network functions virtualization infrastructure (nfvi ... · a reference document providing the...

Table of Contents

1. Safety Information .......................................................................................................2

2. Warnings ........................................................................................................................3

3. Overview ........................................................................................................................5

3.1 Purpose ....................................................................................................................5

3.2 About This Manual ................................................................................................5

3.3 Reference Materials and Links ..........................................................................5

3.4NetworkConfiguration ........................................................................................6

4. Overview of Intel Select Fast Track Kit for NFVI Software Demonstrations ...............................................................................7

5. Instructions to run the demos ..................................................................................7

5.1 The Intel® QuickAssist Technology (Intel® QAT) Demos .............................7

5.1.1 Intel QAT OpenSSL/NGINX Demo ...........................................................7

5.1.2 Intel QAT IPSec with DPDK Demo ........................................................ 10

5.2 Networking Demo .............................................................................................. 14

Appendix A. Glossary ................................................................................................... 18

AppendixB.HardwareConfigurationsofthe Intel Select Fast Track Kit for NFVI .................................................. 19

AppendixC.SoftwareConfigurationsofthe Intel Select Fast Track Kit for NFVI .................................................. 19

A reference document providing the network functions virtualization (NFV) vendors detailed demonstrations and procedures to get started on the Intel® Select Fast Track Kit for NFVI with Red Hat* Enterprise Linux.*

Intel® Select Fast Track Kit for NFVI with Red Hat* Enterprise Linux* User Guide

Network Functions Virtualization Infrastructure (NFVI)

User GUide

1. Safety Information

Important Safety Instructions

Read all caution and safety statements in this document before performing any of the instructions. See also Safety and Regulatory Compliance Information for Intel® Server System 4600/2600/2400/1600 Families at https://www.intel.com/content/www/us/en/support/articles/000007675/server-products.html.

Wichtige Sicherheitshinweise

Lesen Sie zunächst sämtliche Warnung und Sicherheitshinweise in diesem Dokument, bevor Sie eine der Anweisungen ausführen. Beachten Sie hierzu auch die Sicherheitshinweise zu Intel-Serverplatinen und Servergehäusen auf der https://www.intel.com/content/www/us/en/support/articles/000007675/server-products.html.

Consignes de sécurité

Lisez attentivement toutes les consignes de sécurité et les mises en garde contenues dans ce document, avant d'exécuter la moindre instruction. Consultez également le document « Safety and Regulatory Compliance Information for Intel® Server System 4600/2600/2400/1600 Families », disponible sur le site https://www.intel.com/content/www/us/en/support/articles/000007675/server-products.html.

Instrucciones de seguridad importantes

Lea todas las declaraciones de seguridad y precaución de este documento antes de realizar cualquiera de las instrucciones. Vea Safety and Regulatory Compliance Information for Intel® Server System 4600/2600/2400/1600 Families en https://www.intel.com/content/www/us/en/support/articles/000007675/server-products.html.

重要安全指导

在执行任何指令之前，请阅读本文档中的所有注意事项及安全声明。和/或

https://www.intel.com/content/www/us/en/support/articles/000007675/server-products.html 上的 Safety and Regulatory Compliance Information for Intel® Server System 4600/2600/2400/1600 Families (《Intel 服务器主板与服务器机箱安全信息》）。

White Paper | Intel® Select Fast Track Kit for NFVI with Red Hat* Enterprise Linux* User Guide

2

https://www.intel.com/content/www/us/en/support/articles/000007675/server-products.html












2. WarningsHeed safety instructions: Before working with your server product, whether you are using this guide or any other resource as a reference, pay close attention to the safety instructions. You must adhere to the assembly instructions in this guide to ensure and maintain compliance with existing product certifications and approvals. Use only the described, regulated components specified in this guide. Use of other products/components will void the UL listing and other regulatory approvals of the product and will most likely result in noncompliance with product regulations in the region(s) in which the product is sold.

Systempoweron/off: The power button DOES NOT turn off the system AC power. To remove power from the system, you must unplug the AC power cord from the wall outlet. Make sure the AC power cord is unplugged before you open the chassis, add, or remove any components.

Hazardous conditions, devices and cables: Hazardous electrical conditions may be present on power, telephone, and communication cables. Turn off the server and disconnect the power cord, telecommunications systems, networks, and modems attached to the server before opening it. Otherwise, personal injury or equipment damage can result.

