Skip to main content

Acceleration technics for Data Intensive VNF


Recently I was leading the acceleration technics from virtualization point of view and how they can satisfy the need for speed requested by data intensive VNFs.

Although virtualization brings flexibility, resource management and scalability, it adds an overhead of resource represented by the amount of dedicated resource to run an hypervisor.

Virtualization introduce also the OVS component: Open virtual switch. This component is responsible of network bridging and routing in the virtualization domain.

Historically, Openstack framework was built for IT and web application. Then it was adapted by Telecom vendor as the Telco cloud framework to implement the NFV shift in the telecom industry.

OVS component is not a carrier grade component and represents a bottleneck point for data intensive VNFs.

Understanding the Data path in a virtualization environment.

Referring to VMWare technology, the below figure represents the data path in a virtualization environment.



Its important to mention that the speed of network is determined by the its slowest path.

The data path in the virtualization relies on may compute resources:

·       Network interfaces NIC

·       Processors (CPU)

·       Memory

·       Buses

The Network path consists of:

    • pNIC physical NIC
    • A process which transports traffic from pNIC to the VM Rx thread
    • A process that sends traffic from the VM to the network Tx thread

The above representation is describing the network path in VMware environment. To accelerate network traffic in VMware environment you should basically dedicate physical core to VMXNET3 process. This is the only way for the moment waiting for VMware to deliver more options in the next release of their Exsi hypervisor. Of course, SR-IOV might be an option bypassing the hypervisor layer. Something that is not recommended at all from VMware architects.

In an Openstack environment, OVS is the bottleneck component for data intensive VNF.

Standard OVS  is built out of three main components:

  • ovs-vswitchd : a user-space daemon that implements the switch logic
  •  kernel module (fast path) : that processes received frames based on a lookup table in kernel space
  • ovsdb-server : a database server that ovs-vswitchd queries to obtain its configuration.

OVS has several ports:

  • Outbound ports which are connected to the physical NICs on the host using kernel device drivers,
  • Inbound ports which are connected to VMs. The VM guest operating system (OS) is presented with vNICs using the well known [VirtIO] paravirtualized network driver.
 OVS was never designed with NFV in mind and does not meet some of the requirements we are starting to see from VNFs.

There are many acceleration technics in a virtualized environment:

·       PCI pass-through

·       SR-IOV Single Root I/O Virtualization

·       OVS-DPDK

·       SmartNIC



Each technology has its own advantages and uses cases.

SR-IOV is the most deployed technology in production today.

The most drawback of SR-IOV is that it bypass the virtualization layer. This push VNF and Vim vendor to enhance development and deployment to OVS-DPDK.

Below is a summary of the different main technics. 
  

And the table below summarizes pros and cons of each 3 technologies:








Labels:

Comments

Post a Comment

Popular posts from this blog

What You Must Know Before Establishing a Recovery Plan ?

In today's rapidly evolving digital landscape, organizations are increasingly adopting the zero trust model, primarily due to the expanding attack surface that leaves critical systems and data exposed. This shift is also fueled by the heightened sophistication of cyber-attacks, which have become more complex and harder to detect, surpassing traditional security measures. Additionally, the existing operating models within organizations are often inconsistent, typically characterized by distributed and siloed environments.    This fragmentation creates vulnerabilities and makes it challenging to implement uniform security protocols. The zero trust model addresses these challenges by assuming that threats exist both inside and outside the network, necessitating continuous verification of all users and devices. Its adoption represents a proactive stance in the ongoing battle against cyber threats, ensuring a more robust and resilient organizational security posture. The Evolution ...
Post a Comment
Read more

A comprehensive guide to ransomware distribution in VMware environments

In a virtualized on-premises environment based on VMware, ransomware distribution scenarios can be somewhat unique due to the nature of virtualization technology. However, many of the traditional attack vectors still apply. Here are some ransomware distribution scenarios specific to a VMware-based virtualized environment: Phishing Attacks Targeting Administrators: Administrators with access to the VMware environment might receive phishing emails. If they fall for these and their credentials are compromised, attackers can gain access to the virtualized environment. Exploiting Vulnerabilities in VMware Software: If VMware software or the underlying operating system is not kept up-to-date with security patches, vulnerabilities can be exploited by attackers to deliver ransomware into the virtualized environment. Compromised Remote Management Tools: Tools used for remote management of the virtualized environment, such as vSphere, can be a target. If these tools are compromised, attackers ca...
Post a Comment
Read more

Edge Computing Demystified Book

After a while I'm back and pleased  to share in this post my first book around Edge computing Technologies. Edge computing has been a very hot and interesting topic nowadays for communication service provider and Enterprise so far. Augmented Reality / Virtual Reality, Smart cities, Healthcare, industrial IoT and many others use cases require a change in the way we operate and host application in the cloud.  IA, Big Data and analytics are often used today to understand the behavior of the customer and even the health of services. Real-time and high throughput demand are the characteristic of the new business services. Edge computing technology promises to resolve different challenges and brings compute, storage and bandwidth close to the data source. I tried in ‘the Edge Computing Demystified’ book to explain Edge computing technology referring to different use cases from communication service provider and enterprise industry. I h...
Post a Comment
Read more