turbocharge the nfv data plane in the sdn era - a radisys presentation
DESCRIPTION
On October 8, 2014, Karl Wale (Director of Product Management) and James Radley (Architect) presented: Turbocharge the NFV Data Plane in the SDN Era. This expert duo discussed the evolution of the network and service provider objectives around the challenges of deploying SDN/NFV solutions. They take you through some application use cases and introduce the new Radisys FlowEngine data plane software technology.TRANSCRIPT
James [email protected]
Karl WaleDirector of Product Management [email protected]
October 8, 2014 Webinar
© 2014 Radisys Corporation
2
NFV and SDN: disruptive technology shift• Network evolution and service provider objectives• Challenges in deploying NFV and SDN
New SDN and NFV solutions• Intelligent networking functions
Overcoming data plane challenges in the NFVand SDN era• FlowEngine™ data plane software technology• Application use cases
– Scaling capacity without overwhelming orchestration resources
– Service chaining as part of virtualized Gi-LAN
Summary
Agenda
© 2014 Radisys Corporation
3
Market Dynamics
NEWServices in
Next-Generation
Central Office
Service Providers (SP) Fighting OTT
Threat
Regulators Enabling Two-Way Business Models & SP Intelligence
SDN & NFV Deliver Tools to Enable Service Delivery & Cost
Reduction
11x capacity growth2013 – 2018 (Cisco VNI)
© 2014 Radisys Corporation
Services Centric Network
4
Evolving Telecom Landscape
Telco data centers• Distributed• Localized control and
service awareness• Fixed & mobile co-located
Services include:• Mobile EPC• Policy enforcement • Sponsored content• Video optimization• Advertising• Network analytics
Access Metro Optical
Next-generation Central Office for NFV
Need for NFV platform solutions in NGCO and telecom data centers© 2014 Radisys Corporation
5
Streamlined capex• Minimize fixed function
platforms• New infrastructure hosting
multiple services• Equipment re-used and
re-purposed for new services
Faster service delivery• Services centric network
Scalability• Simpler to scale up• Lower cost vs. buying
telecom appliances
Why Do We Need NFV?
Source: ETSI
© 2014 Radisys Corporation
6
NFV Infrastructure and Interfaces
OSS/BSS
Os-Ma
Ve-V
nfm
Virtual Computing
Virtual Network
Virtual storage
Virtualization Layer
Hardware Resources
NFVI
VI-Ha
Nf-Vi
NFV Management & Orchestration
ComputingHardware
NetworkHardware
StorageHardware
Vn-Nf Vn-Nf Vn-Nf
EMS1 EMS3EMS2
VNF1 VNF3VNF2
NFVOrchestrator
VNFManager(s)
VirtualizedInfrastructureManager(s)
Or-Vnfm
Vi-Vnfm
Or-Vi
Platforms options• Bladed and server• Integrated or discrete
networking functions
Typical Applications• Service assurance
(PCRF, DPI apps)• Mobile gateways• IP forwarding
(OpenFlow control)
NFV and SDN Tools• Load balancing and flow distribution• OpenFlow interfaces for networking• OpenStack integration
• Nova (Compute), Neutron (Network)• Platform management
© 2014 Radisys Corporation
7
Service providers desire COTS hardwarebut concerned existing products not carrier grade
Source: “SDN and NFV Strategies, Global Service Provider Survey”, March 2014, Infonetics
Drivers and Barriers of NFV
© 2014 Radisys Corporation
8
Scalability Challenges for SDN and NFV
Early NFV examples• Control plane applications• Smaller scale PoCs• Limited bandwidth on data plane
Data plane is bigger challenge• 10s of millions of users• 100s of millions of sessions/flows• Throughputs into the Terabits/sec• Latency critical
Control plane vs. Data planecontrasting example:
3 minute VoIP call
~10-15 SIP signalling packets in control plane
~36,000 RTP packetsin data plane
© 2014 Radisys Corporation
9
1. How many subscriber sessions would you expect a typical orchestration layer to track?a) < 5 millionb) 5 to 50 millionc) 50 to 200 milliond) > 200 million
Poll Question
10
NFV Questions and ChallengesFor Data Plane Applications
Virtualized Compute Resources- Linux, hypervisors, virtual switching- Performance scales to 100s Gbps- Optimizing/Offloading OvS functions- Who integrates and tests the functions?