Installing or removing jumpers: A jumper is a small plastic encased conductor that slips over two jumper pins. Some jumpers have a small tab on top that you can grip with your fingertips or with a pair of fine needle nosed pliers. If your jumpers do not have such a tab, take care when using needle nosed pliers to remove or install a jumper; grip the narrow sides of the jumper with the pliers, never the wide sides. Gripping the wide sides can damage the contacts inside the jumper, causing intermittent problems with the function controlled by that jumper. Take care to grip with, but not squeeze, the pliers or other tool you use to remove a jumper, or you may bend or break the pins on the board.

Slide / Rail mounted equipment is not to be used as a shelf or a work space

Electrostatic Discharge (ESD)

Electrostatic discharge can cause damage to your computer or the components within it. ESD can occur without the user feeling a shock while working inside the system chassis or while improperly handling electronic devices like processors, memory or other storage devices, and add-in cards.

Intel recommends the following steps be taken when performing any procedures described within this document or while performing service to any computer system.

• Where available, all system integration and/or service should be performed at a properly equipped ESD workstation

• Wear ESD protective gear like a grounded antistatic wrist strap, sole grounders, and/or conductive shoes

• Wear an anti-static smock or gown to cover any clothing that may generate an electrostatic charge

• Remove all jewelry

• Disconnect all power cables and cords attached to the server before performing any integration or service

• Touch any unpainted metal surface of the chassis before performing any integration or service


3

• Hold all circuit boards and other electronic components by their edges only

• After removing electronic devices from the system or from their protective packaging, place them component side up on to a grounded anti-static surface or conductive foam pad. Do not place electronic devices on to the outside of any protective packaging.

List of Figures

Figure 1. Connecting network cables ........................................................................ 6

Figure 2. OpenSSL demo: With software only ........................................................ 8

Figure 3. OpenSSL demo: htop showing CPU core utilization for software tests .......................................................................................... 8

Figure 4. OpenSSL demo: With Intel QAT ................................................................. 9

Figure 5. OpenSSL demo: htop showing CPU utilization with Intel QAT .......10

Figure 6. IPSec demo: Starting demo -1 ..................................................................11

Figure 7. IPSec demo: Starting demo -2 ..................................................................11

Figure 8. IPSec demo: Starting demo -3 .................................................................11

Figure 9. IPSec demo: Starting demo -4 .................................................................12

Figure 10. IPSec demo: Setting attributes to ports via TRex console .............12

Figure11.IPSecdemo:StartingtrafficviaTRexconsole ...................................13

Figure 12. IPSec demo: Performance numbers .....................................................13

Figure 13. Networking demo: Setup ........................................................................14

Figure 14. Networking demo: Data path representation on NUMA and non-NUMA cases ............................................................14

Figure 15. Networking demo: Screenshot of BIFF contents on a Windows Computer ........................................................15

Figure 16. Networking demo: Impact of NUMA awareness ...............................15

Figure 17. Networking demo: Impact of NUMA awareness in the presence of a noisy neighbor .....................................................16

Figure18.Networkingdemo:ChangingIPaddressinMinionxmlfile ...........17

Figure 19. Networking demo: Screenshot of running the demo ......................17

Figure 20. Networking demo: Live data GUI ..........................................................18

List of Tables

Table1.NetworkConfiguration….. ..............................................................................7


4

3. OverviewIntel® Xeon® processors have been used successfully by many ecosystem partners to power their network functions virtualization (NFV) solutions. In Intel® Network Builders alone, there are more than 260 partners that utilize Intel Xeon processors to provide infrastructure or to power workloads. Intel has worked closely with many of these companies and has gained extensive experience that it has used in identifying the optimal server hardware configurations and open source software stacks for NFV workloads.

The launch of the new Intel Xeon Scalable processors gives Intel Network Builders members access to processors with increased scalability and enhanced performance for NFV applications. This new processor family is based on an entirely new processor architecture—Intel® Mesh Architecture—that scales to deliver workload optimized performance in NFV applications. The Intel Xeon Scalable processors integrate a number of performance accelerators. The most important of these for NFV applications is Intel® QuickAssist Technology (Intel® QAT), which accelerates encryption/decryption and data compression operations needed for network security.

