virtualization on arm using virtual machines and …
TRANSCRIPT
NXP and the NXP logo are trademarks of NXP B.V. All other product or service names are the property
of their respective owners. © 2017 NXP B.V.
PUBLIC
PRODUCT MARKETING
RAVI MALHOTRA
VIRTUALIZATION ON ARM
USING VIRTUAL MACHINES
AND CONTAINERS
AMF-NET-T2675 | JUNE 2017
PUBLIC 1
AGENDA• Need for Virtualized services
• How NXP brings differentiation to virtualization
• Virtual Machines and OP-NFV
• Containers
PUBLIC 2
The need for Virtualized services
01.
PUBLIC 3
Motivates a New Vision for the NetworkTransform the Network – inspired by cloud computing
Many diverse,
custom systems
Fewer,
homogenous
COTS systems
Standardize on fewer COTS components
Virtualize services to support scale out
solutions
Simplify services into rudimentary elements
Migrate control and management policy to
central location
Place virtual workloads to reduce cost,
increase value
VM VM VM
Virtu
aliz
eC
en
tra
lize
Clo
udify
SDN Controller
PUBLIC 4
Virtualization Will Be Used Throughout the Network
Premises Access Edge IP Core Data Center
Wireless
Enterprise
Residential Private Cloud
Public Cloud
Cloud RAN vEPC
vBRASvCPE
Network
Appliance
with VNF
SDN Switch
SDN Carrier
Switch
vWOC
vADC
SDNSwitch E
nte
rprise C
ore
/ D
ata
Ce
nte
rS
erv
ice
Pro
vid
er
CO
/ D
ata
Ce
nte
r
Service Provider Access /
Aggregation
Cu
sto
me
r Pre
mis
es
Intelligent Cloud Edge
- Key Focus Deployment
for NXP
Intelligent Network Edge
and Appliance- Key Focus
Deployment for NXP
PUBLIC 5
NFV Does Not Replace Networking With Computing But Blends the Two
• Systems in the field provide
− I/O, Acceleration
− Low latency
• The NFVI must be an intelligent flexible cloud
− VNF hosting distributed throughout network
− Capability, capacity, context determine where VNFs run
• Services can be chained across domains
Rigid Data Center Centralization Intelligent Flexible Cloud
NFV
ComputingNetworking
Data Center
PUBLIC 6
Virtualized Services in the Home
Service Benefits
Media-server Eliminate need for separate equipment.
DRM management simplified
Home automation & security Eliminate need for separate Automation/IoT gateway.
Better credential management, critical operations control.
Network Security Services Offer value added service to generate additional revenue
Analytics, Content insertion Real-time action based on usage pattern detection.
Data collection restricted to customer (privacy).
Virtual Assistant (e.g. Alexa) Centralize information within gateway
3rd Party Applications Create infrastructure for value-added services
Control Plane Easier to provision and manage, upgrade.
PUBLIC 7
NXP Differentiation to NFV
02.
PUBLIC 8
How NXP brings Differentiation to Virtualization
Hardware Software
x86, ARMv8, SMMU, KVM, DPDK
Networking, Accelerators
Soft Data-path – ARMv8, x86 cores
Ethernet Crypto PCIE
Virtual
Ethernet
Virtual
Crypto
Virtual
Switching
Resource Management
Virtual
Machine
Virtual
MachineContainer
ARMv8, SMMU, KVM, DPDK
Networking, Accelerators
Layerscape Data-path
Ethernet Crypto PCIE
Virtual
Ethernet
Virtual
Crypto
Virtual
Switching
Resource Management
Virtual
Machine
Virtual
MachineContainer
Standard ARMv8 cores
with common eco-system
Standard Network
interfaces and
Accelerators
Programmable Data-
path provides virtual I/O
and networking in HW
Intel, Other ARMv8 SoC
vendors
NXP LS-series
Minimal I/O, Crypto,
Network overheads
Programmalble
Hardware
PUBLIC 9
