17_Event Adapters - Connecting Devices to Eventdev
LF_DPDK
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
Docker, Inc.
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OpenvSwitch
 
LF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at NutanixLF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at Nutanix
LF_OpenvSwitch
 

Contenu connexe

Tendances

Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Thomas Graf
 
Accelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKAccelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDK
OPNFV
 
LinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVSLinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVS
Thomas Graf
 
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
nvirters
 
LF_DPDK17_ OpenVswitch hardware offload over DPDK
LF_DPDK17_ OpenVswitch hardware offload over DPDKLF_DPDK17_ OpenVswitch hardware offload over DPDK
LF_DPDK17_ OpenVswitch hardware offload over DPDK
LF_DPDK
 
LF_DPDK17_Event Adapters - Connecting Devices to Eventdev
LF_DPDK17_Event Adapters - Connecting Devices to EventdevLF_DPDK17_Event Adapters - Connecting Devices to Eventdev
LF_DPDK17_Event Adapters - Connecting Devices to Eventdev
LF_DPDK
 

Tendances (20)

LF_OVS_17_Red Hat's perspective on OVS HW Offload Status
LF_OVS_17_Red Hat's perspective on OVS HW Offload StatusLF_OVS_17_Red Hat's perspective on OVS HW Offload Status
LF_OVS_17_Red Hat's perspective on OVS HW Offload Status
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW Offloads
 
LF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OVS_17_OVS-DPDK Installation and GotchasLF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OVS_17_OVS-DPDK Installation and Gotchas
 
TC Flower Offload
TC Flower OffloadTC Flower Offload
TC Flower Offload
 
Open vSwitch Implementation Options
Open vSwitch Implementation Options Open vSwitch Implementation Options
Open vSwitch Implementation Options
 
DPACC Acceleration Progress and Demonstration
DPACC Acceleration Progress and DemonstrationDPACC Acceleration Progress and Demonstration
DPACC Acceleration Progress and Demonstration
 
Leveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV DeploymentsLeveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV Deployments
 
6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners
6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners
6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners
 
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
 
Accelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKAccelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDK
 
LinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVSLinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVS
 
LF_OVS_17_OVN and Kelda
LF_OVS_17_OVN and KeldaLF_OVS_17_OVN and Kelda
LF_OVS_17_OVN and Kelda
 
Accelerating Neutron with Intel DPDK
Accelerating Neutron with Intel DPDKAccelerating Neutron with Intel DPDK
Accelerating Neutron with Intel DPDK
 
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
 
LF_DPDK17_ OpenVswitch hardware offload over DPDK
LF_DPDK17_ OpenVswitch hardware offload over DPDKLF_DPDK17_ OpenVswitch hardware offload over DPDK
LF_DPDK17_ OpenVswitch hardware offload over DPDK
 
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
 
DPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al SandersDPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al Sanders
 
Cilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDPCilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDP
 
LF_DPDK17_Event Adapters - Connecting Devices to Eventdev
LF_DPDK17_Event Adapters - Connecting Devices to EventdevLF_DPDK17_Event Adapters - Connecting Devices to Eventdev
LF_DPDK17_Event Adapters - Connecting Devices to Eventdev
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
 

En vedette

En vedette (16)

LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
 
LF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at NutanixLF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at Nutanix
 
LF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDKLF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDK
 
LF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...software
LF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...softwareLF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...software
LF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...software
 
LF_OVS_17_OVS-DPDK for NFV: go live feedback!
LF_OVS_17_OVS-DPDK for NFV: go live feedback!LF_OVS_17_OVS-DPDK for NFV: go live feedback!
LF_OVS_17_OVS-DPDK for NFV: go live feedback!
 
LF_OVS_17_CORD: An open source platform to reinvent the network edge
LF_OVS_17_CORD: An open source platform to reinvent the network edgeLF_OVS_17_CORD: An open source platform to reinvent the network edge
LF_OVS_17_CORD: An open source platform to reinvent the network edge
 
LF_OVS_17_Day 1 Opening Remarks
LF_OVS_17_Day 1 Opening RemarksLF_OVS_17_Day 1 Opening Remarks
LF_OVS_17_Day 1 Opening Remarks
 
LF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edge
 
LF_OVS_17_Conntrack + OvS
LF_OVS_17_Conntrack + OvSLF_OVS_17_Conntrack + OvS
LF_OVS_17_Conntrack + OvS
 
LF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress Scheduling
 
LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membe...
LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membe...LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membe...
LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membe...
 
