SlideShare uma empresa Scribd logo

LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membership Library

L
LF_OpenvSwitch

Open vSwitch Fall Conference 2017

Tecnologia
1 de 13
Baixar para ler offline
Optimizing OvS using DPDK Membership Library Intel Labs Yipeng Wang & Sameh Gobriel
2 Legal Disclaimers No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest forecast, schedule, specifications and roadmaps. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com. © 2017 Intel Corporation. Intel, the Intel logo, Intel. Experience What’s Inside, and the Intel. Experience What’s Inside logo are trademarks of Intel. Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others.
Contributors Charlie Tai Charlie.tai@intel.com Ren Wang ren.wang@intel.com Antonio Fischetti antonio.fischetti@intel.com
OvS De Facto Virtual Switch for NFV Environments 4 Memory C $ LLC $ Lx C $ Lx Memory C $ LLC $ Lx C $ Lx NIC NIC • General purpose processors withCache/memoryhierarchycan support muchlargerflowtables. • Multicores architectureprovide a scalablecompetitiveflow classificationperformance. TEM/OEM Proprietary OS ASIC, DSP, FPGA, ASSP • Network appliances use purpose-built H/W& ASICs (e.g., TCAM) forflowclassification • Cost & power consumption are limiting factors to support large number offlows Monolithic Purpose-built Boxes NFV Hypervisor (e.g. ESXi, KVM,.. etc.) O Open vSwitch Networking VMs on Standard Servers
5 Open vSwitch Flow Lookup Mask N 1xxx xxxx 0xxx xxxx Flow Mask Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Rules Match Packet Header 1. Set of disjoint sub-table withnopriority 2. Rule is only insertedintoone sub-table (lookupterminates after first match) 3. Lookup is donebysequentially searcheach sub-table untila matchis found Fig. Vtunes OVS flow lookup process (bypass EMC). Test case: 20 sub-tables, each has 100 rules. OvS Flow Classification is a bottleneck
6 Membership Test Usage (example) Blacklisted Flow 1 Blacklisted Flow 2 Blacklisted Flow 3 Blacklisted Flow N Clients Incoming Flows Legitimate Flows are Forwarded to Backend Server Build Set {..} Set of Blacklisted Flows to be Dropped Membership Test ? Check if Flow Belongs to Blacklisted Set SN S2 S1 Set Summary A Summary Instead Of Storing Original ListMembership Library is a DPDK Library to Provide Users the Functionality to Create Different Types of Set-Summaries
7 Overview of DPDK Membership Library in V17.11 Set Summary Is X in set? No Is X in set? Very probable yes Get X Summary of items in Probabilistic data structure • Handle membership test questions • Much smaller storage • Much faster than huge set lookup • [Multi-Set]: Returns X is not found or which set it belongs to (with high probability) Huge Set [Millions of Entries] 1- Too Much Storage 2- Slow Lookup Bloom Filter Vector Bloom Filter Hash Table Set Summary Cuckoo Distributor Membership Library
8 Two Level Lookup for MFC Mask N 1xxx xxxx 0xxx xxxx Flow Mask Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Rules Match Packet Header 1st Level of Indirection Set Summary Provided by Membership Library Mask N 1xxx xxxx 0xxx xxxx Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Match Packet Header • Membership library used to create a 1st level set-summary indirection • Flow Keys are looked up in set- summaries: • Hits: directs to the correct sub-table for searching (correct 97%) • Misses: “New” flow default sequential search & upcall if needed
9 Dynamic Operation & Sub-Table Ranking Mask N 1xxx xxxx 0xxx xxxx Flow Mask Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Rules Match Packet Header 1st Level of Indirection Set Summary Provided by Membership Library Number of Sub-tables Traversed Mask N 1xxx xxxx 0xxx xxxx Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Match Packet Header 1 2 • Sub-table Ranking: • Based on number of hits per sub-table à optimize the order of sequential search. • First level is switched ON/OFF • If average number of sub-tables (without first level) traversed is small à turn off
10 Implementation Overview Rte_member_lookup Sequential search of tuples (upcall possible) Pkt miss emc hit miss Rte_member_add() Initilization: Rte_member_create() to create set-summary Emc lookup packets tuple lookup miss Hit Return rules New ML Code OvS Code Legend
11 Performance Gain 2X-3X Throughput Improvement for OvS using DPDK Membership Library 1.8 1.6 5 4.4 0 1 2 3 4 5 6 EMC OFF EMC ON MaxForwardingRate(MPPS) 20 Sub-Table - 10k flow – Uniform Traffic Orig OvS-DPDK OvS-DPDK + ML Library 2.7X 2.7X
12 Conclusion • MegaFlow Lookup has scalability bottleneck, especially with uniform distribution traffic patterns. • The membership structure optimizes flow lookup in OvS and avoids the sequential search of the sub-tables. • Using DPDK Membership Library, first level of indirection is created to direct flow to the correct sub-table. • Dynamic turning on/off to avoid overhead of first level when not needed. • DPDK V17.11 released with Membership Library … Patch to be submitted to the mailing list, please review and test in your workload.
Questions? sameh.gobriel@intel.com charlie.tai@intel.com

