Fd.io_vpp_overview_29.03.17

Click to edit Master title style,Edit Master text styles,Second level,Third level,Fourth level,Fifth level,3/31/2017,#,fd.io Foundation,Click to edit Master title style,Edit Master text styles,Second level,Third level,Fourth level,Fifth level,3/31/2017,#,VPP overview,1,Overview,Structure, layers and,features,Anatomy,of a graph node,Integrations,FIB 2.0,Future Directions,New features,Performance,Continuous,Integration and,Testing,Summary,Agenda,Introducing VPP: the,vector packet processor,3,Introducing VPP,(the vector packet processor),Accelerating the dataplane since 2002,Fast, Scalable and,Determinisic,14+,Mpps,per core,Tested to,1TB,Scalable,FIB: supporting millions of entries,0 packet drops, 15s,latency,Optimized,DPDK,for fast I/O,ISA:,SSE,AVX,AVX2, NEON .,IPC:,Batching, no mode switching, no context switches,n,on-blocking,Multi-core:,Cache and memory efficient,Network,I/O,Packet Processing: VPP,Management,Agent,Netconf/Yang,REST,.,4,Introducing VPP,Extensible and Flexible,m,odular design,Implement as a directed,graph of,nodes,Extensible with plugins, plugins are equal citizens.,Configurable via CP and CLI,Developer friendly,Deep introspection with counters and tracing facilities.,R,untime counters with IPC and errors information.,Pipeline tracing facilities, life-of-a-packet.,Developed using standard toolchains.,Network,I/O,Packet Processing: VPP,Management,Agent,Netconf/Yang,REST,.,5,Introducing VPP,Fully featured,L2:,VLan, Q-in-Q, Bridge Domains, LLDP .,L3:,IPv4, GRE, VXLAN, DHCP, IPSEC ,L3:,IPv6, Discovery, Segment Routing ,L4:,TCP, UDP ,CP:,API, CLI, IKEv2 ,Integrated,Language bindings,Open Stack/ODL (Netconf/Yang),Kubernetes/Flanel (Python API),OSV Packaging,Network,I/O,Packet Processing: VPP,Management,Agent,Netconf/Yang,REST,.,6,VPP: structure, layers and features,7,VPP: VPP Layering,VLIB,VPP application management,buffer, buffer management,graph node, node management,tracing, counters,threading,CLI,and,most importantly ,main,(),VPP,INFRA,Library of function primitives, for,memory management,memory operations,vectors,rings,hashing,timers,VNET,VPP networking source,Devices,Layer 2, 3, 4,Session Management,Overlays,Control Plane,Traffic,Management,Plugins,Plugins can be in-tree:,SNAT, Policy ACL,Flow Per Packet,ILA, IOAM,LB, SIXRD,VCGN,Separate fd.io,project:,NSH_SFC,Plugins,VNET,VLIB,VPP Infra,8,VPP: VNET Features,9,Devices,AF_PACKET,DPDK v16.11, HQOS,CryptoDev,NETMAP,SSVM,vhost-user,Layer 2,Ethernet,MPLS over Ethernet,HDLC, LLC,SNAP,PPP,SRP, LLDP,VLAN, Q-in-Q,MAC Learning,Bridging,Split-horizon group support/EFP Filtering,VTR push/pop/Translate (1:1,1:2, 2:1,2:2),ARP : Proxy, termination,IRB: BVI Support with Router/MAC assignment,Flooding,Input ACLs,Interface cross-connect,Layer 3,Source RPF,Thousands of VRFs,Controlled cross-VRF lookups,Multipath ECMP and Unequal Cost,IPSec,IPv6,Neighbor discovery,Router Advertisement,Segment Routing,FIB 2.0,Multimillion scalable FIBs,Recursive FIB lookup, failure detection,IP MPLS FIB,Shared FIB adjacencies,Layer 4,UDP,TCP,Sockets: FIFO, Socket PreLoad,Overlays,GRE,MPLS-GRE,NSH-GRE,VXLAN,VXLAN-GPE,L2TPv3,Traffic Management,Mandatory Input Checks:,TTL expiration, Header checksum, L2 length 1,pointer,indirection,N-1,pointer,indirection,BGP_nexthop, I,GP_route,N-1,pointer,indirection,IGP_nexthop, I,GP adjacency,VPP v17.01: FIB 2.0 (Hierarchical FIB),converging these BGP routes requires a single *in-place* modify of entry in BGP nexthop list,converging these BGP nexthops requires a single *in-place* modify of entry in IGP nexthop list,converging these IGP nexthops requires a single *in-place* modify of entry in output interface list,local link/node failure,TE-FRR, IP-FRR/LFA,adjacent IGP link/node failure,IGP FC, BGP PIC core,remote BGP node failure,BGP PIC Edge,local BGP