Network Virtualization Best Practices...Network Function Virtualization (NFV) and Software Defined...

Intel Confidential – Internal Use Only

Network Virtualization Best Practices F5 Agility Conference Breakout Session

August 4th, 2016

1 F5 Agility Breakout

Intel Confidential – Internal Use Only Network Platforms Group

2

Network Virtualization Best Practices

Session Description:

Network Function Virtualization (NFV) and Software Defined Networking (SDN) provide unique capabilities to enable optimal use of data center resources. Taking advantage of these technologies can increase network flexibility, slash costs, and provide the ability to launch innovative revenue generating services in a more efficient manner.

This breakout session will cover the business divers, technology enablers, and best practices for virtualized function based service deployments.

F5 Agility Breakout


3

Discussion Topics

Business Drivers

Virtualization Considerations

Virtualization Technology

F5 Agility Breakout


4

Network Function Virtualization “Network Function Virtualization” •  Virtualization provides the abstraction of the control-plane and data-forwarding plane to enable a

programmable network with greater flexibility and agility to simplify the creation and management of new services.

•  The decoupling of software implementations of Network Functions from the computation, storage and networking resources they use allows a network function to run on Common Off The Shelf (COTS) hardware

F5 Agility Breakout


Business Drivers



6

Virtualization Drivers

Standard “virtualization” Benefits Virtualizing core functions onto standard off-the-shelf hardware provides a common platform for services to reduce TCO, can increase network agility and flexibility, and more efficiently launch new revenue generating services.

Economics to accommodate mobile device proliferation and traffic growth The current model to dimension the network based on peak workloads does not make financial or operational sense. IoT device proliferation, the associated multi-dimensional call models and workloads combined with increase mobile video consumption are catalysts to transform from the physical appliance to virtual scaling model.

Rapid Service Innovation Appliance based functions does not lend itself to rapid innovation. Virtualization provides a “fail-fast” environment for SPs similar to Cloud Service Providers to launch new, innovative, revenue generating services.

Agility and Flexibility

Innovative Services

Reduce TCO

Virtualization Drivers

F5 Agility Breakout


7

Business Drivers Reduce TCO and Drive New Revenue Generating Services

Virtualization and SDN provide foundation for new revenue generating services

New business and consumption models

“Network As a Service” based services (Security, vWAN Optimization, SD-WAN, vCPE)

Agile Services, Reduced Cost, New Markets

vCPE Solutions Brief: http://www.intel.com/content/dam/www/public/us/en/documents/solution-briefs/334159-ve-cpe-communication-service-brief.pdf

vCPE Realization of virtualization business drivers

F5 Agility Breakout


9


The usability and performance of a common platform for multiple services impacts total cost and revenue.

Meaning: Optimal resource utilization impacts the business case. The more functions that can run on industry standard server platforms improves the TCO.

Usability

•  Modularity •  Scaling •  Interoperability •  Validated ecosystem

Performance

•  Dimensioning •  Characterization •  Benchmarking •  Predictability

TCO and Revenue

•  Time to Market •  Opex / Capex •  Licensing Model •  User Experience

F5 Agility Breakout


Virtualization Technology



Application Function

Enhanced Platform Awareness (Pinning, NUMA, Huge Pages, etc)

Resource Director Technology (CAT, CMT, MBB)

Acceleration Technologies

(AES-NI, QAT, Offload, etc)

Trusted Compute HyperScan

Control Plane ✓ ✓ ✓

Data Plane ✓ ✓ ✓ ✓ ✓

Xeon Ivybridge

Xeon Haswell

Xeon Broadwell

Performance Optimization DPDK, vSwitch

HW Capabilities (CPU, Chipset, NIC Silicon,

Switch Silicon) Xeon…

Standard interfaces Models and Descriptors, EPA aware, Integration, … Orchestration, Controller,

Hypervisor, OS, etc

Optimized Packet Process in Virtualized Environment Capabilities and Ecosystem Ingredients for optimal resource efficiency

Foundation Requires Horizontal Platform Integration and Optimization Ingredients Continuous Evolution

11

Xeon…

F5 Agility Breakout


12

Enhanced Platform Awareness (EPA)

What: EPA is an umbrella term for Intel's contributions to OpenStack

Why: Exposing platform capabilities to OpenStack (VIM) provides better view of underlying platform capabilities. Visibility provides necessary intelligence to filter and match virtual machine workload requirements with platform capabilities

Benefit: Improved application performance and optimized resource utilization to which correlates to improved end user experience and reduced TCO

Enhanced Platform visibility allows orchestration to more accurately assign cloud application workloads to the best virtual resource

F5 Agility Breakout


13

Enhanced Platform Awareness

CPU Chipset Switch Silicon

NIC Silicon

Hypervisor

VM VM VM VM

Orchestration


NIC Silicon

Hypervisor

VM VM VM VM

Orchestration

Cloud Infrastructure without EPA Cloud Infrastructure with EPA

F5 Agility Breakout


Service Requirements on NFV infrastructure Service Aware Infrastructure

•  Determinism and performance

•  Small packet processing

•  Real-time, latency, jitter

•  HW acceleration environments

•  Service Availability

•  Detect failed VMs in <1s

•  Auto restart, recover host failures

•  Geo redundancy

•  Accelerate VM migration in planned maintenance

•  Regulatory, geo-location

•  Advanced management (OSS/BSS)