Recomendados

LF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDKLF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDK
LF_OpenvSwitch
 
LF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edge
LF_OpenvSwitch
 
6 profiling tools
6 profiling tools6 profiling tools
6 profiling tools
videos
 
Introduction to nfv movilforum
Introduction to nfv movilforumIntroduction to nfv movilforum
Introduction to nfv movilforum
videos
 
Intel NFVi Enabling Kit Demo/Lab
Intel NFVi Enabling Kit Demo/LabIntel NFVi Enabling Kit Demo/Lab
Intel NFVi Enabling Kit Demo/Lab
Michelle Holley
 
Making Networking Apps Scream on Windows with DPDK
Making Networking Apps Scream on Windows with DPDKMaking Networking Apps Scream on Windows with DPDK
Making Networking Apps Scream on Windows with DPDK
Michelle Holley
 
Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...
Michelle Holley
 
3 additional dpdk_theory(1)
3 additional dpdk_theory(1)3 additional dpdk_theory(1)
3 additional dpdk_theory(1)
videos
 

Recomendados

LF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDKLF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDK
LF_OpenvSwitch
 
LF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edge
LF_OpenvSwitch
 
6 profiling tools
6 profiling tools6 profiling tools
6 profiling tools
videos
 
Introduction to nfv movilforum
Introduction to nfv movilforumIntroduction to nfv movilforum
Introduction to nfv movilforum
videos
 
Intel NFVi Enabling Kit Demo/Lab
Intel NFVi Enabling Kit Demo/LabIntel NFVi Enabling Kit Demo/Lab
Intel NFVi Enabling Kit Demo/Lab
Michelle Holley
 
Making Networking Apps Scream on Windows with DPDK
Making Networking Apps Scream on Windows with DPDKMaking Networking Apps Scream on Windows with DPDK
Making Networking Apps Scream on Windows with DPDK
Michelle Holley
 
Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...
Michelle Holley
 
3 additional dpdk_theory(1)
3 additional dpdk_theory(1)3 additional dpdk_theory(1)
3 additional dpdk_theory(1)
videos
 
Revisit DCA, PCIe TPH and DDIO
Revisit DCA, PCIe TPH and DDIORevisit DCA, PCIe TPH and DDIO
Revisit DCA, PCIe TPH and DDIO
Hisaki Ohara
 
Intel dpdk Tutorial
Intel dpdk TutorialIntel dpdk Tutorial
Intel dpdk Tutorial
Saifuddin Kaijar
 
Performance out of the box developers
Performance out of the box developersPerformance out of the box developers
Performance out of the box developers
Michelle Holley
 
DPDK Architecture Musings - Andy Harvey
DPDK Architecture Musings - Andy HarveyDPDK Architecture Musings - Andy Harvey
DPDK Architecture Musings - Andy Harvey
harryvanhaaren
 