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
 
LF_OVS_17_Day 2 Closing Remarks
LF_OVS_17_Day 2 Closing RemarksLF_OVS_17_Day 2 Closing Remarks
LF_OVS_17_Day 2 Closing Remarks
 
LF_OVS_17_OvS Hardware Offload with TC Flower
LF_OVS_17_OvS Hardware Offload with TC FlowerLF_OVS_17_OvS Hardware Offload with TC Flower
LF_OVS_17_OvS Hardware Offload with TC Flower
 
LF_OVS_17_Day 2 Opening Remarks
LF_OVS_17_Day 2 Opening RemarksLF_OVS_17_Day 2 Opening Remarks
LF_OVS_17_Day 2 Opening Remarks
 
LF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrack
LF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrackLF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrack
LF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrack
 

Similaire à LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel

Stacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackStacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Open-NFP
 
software defined network, openflow protocol and its controllers
software defined network, openflow protocol and its controllerssoftware defined network, openflow protocol and its controllers
software defined network, openflow protocol and its controllers
Isaku Yamahata
 
KVM Enhancements for OPNFV
KVM Enhancements for OPNFVKVM Enhancements for OPNFV
KVM Enhancements for OPNFV
OPNFV
 
VSPERF BEnchmarking the Network Data Plane of NFV VDevices and VLinks
VSPERF BEnchmarking the Network Data Plane of NFV VDevices and VLinksVSPERF BEnchmarking the Network Data Plane of NFV VDevices and VLinks
VSPERF BEnchmarking the Network Data Plane of NFV VDevices and VLinks
OPNFV
 
The Open vSwitch and OVN Projects
The Open vSwitch and OVN ProjectsThe Open vSwitch and OVN Projects
The Open vSwitch and OVN Projects
LinuxCon ContainerCon CloudOpen China
 
Kubernetes and OpenStack at Scale
Kubernetes and OpenStack at ScaleKubernetes and OpenStack at Scale
Kubernetes and OpenStack at Scale
Stephen Gordon
 
Openstack overview thomas-goirand
Openstack overview thomas-goirandOpenstack overview thomas-goirand
Openstack overview thomas-goirand
OpenCity Community
 
Openstack Neutron and SDN
Openstack Neutron and SDNOpenstack Neutron and SDN
Openstack Neutron and SDN
inakipascual
 

Similaire à LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel (20)

Stacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackStacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStack
 
software defined network, openflow protocol and its controllers
software defined network, openflow protocol and its controllerssoftware defined network, openflow protocol and its controllers
software defined network, openflow protocol and its controllers
 
rtnetlink
rtnetlinkrtnetlink
rtnetlink
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorial
 
Open stack with_openflowsdn-torii
Open stack with_openflowsdn-toriiOpen stack with_openflowsdn-torii
Open stack with_openflowsdn-torii
 
Using Agilio SmartNICs for OpenStack Networking Acceleration
Using Agilio SmartNICs for OpenStack Networking AccelerationUsing Agilio SmartNICs for OpenStack Networking Acceleration
Using Agilio SmartNICs for OpenStack Networking Acceleration
 
KVM Enhancements for OPNFV
KVM Enhancements for OPNFVKVM Enhancements for OPNFV
KVM Enhancements for OPNFV
 
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATOpen vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NAT
 
P4+ONOS SRv6 tutorial.pptx
P4+ONOS SRv6 tutorial.pptxP4+ONOS SRv6 tutorial.pptx
P4+ONOS SRv6 tutorial.pptx
 
VSPERF BEnchmarking the Network Data Plane of NFV VDevices and VLinks
VSPERF BEnchmarking the Network Data Plane of NFV VDevices and VLinksVSPERF BEnchmarking the Network Data Plane of NFV VDevices and VLinks
VSPERF BEnchmarking the Network Data Plane of NFV VDevices and VLinks
 
Ovn vancouver
Ovn vancouverOvn vancouver
Ovn vancouver
 
Rolling upgrade OpenStack
Rolling upgrade OpenStackRolling upgrade OpenStack
Rolling upgrade OpenStack
 
2015 FOSDEM - OVS Stateful Services
2015 FOSDEM - OVS Stateful Services2015 FOSDEM - OVS Stateful Services
2015 FOSDEM - OVS Stateful Services
 
The Open vSwitch and OVN Projects
The Open vSwitch and OVN ProjectsThe Open vSwitch and OVN Projects
The Open vSwitch and OVN Projects
 
Kubernetes and OpenStack at Scale
Kubernetes and OpenStack at ScaleKubernetes and OpenStack at Scale
Kubernetes and OpenStack at Scale
 
Openstack overview thomas-goirand
Openstack overview thomas-goirandOpenstack overview thomas-goirand
Openstack overview thomas-goirand
 
Open Source Backends for OpenStack Neutron
Open Source Backends for OpenStack NeutronOpen Source Backends for OpenStack Neutron
Open Source Backends for OpenStack Neutron
 