Intel is now introducing Intel® Select Fast Track Kit for NFVI to enable Intel Network Builders members to accelerate the development of NFV solutions by leveraging the capabilities of these new processors.

3.1 Purpose With the Intel Select Fast Track Kit for NFVI, ecosystem partners can deliver workload-optimized server solutions to CommSPs customers that lessen the time, effort, and expense involved with evaluating hardware and software integrations for NFV-based service development and deployment. These tested, pre-integrated solutions provide developers with faster access to advanced platform configurations to speed availability of optimized NFV solutions and allow network architects to pull in test and modelling of solutions that will define next-generation network architectures.

This User Guide describes procedures for executing demos that illustrate the features available in the Intel Select Fast Track Kit for NFVI. The Intel Select Fast Track Kit for NFVI demonstrations operate in an environment with simple workloads. In real-world scenarios, performance may vary based on the management and orchestration (MANO) layer configurations and the permutations of virtualized network functions running.¹

3.2 About This ManualThe Intel Select Fast Track Kit for NFVI comes pre-installed with a collection of demos that showcase the features of the platform. This manual describes step-by-step instructions to execute the demos.

Section 1 provides an overview of the Intel Select Fast Track Kit for NFVI. Section 2 gives a brief description of the demos included in the Kit. Section 3 describes step-by-step instructions of running the Graphical User Interface (GUI) of the demos on a Windows* computer and also provides Linux* commands to run the back-end of the demos.

3.3 Reference Materials and LinksIntel® QuickAssist Technologyhttps://01.org/intel-quickassist-technology

Intel QuickAssist Technology Driverhttps://01.org/sites/default/files/downloads/intelr-quickassist-technology/qat1.7.upstream.l.1.0.3-42.tar.gz

QAT_Enginehttps://github.com/01org/QAT_Engine

OpenSSLhttps://github.com/openssl/openssl.git


5

https://01.org/intel-quickassist-technology

https://01.org/sites/default/files/downloads/intelr-quickassist-technology/qat1.7.upstream.l.1.0.3-42.tar.gz

https://01.org/sites/default/files/downloads/intelr-quickassist-technology/qat1.7.upstream.l.1.0.3-42.tar.gz

https://github.com/01org/QAT_Engine

https://github.com/openssl/openssl.git

NGINX*http://nginx.org/download/nginx-1.10.3.tar.gz

NGINX patches for Intel® QAThttps://01.org/sites/default/files/downloads/intelr-quickassist-technology/nginx-1.10.3-async.l.0.3.0-002.tar.gz

Data Plane Development Kithttp://dpdk.org/

TRex* Traffic Generatorhttp://trex-tgn.cisco.com/trex

Intel Data Plane Performance Demonstratorshttps://01.org/intel-data-plane-performance-demonstrators/downloads

Patch to Add Support for DPDK 17.11 on Top of PROX-v041https://git.opnfv.org/samplevnf/patch/?id=972dac6999c939a3b1f70d69f81082d8cabd04c7

BIFF Frameworkhttps://github.com/intel/Board-Instrumentation-Framework

Python*https://www.python.org/download/

Java*https://java.com/en/download/index.jsp

Demo scriptshttps://01.org/intel-data-plane-performance-demonstrators/nfvi-ftk-demos

3.4 Network Configuration Table 1 shows the network configuration for the Intel Select Fast Track Kit for NFVI:


Component Includes Description

NIC (Intel® Ethernet Network Adapter XXV710-DA2 Dual 25 Gb)

Two (2) x each socket for two (2) sockets (four (4) total), giving an aggregated theoretical throughput of up to 200 Gbps per server.

The NICs are connected in a loopback way from one socket to another.

Table 1. Network Configuration

Management Network

25Gbit (SFP28) loopback cables

Figure 1. Connecting network cables

6

http://nginx.org/download/nginx-1.10.3.tar.gz

https://01.org/sites/default/files/downloads/intelr-quickassist-technology/nginx-1.10.3-async.l.0.3.0-002.tar.gz

http://dpdk.org/

http://trex-tgn.cisco.com/trex

https://01.org/intel-data-plane-performance-demonstrators/downloads

https://git.opnfv.org/samplevnf/patch/?id=972dac6999c939a3b1f70d69f81082d8cabd04c7

https://github.com/intel/Board-Instrumentation-Framework

https://www.python.org/download/

https://java.com/en/download/index.jsp

https://01.org/intel-data-plane-performance-demonstrators/nfvi-ftk-demos


4. Overview of Intel Select Fast Track Kit for NFVI Software Demonstrations The Intel Select Fast Track Kit for NFVI is designed as a self-contained NFV infrastructure platform. This kit includes a tested configuration of hardware, firmware, and software optimized for essential NFV workloads, performance characterization and optimization tools, and demos with traffic generators and workloads. These demos are useful for familiarizing the user with features of the platform.

