BRKCLD-2013 (2019)

#CLUS
Cloud Networking
Jeroen Wittock - TME

BRKCLD-2013
#CLUS
Agenda
• Moving Packets in Software …
• Virtual Switches and SDN Controllers
• Performance
• Connecting to SP and DC Fabrics
• What about CNF’s?
• Conclusion
#CLUS BRKCLD-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
Webex Teams will be moderated cs.co/ciscolivebot#BRKCLD-2013

by the speaker until June 16, 2019.
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Moving Packets in Software
Reaching the VNF
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54
CISCO NEXUS N9K-C9372PX
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54
CISCO NEXUS N9K-C9372PX
PCIe 1
PCIe 2
770W AC 770W AC
PP PP P
PORT PORT S
2 1
SS
U
2
ACT LINK ACT LINK
M  2 1
CSR
Moving a Packet in Software
• Minimum size ethernet frame: 84 bytes
inter-frame MAC MAC Minimum

CRC
gap preamble header Payload Size
4bytes
12 bytes 8 bytes 14 bytes 46 bytes
• 10GE -> 14.88Mpps or 1 frame every 67.2ns
• 3Ghz CPU -> 203 CPU cycles per frame
- Memory access: 70nsec

- cache miss takes 32 nsec
- L2 cache access: 4.3nsec
- L3 cache access 7.9nsec
Receiving a Packet
Kernel User Space
Packet
Buffer
45
35
25
15
05
94
DMA
84
74 64
54 44
34 24
Kernel
14 04
93 83
DMA
73 63
53 43
33 23
13 03
92 82
72 62
52
42
32 22
12 02
91 81
71 61
51 41
31 21
11 01
XP2739C-K9N SUXEN OCSIC
9
8
7
6
5
4
3
2
RX
1
Receiving a Packet
Kernel User Space
Packet
Buffer
45
35
25
15
05
94
DMA
84
74 64
54 44
34 24
IRQ Kernel
14 04
93 83
73 63
IRQ
53 43
33 23
13 03
92 82
72 62
52
42
32 22
12 02
91 81
71 61
51 41
31 21
11 01
9
8
7
6
5
4
3
2
RX
1
Receiving a Packet
Kernel User Space
Packet
Buffer
45
35
25
memcpy()
15
05
94
DMA
84
74 64
54 44
34 24
Kernel
14 04
93 83
73 63
53 43
33 23
13 03
92 82
72 62
52
42
32 22
12 02
91 81
71 61
51 41
31 21
11 01
9
8
7
6
5
4
3
2
RX
1
Receiving a Packet
Kernel User Space
Packet sock_recv()
Buffer
45
35
25
15
05
94
DMA
84
74 64
54 44
34 24
Kernel
14 04
93 83
73 63
53 43
33 23
13 03
92 82
72 62
52
42
32 22
12 02
91 81
71 61
51 41
31 21
11 01
9
8
7
6
5
4
3
2
RX
1
Receiving a Packet
Kernel User Space
Packet
Buffer
45
35
25
15
05
94
DMA
84
74 64
54 44
34 24
Kernel
14 04
93 83
73 63
53 43
33 23
13 03
92 82
72 62
52
42
No Free
32 22
12 02
OVERRUN
91 81
Buffers!
71 61
51 41
31 21
11 01
9
8
7
6
5
4
3
2
RX
1
VPP
• Open Source: https://fd.io

• In Development since 2002
• Fast Software Packet Forwarder
How does this help?
• Builds upon DPDK
• DPDK poll mode drivers
• Vector Packet Processing
• Modularity
https://wiki.fd.io/view/VPP
DPDK: PMD’s
Kernel User
Packet Application
Buffer
PMD
User Space
45
35
25
15
05
94
DMA
84
74 64
54 44
34 24
Kernel
14 04
93 83
73 63
53 43
33 23
13 03
92 82
72 62
52
42
32 22
12 02
91 81
71 61
51 41
31 21
11 01
9
8
7
6
5
4
3
2
RX
1
DPDK: PMD’s
Kernel User
Packet Application
Buffer
PMD
User Space
45
35
25
15
05
94
DMA
84
74 64
54 44
34 24
Kernel
14 04
93 83
DMA
73 63
53 43
33 23
13 03
92 82
72 62
52
42
32 22
12 02
91 81
71 61
51 41
31 21
11 01
9
8
7
6
5
4
3
2
RX
1
DPDK: PMD’s
Kernel User
Packet Application
Buffer
PMD
User Space
45
35
25
15
05
94
DMA
84
74 64
54 44
34 24
Kernel
14 04
93 83
73 63
53 43
33 23
13 03
92 82
72 62
52
42
32 22
12 02
91 81
71 61
51 41
31 21
11 01
9
8
7
6
5
4
3
2
RX
1
Vector Packet Processing
Kernel User
Packet Application
Buffer
User Space
45
35
25
15
05
94
DMA
Happy
84
74 64
I-Cache!
54 44
34 24
Kernel
14 04
93 83
73 63
53 43
33 23
13 03
92 82
72 62
52
42
32 22
12 02
91 81
71 61
51 41
31 21
11 01
9
8
7
6
5
4
3
2
RX
1
VPP Modularity
mpls-
ethernet-
input
ip6-input ip6-lookup
ip4-input ip4-lookup VXLAN

