ContainerNetworkingPoweredbyJianfengTan,CunmingLiang,HeqingZhu,HuaweiXieAgenda•Background•DPDK-poweredtechniques–UsingSR-IOV+DPDKinContainers–Connectcontainerswithuserspacevswitch–Userspacenetworkstack•DPDK-poweredVNFsContainernetworkingstatusquo•Multi-hostnetworkingContainerNetworkVirtualizationServiceLinuxKernelContainerNetworkVirtualizationServiceLinuxKernelAgentButnotreadyforscenarioslike…•High-throughputnetworkingfunctionslike–LB,FW,IDS/IPS,DPI,VPN,pktgen,Proxy,AppFilter•Latency-sensitiveandjitter-avoidapplications–Gameapplications–E-commerceflashsales–Stockexchangetrading–VideoconferenceContainer-basedVNFsRealtimenetworkappChallengesofhighperf.network•FWD1~2MppspercoreNICTimebudgetfor64BTimebudgetfor1518B10Gb67.2ns1,230ns40GbN/A307ns100GbN/A120nsDatafromLWNarticle,3GHzCPUNICTimebudgetSystemcall75ns/42nsAtomicops8.25nsSpinlocklock/unlock16+nsL3miss~80nsOpenSourceSoftwareCustomerAdoptionTheDataPlaneDevelopmentKit(DPDK)isasetofsoftwarelibrariesforacceleratingpacketprocessingworkloadsonCOTShardwareplatforms.HowdowesolveitinBM-DPDK•CPUaffinity•Hugepages•UIO•Polling•Lockless•Batching•SSE/AVX•High-throughput•Low-latency•DeterministicCanweleverageDPDKtoaccelerateContainerNetworking?VMvsContainerHOSTC0C1…HOSTHOSTC0C1Cn…ABCDCnvSwitchApp0App1HOSTApp0App1vSwitchVMContainerAppn…Appn…SR-IOVVIRTIO•Requires:devicemapping(vfio)•High-performance:smallpktslineratewith10GbE•but–#ofVFsislimited(64or128)–Notflexible(byHW)ContainerLinuxKernelUsingSR-IOV+DPDKinContainerVMvsContainerHOSTC0C1…HOSTHOSTC0C1Cn…ABCDCnvSwitchApp0App1HOSTApp0App1vSwitchVMContainerAppn…Appn…SR-IOVVIRTIOConnectcontainerswithuserspacevswitchContainer/Appvhost-useradaptervSwitchvhostDPDKDeviceEmulationvirtioSocket/tmp/xx.socketVirtioPMDPerformanceEvaluation-throughputixgbekernelNICvhostPMDixgbePMDvirtioPMDContainerInstanceNICixgbePMDContainerInstanceNICpcaplibPerformanceEvaluation-latency•FornativeLinux,mslevel•Fortheothertwo,uslevelixgbekernelNICvhostPMDixgbePMDvirtio...