Orchestration - e.g. OpenStack- Sessions tracked? Flows managed?- How far can it scale?- How fast can it respond to events?
Support for100s millions events/flows
Must scale toTbps at frame level,including supportfor 100GbE ports
Networking (with Simple Switch)- L2/L3 forwarding- Fixed, limited encapsulation support- Poor elasticity for flow re-direct- Service chaining not possible
Source: ETSI
© 2014 Radisys Corporation
11
Source: ETSI
Completing the NFV PictureFor Data Plane Applications
Virtualized Compute Resources- Linux, hypervisors, virtual switching- Performance scales to 100s Gbps- Optimizing/Offloading OvS functions- Who integrates and tests the functions?
Orchestration - e.g. OpenStack- Intelligent switch reduces work load- Autonomous flow assignment scales to
millions flows vs.10s thousands
Networking (with added flow awareness)- L2/L3 forwarding- Multi-protocol encapsulation- Cost effective scaling to Tbps incl. 100G- Stateful and stateless load balancing- Flow classification and ACLs- Enables service chaining- Autonomous flow assignment
Add Intelligent Switching &
Load Balancing
© 2014 Radisys Corporation
12
Load Balancing & Flow Awareness Today It works…but not ideal
Load Balancer
Switch/ToR
ServerServerServer
Switch/ToR
Network/Router
Stand-alone Devices Integrated/Chassis-basedStandard Switch (L2/L3)Basic 5 tuple load balancingStateless, only scales to few 10K flows
Network
Advanced Load BalancingImplemented on payload blades;...but uses payload slots
ServerServerServer
Stand-alone Load BalancerDelivers capabilities…but, typically high-cost/Gb, limited scalability and likely over-featured?
13
Intelligent Switching ArchitecturesEvolving switch architectures for NFV and SDN
Commercial Switch Silicon
1.2Tbps
Network
NetworkCommercial
Switch Silicon
1.2Tbps
NPU(s)800Gbps
Multi-core CPUException packets, OpenFlow Mgmt…
10, 40 and 100GbEOptical Ports
Server CPUs
Server CPUs
SimpleMgmtCPU
Limited rules availableUp to few 10K flowsStateless 5 tuple LB
Intelligent Switching & Load Balancing (eg A2470)
L2/L3 forwardingMulti-protocol encapsulationStateful & stateless LB Flow classification & ACLsEnables service chainingAutonomous flow assignment
© 2014 Radisys Corporation
14
Intelligent Switching Solves Problem
Inbound Packets
Outbound Packets
APAPAPAPAP APAPAPAPAPAP
SDN/Controller
In
IPF
LB
AP
Out
Input
SDN IP Packet Forwarder
Load Balancer
Application Processor
Output
A2470 Intelligent Switch (4x100G each)
A4700 Intel® Xeon® E5-2600 v3 Blade
AP
A2470 Intelligent Switchwith FlowEngine™
A4700 Intel® Xeon® E5-2600 v3x86 CPU Blade
LB
In
IPF
Out
Rule-based automatic flow assignment100s millions flows managed
Minimizes overhead on orchestration
© 2014 Radisys Corporation
15
2. How will you implement flow classification and load balancing within your NFV deployments?a) Dedicated load balancer from established vendorb) Develop (or partner for it ) based on commercial appliancec) Implement on compute server (blade or RMS/server)d) Standard white box switch and commercial silicone) Don’t need load balancing
Poll Question
17
The SDN Model
OrchestrationAutomated provisioning, coordination,
management of defined services within the DC or Telecom Network (e.g. Virtualization)
NodeIn a network, a node is either a Connection
Point (e.g. media gateway), a distribution point (Top of Rack Switch) or an end point (Cloud
Server) for data transmissions.
