SR-IOV and DPDK

February 07, 2016 (Last Modified: April 01, 2018)

Til

Page content

SR-IOV and DPDK

Accelerating the NFV Data Plane : SR-IOV and DPDK… in my own words 를 읽고 요약

Before HW assisted Virtualisation

SR-IOV 전까지는 VMM이 패킷 송수신에 매번 개입해야 했음.

1st interrupt from NIC to VMM
2nd interrupt from VMM to VM

Intel VMDq

Only one interrupt from NIC to VM as each VM has its own Rx queue.

SR-IOV

SR-IOV : Standard IO memory Memory Management Unit from Intel(VT-d) and AMD(IOV)
Virtual Function - Limited, lightweight, PCIe resource and a dedicated Tx/Rx packet queue
Interrupt 부담이 없다고 하는데 왜??? 마지막 결론에서는 SR-IOV를 사용하면 interrupt를 두 개 다 없앨 수 있다고 하는데 이 부분은 잘 이해가 안된다. HW 기반

SR-IOV and vSwitch

SR-IOV는 VMM의 부담을 덜어주는 장점을 가지고 있지만, 반대로 vSwitch가 제공할 수 있는 네트웍 기능들 - portability, flexibility, QoS, complex traffic steering 등을 이용할 수 없게 되었다는. 문제는 이런 기능들이 NFV환경에서 필요하고(할 거고). vSwitch의 기능을 사용할 수 없으면 service chaining 같은 건 고민할 것도 없고, 위 기능들을 모두 각 VNF에서 구현해야 하는데. 물론 기존 PNF가 그랬던 것 처럼 못할 것도 없지만, 한 곳에 모아놓은 VNF사이에 구현해야 하는 공통 기능이면 가능하면 NFVI에서 구현할 수 있으면 좋겠지

SR-IOV is good for stand-alone virtualised appliance or architecture where high-traffic VNFs, routers and L3 centric devices vSwitch is good for strict intra-host east-west demands

Hybrid architecture requires additional management complexities and rule out the possibility of a common, efficient and flexible SDN shot deployment infrastructure

SR-IOV it isn’t currently possible to take advantage of overlay-based network virtualization, which is commonly used in large-scale virtualization environments.

Accelerated vSwitch solutions do support overlay-based network virtualization, they are less efficient overall and they may also expose additional security risks through the use of shared memory that may be accessible from untrusted VMs on the same compute node.

OVS/DPDK

Megaflow : wildcard
Micro flow : exact match based cache

Except 64B, SR-IOV and OVS/DPDK shows almost same performance against Bare-Metal (HP) http://www.slideshare.net/jstleger/dpdk-summit-2015-hp-al-sanders

However, IMAX shows 50-60% is 64Byte

http://www.metaswitch.com/the-switch/tackling-the-nfv-packet-performance-challenge

Tackling the NFV Packet Performance Challenge

SR-IOV vs. virtue

SRIOV is good for some cases in a VM but does not scale to many VMs or containers as NIC’s support for VF is limited in number and performance
SRIOV is very god in the host user space to gain direct access to the devices.

Right-now, virtue is the only solution we have today as a standard