Polyteda Power DRC/LVS July 2016
Polyteda Power DRC/LVS July 2016Polyteda Power DRC/LVS July 2016
Polyteda Power DRC/LVS July 2016
Oleksandra Nazola
 
Quieting noisy neighbor with Intel® Resource Director Technology
Quieting noisy neighbor with Intel® Resource Director TechnologyQuieting noisy neighbor with Intel® Resource Director Technology
Quieting noisy neighbor with Intel® Resource Director Technology
Michelle Holley
 
Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...
Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...
Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...
Haidee McMahon
 
CCNA Icnd110 s06l03
CCNA Icnd110 s06l03CCNA Icnd110 s06l03
CCNA Icnd110 s06l03
computerlenguyen
 
Exadata deployment life cycle
Exadata deployment life cycleExadata deployment life cycle
Exadata deployment life cycle
Umair Mansoob
 
Polyteda: Power DRC/LVS, October 2016
Polyteda: Power DRC/LVS, October 2016Polyteda: Power DRC/LVS, October 2016
Polyteda: Power DRC/LVS, October 2016
Oleksandra Nazola
 
Device Programmability with Cisco Plug-n-Play Solution
Device Programmability with Cisco Plug-n-Play SolutionDevice Programmability with Cisco Plug-n-Play Solution
Device Programmability with Cisco Plug-n-Play Solution
Cisco DevNet
 
Oracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings AttachedOracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings Attached
Fuad Arshad
 
Oracle11g Security
Oracle11g SecurityOracle11g Security
Oracle11g Security
Inprise Group
 
Better Network Management Through Network Programmability
Better Network Management Through Network ProgrammabilityBetter Network Management Through Network Programmability
Better Network Management Through Network Programmability
Cisco Canada
 
XPDDS18: Xen Testing at Intel - Xudong Hao, Intel
XPDDS18: Xen Testing at Intel - Xudong Hao, IntelXPDDS18: Xen Testing at Intel - Xudong Hao, Intel
XPDDS18: Xen Testing at Intel - Xudong Hao, Intel
The Linux Foundation
 
POLYTEDA: Power DRC/LVS, June 2017
POLYTEDA: Power DRC/LVS, June 2017POLYTEDA: Power DRC/LVS, June 2017
POLYTEDA: Power DRC/LVS, June 2017
Oleksandra Nazola
 
Building, deploying and testing an industrial linux platform @ Open source su...
Building, deploying and testing an industrial linux platform @ Open source su...Building, deploying and testing an industrial linux platform @ Open source su...
Building, deploying and testing an industrial linux platform @ Open source su...
SZ Lin
 
82599 sriov vm configuration notes
82599 sriov vm configuration notes82599 sriov vm configuration notes
82599 sriov vm configuration notes
Ryan Aydelott
 
VMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for Horizon
VMworld
 
AMD EPYC™ Microprocessor Architecture
AMD EPYC™ Microprocessor ArchitectureAMD EPYC™ Microprocessor Architecture
AMD EPYC™ Microprocessor Architecture
AMD
 
LF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress Scheduling
LF_OpenvSwitch
 
LF_OVS_17_Day 1 Opening Remarks
LF_OVS_17_Day 1 Opening RemarksLF_OVS_17_Day 1 Opening Remarks
LF_OVS_17_Day 1 Opening Remarks
LF_OpenvSwitch
 

Mais conteúdo relacionado

Mais procurados

Quieting noisy neighbor with Intel® Resource Director Technology
Quieting noisy neighbor with Intel® Resource Director TechnologyQuieting noisy neighbor with Intel® Resource Director Technology
Quieting noisy neighbor with Intel® Resource Director Technology
Michelle Holley
 
Better Network Management Through Network Programmability
Better Network Management Through Network ProgrammabilityBetter Network Management Through Network Programmability
Better Network Management Through Network Programmability
Cisco Canada
 
Building, deploying and testing an industrial linux platform @ Open source su...
Building, deploying and testing an industrial linux platform @ Open source su...Building, deploying and testing an industrial linux platform @ Open source su...
Building, deploying and testing an industrial linux platform @ Open source su...
SZ Lin
 

