highhigh--performance packet performance packet … plane networking stack fast path mobile ip ......

V1.0 / 1 6WIND copyright 2012 All rights reserved. All brand names, trademarks and copyright

information cited in this presentation shall remain the property of its registered owners.

HighHigh--Performance Packet Performance Packet

Processing Solutions for Intel Processing Solutions for Intel

Architecture Platforms Architecture Platforms

Charlie Ashton, VP of Marketing and Business DevelopmentCharlie Ashton, VP of Marketing and Business Development

+1 (512) 913+1 (512) 913--6231, [email protected], [email protected]

TopicsTopics

� 6WIND Company Introduction

� Key Performance Challenges for Mobile and Cloud Infrastructure

� 6WINDGate Software Overview

©6WIND 2012V1.0 / 2

� 6WIND Solutions for Crystal Forest

� 6WIND Support for Intel® DPDK

� Summary

TopicsTopics




©6WIND 2012V1.0 / 3



� Summary

Company OverviewCompany Overview

� Networking and telecom software company

� Focused on solving the critical performance challenges for Software Defined

Networks

� Mobile Infrastructure (LTE networks)

©6WIND 2012V1.0 / 4

Mobile Infrastructure (LTE networks)

� Cloud Infrastructure (data center networks)

� Headquartered in Paris, France

� Offices in China, Japan, South Korea and US

� In business since 2000

� 6WINDGate™ software deployed in two-thirds of LTE networks worldwide

� 40% growth and profitable in 2011

Some of Our Clients Some of Our Clients

©6WIND 2012V1.0 / 5

Our clients develop leading-edge equipment for software-defined networks.Our clients develop leading-edge equipment for software-defined networks.

� Pre-integrated solution for Lanner network

appliances

� Provides best-in-class packet processing

performance

Strong Partnership with LannerStrong Partnership with Lanner

©6WIND 2012V1.0 / 6

� Deployed by major OEMs

“The combination of 6WIND’s packet processing

software and Lanner’s high-performance network

appliances enabled us to quickly bring to market a

best-in-class network security solution,” said Dr.

Hyochang Nam, Product Development Team

Leader at SECUI.

� Intelligent Systems Alliance member

� Delivering high-performance packet

processing solutions for Intel®

Architecture platforms for many years

� Nehalem, Westmere, Sandy Bridge etc.

Strong Partnership with IntelStrong Partnership with Intel

©6WIND 2012V1.0 / 7

� Nehalem, Westmere, Sandy Bridge etc.

� Intel DPDK experts

� Providing DPDK to customers both stand-alone

and integrated within 6WINDGate

� Many joint OEM customers using

6WINDGate on IA platforms

� Maximum networking performance

� Accelerated time-to-market

TopicsTopics




©6WIND 2012V1.0 / 8



� Summary

� Network Performance

� Maximize bandwidth for mobile video and for

cloud-based services

� Minimize latency for mobile gaming

� High scalability in anticipation of the next

Problems We Address in Mobile Problems We Address in Mobile

InfrastructureInfrastructure

©6WIND 2012V1.0 / 9

"killer app"

� Network Monetization

� Shift from unlimited mobile data plans to

tiered pricing

� Customer-centric service offers

� Policy-driven content distribution

Source: StarHub

Source:

Ericsson

� #1 supplier of networking software for

LTE infrastructure

� Used throughout Evolved Packet Core

(EPC) and access network equipment

6WIND in Mobile Infrastructure6WIND in Mobile Infrastructure

©6WIND 2012V1.0 / 10

� Adopted by multiple tier-1 Telecom

Equipment Manufacturers (TEMs)

� Deployed in commercial LTE networks

worldwide

Problems We Address in Cloud Problems We Address in Cloud

InfrastructureInfrastructure

CORE

AGGREGATION

LAYER

Physical

Appliances

using

Physical

Appliances

using

Virtual

Appliances

1. Low-cost, high-

performance network

appliances

©6WIND 2012V1.0 / 11

APPLICATION

SERVER

BLADES

ACCESS LAYER

using

Proprietary

Hardware

Application

Processing

only

Application

Processing

and

Networking

2. Massive growth in

number of VMs per

application server

blade drives need for

networking functions

Traditional Architecture

using

General-

Purpose

Processors

Appliances

using

Server

Hardware

Emerging Approach

6WIND in Cloud Infrastructure6WIND in Cloud Infrastructure

CORE

AGGREGATION

LAYER

Physical

Appliances

using

Physical

Appliances

using

Virtual

AppliancesPhysical and

©6WIND 2012V1.0 / 12

APPLICATION

SERVER

BLADES

ACCESS LAYER

using

Proprietary

Hardware

Application

Processing

only

using

General-

Purpose

Processors

Appliances

using

Server

Hardware

Application

Processing

and

Networking

Physical and

virtual network

appliances

Virtual switch for

application

server blades

TopicsTopics




©6WIND 2012V1.0 / 13



� Summary

6WINDGate Software Overview6WINDGate Software Overview

VirtualizationVirtualization5. Virtualization-ready.