This User Guide gives procedures and slide graphics for each of the three main demos: Intel QAT OpenSSL, Intel QAT IPSec, and Networking, developed to run the Intel Select Fast Track Kit for NFVI. With this information, users can access and implement the functionality of this product with efficiency and quick results.

The Intel Select Fast Track Kit for NFVI demos showcase the performance benefits of:

• Intel QAT acceleration built in the chipset which accelerates compute-intensive symmetric and asymmetric encryption and authentication, and digital signatures.

• High-throughput versatile network interface cards (NICs): two Intel® Ethernet Network Adapter XXV710-DA2 (dual 25 Gb) NICs per socket, four NICs in total, which gives aggregated theoretical throughput of up to 200 Gbps per server.

The Intel Select Fast Track Kit for NFVI comes pre-installed with the Network Functions Virtualization Infrastructure Best Known Configuration (NFVI BKC) software and demonstrates the value proposition of the Intel Xeon processor Scalable family, saving ISVs and end users time and complexity to install and tune the software. This provides a great out-of-box experience for the customers and ultimately accelerates the onboarding and development of their VNF applications with Intel Xeon Scalable processors.

5. Instructions to run the demos This section provides command line instructions to run the back-end of demos on a Linux terminal connected to the server with Intel Xeon Scalable processors via SSH and the respective Graphical User Interface on a Windows computer. Each demo shows the performance improvements with the respective features of the platform.

Note: The User Guide provides Linux commands to be executed on the server with Intel Xeon Scalable processors and assumes minimum Linux expertise.

In order to log in to this server, users can use root as a username and password as a password. After the initial login, the password should be updated to user network security requirements.

5.1 The Intel® QuickAssist Technology (Intel® QAT) Demos Intel QAT is a hardware/software solution that encrypts, decrypts, compresses and decompresses data to improve server performance and efficiency. With more and more traffic using the Secure Sockets Layer (SSL) protocol being encrypted, servers and security appliances often include dedicated accelerators to handle these growing

cryptographic workloads. Intel QAT is mainly used for high volume public key cryptography (asymmetric encryption, digital signatures, and key exchange), bulk cryptography (symmetric encryption and authentication, and cipher operations), and compression (lossless data compression for data in flight and at rest).

Intel QAT produces a compelling performance improvement for web servers, application delivery controllers, firewalls and content delivery networks. Any network requiring Transport Layer Security or Secure Sockets Layer authentication typically requires a high performing public key exchange system. Serving web content, financial transactions, or secure VPN connections all require high-performance encrypted tunnels and server authentication. Asymmetric cryptography or public key cryptography is based on several different algorithms; processing them without explicit hardware acceleration requires substantial CPU core resources. For example, solving one RSA 2K key decrypt would require greater than 1M CPU cycles. Intel QuickAssist Technology greatly accelerates this functionality while preserving the Intel architecture cores for other essential applications.

Two Intel QAT demos are described in this section: the OpenSSL/NGINX demo for the public key cryptography and IPSec demo for the bulk cryptography.

5.1.1 Intel QAT OpenSSL/NGINX DemoIntel worked with the OpenSSL Software Foundation to update OpenSSL to better support hardware acceleration feature by adding the asynchronous interface to OpenSSL. Customers can use the patch provided to popular open source software (OpenSSL, NGINX) to minimize or eliminate their effort to learn the API for public key cryptography, bulk cryptography, and compression. A reference link to this patch is mentioned in section 1.3. The Intel QAT Engine is a complete implementation of Intel QAT that plugs into the OpenSSL framework.

NGINX is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server. The Intel QAT OpenSSL Engine is used in NGINX server development to accelerate the SSL/TLS protocol.

