Virtio Inline Accelerator

Slides:

Advertisements

Similar presentations

Integration of PAP site 17 th July 10. Requirements of PAP SITE  Bandwidth drop  Router  RJ45 cables  Switch  Gateway  Nodes  Ups  9urack.

Advertisements

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Firewalls Uyanga Tserengombo

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Keith Wiles DPACC vNF Overview and Proposed methods Keith Wiles – v0.5.

Accelerating the Path to the Guest

Network Implementation for Xen and KVM Class project for E : Network System Design and Implantation 12 Apr 2010 Kangkook Jee (kj2181)

Virtio-crypto Web Server App OpenSSL “lib” VNFC in a VM

DPACC vNF Overview and Proposed methods Keith Wiles – v0.5.

dpacc framework discussion data plane

Department Of Computer Engineering

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.

Networking Components Mike Yardley LTEC 4550 Assignment 3

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Control Processor Switch Fabric ATM Switch Core Port Processors FPX SPC LC IPPOPP FPX SPC LC IPPOPP FPX SPC LC IPPOPP FPX SPC LC IPPOPP FPX SPC LC IPPOPP.

SeGW function offload 1/4 SeGW VNF SmGW VNF Virtual Switch Other VNF VNFs NFVI Network Processor Offload “programming” 1)VNF need to talk to Packet Processor.

1.4 Open source implement. Open source implement Open vs. Closed Software Architecture in Linux Systems Linux Kernel Clients and Daemon Servers Interface.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

02/09/2010 Industrial Project Course (234313) Virtualization-aware database engine Final Presentation Industrial Project Course (234313) Virtualization-aware.

Module 1: Configuring Routing by Using Routing and Remote Access.

Firewall Matthew Prestifilippo, Bill Kazmierski, Pat Sparrow.

1.4 Open source implement. Open source implement Open vs. Closed Software Architecture in Linux Systems Linux Kernel Clients and Daemon Servers Interface.

Virtio-IPsec-LA PoC Implementation

DPACC Management Aspects

WINS Monthly Meeting 06/05/2003 WINS Monthly Meeting 06/05/2003.

Figure A: From Openstack Nomad. Figure B: From Gap on OpenStack ① ① ④ ④.

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

Outline PART 1: THEORY PART 2: HANDS ON

Siti Kholijah Binti Hashim TSI/2013. FREQUENCY 2.452GHz GHz SECURITY WEP, WPA, WPA2 STANDARD IEEE802.16e-2005 Wave 2 (WiMAX) TRANSMIT POWER.

Opnfv Summit 2016 (Berlin) DPACC and DPDK solving NFV acceleration

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Defining Network Infrastructure and Network Security Lesson 8.

أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)

Co-located Summit

Virtual Private Networking with OpenVPN

IPv6 for the Network Edge

Network Address Translation

DPDK API and Virtual Infrastructure

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Nov, 2015 Howard Huang, Huawei Julien Zhang, ZTE

6.6 Firewalls Packet Filter (=filtering router)

Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.

Network Security: IP Spoofing and Firewall

DPACC Management Aspects

Get the best out of VPP and inter-VM communications.

Firewalls Routers, Switches, Hubs VPNs

Virtio Keith Wiles July 11, 2016.

vDPA for Vhost Acceleration

Open vSwitch HW offload over DPDK

Virtio/Vhost Status Quo and Near-term Plan

Accelerate Vhost with vDPA

Lecture 3: Secure Network Architecture

Update Summary of DPACC docs

NetFPGA - an open network development platform

Implementing Firewalls

NFV and SD-WAN Multi vendor deployment

Flow Processing for Fast Path & Inline Acceleration

Update Summary of DPACC docs

Latest Update DPACC Use-cases

Virtio-ipsec F.F. Ozog (6WIND) v1 (2015/05/29).

Platform Performance Acceleration

Latest Update DPACC Use-cases

Accelerator Management g-API’s

Figure 3-2 VIM-NFVI acceleration management architecture

Latest Update DPACC Architecture

Presentation transcript:

Virtio Inline Accelerator VNF Application g-API SAL in user space guest Commands/ re-injected packets Status/ Exception Packets Accelerated Traffic Non-accelerated Incoming Virtio-net User Frontend Driver Virtio-net User Frontend Driver Virtio Inline User Frontend Driver sio in Kernel virtio-inline vRings vRings Vhost-net Backend Virtio Inline Backend vHost-user Vhost-net Backend SRL Host user space SAL in host user space g-net-driver g-accel-driver g-net-driver SW Accelerator This view is attempting to show the DPACC layer and configuration can be designed by the developer to give his application the best accelerated performance. In this picture having a software acceleration layer in the host would provide the best performance and flexibility for a VNF application. device hio HW Accelerator Physical ports Physical ports Fig 5. Virtio based Inline Acceleration 13/11/2018

Multiple Virtio Inline Accelerators Firewall App IPS App NAT App Router App IPsec App g-API SAL in user space Virtio net frontend Virtio Inline FW frontend Virtio net frontend Virtio Inline IPS frontend Virtio net frontend Virtio Inline NAT frontend Virtio net frontend Virtio Inline Router frontend Virtio net frontend Virtio Inline Ipsec frontend Virtio net frontend guest Commands/ re-injected packets Status/ Exception Packets Accelerated Traffic Non-accelerated Incoming sio in Kernel virtio-inline vRings vRings vRings vRings vRings Virtio Inline Backend vHost-user SRL Host user space SAL in host user space g-net driver g-FW driver g-IPS driver g-NAT driver g-router driver g-IPsec driver g-net driver SW Accelerator hio device FW Accelerator Intrusion Prevention (IPS) Accelerator NAT Accelerator Router Accelerator Ipsec VPN Accelerator Physical ports Physical ports Fig 6. Examples for multiple virtio based Inline Acceleration 13/11/2018