link failure (PE-CE),BGP PIC local protection,Operation,VPP FIB,2.0 is a,fast FIB implementation that provides for fast,route updates,robust failure and fast routing decisions.,It provides an optimal implementation without the trade-offs associated with a collapsed FIB (faster but slow updates) or a decoupled FIB/RIB (slow but faster updates ),Data,plane FIB indirection enables route scale independent failure,handling,slow,VPP:,future directions,Accelerating container networking,Accelerating IPSEC,Container networking: Current State,FIFO,Container A,PID,1234,TCP,IP (routing),device,send(),FIFO,Container B,PID,4321,TCP,IP (routing),device,recv(),FIFO,device,FIFO,device,VPP,af_packet,Layer 2,dpdk,af_packet,UserSpace,KernelSpace,Layer 3,Overlays,ACL/Policy,Smarter networking,:,Future,State,FIFO,Container,A,PID,1234,send(),FIFO,Container B,PID,4321,recv(),VPP,af_packet,dpdk,af_packet,UserSpace,Layer 2,Layer 3,Overlays,ACL/Policy,TCP/UDP,Accelerating IPSEC,Vector/CryptoInstructions,Quick Assist,Future On-core Accel,FutureAccelerators,2017,2019,DPDK,VPP,Cryptodev API,2018,VPP:,new features,28,Rapid Release Cadence,3 months,16-06,Release- VPP,16-09,Release:,VPP, Honeycomb, NSH_SFC, ONE,17-01,Release:,VPP, Honeycomb, NSH_SFC, ONE,16-06 New Features,Enhanced Switching & Routing,SRv6 spray use-case (IP-TV),LISP xTR support,VXLAN,over IPv6 underlay,per,interface whitelists,shared,adjacencies in,FIB,Improves interface,support,vhost-user,jumbo frames,Netmap,interface support,AF_Packet,interface support,Improved programmability,Python,API bindings,Enhanced,JVPP Java API bindings,Enhanced,debugging cli,Hardware,and Software Support,Support,for ARM 32 targets,Support,for Raspberry Pi,Support,for DPDK 16.04,16-09 New Features,Enhanced LISP support for,L2,overlays,Multitenancy,Multihoming,Re-encapsulating,Tunnel Routers (RTR) support,Map-Resolver,failover algorithm,New plugins for,SNAT,MagLev-like,Load,Identifier,Locator Addressing,NSH,SFC SFFs & NSH Proxy,P,ort,range ingress filtering,Dynamically ordered subgraphs,17-01 New Features,Hierarchical FIB,Performance Improvements,DPDK input and output,nodes,L2 Path,IPv4 lookup node,IPSEC,SW and HW Crypto Support,HQoS,support,Simple Port Analyzer (SPAN,),BFD,IPFIX,Improvements,L2 GRE over IPSec,tunnels,LLDP,LISP,Enhancements,Source/Dest control,plane,L2 over LISP and,GRE,Map-Register/Map-Notify,RLOC-probing,ACL,Flow Per Packet,SNAT,Multithread, Flow Export,LUA API Bindings,17-04 New Features,.,17-04,Release:,VPP, Honeycomb, NSH_SFC, ONE,29,Future Release Plans,17.04,(Due Apr 19),VPP Userspace Host Stack,TCP,stack,DHCPv4,relay,multi-destination,DHCPv4,option,82,DHCPv6,relay,multi-destination,DHPCv6,relay,remote-id,ND,Proxy,SNAT,CGN: Configurable port,allocation,CGN,: Configurable Address,pooling,CPE,: External interface,DHCP support,NAT64, LW46,Security Groups,Routed,interface,support,L4,filters with IPv6 Extension Headers,API,Move to CFFI for Python,binding,Python,Packaging,improvements,CLI,over,API,Improved C/C,+ language binding,Segment Routing v6,SRv6 Network Programming,SR Traffic Engineering,SR LocalSIDs,Framework to expand LocalSIDs w/ plugins,iOAM,UDP Pinger,w/path,fault,isolation,IOAM as,type 2 metadata in,NSH,IOAM,raw IPFIX,collector and analyzer,Anycast,active server selection,IPFIX,Collect IPv6,information,Per,flow state,VPP:,performance,CSIT,NDR Throughput VPP,16.09 v 17.01, 400% improvement in vHost performance,20% improvement in L2 performance, 100% improvement in IPv6 performance,Phy-VS-Phy,VPP Performance at Scale,Gbps,480Gbps,zero frame,loss,Mpps,200Mpps,zero frame loss,Gbps,IMIX,= 342,Gbps,1518B,= 462 Gbps,Mpps,64B,= 238 Mpps,IPv6, 24 of 72 cores,IPv4+ 2k Whitelist, 36 of 72 cores,Zero-packet-loss Throughput,for,12 port,40GE,Hardware:,Cisco,UCS C460 M4,Intel C610 series chipset,4 x Intel Xeon