Mais procurados (20)

Revisit DCA, PCIe TPH and DDIO
Revisit DCA, PCIe TPH and DDIORevisit DCA, PCIe TPH and DDIO
Revisit DCA, PCIe TPH and DDIO
 
Intel dpdk Tutorial
Intel dpdk TutorialIntel dpdk Tutorial
Intel dpdk Tutorial
 
Performance out of the box developers
Performance out of the box developersPerformance out of the box developers
Performance out of the box developers
 
DPDK Architecture Musings - Andy Harvey
DPDK Architecture Musings - Andy HarveyDPDK Architecture Musings - Andy Harvey
DPDK Architecture Musings - Andy Harvey
 
Polyteda Power DRC/LVS July 2016
Polyteda Power DRC/LVS July 2016Polyteda Power DRC/LVS July 2016
Polyteda Power DRC/LVS July 2016
 
Quieting noisy neighbor with Intel® Resource Director Technology
Quieting noisy neighbor with Intel® Resource Director TechnologyQuieting noisy neighbor with Intel® Resource Director Technology
Quieting noisy neighbor with Intel® Resource Director Technology
 
Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...
Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...
Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...
 
CCNA Icnd110 s06l03
CCNA Icnd110 s06l03CCNA Icnd110 s06l03
CCNA Icnd110 s06l03
 
Exadata deployment life cycle
Exadata deployment life cycleExadata deployment life cycle
Exadata deployment life cycle
 
Polyteda: Power DRC/LVS, October 2016
Polyteda: Power DRC/LVS, October 2016Polyteda: Power DRC/LVS, October 2016
Polyteda: Power DRC/LVS, October 2016
 
Device Programmability with Cisco Plug-n-Play Solution
Device Programmability with Cisco Plug-n-Play SolutionDevice Programmability with Cisco Plug-n-Play Solution
Device Programmability with Cisco Plug-n-Play Solution
 
Oracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings AttachedOracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings Attached
 
Oracle11g Security
Oracle11g SecurityOracle11g Security
Oracle11g Security
 
Better Network Management Through Network Programmability
Better Network Management Through Network ProgrammabilityBetter Network Management Through Network Programmability
Better Network Management Through Network Programmability
 
XPDDS18: Xen Testing at Intel - Xudong Hao, Intel
XPDDS18: Xen Testing at Intel - Xudong Hao, IntelXPDDS18: Xen Testing at Intel - Xudong Hao, Intel
XPDDS18: Xen Testing at Intel - Xudong Hao, Intel
 
POLYTEDA: Power DRC/LVS, June 2017
POLYTEDA: Power DRC/LVS, June 2017POLYTEDA: Power DRC/LVS, June 2017
POLYTEDA: Power DRC/LVS, June 2017
 
Building, deploying and testing an industrial linux platform @ Open source su...
Building, deploying and testing an industrial linux platform @ Open source su...Building, deploying and testing an industrial linux platform @ Open source su...
Building, deploying and testing an industrial linux platform @ Open source su...
 
82599 sriov vm configuration notes
82599 sriov vm configuration notes82599 sriov vm configuration notes
82599 sriov vm configuration notes
 
VMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for Horizon
 
AMD EPYC™ Microprocessor Architecture
AMD EPYC™ Microprocessor ArchitectureAMD EPYC™ Microprocessor Architecture
AMD EPYC™ Microprocessor Architecture
 

Destaque

Destaque (15)

LF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress Scheduling
 
LF_OVS_17_Day 1 Opening Remarks
LF_OVS_17_Day 1 Opening RemarksLF_OVS_17_Day 1 Opening Remarks
LF_OVS_17_Day 1 Opening Remarks
 
LF_OVS_17_Conntrack + OvS
LF_OVS_17_Conntrack + OvSLF_OVS_17_Conntrack + OvS
LF_OVS_17_Conntrack + OvS
 
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
 
LF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OVS_17_OVS-DPDK Installation and GotchasLF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OVS_17_OVS-DPDK Installation and Gotchas
 