ControllerManages network control plane to configure network devices, choose the optimal network
path for application traffic flows.
Source: Intel
© 2014 Radisys Corporation
18
FlowEngine Overview
FlowEngine is a portfolio of functions for identifying, manipulating and steering IP traffic at line rate
Built around core load balancing function running on NPU
Core load balancing application isextensible with configurable derivations• MPLS edge routing forwarding plane element• Bespoke SDN switch for NFV style deployment
FlowEngine functions can be managed by CLI, OpenFlowand high-speed table update interfaces
Integration with OpenFlow and ForCES-basedcontrollers supported
© 2014 Radisys Corporation
19
Example of SDN Table Stacking
Access Control List
Inbound Flow
External Ports
LBG[0] LBG[1] LBG[2] LBG[3]
Router Function
Port Queuing & Traffic Management Function
Backplane & RTM ports© 2014 Radisys Corporation
20
Load Balancing Groups
Hash Logic B
Flow type A
Flow type A
Flow type B
Flow type B
Access Control List (ACL)
is used to determine what type of flow type an individual packet belongs to.
Hash Logic A
Field SelectorGTP tunneled IP
Field SelectorGTP TEID field LBG1
LBG2
Supports up to 4 Load Balancing Groups (LBGs) LBG selected by ACL rules Each LBG can determine load balanced target using different
key header fields• IP addresses (outer IP header)• GTP Tunnelling Endpoint Identifier (TEID)• Tunnelled IP header
21
NPU
Typical SDN Handling for a New Flow
Introduces very long latency
NPU
© 2014 Radisys Corporation
22
NPU
Controller Can Predefine Flow Rules
Controller would need to anticipate flow in advance
NPU
© 2014 Radisys Corporation
23
Autonomous Handling of New Flows
NPU
NPU
© 2014 Radisys Corporation
24
Table Cascade for Stateful Load Balancing
© 2014 Radisys Corporation
25
Capacity-aware Load Balancing
© 2014 Radisys Corporation
26
Service Function Chaining
A
CD
B
© 2014 Radisys Corporation
27
Service Function Chaining
Industry recognises that some form of per-packet tagging is required to allow switch to properly chain functions• cf. IETF SFC drafts
However, getting agreement on a standard for such tags willprove challenging• Will impact many legacy applications from numerous vendors• Will it be the vSwitch or VNF application vendors who decide?
In short term, flexibility of a programmable NPU device isrequired to support whatever SFC tagging schemes emerge• NPU can initially apply list of SFC hops on system ingress• NPU can pop tags as packet returns from one VNF and use next
SFC tag to identify next service type
© 2014 Radisys Corporation
28
Service Function Chaining Methods
L2 VLAN SFC-HDR L3 L4 Payload
SFC-ID SFC-ID SFC-ID SFC-ID
L2 VLAN SFC-HDR L3 L4 Payload
Counter--
L2 VLAN SFC-HDRL3 L4 Payload
© 2014 Radisys Corporation
29
Automatic Packet Bypass
Only established flows sent to CPU resources for analysis• Failed TCP session setups and short UDP bursts bypass servers
Samples of flow sent to servers• Only every nth packet of identified flow sent to CPU resources
© 2014 Radisys Corporation
30
Automatic Packet Bypass
Majority of traffic not sent to server resources Compute capacity of server array does not
define total system throughput
© 2014 Radisys Corporation
32
Summary
SDN and NFV driving new platform requirements• NFV transition for control plane underway• NFV transition for data plane has
unique challenges
Load balancing and flow distribution key• Cost effective and high performance• Customizable and highly elastic to track VMs• Need more than simple switching
Specialized networking required to scale• Commercial switch silicon cannot handle all permutations• Terabit+ performance levels, deeply embedded packets etc. • 100s of millions of sessions per rack/frame/chassis
© 2014 Radisys Corporation
Thank You for Attending
Questions?
James [email protected]
Karl WaleDirector of Product Management [email protected]