The demo described in this section is used to show the advantages of Intel QAT public key cryptography. This is a self-contained demonstration package running an NGINX web server with OpenSSL application running on top of it. The OpenSSL application acts as clients making secure requests to the NGINX server. The idea of this demo is to showcase the performance improvement of OpenSSL applications which takes advantage of the Intel QAT acceleration without modifying the source code.

In this demo, stimulus traffic is generated on one NUMA node and NGINX runs as a workload on the other NUMA node. The NGINX web server and the client applications are running on a pre-allocated number of cores. When the demo is started, clients serve to flood the server with HTTPS requests, certificates are verified by the client, key information is exchanged and the server decrypts using Intel QAT. The tests runs for 90 seconds and then the key decrypt rate is calculated based on the number of sessions flooding the server.

The test is executed running only on in software on standard Intel architecture cores and then is re-executed running with

7

Intel QAT enabled to demonstrate the value proposition of the hardware acceleration. In this demo we see a 6x improvement in performance with Intel QuickAssist enabled as compared to what the server could do with the same amount of CPU resources if running without acceleration.²

Command line instructions to run Intel QAT-OpenSSL demo

The Intel Select Fast Track Kit for NFVI is a self-contained kit, which has both the traffic generator and workloads running on the same server. These steps are to be executed on a Linux terminal, connected to the server with Intel Xeon Scalable processors via SSH.

Section 5.1.1.1 provides instructions to run the software only test scripts (without any hardware acceleration features) and

section 5.1.1.2 provides instructions to run the test scripts with Intel QAT-based acceleration enabled.

5.1.1.1 With software NGINX/OpenSSL

This section provides command line instructions to run the software NGINX tests without using any acceleration features of Intel QAT.

1. Change directory to install_scripts in openssl_demo directory:

# cd /root/openssl_demo/install_scripts

2. Execute the run script for software:

# ./run_sw.sh


Figure 2. OpenSSL demo: With software only

Note: A number of warnings/errors may be reported while the script tunes the server. These can be ignored.

3. The core utilization can be monitored on another terminal while the test is running using htop:

# htop

Figure 3. OpenSSL demo: htop showing CPU core utilization for software tests

8


5.1.1.2 OpenSSL/NGINX with Intel QAT

The same test suite can be used to test connections per second with Intel QAT. This requires closing the current NGINX server and restarting NGINX using different NGINX configuration file.

In this terminal we will navigate to the NGINX Server (traffic generator) scripts directory, tune the server and start NGINX traffic. We perform several Linux optimizations on the server, including disabling firewall, iptables and updating various tcp parameters as mentioned in the “tuning_server.sh” file.

1. Change directory to install_scripts in openssl_demo directory:

# cd /root/openssl_demo/install_scripts

2. If this demo is being run for the first time or after Intel QAT-IPSec demo was executed, please make sure to run “QAT_setup.sh”. Else skip to step 3.

# ./QAT_setup.sh

3. Execute the run script for Intel QAT:

# ./run_QAT.sh

Figure 4. OpenSSL demo: With Intel QAT

Note: A number of warnings/errors may be reported while the script tunes the server. These can be ignored.

Note: These tests run the NGINX stack using 18C/36Ts and all remaining cores generating client traffic. There are not enough cores/threads available to generate enough client traffic to fully load the high-end Intel® C62X Chipset SKUs. Hence, higher performance numbers may be achieved in real-life applications or from a properly configured performance test bench.

4. The core utilization can be monitored on another terminal while the test is running using htop:

# htop

The htop screen capture below shows CPU cores running NGINX server (shown in blue) and client processes (shown in orange) as per the cores assigned in the scripts accordingly.

Note: htop logical core display starts with 1

Server cores: 1-15,45-59

Client cores: 0,16-44,60-87

9


Figure 5. OpenSSL demo: htop showing CPU utilization with Intel QAT

Refer to “README.txt” in “/root/openssl _ demo/” for further explanation on the scripts included in this demo.

In the above steps, we are navigating to the OpenSSL demo install scripts directory and executing “run_QAT.sh” script, which will tune the server, start NGINX traffic, and start a script that kicks off a number of connections to the server. This script (NGINX_client.sh) issues a number of (Clients) OpenSSL s_time connect commands to the NGINX webserver running on the system. This script also calculates the number of connections that are processed. These tests use every core/hyperthread that was used for running NGINX server to generate client traffic. We perform several Linux optimizations on the server, including disabling firewall, iptables and updating various tcp parameters as mentioned in the “/root/openssl_demo/scripts/tuning_server.sh” file.