Processor,E7-8890,v3,(,18,cores,2.5GHz,45MB Cache),2133,MHz, 512 GB Total,9 x 2p40GE Intel,XL710,18 x 40GE = 720GE !,Latency,18 x 7.7trillion packets soak,test,Average,latency: 23 usec,Min Latency: 7,10 usec,Max Latency: 3.5 ms,Headroom,Average vector size 24-27,Max vector,size 255,Headroom,for much more throughput/features,NIC/PCI bus is the limit not vpp,VPP:,Continuous Integration and Testing,34,Submit,Automated,Verify,Code Review,Merge,Publish Artifacts,Continuous Quality, Performance, Usability,Built into the development process,patch by patch,System Functional Testing,252 Tests/Patch,DHCP,Client and Proxy,GRE Overlay Tunnels,L2BD Ethernet Switching,L2 Cross Connect Ethernet Switching,LISP Overlay Tunnels,IPv4-in-IPv6 Softwire Tunnels,Cop Address Security,IPSec,IPv6 Routing,NS/ND, RA, ICMPv6,uRPF Security,Tap Interface,Telemetry,IPFIX and Span,VRF Routed Forwarding,iACL Security,Ingress,IPv6/IPv6/Mac,IPv4 Routing,QoS Policer Metering,VLAN Tag Translation,VXLAN Overlay Tunnels,Performance Testing,144 Tests/Patch, 841 Tests,L2 Cross Connect,L2 Bridging,IPv4 Routing,IPv6 Routing,IPv4 Scale,20k,200k,2M FIB Entries,IPv4 Scale -,20k,200k,2M FIB Entries,VM with vhost-userr,PHYS-VPP-VM-VPP-PHYS,L2 Cross Connect/Bridge,VXLAN w/L2 Bridge Domain,IPv4 Routing,COP,IPv4/IPv6 whiteless,iACL,ingress IPv4/IPv6 ACLs,LISP,IPv4-o-IPv6/IPv6-o-IPv4,VXLAN,QoS Policer,L2 Cross over,L2 Bridging,Usability,Merge-by-merge:,apt installable deb packaging,yum installable rpm packaging,autogenerated code documentation,autogenerated cli documentation,Per release:,autogenerated testing reports,report perf improvements,Puppet modules,Training/Tutorial videos,Hands-on-usecase documentation,Build/Unit Testing,120 Tests/Patch,Build binary packaging for,Ubuntu 14.04,Ubuntu 16.04,Centos 7,Automated Style Checking,Unit test :,IPFIX,BFD,Classifier,DHCP,FIB,GRE,IPv4,IPv4 IRB,IPv4 multi-VRF,IPv6,IP Multicast,L2 FIB,L2 Bridge Domain,MPLS,SNAT,SPAN,VXLAN,Run on real hardware in fd.io Performance Lab,Merge-by-merge packaging feeds,Downstream consumer CI pipelines,Summary,VPP is a fast, scalable and low latency network stack in user space.,VPP is trace-able, debug-able and fully featured layer 2, 3 ,4 implementation.,VPP is easy to integrate with your data-centre environment for both NFV and Cloud use cases.,VPP is always growing, innovating,and getting faster.,VPP is a fast growing community of fellow travellers.,ML,:,vpp-,Wiki:,wiki.fd.io/view/VPP,Join us in FD.io & VPP - f,ellow travellers are,always,welcome.,Please reuse and contribute!,Questions?,VPP: Source Structure,Directory name,Description,build-data,Build,metadata package,and,platform specific build,settings. e.g.,vpp_lite, x86, cavium etc.,build-root,Build output,directory,build-vpp_lite_debug-native - build artifacts for vpp_lite, built with symbols.,install-vpp_lite_debug-native fakeroot for vpp_lite installation, built with symbols.,deb debian packages,rpm rpm packages,vagrant bootstrap a development environment,src/plugins,VPP bundled plugins,directory,- ila-plugin:,Identifier Locator Addressing (ILA),- flowperpkt-plugin:,Per-packet IPFIX record generation plugin,- lb-plugin: MagLev-like Load Balancer, similar to Googles Maglev Load Balancer,- snat-plugin:,Simple ip4 NAT plugin,- sample-plugin: Sample,macs,src/vnet,VPP networking,source,- device: af-packet,dpdk pmd, ssvm,-,l2 : ethernet, mpls, lldp, ppp, l2tp, mcast,- l3+: ip4,6, ipsec, icmp, udp,- overlays: vxlan, gre,src/vpp,VPP application source,src/vlib,VPP application library,source;,src/vlib-api,VPP API library source,src/vpp-api,VPP application API source,src/vppapigen,VPP API generator source,src/vppinfra,VPP core library source,37,VPP: Build System,38,Make Targets,Description,bootstrap,prepare tree for,build,setup paths and compilers etc,install-dep,install