network virtualization best practices...network function virtualization (nfv) and software defined...
TRANSCRIPT
Intel Confidential – Internal Use Only
Network Virtualization Best Practices F5 Agility Conference Breakout Session
August 4th, 2016
1 F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
2
Network Virtualization Best Practices
Session Description:
Network Function Virtualization (NFV) and Software Defined Networking (SDN) provide unique capabilities to enable optimal use of data center resources. Taking advantage of these technologies can increase network flexibility, slash costs, and provide the ability to launch innovative revenue generating services in a more efficient manner.
This breakout session will cover the business divers, technology enablers, and best practices for virtualized function based service deployments.
F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
3
Discussion Topics
Business Drivers
Virtualization Considerations
Virtualization Technology
F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
4
Network Function Virtualization “Network Function Virtualization” • Virtualization provides the abstraction of the control-plane and data-forwarding plane to enable a
programmable network with greater flexibility and agility to simplify the creation and management of new services.
• The decoupling of software implementations of Network Functions from the computation, storage and networking resources they use allows a network function to run on Common Off The Shelf (COTS) hardware
F5 Agility Breakout
Intel Confidential – Internal Use Only
Business Drivers
5 F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
6
Virtualization Drivers
Standard “virtualization” Benefits Virtualizing core functions onto standard off-the-shelf hardware provides a common platform for services to reduce TCO, can increase network agility and flexibility, and more efficiently launch new revenue generating services.
Economics to accommodate mobile device proliferation and traffic growth The current model to dimension the network based on peak workloads does not make financial or operational sense. IoT device proliferation, the associated multi-dimensional call models and workloads combined with increase mobile video consumption are catalysts to transform from the physical appliance to virtual scaling model.
Rapid Service Innovation Appliance based functions does not lend itself to rapid innovation. Virtualization provides a “fail-fast” environment for SPs similar to Cloud Service Providers to launch new, innovative, revenue generating services.
Agility and Flexibility
Innovative Services
Reduce TCO
Virtualization Drivers
F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
7
Business Drivers Reduce TCO and Drive New Revenue Generating Services
Virtualization and SDN provide foundation for new revenue generating services
New business and consumption models
“Network As a Service” based services (Security, vWAN Optimization, SD-WAN, vCPE)
Agile Services, Reduced Cost, New Markets
vCPE Solutions Brief: http://www.intel.com/content/dam/www/public/us/en/documents/solution-briefs/334159-ve-cpe-communication-service-brief.pdf
vCPE Realization of virtualization business drivers
F5 Agility Breakout
Intel Confidential – Internal Use Only
Virtualization Considerations
8 F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
9
Virtualization Considerations
The usability and performance of a common platform for multiple services impacts total cost and revenue.
Meaning: Optimal resource utilization impacts the business case. The more functions that can run on industry standard server platforms improves the TCO.
Usability
• Modularity • Scaling • Interoperability • Validated ecosystem
Performance
• Dimensioning • Characterization • Benchmarking • Predictability
TCO and Revenue
• Time to Market • Opex / Capex • Licensing Model • User Experience
F5 Agility Breakout
Intel Confidential – Internal Use Only
Virtualization Technology
10 F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
Application Function
Enhanced Platform Awareness (Pinning, NUMA, Huge Pages, etc)
Resource Director Technology (CAT, CMT, MBB)
Acceleration Technologies
(AES-NI, QAT, Offload, etc)
Trusted Compute HyperScan
Control Plane ✓ ✓ ✓
Data Plane ✓ ✓ ✓ ✓ ✓
Xeon Ivybridge
Xeon Haswell
Xeon Broadwell
Performance Optimization DPDK, vSwitch
HW Capabilities (CPU, Chipset, NIC Silicon,
Switch Silicon) Xeon…
Standard interfaces Models and Descriptors, EPA aware, Integration, … Orchestration, Controller,
Hypervisor, OS, etc
Optimized Packet Process in Virtualized Environment Capabilities and Ecosystem Ingredients for optimal resource efficiency
Foundation Requires Horizontal Platform Integration and Optimization Ingredients Continuous Evolution
11
Xeon…
F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
12
Enhanced Platform Awareness (EPA)
What: EPA is an umbrella term for Intel's contributions to OpenStack
Why: Exposing platform capabilities to OpenStack (VIM) provides better view of underlying platform capabilities. Visibility provides necessary intelligence to filter and match virtual machine workload requirements with platform capabilities
Benefit: Improved application performance and optimized resource utilization to which correlates to improved end user experience and reduced TCO
Enhanced Platform visibility allows orchestration to more accurately assign cloud application workloads to the best virtual resource
F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
13
Enhanced Platform Awareness
CPU Chipset Switch Silicon
NIC Silicon
Hypervisor
VM VM VM VM
Orchestration
CPU Chipset Switch Silicon
NIC Silicon
Hypervisor
VM VM VM VM
Orchestration
Cloud Infrastructure without EPA Cloud Infrastructure with EPA
F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
Service Requirements on NFV infrastructure Service Aware Infrastructure
• Determinism and performance
• Small packet processing
• Real-time, latency, jitter
• HW acceleration environments
• Service Availability
• Detect failed VMs in <1s
• Auto restart, recover host failures
• Geo redundancy