ethernet-
DPDK-input
input
arp-input
llc-input
Virtual Switches
20
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
3M 22C
5 6 7 8 SCU
4
1 2 3
CSR
BRKCLD-2013
?
#CLUS
Host
Reaching the VNF
PCIe 1
PCIe 2
CA W0 77 CA W0 77
P PP PP
S TR OP TR OP
U SS
1 2
2
KNIL TCA KNIL TCA
1 2  M
45 35 25 15 05 94 84 74 64 54 44 34 24 14 04 93 83 73 63 53 43 33 23 13 03 92 82 72 62 52 42 32 22 12 02 91 81 71 61 51 41 31 21 11 01 9 8 7 6 5 4 3 2 1
21
3M 22C
5 6 7 8 SCU
4
1 2 3
VNF: CSR
NIC Driver
BRKCLD-2013
#CLUS
Host
Pass-Through
PCIe 1
PCIe 2
CA W0 77 CA W0 77
P PP PP
S TR OP TR OP
U SS
1 2
2
KNIL TCA KNIL TCA
1 2  M
45 35 25 15 05 94 84 74 64 54 44 34 24 14 04 93 83 73 63 53 43 33 23 13 03 92 82 72 62 52 42 32 22 12 02 91 81 71 61 51 41 31 21 11 01 9 8 7 6 5 4 3 2 1
22
3M 22C
5 6 7 8 SCU
4
1 2 3
CSR
BRKCLD-2013
VF
#CLUS
Host
Hardware VEB
PCI Express
.. VFn
Intel VT-d
.
VF2
VF1
PF
PCIe 1
PCIe 2
CA W0 77 CA W0 77
P PP PP
S TR OP TR OP
U SS
1 2
2
KNIL TCA KNIL TCA
SR-IOV
1 2  M
45 35 25 15 05 94 84 74 64 54 44 34 24 14 04 93 83 73 63 53 43 33 23 13 03 92 82 72 62 52 42 32 22 12 02 91 81 71 61 51 41 31 21 11 01 9 8 7 6 5 4 3 2 1
Virtual Switch: OVS 45
35
25
15
05
94
84
74 64
54 44
34 24
Miss! Miss!
14 04
93 83
73 63
53 43
33 23
Microflow Megaflow Openflow

13 03
Cache Cache
92 82
Processing
72 62
52
42
Install
32 22
Install
12 02
Flow Kernel Flow User Space

91 81
71 61
51 41
31 21
11 01
9
8
7
6
5
4
3
2
1
Virtual Switch: OVS 45
35
25
15
05
94
84
74 64
54 44
34 24
Hit!
14 04
93 83
73 63
53 43
33 23

13 03
Cache Cache
92 82
Processing
72 62
52
42
32 22
12 02
Kernel User Space

91 81
71 61
51 41
31 21
11 01
9
8
7
6
5
4
3
2
1
OVS-DPDK 45
35
25
15
OVS

05
94
Cache Cache Processing

84
74 64
54 44
34 24
14 04
Kernel User Space

93 83
73 63
53 43
33 23
OVS-DPDK
13 03
92 82
72 62
52
42
32 22
12 02
Microflow Openflow
91 81
Cache
71 61
Processing
PMD
51 41
31 21
11 01
9
8
Megaflow
7
6
5
Cache
4
Kernel User Space

3
2
1
Networking-vpp OS-api
Controller-1 Controller-2 Controller-3

Agent Agent Agent
Publish Publish Publish
EtcD
Subscribe Subscribe
Compute-x vpp-agent Compute-y vpp-agent
VPP VPP
Control Plane OS-api
1
Request

Agent 2 Agent
Agent
Translate request
into desired state
EtcD
Desired state translated 3
into forwarding rules
Compute-x vpp-agent Compute-y vpp-agent
VPP VPP
Data Plane
Compute-Node
VNF-a
vpp-agent
VPP
TOR
VNF-b
Pass-through
NIC
NIC VNF-x
Underlay vs Overlay
• API – OpenStack API end points for managing/using the NFVI
• External – Link to world beyond the cloud via OpenStack virtual routers (L3 agent)
• Management/Provisioning – PXE boot and OpenStack inter-service communication
• Provider – Link to existing infrastructure networks
• Tenant – Inter VM traffic via OpenStack tenant networks
• Storage – Ceph data replication traffic, access to Netapp or Cinder
• CVIM API – External access into CVIM mgmt. node, provides CVIM API
Provider
Management /
Provisioning
Tenant
Storage
OpenStack External
API
Control Storage Compute Management