5.1.2 Intel QAT IPSec with DPDK DemoThe second Intel QAT workload shown in the Intel Select Fast Track Kit for NFVI is Internet Protocol Security (IPSec) with Data Plane Development Kit (DPDK). This demo is used to show the advantages of Intel QAT bulk cryptography. IPSec is a network protocol suite that authenticates and encrypts packets of data sent over a network. IPSec uses cryptographic security services to provide additional protection for communications over Internet Protocol networks. Intel QuickAssist Technology provides new level of performance and efficiency for IPSec communication. Employing Intel QAT with DPDK takes advantage of high speed application interface, called CryptoDev API. Using Intel QuickAssist Technology accelerators for authenticated encryption with ciphers such as AES CBC, HMAC SHA1, or

AES GCM enables a large performance improvement in terms of compute cycles per byte of encryption compared to software encryption stacks.³

In this demo, a client forwards packets in clear text to the server, the server then encrypts and forwards the encrypted packets to the destination. The performance of IPSec employing DPDK with Intel QAT is then measured.

In this demo, stimulus traffic is generated on one NUMA node and the workload is run on the other NUMA node.

Command line instructions to run IPSec with DPDK demo

This section provides command line instructions to start the IPSec demo with Intel QAT and DPDK. As the Intel Select Fast Track Kit for NFVI is a self-contained kit with the traffic generator and workloads running on the same server, the Linux commands below should be executed on two different Linux terminals connected to the server with Intel Xeon Scalable processors via SSH.

1. Change directory to ipsec demo

# cd /root/ipsec_demo

2. If running this demo for the first time or after Intel QAT-OpenSSL demo, please make sure to execute this step, to install all required drivers and acceleration packages for the IPSec demo. Else skip to step 3.

# ./ipsec_setup.sh

3. On one terminal, run this step to start IPSec and TRex traffic generator

# ./run_ipsec1.sh

10


Figure 6. IPSec demo: Starting demo -1



11



4. On another terminal, run this step to set the attributes and start the traffic using TRex console.

#./run_ipsec2.sh

Figure 10. IPSec demo: Setting attributes to ports via TRex console

12


Figure 11. IPSec demo: Starting traffic via TRex console

5. The performance numbers are output on the first terminal (step 3), which looks like Figure 12:

Figure 12. IPSec demo: Performance numbers

6. Stop the demo by running:

# ./stop_ipsec.sh

13


5.2 Networking DemoThe Networking demo in the Intel Select Fast Track Kit for NFVI shows the advantages of DPDK, with and without NUMA awareness. One of the value prepositions for the Intel Select Fast Track Kit for NFVI is that the hardware platform is architected to provide NUMA balancing for network and storage devices. With this platform architecture the network storage and other proof of components provide optimized and deterministic performance by design, facilitating discovery, provisioning and orchestration of Virtual Network Functions. In this demonstration, we will show the effects of non-NUMA alignments on performance and determinism.

The setup used in this demo, as shown in Figure 13, is the Intel Select Solution Fast Track Kit server platform with 25 Gb Ethernet network interface cards installed, used to generate and forward traffic. The traffic generator function is allocated to cores on one processor and packet forwarding function is allocated to cores on second processor. For this demo, the packet size is set to 1024 Byte.

Demo on One Server, Results Displayed Anywhere

NIC 2x25GNIC

Processor A Processor B

NIC 2x25G

Traffic Generatorand AnalyzerDemo Workload

New Generation PlatformLive data on Intel® Select Fast

Track Kit for NFVILegend, Gauges

NIC 2x25GNIC 2x25G

Previous GenerationPrerecorded data samples

Relative Comparison

Figure 13. Networking demo: Setup

We run the test cases in two scenarios: one is NUMA-aligned setup and the other is non-NUMA aligned setup. In the NUMA-aligned case, network interfaces are connected to the same processor and data follows the green arrow for the data path as shown in Figure 14. In the non-NUMA-aligned case, network interfaces are not connected to the same processor and the data has to go across UltraPath Interconnect (UPI) to get to the CPU cores that are generating or forwarding these data packets (follows the red data path as shown in Figure 14). The difference in measurement is then measured and compared as shown in Figure 16.