Optimized

Networking

Protocols

Data PlaneData PlaneControl

Plane

6. Full set of networking protocols

with management support.

©6WIND 2012V1.0 / 14

7. Full scalability

across

processors,

blades and

racks.

4. Compatible with standard Linux

distributions and application APIs.

2. Best-in-class

packet processing

performance.

8. Carrier Grade

reliability.3. Optimized for Intel®

Architecture processors.

1. Optimized architecture based on

control plane - data plane separation.

Optimized ArchitectureOptimized Architecture

� In typical networked applications, 90+% of the workload

is sophisticated data plane processing

� Operating system overhead limits the performance of

standard networking stacks for these functions

Control Plane

Signaling

Data Plane Data Plane

ProcessingProcessing

©6WIND 2012V1.0 / 15

� 6WINDGate addresses this issue via:

� Unique, dedicated “fast path” within 6WINDGate Data Plane

� Performing packet inspection, processing and forwarding

� Transparent to Control Plane applications

� Optimized for maximum Intel® Architecture processors

Data Data

PlanePlane

Control Plane

Fast Path

� 6WINDGate is fully compatible with Linux

distributions from:

� Commercial Linux suppliers, both embedded

and enterprise

� kernel.org

� Other open-source distributions

Compatible with Linux and Compatible with Linux and

Applications Applications

Application SoftwareApplication Software

Custom applications,Custom applications,

Legacy applications,Legacy applications,

Mobile infrastructure Mobile infrastructure

(GTP(GTP--C, MPLS, NAS)C, MPLS, NAS)

Cloud infrastructure Cloud infrastructure

(ADC, firewall, IPS, UTM),(ADC, firewall, IPS, UTM),

Network security,Network security,

6WINDGate

Control Plane

(Optional)

©6WIND 2012V1.0 / 16

� Legacy application software runs

unchanged

� Full support for standard Linux compilers and

debug tools

� Fully compatible with standard Linux APIs

� Fast path is non-intrusive (transparently

synchronized with Linux)

Standard Linux APIsStandard Linux APIsNetlinkNetlink, PF_KEY, , PF_KEY, NetfilterNetfilter, BPF/, BPF/tcpdumptcpdump etc.etc.

Network security,Network security,

Deep Packet Inspection,Deep Packet Inspection,

etc.etc.

Data Data

PlanePlaneFast Path

� 6WINDGate maximizes system-level performance

of virtualized environments

� Hypervisor performance improvements from

6WIND-enhanced version of Intel® DPDK library

I/O Virtualization (IOV) bypasses hypervisor virtual

HighHigh--Performance Networking in Performance Networking in

Virtualized EnvironmentsVirtualized Environments

Virtual Machine

Operating

System

Application

Software

Virtual Machine

Linux

Network

Appliance

Virtual Machine

Linux

Network

Appliance

6WIND 6WIND DPDK DPDK

enhancementsenhancements

6WIND 6WIND DPDK DPDK

enhancementsenhancements

©6WIND 2012V1.0 / 17

� I/O Virtualization (IOV) bypasses hypervisor virtual

switch, removing vSwitch performance constraints

� Virtual VIC (vNIC) driver accelerates VM-to-VM

communication via virtual switch

� Direct VM-to-VM communication via VM2VM driver for

ultimate performance

� 6WINDGate runs within Virtual Appliances that

require high-performance networking

� Fully-compatible with standard hypervisors

� Citrix XEN, Red Hat KVM, VMware ESX etc.

HypervisorHypervisor

NIC(s)

Virtual SwitchVirtual Switch

IOv

VM2VM

vNIC

Comprehensive Protocol SetComprehensive Protocol Set

IP forwarding

IPsec, IPsec SVTI

V(X)LAN, (NV)GRE,

link aggregation

NAT

ROHC

Flow inspection

Fast Path Modules (IPv6-ready)

Networking Stack

Routing

Protocols

Static RIP (IPv4, IPv6), RIPng,

OSPFv2, OSPFv3, BGP-4,

BGP-4+, ECMP (IPv4, IPv6),

VRRP, PIMv4-SM, PIMv6-SM,

IGMP/MLD snooping & proxy,

static route monitoring & BFD

SecurityIKE, IKEv2, EAP, VPN

monitoring

PPP, Multi-link PPP, PPPoE,

Control Plane Modules

©6WIND 2012V1.0 / 18

High

availability

Monitoring system,

synchronization daemons for

ARP-NDP, routing and IPsec

SSL termination

IP filtering

IPv6 tunneling and

transition

QoS

IP reassembly

Multicast

GTP encapsulation

TCP termination

MPLS encapsulation

DPI engine interface

Optimized multicore Linux networking

stack, including:

• All Linux networking features

• Large-Scale NAT, SVTI

• Integrated hardware and software

crypto acceleration for IPsec and SSL

• Full scalability: Netfilter, IPsec, VRF.