Control Control Control
Control Control Control CVIM API
Control Kibana for Log Management
(optional) UM
(optional) CVIM Monitor
Strip VXLAN header,
route on original IP
Overlay: N-S VXLAN packet, Add VXLAN
VTEP
header
VXLAN
Core VXLAN
Route on
destination VTEP Route on
destination VTEP
TOR TOR
VXLAN VXLAN
M  2 1
ACT LINK ACT LINK
2
SS
2 1 U M  2 1
PORT PORT S
PP PP P ACT LINK ACT LINK
2
770W AC 770W AC 2 1
SS
U
PORT PORT S
PP PP P
2 eICP
1 eICP
770W AC 770W AC
2 eICP
1 eICP
VPP VPP
VTEP Strip VXLAN Add VXLAN
VTEP
header header
IP
IP
CSR CSR
C22 M3
UCS 8 7 6 5
4
C22 M3
UCS 8 7 6 5
4
3 2 1
3 2 1
ACI Integration
S PINE S WITCH S PINE S WITCH
L EAF S WITCH L EAF S WITCH

B ORDER L EAF B ORDER S WITCH
Controller 1 Controller 3
Controller 2 Storage 1
Storage 3 Storage 2
Compute 1 Compute 3
Compute 2 Compute 4
Compute 6 Compute 5
ACI Integration

B ORDER L EAF B ORDER L EAF
New Vlan Storage 3 Storage 2
Security Compute 1 Compute 3

Rules Compute 2 Compute 4
Compute 6 Compute 5
ACI Integration

B ORDER L EAF B ORDER L EAF
Storage 3 Storage 2
New Compute 1 Compute 3

Network Compute 2 Compute 4
Compute 6 Compute 5
Performance
Performance Numbers: Game on!
We could talk about this for an entire session.
So we did:
3 hours ago: BRKSDN-2411
CVIM test results

VPP FD.io/CSIT Typical VIM test results
test results
Performance
• NUMA: NIC placement
• NIC with 2 40Gbps ports =/= 80Gbps capable NIC! …
Performance
• NfvBench or TRex: Find out your actual performance

• Easy to use
• Opensource
• Test, Tune, Repeat
SP and DC Fabric’s
Service Provider and the Challenge of Scale
VM
VM
Segment Routing
Architecture
Controller - 1 Controller - 2 Controller - 3

Supervisor - 1
Supervisor - 2
ToR - 1 ToR - 2
Supervisor - 3
Linecard -1 Compute - 1
Linecard -2
Compute - 2
Linecard -3
Linecard -4 Compute - 3
Compute - 4
SR EVPN: Data Path
NCS NCS
BGP BGP

BGP BGP BGP
VPP forwarder on
EtcD compute applies
label stack on
Compute-x Compute-y outgoing packets
VM
SR Control Plane
RR RR
NCS NCS
BGP BGP
Compute-x vpp-agent
BGP-LU vpp-forwarder
Compute-y vpp-agent
vpp-forwarder
BGP VPP-ctrl BGP VPP-ctrl BGP VPP-ctrl
Distributed State DB
SR Control Plane
RR RR
NCS NCS
BGP BGP
Compute-x vpp-agent
vpp-forwarder
BGP-EVPN
Compute-y vpp-agent
vpp-forwarder
SR Control Plane
RR RR
NCS NCS
BGP BGP
Compute-x vpp-agent
vpp-forwarder
Compute-y vpp-agent
vpp-forwarder
SR EVPN
NCS NCS
BGP BGP
Create Subnet
And VM
OS-api

BGP BGP BGP
Compute-x Compute-y
SR EVPN
RR
RR
NCS NCS
BGP BGP
OS-api
Controller-1 Controller-2 Controller-3 Reachability

BGP
BGP BGP
information is
EtcD
advertised to EVPN
RR’s
Compute-x Compute-y
SR EVPN
NCS NCS
BGP BGP
Create Subnet
OS-api
in Openstack and
launch VM
BGP BGP BGP
Compute-x Compute-y
SR EVPN
NCS NCS
BGP BGP
OS-api Describe intent in the

distributed state DB
BGP BGP BGP
Compute-x Compute-y
SR EVPN
NCS NCS
BGP BGP
Computes watch etcd

OS-api
and update forwarding
tables if needed.
BGP BGP BGP
Compute-x Compute-y
SR EVPN
NCS NCS
BGP BGP
OS-api VM is launched
BGP BGP BGP
Compute-x Compute-y
VM
SR EVPN: Data Path
NCS NCS
BGP BGP