Processor A Processor B

PC

Ie

PC

Ie

NIC 2x25G NIC 2x25G NIC 2x25GNIC 2x25G

UPI

Datapath:OptimalNUMA,

CPU Cores Affinity,and I/O Allocation

Datapath: Suboptimal

NUMA

NUMA Allocation, CPU Cores, and I/O

Traffic Generatorand AnalyzerDemo Workload

Figure 14. Networking demo: Data path representation on NUMA and non-NUMA cases.

14


Running Networking demo on a Windows Computer

PrerequisitesPython 3.* and the Java runtime must be installed on the system prior running the GUI part of the Networking demo.

Pythonhttps://www.python.org/download/Note: Make sure to select Add Python to Path during install or add Python to the environment path manually if installing on a Windows platform.

Javahttps://java.com/en/download/index.jsp

Please copy “Windows_Client.zip” file that can be found in “/root/networking_demo” directory on the server to the Windows computer, then extract the archive to a directory on a local drive.

Figure 15. Networking demo: Screenshot of BIFF contents on a Windows Computer

1. Double-click on “Fast Track Demo.bat” file, which opens two orchestrators (Oscar) and a Java GUI (Marvin) with multiple tabs.

2. Click on the first tab, Demo Setup tab to see the networking demo setup as shown in Figure 13.

3. To compare the impact of NUMA awarness, click on “Purley NUMA 1024B” tab as shown in Figure 16. The performance throughput is shown in Giga bits per second, Million packets per second and the CPU cores utilized for these tests. The left portion of the screen exhibits non-NUMA-aligned performance (19.4 Mpps), the right portion of the screen exhibits the NUMA-aligned system performance (23.4 Mpps) and the middle chart displays the performance improvement (1.2x) that can be achieved with NUMA-aligned setup.⁴

Figure 16. Networking demo: Impact of NUMA awareness

15

https://www.python.org/download/

https://java.com/en/download/index.jsp


4. The effects of an indeterminism can be measured using noisy neighbor application running on the same platform. As shown in Figure 17, introducing a noisy neighbor not only lowers the performance in non-NUMA aligned setup, but the performance fluctuates up and down (orange graph in the middle chart) depending on the level of activity introduced by the noisy neighbor. In contrast, we do not see any effects of noisy neighbor on the NUMA-aligned setup (green graph in the middle chart), in other words, it is very deterministic.

Figure 17. Networking demo: Impact of NUMA awareness in the presence of a noisy neighbor

5. Thus, by implementing a NUMA-aligned mode, we can achieve:

• Optimal performance

• Deterministic behaviour

• Ease of discovery, provisioning and orchestration of the platform.

Running Networking demo live from command line:

This section provides the command line instructions to run the networking demo live.

Packet pROcessing eXecution engine (PROX) is a DPDK application which can do operations on packets in a highly configurable manner. Running the PROX application with respective configuration files displays the performance statistics of the system. More information about PROX can be found on https://01.org/intel-data-plane-performance-demonstrators/prox-overview.

1. Change directory to networking demo.

# cd /root/networking_demo/

2. Now navigate to the fasttrack directory in Minion

# cd /root/networking_demo/Minion/fasttrack/

3. Edit “ft_minion.xml” and copy the IP address of the windows PC where the GUI is run. Minion connects to the Oscar (play back master, that in turn sends data to Marvin, the GUI) using information from this file.

root@unassigned-hostname:~/networking _ demo/Minion/fasttrack# vi ft _ minion.xml

<Minion>

<AliasList>

<Alias BytesPerSec2MBPS=".00000008"/>

<Alias ButesPerSec2GBPS=".000000008"/>

<Alias MyFreq="350"/>

</AliasList>

16

https://01.org/intel-data-plane-performance-demonstrators/prox-overview

https://01.org/intel-data-plane-performance-demonstrators/prox-overview


Figure 18. Networking demo: Changing IP address in Minion xml file

<Namespace>

<Name>SKY.NN.LIVE</Name>

<DefaultFrequency>$(MyFreq)</DefaultFrequency>

<TargetConnection IP="10.24.68.58" PORT="5100"/>

4. Change directory to networking demo

# cd /root/networking_demo

5. Run “run_nwdemo.sh” which will start PROX and Minion files

# ./run_nwdemo.sh

Figure 19. Networking demo: Screenshot of running the demo

17


6. Now on the Windows computer, run “Fast Track Demo.bat” as explained in step 1 in “Running Networking demo on a Windows computer”