• Graceful Restart extensions for High

Availability.High Availability Extended Fast Path

Connectivity

PPP, Multi-link PPP, PPPoE,

CHDLC, V(X)LAN, (NV)GRE,

6in6, 4in4, L2TP, DHCPv4/v6,

DNS proxy, RADIUS client

Mobility

Home agent, FMIP,

corresponding node, mobile

node, IPsec integration,

NEMO, proxy MIP

Virtual

Routing

(VRF)

Routing protocols, IKE

Switching LACP

Hardware PlatformHardware Platform

•• Fast path maximizes performance by processing Fast path maximizes performance by processing

packets outside the OSpackets outside the OS

•• Supports dynamic configuration of cores to run Supports dynamic configuration of cores to run

Linux or fast pathLinux or fast path

•• Performance scales linearly with number of cores Performance scales linearly with number of cores

running fast pathrunning fast path

Scalable across Processors and Scalable across Processors and

BladesBlades

Linux

Application SoftwareApplication Software

Linux

Cores

©6WIND 2012V1.0 / 19

1 2 3 4 5

Number of fast path cores

Data Plane

Performance

Data Data

PlanePlane

Control Plane

Fast Path Fast Path

Cores

6WIND's Software Partner 6WIND's Software Partner

EcosystemEcosystem

Embedded

©6WIND 2012V1.0 / 20

RTOS and

Linux

Suppliers

Embedded

Software

Suppliers

Example: LTE Security GatewayExample: LTE Security Gateway

� Complete integration of routing,

security and mobility features

� Full support for processor crypto engines for

maximum IPsec performance

� High capacity IKE solution maximizes

number of access points supported

Linux

Security Gateway

Control Plane

IKE IKE -- VRVRMOBIKEMOBIKEMobile IPMobile IP

RadiusRadius

DHCPDHCPOSPF, BGP, OSPF, BGP,

RIPRIP-- VRVR

High High

AvailabilityAvailability

©6WIND 2012V1.0 / 21

� Fully-scalable control plane and data

plane

� High Availability support for zero

downtime or five-nines reliability

Data PlaneData Plane Networking Stack

Fast Path

Mobile IPMobile IP

Virtual RoutingVirtual Routing

Firewall / QoSFirewall / QoS

IPv4 / IPv6 / IPsecIPv4 / IPv6 / IPsec

Fast Path Fast Path

ExtensionsExtensions

StatisticsStatistics

Example: Firewall / IPSExample: Firewall / IPS

• Unlimited scalability

across processors

and blades

Physical Appliance

Linux

Virtual Appliance

Virtual Machine

Linux

Firewall / IPS

Application Software

Networking Control

Plane

Networking Data PlaneNetworking Data Plane

Best-in-class cost-performance for physical and virtual appliances

• 15Mpps per core IP Forwarding

• 6Gbps per core IPsec, 100Gbps IPsec overall platform performance

• 1420B packets on dual Intel Xeon E5-2600 Series platform (2.7GHz)

©6WIND 2012V1.0 / 22

and blades

• Full support for

industry-standard

hypervisors and

orchestrators

• Comprehensive set of

optimized networking

protocolsIntel Multicore Processor PlatformIntel Multicore Processor Platform

Firewall / IPS

Application Software

Networking Control

Plane


High AvailabilityHigh Availability



VLANVLAN


Packet

Processing

Intel DPDKIntel DPDK

Crypto Crypto

AccelerationAcceleration

TCP / SSLTCP / SSL

Intel Multicore Processor Intel Multicore Processor PlatformPlatform


High AvailabilityHigh Availability



VLANVLAN


Packet

Processing

Intel DPDKIntel DPDK

VMVM--VM + IOVVM + IOV

Crypto Crypto

AccelerationAcceleration

TCP / SSLTCP / SSL

Hypervisor

TopicsTopics




©6WIND 2012V1.0 / 23



� Summary

RunRun--Time Software ModelTime Software ModelRunRun--Time Software ModelTime Software Model

� One core (or more) runs Linux, with (optionally) 6WINDGate control plane

� Remaining cores run 6WINDGate fast path on Intel® DPDK for maximum performance

� Performance scales linearly with number of cores configured to run fast path.