BGP BGP BGP
VPP forwarder on
EtcD compute applies
label stack on
Compute-x Compute-y outgoing packets
VM
What about CNF’s?
Cloud Native SP Virtualization Platform Evolution
Adding Container in Container on Bare Metal
VM based NFV
VM Support
Cisco VIM Tooling & Consistent Tooling & Consistent Tooling & Consistent Tooling &
Automation Automation Automation Automation
VNFs VNFs CNFs VNFs CNFs VNFs CNFs

(Container in (Container on (Container on
(VM) (VM) (VM) (VM)
VM) Bare Metal) Bare Metal)
CCP CCP Cisco CCP

(K8s) (K8s) VIM(OS) (K8s)
Cisco
Cisco VIM
VIM
Cisco VIM Cisco VIM Common Bare Metal
(Ironic BM) Manager
Validated Hardware Validated Hardware Validated Hardware Validated Hardware

(Servers, Switches) (Servers, Switches) (Servers, Switches) (Servers, Switches)
Shipping Shipping (Roadmap) (Roadmap)
CCP
Or, What Kubernetes Does not Provide
Calico Cluser IP’s and Pod IP’s
RR
VM
VM
Loadbalancer node
K8’s Master
Pod IP’s Pod IP’s
VM VM
Pod Pod Pod Pod
App App App App
App App
K8’s Worker K8’s Worker
iBGP
Calico Data Plane
Container Container
Pod Pod
VM App App
Pod network namespace
App
Pod Pod
Worker VM routing, iptables
K8’s Worker Worker VM Worker VM

vhost-user or vhost-net
connection to vswitch
Virtual Switch vSwitch vSwitch
NIC driver
Host NIC
NIC NIC
1 or more
TOR hops
TOR
Conclusion
Conclusion
• Understand your Requirements

• Test and Validate vs Performance
Complete your
online session • Please complete your session survey
evaluation after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live water bottle.
• All surveys can be taken in the Cisco Live
Mobile App or by logging in to the Session
Catalog on ciscolive.cisco.com/us.
Cisco Live sessions will be available for viewing
on demand after the event at ciscolive.cisco.com.
Continue your education
Demos in the
Walk-in labs
Cisco campus
Meet the engineer

Related sessions
1:1 meetings
Thank you
#CLUS
#CLUS

BRKCLD-2013 (2019)

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKCLD-2013 (2019)

Uploaded by

Copyright:

Available Formats

#CLUS

Jeroen Wittock - TME

Webex Teams will be moderated cs.co/ciscolivebot#BRKCLD-2013

CISCO NEXUS N9K-C9372PX

CISCO NEXUS N9K-C9372PX

inter-frame MAC MAC Minimum

• 10GE -> 14.88Mpps or 1 frame every 67.2ns

• 3Ghz CPU -> 203 CPU cycles per frame

- Memory access: 70nsec

• Open Source: https://fd.io

ip4-input ip4-lookup VXLAN

Microflow Megaflow Openflow

Flow Kernel Flow User Space

Microflow Megaflow Openflow

Kernel User Space

Microflow Megaflow Openflow

Cache Cache Processing

Kernel User Space

Kernel User Space

Controller-1 Controller-2 Controller-3

Publish Publish Publish

Compute-x vpp-agent Compute-y vpp-agent

Controller-1 Controller-2 Controller-3

Compute-x vpp-agent Compute-y vpp-agent

Control Storage Compute Management

Overlay: N-S VXLAN packet, Add VXLAN

L EAF S WITCH L EAF S WITCH

L EAF S WITCH L EAF S WITCH

Security Compute 1 Compute 3

L EAF S WITCH L EAF S WITCH

New Compute 1 Compute 3

We could talk about this for an entire session.

3 hours ago: BRKSDN-2411

CVIM test results

• NIC with 2 40Gbps ports =/= 80Gbps capable NIC! …

• NfvBench or TRex: Find out your actual performance

Controller - 1 Controller - 2 Controller - 3

Controller-1 Controller-2 Controller-3

Controller-1 Controller-2 Controller-3

Controller-1 Controller-2 Controller-3

Controller-1 Controller-2 Controller-3

Controller-1 Controller-2 Controller-3

Controller-1 Controller-2 Controller-3 Reachability

OS-api Describe intent in the

Computes watch etcd

Controller-1 Controller-2 Controller-3

VNFs VNFs CNFs VNFs CNFs VNFs CNFs

CCP CCP Cisco CCP

Validated Hardware Validated Hardware Validated Hardware Validated Hardware

Shipping Shipping (Roadmap) (Roadmap)

Pod IP’s Pod IP’s

K8’s Worker K8’s Worker

Worker VM routing, iptables

K8’s Worker Worker VM Worker VM

• Understand your Requirements

Meet the engineer

You might also like