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
 
LF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at NutanixLF_OVS_17_OVN at Nutanix
LF_OVS_17_OVN at Nutanix
 
LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
 
LF_OVS_17_State of the OVN
LF_OVS_17_State of the OVNLF_OVS_17_State of the OVN
LF_OVS_17_State of the OVN
 
LF_OVS_17_OVS-DPDK for NFV: go live feedback!
LF_OVS_17_OVS-DPDK for NFV: go live feedback!LF_OVS_17_OVS-DPDK for NFV: go live feedback!
LF_OVS_17_OVS-DPDK for NFV: go live feedback!
 
LF_OVS_17_Day 2 Opening Remarks
LF_OVS_17_Day 2 Opening RemarksLF_OVS_17_Day 2 Opening Remarks
LF_OVS_17_Day 2 Opening Remarks
 
LF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrack
LF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrackLF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrack
LF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrack
 
LF_OVS_17_CORD: An open source platform to reinvent the network edge
LF_OVS_17_CORD: An open source platform to reinvent the network edgeLF_OVS_17_CORD: An open source platform to reinvent the network edge
LF_OVS_17_CORD: An open source platform to reinvent the network edge
 
LF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...software
LF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...softwareLF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...software
LF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...software
 

Semelhante a LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membership Library

Nonfunctional Testing: Examine the Other Side of the Coin
Nonfunctional Testing: Examine the Other Side of the CoinNonfunctional Testing: Examine the Other Side of the Coin
Nonfunctional Testing: Examine the Other Side of the Coin
TechWell
 
Strata + Hadoop 2015 Slides
Strata + Hadoop 2015 SlidesStrata + Hadoop 2015 Slides
Strata + Hadoop 2015 Slides
Jun Liu
 
Ebs performance tuning session feb 13 2013---Presented by Oracle
Ebs performance tuning session feb 13 2013---Presented by OracleEbs performance tuning session feb 13 2013---Presented by Oracle
Ebs performance tuning session feb 13 2013---Presented by Oracle
Akash Pramanik
 
Platform Observability and Infrastructure Closed Loops
Platform Observability and Infrastructure Closed LoopsPlatform Observability and Infrastructure Closed Loops
Platform Observability and Infrastructure Closed Loops
Open Source Technology Center MeetUps
 

Semelhante a LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membership Library (20)

Apps session wait_tables
Apps session wait_tablesApps session wait_tables
Apps session wait_tables
 
Nonfunctional Testing: Examine the Other Side of the Coin
Nonfunctional Testing: Examine the Other Side of the CoinNonfunctional Testing: Examine the Other Side of the Coin
Nonfunctional Testing: Examine the Other Side of the Coin
 
Platform Observability and Infrastructure Closed Loops
Platform Observability and Infrastructure Closed LoopsPlatform Observability and Infrastructure Closed Loops
Platform Observability and Infrastructure Closed Loops
 
Getting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentationGetting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentation
 
2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice
 
Production Readiness Strategies in an Automated World
Production Readiness Strategies in an Automated WorldProduction Readiness Strategies in an Automated World
Production Readiness Strategies in an Automated World
 
Cm5 secure code_training_1day_system configuration
Cm5 secure code_training_1day_system configurationCm5 secure code_training_1day_system configuration
Cm5 secure code_training_1day_system configuration
 
Strata + Hadoop 2015 Slides
Strata + Hadoop 2015 SlidesStrata + Hadoop 2015 Slides
Strata + Hadoop 2015 Slides
 
FOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptxFOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptx
 
Ebs performance tuning session feb 13 2013---Presented by Oracle
Ebs performance tuning session feb 13 2013---Presented by OracleEbs performance tuning session feb 13 2013---Presented by Oracle
Ebs performance tuning session feb 13 2013---Presented by Oracle
 
Platform Observability and Infrastructure Closed Loops
Platform Observability and Infrastructure Closed LoopsPlatform Observability and Infrastructure Closed Loops
Platform Observability and Infrastructure Closed Loops
 