software,dependencies, automatically apt-get build dependencies, used by vagrant provisioning scripts.,wipe, wipe-release,wipe all products of,debug/release build,build, build-release,build,debug/release,binaries,plugins, plugins-release,build,debug/release,plugin binaries,rebuild, rebuild-release,wipe and build,debug/release,binaries,run, run-release,run,debug/release binary in interactive,mode,debug,run debug binary with,debugger (gdb),test, test-debug,build and run functional tests,build-vpp-api,build vpp-api,pkg-deb, pkg-rpm,build,packages,build debian and rpm packaging for VPP, can be dpkged or rpmed afterward.,ctags, gtags, cscope,(,re)generate,ctags/gtags/cscope databases,doxygen,(re)generate documentation,Make Variables,Description,V,1 or 0, to switch,on verbose builds,PLATFORM,Platform,specific build, e.g. vpp_lite,H,ierarchical,FIB in Data plane VPN-v4,A unique output label for each route on each path means that the load-balance choice for each route is different.,Different choices mean the load-balance objects are not shared.,No sharing means there is no common location where an in-place modify will affect all routes.,PIC is broken.,BGP route,BGP route,BGP route,Load-balance,Label 44,Label 45,Label 46,Load-balance,Label 54,Label 55,Label 56,Load-balance,Label 64,Label 64,Label 66,Load-balance,Adj0,Load-balance,Ad1,Load-balance,Adj2,Adjacency,Eth0,Adjacency,Eth1,Adjacency,Eth2,VPN-v4: Load-Balance,Map,Load-Balance Map translates from bucket indices that are unusable to bucket indices that are usable.,BGP route,BGP route,BGP route,Load-balance,Label 44,Label 45,Label 46,Load-balance,Label 54,Label 55,Label 56,Load-balance,Label 64,Label 64,Label 66,Load-balance,Adj0,Load-balance,Ad1,Load-balance,Adj2,Adjacency,Eth0,Adjacency,Eth1,Adjacency,Eth2,Load-balance-Map,Bucket 1,Bucket 2,Bucket 3,Packet,Match,Hash,Result = bucket 2,Map,Output= bucket 2,input,TX,Hash,Path goes down,VPN-v4: Load-Balance,Map: Path failure,When a path becomes unusable the load-balance map is updated to replace that path with one that is usable.,Since it is a shared structure, this has the effect of making the path unusable for each route,BGP route,BGP route,BGP route,Load-balance,Label 44,Label 45,Label 46,Load-balance,Label 54,Label 55,Label 56,Load-balance,Label 64,Label 64,Label 66,Load-balance,Adj0,Load-balance,Ad1,Load-balance,Adj2,Adjacency,Eth0,Adjacency,Eth1,Adjacency,Eth2,Load-balance-Map,Bucket 1,Bucket 2,Bucket 3,Packet1,Match,Hash,Result = bucket 2,Map,Output=,Bucket 1,input,Bucket 1,Map Fixup,Hash,TX,VPN-v4: Load-Balance,Map: LISP,Adjacencies on the LISP tunnel apply the LISP tunnel encapsulation.,They point to the load-balance object to reach the tunnels destination in the underlay.,BGP route,BGP route,Load-balance,Load-balance,Load-balance,Adj0,Adjacency,Eth0,Adjacency,LISP-tunnel0,Adjacency,LISP-tunnel1,Load-balance-Map,Bucket 1,Bucket 2,Packet1,Match,Hash,Result = Bucket 1,Map,Output= Bucket1,input,Map Fixup,TX,Load-balance,Adj0,Adjacency,Eth0,To reach tunnels destination,Encap,Hash,Even in the absence of MPLS labels, unshared load-balance objects are used. This is so the result of the lookup in the FIB table produces an object specific to the route and hence an object that can collect per-route counters,Fault Propagation,Interface Down,VPN-v4: Path,failure,A failure of an interface in the LISP underlay is propagated up the hierarchy.,The underlay failure results in the LISP tunnel going down and the Map is updated to remove that tunnel from the ECMP set.,BGP route,BGP route,Load-balance,Load-balance,Load-balance,Adj0,Adjacency,Eth0,Adjacency,LISP-tunnel0,Adjacency,LISP-tunnel1,Load-balance-Map,Bucket 1,Bucket 2,Packet1,Match,Hash,Result = Bucket 1,Map,Output=,Bucket2,input,TX,Load-balance,Adj0,Adjacency,Eth0,To reach tunnels destination,Encap,Hash,Map Fixup,Bucket 2,