7. Click on the last tab “Live Data”, where the live data is coming from the server with Intel Xeon Scalable processors.

Figure 20. Networking demo: Live data GUI

8. At the end, stop networking demo using this script:

# ./stop_nwdemo.sh

18

Appendix A. Glossary

DPDK – Data Plane Development Kit

GUI – Graphical User Interface

IPSec – Internet Protocol Security

NFV – Network Functions Virtualization

NFVI – Network Functions Virtualization Infrastructure

NIC – Network Interface Card

NUMA – Non-uniform Memory Access

NVMe – Non-Volatile Memory Express

Intel QAT – Intel QuickAssist Technology

SSD – Solid State Drive

SSL – Secure Socket Layer

VM – Virtual Machine


Component Part Product Code

ProcessorIntel® Xeon® Gold 6152 processors, 22 Cores, 2.1 GHz, 30.25 LLC (MB), 140 W (TDP)

S-Spec SR3B4

Board + ChassisIntel® Server Board S2600WFQIntel® Server Chassis R2208WF – 2U, 8 x 2.5” drives

R2208WFQZS

Power Supply Redundant 1300 W CRPS - AC, Titanium, Intel AXX1300TCRPS

Memory RDIMM 16 GB – DDR4 288-pin, 2666 MHz, Micron* J26609-002

Storage drives – Boot 2x Intel® SSD Data Center S4500 Series - 240 GB, SATA 3.0 SSDSC2KB240G7

Storage drives – Capacity 4x Intel® SSD Data Center P4500 Series - 1 TB, PCIe 3.0 x 4 Interface SSDPE2KX010T7

NVMe Switch 4 Port Switch, Intel AXXP3SWX08040

PCIe Cables OCuLink Cables for up to 4 NVMe drives, Intel

AXXCBL800CVCR (2), AXXCBL470CVCR (1), AXXCBL530CVCR (1)

Connectivity – NICs4x Dual 25 GbE Intel® Ethernet Network Adapters XXV710-DA21 GbE Management Port

XXV710-DA2

Out of Band Network – NICs Intel® Ethernet Network Connection OCP I357-T4 I357T4OCPG1P5

Cables – Networking 4x Intel® Ethernet SFP28 Twinaxial Cable XXVDACBL1M

19

Appendix B. Hardware Configurations of the Intel Select Fast Track Kit for NFVI

Appendix C. Software Configurations of the Intel Select Fast Track Kit for NFVI

SW Name and Version Details

DPDK 17.11

Red Hat* Enterprise Linux* 7.4


20

¹ These demos are adapted to run on a single server. Performance data produced by any of these applications are not indicative of benchmark results produced by a properly-configured performance test bench.

² Results seen on the Intel Select for NFVI Fast Track Kit. See sections 5.1.1.1 and 5.1.1.2 for configuration files. See Appendix B for hardware configurations. See Appendix C for software configurations.

³ Based on Intel internal testing results. ⁴ Results seen on the Intel Select for NFVI Fast Track Kit. See the next section (“Running Networking demo live from command line”) for the configuration files. See Appendix B for hardware

configurations. See Appendix C for software configurations.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com.

You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein.

No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available

on request. Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any

warranty arising from course of performance, course of dealing, or usage in trade. This document is classified as preliminary and contains information on products in the design phase of development. Do not finalize a design with this information. Revised product information

will be published as available. Verify with your local sales office that you have the latest document revision before finalizing a design. The benchmark results reported above may need to be revised as additional testing is conducted. The results depend on the specific platform configurations and workloads utilized in the

testing, and may not be applicable to any particular user’s components, computer system or workloads. The results are not necessarily representative of other benchmarks and other benchmark results may show greater or lesser impact from mitigations.

Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more information go to www.intel.com/benchmarks.

Optimization Notice: Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice Revision #20110804 Copies of documents which have an order number and are referenced in this document may be obtained by calling 1-800-548-4725 or by visiting www.intel.com/design/literature.html. © Intel Corporation. Intel, the Intel logo, and Xeon are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. * Other names and brands may be claimed as the property of others. 0418/DO/H09/PDF Please Recycle 337443-001US

http://www.intel.com/design/literature.html

network functions virtualization infrastructure (nfvi ... · a reference document providing the...

Documents