Systems oracle overview_hardware
Systems oracle overview_hardwareSystems oracle overview_hardware
Systems oracle overview_hardware
 
Observability at scale: Hear from the Elastic Cloud SRE team
Observability at scale: Hear from the Elastic Cloud SRE teamObservability at scale: Hear from the Elastic Cloud SRE team
Observability at scale: Hear from the Elastic Cloud SRE team
 
DUG'20: 01 - Welcome & DAOS Update
DUG'20: 01 - Welcome & DAOS UpdateDUG'20: 01 - Welcome & DAOS Update
DUG'20: 01 - Welcome & DAOS Update
 
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...
 
Accelerate Ceph performance via SPDK related techniques
Accelerate Ceph performance via SPDK related techniques Accelerate Ceph performance via SPDK related techniques
Accelerate Ceph performance via SPDK related techniques
 
Share seattle health_center
Share seattle health_centerShare seattle health_center
Share seattle health_center
 
Puppeting in a Highly Regulated Industry
Puppeting in a Highly Regulated IndustryPuppeting in a Highly Regulated Industry
Puppeting in a Highly Regulated Industry
 
AV/DF Advanced Security Option
AV/DF Advanced Security OptionAV/DF Advanced Security Option
AV/DF Advanced Security Option
 
Nagios-yating
Nagios-yatingNagios-yating
Nagios-yating
 

Mais de LF_OpenvSwitch

Mais de LF_OpenvSwitch (9)

LF_OVS_17_Day 2 Closing Remarks
LF_OVS_17_Day 2 Closing RemarksLF_OVS_17_Day 2 Closing Remarks
LF_OVS_17_Day 2 Closing Remarks
 
LF_OVS_17_OVN and Kelda
LF_OVS_17_OVN and KeldaLF_OVS_17_OVN and Kelda
LF_OVS_17_OVN and Kelda
 
LF_OVS_17_OvS manipulation with Go at DigitalOcean
LF_OVS_17_OvS manipulation with Go at DigitalOceanLF_OVS_17_OvS manipulation with Go at DigitalOcean
LF_OVS_17_OvS manipulation with Go at DigitalOcean
 
LF_OVS_17_OvS Hardware Offload with TC Flower
LF_OVS_17_OvS Hardware Offload with TC FlowerLF_OVS_17_OvS Hardware Offload with TC Flower
LF_OVS_17_OvS Hardware Offload with TC Flower
 
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
 
LF_OVS_17_Red Hat's perspective on OVS HW Offload Status
LF_OVS_17_Red Hat's perspective on OVS HW Offload StatusLF_OVS_17_Red Hat's perspective on OVS HW Offload Status
LF_OVS_17_Red Hat's perspective on OVS HW Offload Status
 
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration MethodologiesLF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
 
LF_OVS_17_Enabling Hardware Offload of OVS Control & Data plane using LiquidIO
LF_OVS_17_Enabling Hardware Offload of OVS Control & Data plane using LiquidIOLF_OVS_17_Enabling Hardware Offload of OVS Control & Data plane using LiquidIO
LF_OVS_17_Enabling Hardware Offload of OVS Control & Data plane using LiquidIO
 
LF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitchLF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OVS_17_LXC Linux Containers over Open vSwitch
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Último (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membership Library