EPA for demanding applications recognizes and configures platform/infrastructure


NIC Silicon

Hypervisor

VM VM VM VM

Orchestration

Service Aware

F5 Agility Breakout


15

Example platform features for data-plane workloads: •  CPU model, instructions, feature sets

•  SR-IOV (Single Root I/O Virtualization )

•  Huge Pages

•  NUMA (Non-Uniform Memory Access)

•  vCPU pinning to cores

•  vSwitch

•  Trusted Execution Technology

•  …

Key Enhanced Platform Awareness features

http://www.intel.com/content/www/us/en/communications/a-path-to-line-rate-capable-nfv-deployments.html https://01.org/blogs/dfineber/2014/devops-how-can-cloud-workloads-automatically-take-advantage-advanced-hardware

Servers & hypervisor

Resource Orchestration

Virtual Network Function

VM VM VM VM

Infrastructure as a Service

VIM Cloud/SDN

Resource Orchestrator needs to understand what is required to support each VM

F5 Agility Breakout


16

A set of open source data plane libraries and optimized NIC Drivers

•  Memory Buffer

•  Queue Manager

•  Pole Mode Drivers

•  Packet Classification Libraries

•  ..etc…

Data Plane Development Kit (DPDK)

www.dpdk.org

Interrupt Context Switch

Overhead

Kernel User

Overhead

Core to thread

scheduling overhead

DPDK addresses virtualization pain points

F5 Agility Breakout


Resource Director Technology

Intel® RDT provides visibility and control over how shared resources such as last-level cache (LLC) and memory bandwidth are used by applications, virtual machines (VMs) and containers.

Provides workload consolidation density, performance consistency, and dynamic service delivery to reduce overall total cost of ownership (TCO).

Visibility and Performance Determinism - For multi-tenant scenarios, identify misbehaving application and reschedule according to priority, where memory intensive applications can be allocated a specific amount of cache and ensure other applications are not effected

RDT enables Platform Quality of Service by providing control over shared platform resources using Cache Monitoring Technology, Cache Allocation Technology (CAT), Memory Bandwidth Monitoring(MBM), etc

http://www.intel.com/content/www/us/en/architecture-and-technology/resource-director-technology.html

https://01.org/packet-processing/cache-monitoring-technology-memory-bandwidth-monitoring-cache-allocation-technology-code-and-data

F5 Agility Breakout


HyperScan High Speed Pattern Matching Performance Hyperscan: optimized content inspection performance for virtualized functions

Ideal for applications that inspect large data volumes at high speeds

•  Intrusion Prevention (IPS), Antivirus (AV), Unified Threat Management (UTM), and Deep Packet Inspection (DPI)

Hyperscan is Multi-threaded software pattern matching library HyperScan works transparently in any hypervisor environment and OS independent

HyperScan provides a simple API that is easy to integrate and is a drop-in replacement for libPCRE to deliver scan performance that is orders of magnitude better.

http://www.intel.com/content/www/us/en/communications/hyperscan.html http://www.intel.com/content/www/us/en/communications/hyperscan-scalability-solution-brief.html

F5 Agility Breakout


Security and Attestation

Security Area

What Description Why

Hardening and Acceleration

Instruction sets (e.g. AES-NI)

Core Crypto Performance enhancements is to improve the compute efficiency of cryptographic algorithms.

Enables greater protection for application data, data moving across a network, and stored data

HW Accelerators: (e.g) Quick-Assist Technologies

Scalable hardware accelerators exposed to IA as PCIe Devices, providing acceleration

Resource optimization application and performance optimization for Network Security such as IPSec, SSL/TLS etc, IDS/IPS, Firewall.

Multi-Admin Isolation

Intel VT, Intel Secure Guard Extensions (SGX), Clear Linux/Containers

Eliminating virtualization performance overheads and improving security with hardware assist to the virtualization software, reducing its size, cost, and complexity

Provide and improve security in shared resource environment, e.g. Containers with use of Intel VT technology enables secure resource optimization deployment models

Platform Attestation

Trusted Execution Technology / Cloud Integrity Technology

Intel® Trusted Execution Technology (Intel® TXT) validates the behavior of key components within a server at startup.

Provides “root of trust,” - the system checks launch time configurations against a “known good” sequence to quickly assess whether any attempts to alter or tamper with the launch time environment have been made.

Virtualization provides for new security challenges that require new methodology and layers of security, attestation and domain isolation.

F5 Agility Breakout


Regulation Requirements for Workload Placement Trusted Execution Technology

Trusted Location and Boundary Control for Subscriber Details •  Regulators requesting Subscriber data be protected

•  Hardware-based Geo- and Asset Tags help control workload placement and migration

•  Boundary Control policy can be set for a workload, allowing or preventing its deployment

TXT provides Trusted Geo-location/Asset-location for Subscriber Data

20

Ability of the orchestrator to demand “secure” processing resources from the VIM, to select

infrastructure that includes TXT - ensuring that VNF software images have not been altered.


Summary



Summary

Business Case for virtualization is impacted by resource efficiency

Performance, manageability and usability impact virtualization realization

Virtualization platform capabilities are foundation for optimized end-end solutions

F5 Agility Breakout

Intel Confidential – Internal Use Only F5 Agility Breakout

Network Virtualization Best Practices...Network Function Virtualization (NFV) and Software Defined...

Documents

Transcript of Network Virtualization Best Practices...Network Function Virtualization (NFV) and Software Defined...