NFV Infrastructure Accelerator with all phy ports in smartNIC Commands/ re-injected packets Status/ Exception Packets Accelerated Traffic Non-accelerated Incoming VNF Application VNF Application g-API SAL in user space guest Virtio-net User Frontend Driver Virtio-net Backend Acceleration Management Layer Host user space SAL in host user space g-srl-driver hio This view is attempting to show the DPACC layer and configuration can be designed by the developer to give his application the best accelerated performance. In this picture having a software acceleration layer in the host would provide the best performance and flexibility for a VNF application. device SRL Accelerator Physical ports Figure Y NFVI Packet Processing Accelerator 13/11/2018

NFV Infrastructure Accelerator with some non-smartNIC phy ports VNF Application VNF Application g-API SAL in user space guest Commands/ re-injected packets Status/ Exception Packets Accelerated Traffic Non-accelerated Incoming Virtio-net User Frontend Driver Virtio-net Backend SRL???? Acceleration Management Layer Host user space SAL in host user space g-net-driver g-srl-driver hio This view is attempting to show the DPACC layer and configuration can be designed by the developer to give his application the best accelerated performance. In this picture having a software acceleration layer in the host would provide the best performance and flexibility for a VNF application. device SRL Accelerator Physical ports Physical ports Figure Y NFVI Packet Processing Accelerator 13/11/2018

Previous figures – discard after finalizing 13/11/2018

Virtio Inline Accelerator VNF Application g-API SAL in user space guest Commands/ re-injected packets Status/ Exception Packets Accelerated Traffic Non-accelerated Incoming Virtio-net User Frontend Driver Virtio-net User Frontend Driver Virtio Inline User Frontend Driver sio in Kernel virtio-inline vRings vRings Vhost-net Backend Virtio Inline Backend vHost-user Vhost-net Backend SRL-0 SRL-1 Host user space SAL in host user space g-net-driver g-accel-driver g-net-driver SW Accelerator This view is attempting to show the DPACC layer and configuration can be designed by the developer to give his application the best accelerated performance. In this picture having a software acceleration layer in the host would provide the best performance and flexibility for a VNF application. device hio HW Accelerator Physical ports Physical ports Fig 5. Virtio based Inline Acceleration 13/11/2018

Multiple Virtio Inline Accelerators Firewall App IPS App NAT App Router App IPsec App g-API SAL in user space Virtio Inline FW Frontend Virtio Inline IPS Frontend Virtio Inline NAT Frontend Virtio Inline Router Frontend Virtio Inline IPsec Frontend guest sio in Kernel virtio-inline Commands/ re-injected packets Status/ Exception Packets Accelerated Traffic Other vRings vRings vRings vRings vRings Virtio Inline Backend vHost-user Host user space SAL in host user space FW g-driver IPS g-driver NAT g-driver Router g-driver IPsec g-driver hio hio hio hio hio Firewall (FW) accelerator Intrusion Prevention (IPS) accelerator NAT accelerator Router accelerator Ipsec VPN accelerator device SRL in host user space Physical ports Fig 6. Examples for multiple virtio based Inline Acceleration 13/11/2018

Virtio Inline Accelerator VNF Application g-API SAL in user space guest Commands/ re-injected packets Status/ Exception Packets Accelerated Traffic Other Virtio-net User Frontend Driver Virtio-net User Frontend Driver Virtio Inline User Frontend Driver sio in Kernel virtio-inline vRings vRings Vhost-net Backend Virtio Inline Backend vHost-user Vhost-net Backend SAL in host user space Host user space g-driver SW Accelerator hio This view is attempting to show the DPACC layer and configuration can be designed by the developer to give his application the best accelerated performance. In this picture having a software acceleration layer in the host would provide the best performance and flexibility for a VNF application. device HW Accelerator SRL Physical ports Fig 5. Virtio based Inline Acceleration 13/11/2018

Virtio Inline Accelerator VNF Application g-API SAL in user space Commands/ re-injected packets Status/ Exception Packets Accelerated Traffic guest Virtio-net User Frontend Driver Virtio-net User Frontend Driver Virtio Inline User Frontend Driver sio in Kernel virtio-inline Vhost-net Backend Virtio Inline Backend vHost-user Vhost-net Backend SAL in host user space Host user space g-driver SW Accelerator hio device HW Accelerator Patch ports to other SW/HW Accelerators Patch ports to other SW/HW Accelerators Physical ports Fig 5. Virtio based Inline Acceleration 13/11/2018

Multiple Virtio Inline Accelerators Firewall App IPS App NAT App Router App IPsec App g-API SAL in user space guest Virtio Inline FW Frontend Virtio Inline IPS Frontend Virtio Inline NAT Frontend Virtio Inline Router Frontend Virtio Inline IPsec Frontend sio in Kernel virtio-inline Commands/ re-injected packets Status/ Exception Packets Accelerated Traffic vRings vRings vRings vRings vRings Virtio Inline Backend vHost-user Host user space SAL in host user space FW g-driver IPS g-driver NAT g-driver Router g-driver IPsec g-driver hio device Firewall (FW) accelerator Intrusion Prevention (IPS) accelerator NAT accelerator Router accelerator Ipsec VPN accelerator Physical ports Fig 6. Examples for multiple virtio based Inline Acceleration 13/11/2018