• Accelerate VM migration in planned maintenance
• Regulatory, geo-location
• Advanced management (OSS/BSS)
EPA for demanding applications recognizes and configures platform/infrastructure
CPU Chipset Switch Silicon
NIC Silicon
Hypervisor
VM VM VM VM
Orchestration
Service Aware
F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
15
Example platform features for data-plane workloads: • CPU model, instructions, feature sets
• SR-IOV (Single Root I/O Virtualization )
• Huge Pages
• NUMA (Non-Uniform Memory Access)
• vCPU pinning to cores
• vSwitch
• Trusted Execution Technology
• …
Key Enhanced Platform Awareness features
http://www.intel.com/content/www/us/en/communications/a-path-to-line-rate-capable-nfv-deployments.html https://01.org/blogs/dfineber/2014/devops-how-can-cloud-workloads-automatically-take-advantage-advanced-hardware
Servers & hypervisor
Resource Orchestration
Virtual Network Function
VM VM VM VM
Infrastructure as a Service
VIM Cloud/SDN
Resource Orchestrator needs to understand what is required to support each VM
F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
16
A set of open source data plane libraries and optimized NIC Drivers
• Memory Buffer
• Queue Manager
• Pole Mode Drivers
• Packet Classification Libraries
• ..etc…
Data Plane Development Kit (DPDK)
www.dpdk.org
Interrupt Context Switch
Overhead
Kernel User
Overhead
Core to thread
scheduling overhead
DPDK addresses virtualization pain points
F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
Resource Director Technology
Intel® RDT provides visibility and control over how shared resources such as last-level cache (LLC) and memory bandwidth are used by applications, virtual machines (VMs) and containers.
Provides workload consolidation density, performance consistency, and dynamic service delivery to reduce overall total cost of ownership (TCO).
Visibility and Performance Determinism - For multi-tenant scenarios, identify misbehaving application and reschedule according to priority, where memory intensive applications can be allocated a specific amount of cache and ensure other applications are not effected
RDT enables Platform Quality of Service by providing control over shared platform resources using Cache Monitoring Technology, Cache Allocation Technology (CAT), Memory Bandwidth Monitoring(MBM), etc
http://www.intel.com/content/www/us/en/architecture-and-technology/resource-director-technology.html
https://01.org/packet-processing/cache-monitoring-technology-memory-bandwidth-monitoring-cache-allocation-technology-code-and-data
F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
HyperScan High Speed Pattern Matching Performance Hyperscan: optimized content inspection performance for virtualized functions
Ideal for applications that inspect large data volumes at high speeds
• Intrusion Prevention (IPS), Antivirus (AV), Unified Threat Management (UTM), and Deep Packet Inspection (DPI)
Hyperscan is Multi-threaded software pattern matching library HyperScan works transparently in any hypervisor environment and OS independent
HyperScan provides a simple API that is easy to integrate and is a drop-in replacement for libPCRE to deliver scan performance that is orders of magnitude better.
http://www.intel.com/content/www/us/en/communications/hyperscan.html http://www.intel.com/content/www/us/en/communications/hyperscan-scalability-solution-brief.html
F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
Security and Attestation
Security Area
What Description Why
Hardening and Acceleration
Instruction sets (e.g. AES-NI)
Core Crypto Performance enhancements is to improve the compute efficiency of cryptographic algorithms.
Enables greater protection for application data, data moving across a network, and stored data
HW Accelerators: (e.g) Quick-Assist Technologies
Scalable hardware accelerators exposed to IA as PCIe Devices, providing acceleration
Resource optimization application and performance optimization for Network Security such as IPSec, SSL/TLS etc, IDS/IPS, Firewall.
Multi-Admin Isolation
Intel VT, Intel Secure Guard Extensions (SGX), Clear Linux/Containers
Eliminating virtualization performance overheads and improving security with hardware assist to the virtualization software, reducing its size, cost, and complexity
Provide and improve security in shared resource environment, e.g. Containers with use of Intel VT technology enables secure resource optimization deployment models
Platform Attestation
Trusted Execution Technology / Cloud Integrity Technology
Intel® Trusted Execution Technology (Intel® TXT) validates the behavior of key components within a server at startup.
Provides “root of trust,” - the system checks launch time configurations against a “known good” sequence to quickly assess whether any attempts to alter or tamper with the launch time environment have been made.
Virtualization provides for new security challenges that require new methodology and layers of security, attestation and domain isolation.
F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
Regulation Requirements for Workload Placement Trusted Execution Technology
Trusted Location and Boundary Control for Subscriber Details • Regulators requesting Subscriber data be protected
• Hardware-based Geo- and Asset Tags help control workload placement and migration
• Boundary Control policy can be set for a workload, allowing or preventing its deployment
TXT provides Trusted Geo-location/Asset-location for Subscriber Data
20
Ability of the orchestrator to demand “secure” processing resources from the VIM, to select
infrastructure that includes TXT - ensuring that VNF software images have not been altered.
Intel Confidential – Internal Use Only
Summary
21 F5 Agility Breakout
Intel Confidential – Internal Use Only Network Platforms Group
Summary
Business Case for virtualization is impacted by resource efficiency
Performance, manageability and usability impact virtualization realization
Virtualization platform capabilities are foundation for optimized end-end solutions
F5 Agility Breakout
Intel Confidential – Internal Use Only F5 Agility Breakout