Linux

©6WIND 2012V1.0 / 24

Intel Multicore ProcessorIntel Multicore Processor

Control

Plane

Fast

Path

IntelIntel® ®

DPDKDPDK

Fast

Path

IntelIntel® ®

DPDKDPDK

Fast

Path

IntelIntel® ®

DPDKDPDK

Fast

Path

IntelIntel® ®

DPDKDPDK

• IP forwarding performance

per core

• 15 Mpps (with flow cache)

• 11 Mpps (without flow cache)

• Performance scales linearly

with the number of cores

Sandy Bridge IP ForwardingSandy Bridge IP Forwarding

PerformancePerformance

©6WIND 2012V1.0 / 25


configured to run the fast

path

• Other cores can be used

• For more complex fast path

processing or

• For Linux (networking stack,

control plane, applications)

Complete performance

information available

on request

Sandy Bridge IPsec PerformanceSandy Bridge IPsec Performance

• IPsec performance per core

• 64B packets: 1.8 Gbps

• 1420B packets: 6.3 Gbps

• Performance scales linearly


configured to run the fast Complete performance

©6WIND 2012V1.0 / 26

configured to run the fast

path

• Other cores can be used

• For more complex fast path

processing or

• For Linux (networking stack,

control plane, applications).

Complete performance

information available

on request

� Two options for customers to obtain Intel®

DPDK from 6WIND

� Option 1: Stand-alone library

� Including value-added enhancements and

6WIND's DPDK Solutions6WIND's DPDK Solutions

©6WIND 2012V1.0 / 28

� Including value-added enhancements and

add-ons

� Full technical support

� Option 2: Integrated with 6WINDGate

� Complete packet processing solution

� Full technical support

� Full technical details in joint white paper

http://www.6wind.com/document-library

Option 1: IntelOption 1: Intel®® DPDK Library DPDK Library

from 6WINDfrom 6WIND

� Optional add-ons available for increased

system functionality and performance

� Enables use of Intel® DPDK in Virtual

Appliances and Software-Defined Networks

� Improves system-level cost/performance in

network security applications

(Optional)(Optional)

Virtualization Virtualization

supportsupport


Cavium Nitrox Cavium Nitrox

security security

accelerator accelerator

supportsupport


MultiMulti--buffer buffer

IPsec IPsec

accelerationacceleration


Cave Creek Cave Creek

supportsupport

©6WIND 2012V1.0 / 29

� Includes value-added enhancements

� Crypto support via AES-NI

� Device monitoring and statistics

� Additional device support (e.g. NICs)

� Bug fixes

� Maintained by 6WIND as private branch

� Synchronized with Intel's on-going releases of

baseline library

Baseline Intel® DPDK Library

Monitoring

and statistics

• Ethtool MTU

support

• RX/TX queue

statistics

• CRC error

statistics

Additional

NICs

• 82571EB

"Ophir".

Crypto

support

• AES-NI.

Option 2: IntelOption 2: Intel®® DPDK DPDK

Integrated with 6WINDGateIntegrated with 6WINDGate

� 6WINDGate provides complete packet

processing solution for DPDK platforms

� Comprehensive set of optimized networking

protocols

� Full compatibility with application APIs

� Carrier Grade reliability

Control

Plane

Complete set of Layer 2 through Layer 4

routing, security, connectivity, switching and

mobility protocols

©6WIND 2012V1.0 / 30

Carrier Grade reliability

� 6WINDGate fully leverages Intel® DPDK

library

� Exploits Intel® DPDK data plane libraries for

best possible utilization of processor resources

� Optimized NIC drivers for maximum networking

performance

� Delivered as integrated solution to

accelerate clients' time-to-market

Data Data

PlanePlaneFast Path

20+ optimized fast path

protocols with full support

for on-chip accelerators

Intel® DPDK Library with 6WIND Enhancements

Optional Optional AddAdd--On On FeaturesFeatures

6WIND: Your Partner From 6WIND: Your Partner From

Concept to DeploymentConcept to Deployment

System Development and System Development and

IntegrationIntegrationSystem Design System DeploymentSystem Deployment

©6WIND 2012V1.0 / 32

• Requirements analysis

• 6WINDGate evaluation

• Performance measurements

• 6WIND expertise

• Migrating applications to

multicore

• Architecture optimizations

• Protocols

• 6WINDGate integration

• Source code license

• Development support

• Technical training

• Customization

• Software integration

• 6WINDGate product support

• Technical training

• Maintenance

• Updates

• Roadmap alignment

F o r M o r e I n f o r m a t i o nFor More Information

White Papers

www.6wind.com

©6WIND 2012V1.0 / 33

Product Briefs

Website and blog

SummarySummary

� Networking OEMs face major challenges in:

� Performance

� Cost

� Scalability

©6WIND 2012V1.0 / 34

www.6wind.comwww.6wind.com

� Time-to-market

� 6WIND provides a proven solution to these

problems

� Adopted by tier-1 OEMs worldwide

� Deployed in mobile, cloud and enterprise networks

� Optimized for Intel® Architecture platforms

highhigh--performance packet performance packet … plane networking stack fast path mobile ip ......

Documents