Layerscape Compute VirtualizationScalable virtualization technology for the deeply embedded network edge
COSCOS
Multicore Hardware
COS
Linux
LXC Docker Docker
App
CPUCPU CPU CPU
DPDK/
ODP
DPDK/
ODP
• KVM Linux® kernel driver to spin up VMs
• QEMU user space emulator is used in
conjunction with KVM
• Solution is open source
• Virtual machines is only limited by particular
SoC resources (CPU cycles, memory)
• Linux® Containers, OS level virtualization –
Docker, LXC
• Secure partitioning of Linux apps into domains
• Lightweight overhead compared to KVM
• Control resource utilization within domains such
as CPU, I/O BW
Deployed with
Cloud Orchestration
PUBLIC 10
Physical Hosts Virtual Hosts - Cores
Physical Network Virtual Network - Cores
Virtual Networking Models
Host
App
Host
App
Host
App
NIC
NIC
NIC
Cry
pto
Cry
pto
Switch
vHost
App
vHost
App
vHost
App
vN
IC
vN
IC
vN
IC
vC
ryp
to
vC
ryp
to
vSwitch
Virtual Hosts - Cores
Virtual Network – on Chip
vHost
App
vHost
App
vHost
App
vN
IC
vN
IC
vN
IC
vC
ryp
to
vC
ryp
to
vSwitch
Compute and
I/O virtualization
on cores
Network
virtualization
on cores
Compute
virtualization
on cores
Network and I/O
virtualization on
SoC
Traditional Networking
– multiple devices
Virtual Networking
emulated on cores
Virtual Networking
provided by hardware
Layerscape Architecture provides Complete Network Virtualization in Hardware
PUBLIC 11
Virtual Machines and OP-NFV
03.
PUBLIC 12
NXP Solutions for Virtualization
• QorIQ Layerscape: ARMv8 cores + virtual networkingStandard Hardware Platforms
• CentOS, UEFI, Debian, UbuntuStandard Linux Distro
• KVM, QEMU, Dockers, CephStandard Virtualization
components
• OP-NFV: OpenDayLight, OpenStackStandard Orchestration and
Management
• DPDK, ODP, OVS, VirtioStandard API and libraries
• vFirewall, vNAT, vRouter, vVPNReference Virtual Network
Functions
• Benchmarks, User-guide, DocumentationOut-of-the-Box Experience
PUBLIC 13
0
0.2
0.4
0.6
0.8
1
1.2
Host VM with virtio VM with direct-assignment
Re
lative P
erf
orm
an
ce
(n
orm
aliz
ed
to
Ho
st)
Iperf performance in VMs
NXP Intel
-40%
Competitive virtualization overheads compared to x86
NXP offers 2x Power Efficiency
Only on High-end
Xeon (NOT Rangeley)
NXP provides complete
HW assist of virtualized
I/O (incl L4 & security)
-40%
-20% -20%
Intel source:
https://networkbuilders.intel.com/docs/network_
builders_RA_NFV.pdf
Leadership and Groundwork for ARMv8 in the area of Virtualization (QEMU)
Demonstrating excellent scalability under varied (2 or 3) VM configurations
Positioning NXP as a leader in
networking and virtualization
Offering our customers
competitive and differentiated
solution ahead of their needs
Demonstrating winning and
efficient solution for the
requirements of the NFV market
& applications
Offering Winning Performance for NFV
PUBLIC 14
Use Case Example: Power Efficient NFV with LS2088A
• VMM network and IO
virtualization consumes CPU
resources
• Most of it can be assisted by
the Layerscape packet engine
• Therefore
− More cycles allocated to VM
− and better integration…
LS2 with AIOP E5-2618Lv3 Xeon-D 1548
Cores 8 @ 2GHz 8 @ 2.3GHz 8 @ 2 GHz
CoreMark/MHz/Core 5.4 8.2 8.2
Power (TDP) 35W 75W 45W
vNF Capability
Virtual Networking
NIC, Crypto Included +10W, +40W
Cores for Virtual NW, IO 2 4 5
vNF CoreMark 65k 75k 49k
Combined Power 35W 125W 45W
vNF CoreMark/W 1857 600 1089
Cores
Packet
Engine
Layerscape Architecture provides a 2x to 3x Performance/Watt advantage
Included
Virtual I/OCores
PUBLIC 15