  • 1. Optimizing OvS using DPDK Membership Library Intel Labs Yipeng Wang & Sameh Gobriel
  • 2. 2 Legal Disclaimers No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest forecast, schedule, specifications and roadmaps. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com. © 2017 Intel Corporation. Intel, the Intel logo, Intel. Experience What’s Inside, and the Intel. Experience What’s Inside logo are trademarks of Intel. Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others.
  • 3. Contributors Charlie Tai Charlie.tai@intel.com Ren Wang ren.wang@intel.com Antonio Fischetti antonio.fischetti@intel.com
  • 4. OvS De Facto Virtual Switch for NFV Environments 4 Memory C $ LLC $ Lx C $ Lx Memory C $ LLC $ Lx C $ Lx NIC NIC • General purpose processors withCache/memoryhierarchycan support muchlargerflowtables. • Multicores architectureprovide a scalablecompetitiveflow classificationperformance. TEM/OEM Proprietary OS ASIC, DSP, FPGA, ASSP • Network appliances use purpose-built H/W& ASICs (e.g., TCAM) forflowclassification • Cost & power consumption are limiting factors to support large number offlows Monolithic Purpose-built Boxes NFV Hypervisor (e.g. ESXi, KVM,.. etc.) O Open vSwitch Networking VMs on Standard Servers
  • 5. 5 Open vSwitch Flow Lookup Mask N 1xxx xxxx 0xxx xxxx Flow Mask Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Rules Match Packet Header 1. Set of disjoint sub-table withnopriority 2. Rule is only insertedintoone sub-table (lookupterminates after first match) 3. Lookup is donebysequentially searcheach sub-table untila matchis found Fig. Vtunes OVS flow lookup process (bypass EMC). Test case: 20 sub-tables, each has 100 rules. OvS Flow Classification is a bottleneck
  • 6. 6 Membership Test Usage (example) Blacklisted Flow 1 Blacklisted Flow 2 Blacklisted Flow 3 Blacklisted Flow N Clients Incoming Flows Legitimate Flows are Forwarded to Backend Server Build Set {..} Set of Blacklisted Flows to be Dropped Membership Test ? Check if Flow Belongs to Blacklisted Set SN S2 S1 Set Summary A Summary Instead Of Storing Original ListMembership Library is a DPDK Library to Provide Users the Functionality to Create Different Types of Set-Summaries
  • 7. 7 Overview of DPDK Membership Library in V17.11 Set Summary Is X in set? No Is X in set? Very probable yes Get X Summary of items in Probabilistic data structure • Handle membership test questions • Much smaller storage • Much faster than huge set lookup • [Multi-Set]: Returns X is not found or which set it belongs to (with high probability) Huge Set [Millions of Entries] 1- Too Much Storage 2- Slow Lookup Bloom Filter Vector Bloom Filter Hash Table Set Summary Cuckoo Distributor Membership Library
  • 8. 8 Two Level Lookup for MFC Mask N 1xxx xxxx 0xxx xxxx Flow Mask Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Rules Match Packet Header 1st Level of Indirection Set Summary Provided by Membership Library Mask N 1xxx xxxx 0xxx xxxx Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Match Packet Header • Membership library used to create a 1st level set-summary indirection • Flow Keys are looked up in set- summaries: • Hits: directs to the correct sub-table for searching (correct 97%) • Misses: “New” flow default sequential search & upcall if needed
  • 9. 9 Dynamic Operation & Sub-Table Ranking Mask N 1xxx xxxx 0xxx xxxx Flow Mask Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Rules Match Packet Header 1st Level of Indirection Set Summary Provided by Membership Library Number of Sub-tables Traversed Mask N 1xxx xxxx 0xxx xxxx Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Match Packet Header 1 2 • Sub-table Ranking: • Based on number of hits per sub-table à optimize the order of sequential search. • First level is switched ON/OFF • If average number of sub-tables (without first level) traversed is small à turn off
  • 11. 11 Performance Gain 2X-3X Throughput Improvement for OvS using DPDK Membership Library 1.8 1.6 5 4.4 0 1 2 3 4 5 6 EMC OFF EMC ON MaxForwardingRate(MPPS) 20 Sub-Table - 10k flow – Uniform Traffic Orig OvS-DPDK OvS-DPDK + ML Library 2.7X 2.7X
  • 12. 12 Conclusion • MegaFlow Lookup has scalability bottleneck, especially with uniform distribution traffic patterns. • The membership structure optimizes flow lookup in OvS and avoids the sequential search of the sub-tables. • Using DPDK Membership Library, first level of indirection is created to direct flow to the correct sub-table. • Dynamic turning on/off to avoid overhead of first level when not needed. • DPDK V17.11 released with Membership Library … Patch to be submitted to the mailing list, please review and test in your workload.