Neutron CI Run on Docker
Neutron CI Run on DockerNeutron CI Run on Docker
Neutron CI Run on Docker
 
Openstack Neutron and SDN
Openstack Neutron and SDNOpenstack Neutron and SDN
Openstack Neutron and SDN
 
OVN operationalization at scale at eBay
OVN operationalization at scale at eBayOVN operationalization at scale at eBay
OVN operationalization at scale at eBay
 

Dernier

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Dernier (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel

  • 1. Open vSwitch Offload: Conntrack and the Upstream Kernel John Hurley Open vSwitch 2017 Fall Conference
  • 2. Open vSwitch Fall Conference, November 2017 2 Overview 1. Introduction to Conntrack in Open vSwitch Kernel 2. Current Open vSwitch and Conntrack offload approach 3. Offload results - benefits of offload 4. Open Source offload of Open vSwitch (TC flower) 5. Netfilter Conntrack and Open vSwitch offload 6. Current work on Conntrack offload (upstream) 7. Advantages of Conntrack offload approach
  • 3. Open vSwitch Fall Conference, November 2017 3 Open vSwitch and Netfilter Conntrack ● Conntrack support integrated with Open vSwitch from version 2.5 ● Operates at kernel level by calling nf_conntrack functions ● Includes nf_conntrack NAT support from version 2.6 ovs-vswitchd Openvswitch.ko nf_conntrack.koMatch Action User-space Kernel
  • 4. Open vSwitch Fall Conference, November 2017 4 Open vSwitch/Conntrack Offload ● Custom patches applied to kernel Open vSwitch to offload rules ● All Conntrack applied on SmartNIC ovs-vswitchd Openvswitch.ko Netronome Conntrack Offload Match Action User-space Kernel Netronome Offload Modules NFP SmartNIC Match Action Conntrack
  • 5. Open vSwitch Fall Conference, November 2017 5 Offload Performance - CT + NAT Results OVS Rules Applied: 1. ct_state=-trk,in_port=2,ip,action= ct(commit,zone=1,nat(src=10.0.0.1),table=0) 2. ct_state=+trk+new,in_port=2,ip,action=1 Test Server Spec: Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz Thread(s) per core: 2 Core(s) per socket: 10 Socket(s): 2
  • 6. Open vSwitch Fall Conference, November 2017 6 Offload without Patches - TC and OVS-TC ● Open vSwitch patches merged upstream - experimental in 2.8 ● TC ingress qdisc and flower filter ● TC offload hooks in upstream kernel ovs-vswitchd Openvswitch.ko Match Action User-space Kernel NFP Driver NFP Match Action SmartNIC TC Flower
  • 7. Open vSwitch Fall Conference, November 2017 7 OVS-TC and Netfilter Conntrack ● TC filter imitates Open vSwitch kernel Conntrack match/action ● Initial packets of all flows pass through Kernel Conntrack ovs-vswitchd Openvswitch.ko Match Action User-space Kernel NFP Driver NFP Match Action SmartNIC TC Flower Netfilter Conntrack Conntrack Table
  • 8. Open vSwitch Fall Conference, November 2017 8 Netfilter Conntrack Offload - Pablo Neira Ayuso ‘Not offloading Conntrack, but offloading flows’ (RFC patches on netfilter-devel mailing list) ● Flag to mark a flow as offloaded ▶ Do not timeout ▶ Report flow as offloaded ● Only offload flows in Established state ▶ First packet/s go via kernel ▶ TCP state tracking interpreted ● Choose which flows to offload ▶ Flexibility for the user ▶ Helper processing in the kernel
  • 9. Open vSwitch Fall Conference, November 2017 9 Key Advantages of Approach ● Kernel still makes key decisions ▶ Established state determination ▶ See all flows whether offloaded or not - e.g. IP selection for NAT ▶ Lessen code complexity on SmartNIC ● Not restricted by SmartNIC resources ▶ Can support ‘unlimited’ flows ▶ Choose to support TCP win/seq/ack tracking ● Offload is not transparent ▶ User still gets Netfilter Conntrack - visible offloads ▶ Key point in the Netfilter community ● Synchronisation between Conntrack tables ▶ Resolves issue with full table offload ▶ User-space utilities should still work (minor patches required)
  • 10. 10©2017 Open-NFP Dataplane Acceleration Developer Day (DXDD) ▪ Date: December 11-12 (Monday & Tuesday) ▪ Time: 8:30 a.m. – 8:00 p.m. ▪ Location: Computer Science Museum (Mountain View, CA) ▪ Why should you attend? • Discussions about recent dataplane acceleration development – P4-16 introduction – TC offload introduction – eBPF introduction • Extensive hands-on training – P4-14 labs – TC labs ▪ Register: https://open-nfp.org/dxdd-2017