NFV Solution Components
Hardware
Silicon
Install/Deploy
Com
pute
I/O
Netw
ork
ing
Management
Orchestration
Open-Source vNF Customer vNF NXP vNF
vRouter
vVPN
vFirewall
vCPE vE-CPE
vRouter vEPC
vPE vRAN
vCPE
vVPN
vProxy
OP-NFV
- OpenStack
- Open DayLight
- Fuel, Apex
Virtual Topology
System
OpenContrail
KVM
Docker
Ceph
DPDK
VirtIO
VFIO
OVS
OVS offload
VPP, Contrail
UEFI CentOS, Ubuntu, Debian Fuel, Apex
LS1043 LS1046 LS1088 LS2080 LS2088
RDB Blades, iNICs Servers
HW/SoC
Enablement SW
Commercial SW
OpenSource SW
Customer SW
PUBLIC 16
Virtualization Solutions Roadmap
1Q
Platforms
Supported
Key New
Features
Release
Date
NFV Phase-2
Q1-2016
2016
Q2-2016 Q3 2016 Q2 2017
NFV Phase-3 NFV Phase-6NFV Phase-5NFV Phase-4
2Q 3Q 4Q 1Q2017
LS2085, LS1043
• Base Platform
• OP-NFV Brahmaputra
• U-boot, Yocto Linux
• Virtualization
• KVM, QEMU, libvirt
• Virtio (kernel)
• OVS (kernel)
• VNF
• vRouter
• vFW
• vVPN
• NXP Test Apps
• Netperf
• Base Platform
• U-boot, CentOS
• Virtualization
• Virtio (user-space)
• VFIO (DPDK)
• OVS (user-space)
• Offload (PoC)
• OVS (packet-engine)
• NXP Test Apps
• L3-Fwd (DPDK)
• Pktgen (DPDK)
LS2085, LS1043 LS2085, LS1043 LS2088, LS1046 LS2088, LS1088,
LS1046
• Base Platform
• UEFI, CentOS
• Docker
• Puppet provisioning
• Virtualization
• Virtio-crypto
• VFIO-crypto (DPDK)
• NXP Test Apps
• OpenSSL Speed-test
• IPSec-Fwd (DPDK)
• Base Platform
• UEFI, PXE, CentOS
• Virtual switch tuning
• Zero touch
provisioning
Target: Q4 2017
NFV Phase-7
• Base Platform
• OP-NFV Colorado
• Ubuntu (hybrid)
• Virtualization
• VFIO (offload) –
direct assignment
• Container VNF
deployment /
provisioning
• Offload
• OVS (packet-engine)
• Virtual Service Chain
• NXP Test Apps
• Service-chaining
• Base Platform
• OP-NFV Danube
• OpenWRT
• Offload
• Protocol offload
• NXP Optimized VNF
• vRouter
• vFW
• vVPN
LT2, LS2088,
LS1088, LS1046
Q4 2016
PUBLIC 17
vCPE Smart Edge and Dynamic Service Chaining
vNF
DHCP
& QoS
eth0IPSEC
Service Provider Edge/Cloud
vCPE
Internet
Controller
Node -> Openstack
Controller
-> OpenContrail
-> Floodlight
Controller
vNF
Firewall
vNF
App
ID
vNF
Firewall
vNF
Global
Threat
vNF
IPSEC
vNF
ClamAV
vNF Bring up: Controller will boot vNF’s on LS2085A and LS1043A compute node using
Openstack controller. Service Chaining: Contrail traffic policy is to forward all traffic through NAT vNF of LS1043
and LS2085 to give access of internet to Wireless Clients
vRoutervRouter
vhost0
eth0 ni1
vhost0
wlan0
Traffic Flow: Traffic flow from wireless client to internet using default Service Chaining PolicyService Chaining: Using OpenContrail user can select particular vNF’s to be part of Traffic Policy on
LS1043 and LS2085 eg: adding Clamav and Firewall in service chain on LS2085 and Firewall on
LS1043.
Traffic Flow: After adding Firewall vNF on LS1043 & ClamAV, Firewall vNF on LS2085ARDB using
Contrail GUI
PUBLIC 18
Containers : Deep-Dive04.
PUBLIC 19
LXC, Docker & Libvirt supported natively in Layerscape SDK
- Docker
- Webserver
- Libnetwork and DPDK/ODP
- Offload virtual bridging to hardware
- Kubernetes & Docker Swarm Demos
- LXC
- Networking configurations
- Resource usage configurations
- Security configurations
- DPDK/ODP example applications
Layerscape SoC
Virtualized Networking offloaded to hardware accelerators
to deliver lowest overhead
PUBLIC 20
Layerscape Packet Engine
Addressing I/O, Network Virtualization Performance
• Software virtual I/O
− Via Linux network stack.
− Overhead of translation.
− Legacy compatibility.
• Hardware virtual I/O
− Via Layerscape Packet Engine
− Reduce translation overhead.
− Near host performance.
− Strong isolation.
• Hybrid operation
− Both can work in parallel
− Best of both worlds
Docker Engine
libnetwork
DirectBridgeOverlay
Linux Network Stack
Bridge
eth0eth1eth2
VLAN/VxLAN
Container 1 Container 2
eth0eth1 eth0eth1
veth0 veth1veth2
Bridge
eth1 eth2
VLAN/VxLAN
veth0 veth1 veth2
Container 3
eth0 eth1eth2
Direct DirectDirect
Software based Virtual I/O Layerscape Hardware Virtual I/O
Hybrid – best of both worlds
PUBLIC 21
Relative Application Performance between Host and Containers
0 0.5 1 1.5
Virtual Ethernet
MAC-VLAN
VLAN
TCP Netperf - relative
Container Host
0 0.5 1 1.5
hdparm read
dd read
dd write
Storage - relative
Container Host
0 0.5 1 1.5
aes-128
aes-256
sha1
OpenSSL - relative
Container Host
Running in Containers does not mean loss in performance
Overheads < 5%
PUBLIC 22
Cloud-based IoT Fog Computing Platform
Docker
IBM IoT
SDK
Private Cloud
Computing
Docker
Alibaba IoT
SDK
Computing
Docker
Google IoT
SDK
Computing
Docker
Azure IoT
SDK
Computing
Docker
Private IoT
SDK
Computing
Docker
AWS IoT
SDK
Computing
Greengrass
Computing
Kernel
Data processingContainer Engine
. . .
Security
Protocol Adaptor
Cgroup,
NamespaceFile-System Network Stack Ethernet
Data filter
All of this scales to single A53 1-Watt LS1012
PUBLIC 23
Layerscape Demo of Docker container services (DLNA Media
Streaming..) with Google Kubernetes Cloud Orchestration
Service request
Service deployment
Layerscape
Internet
(Google Kubernetes
Orchestration)
Linux Kernel
Docker Containers
Applications
(e.g. DLNA Media Streaming .)
• Kubernetes manage, deploy Container services (launch, remove, start, stop)
• Container Service isolation (own namespaces, network stacks)
PUBLIC 24
Layerscape Cloud-Based IOT Gateway with AWS- Alexa
PUBLIC 25
QorIQ Processors for vCPE & NFV Applications
Part Core Complex DRAM 1G Eth 10G EthPCIE
Ctrls/LanesAcceleration Package
LS1043 4x A53 (1.6GHz)16/32-bit
DDR3L/4Up to 6 1 3/4 – Gen2
10Gbps Packet
5Gbps Crypto23x23 FPBGA
LS1046 4x A72 (1.6GHz)32/64-bit
DDR4Up to 5 2 3/4 – Gen 3
16Gbps Packet
8Gbps Crypto23x23 FPBGA
LS1048 4x A53 (1.6GHz)64-bit
DDR4Up to 8 2 3/8 – Gen 2
20 Gbps Packet
10 Gbps Crypto23x23 FPBGA
LS1088 8x A53 (1.6GHz)64-bit
DDR4Up to 8 2 3/8 –Gen 2
20 Gbps Packet
10 Gbps Crypto23x23 FPBGA
LS2080 8x A57 (1.8GHz)2x64-bit
DDR4Up to 8 Up to 8 4/16 – Gen 3 20 Gbps Crypto 37.5x37x5 FPBGA
LS2088 8xA72 (2.0GHz)
2x64-bit +
1x32-bit
DDR4
Up to 8 Up to 8 4/16 – Gen 340 Gbps Packet
20 Gbps Crypto
37.5x37x5 FPBGA
Pin
Com
pa
tible
Pin
Co
mp
atible
PUBLIC 26
Summary
• Network Function Virtualization will be deployed throughout the network
− At the Server, Data-center Cloud
− At the Intelligent Network Edge and Appliance
• NXP provides a comprehensive solution for NFV
− Both Containers and Virtual machines using standard off-the-shelf components
− Lowest overhead for virtualization
− Hardware offloads for virtual networking and IO
• See it in action today
− vCPE demo
− Docker services demo
NXP and the NXP logo are trademarks of NXP B.V. All other product or service names are the property of their respective owners. © 2017 NXP B.V.