dn tech-day 2017 - automotive, security, iot · iot gateway roadside infrastructure smart home...
Post on 22-May-2020
1 Views
Preview:
TRANSCRIPT
0 PUBLIC USE
VCPE/NFV SOLUTION WITH LAYERSCAPE
WES LI
DIGITAL NETWORKING FAE
DN TECH-DAY 2017
1
SECURE CONNECTIONS FOR A SMARTER WORLD
Everything
Connected
1B+ additional
consumers online,
30B+ connected devices
Everything
Smart
40B+ devices with
intelligence shipped
in 2020
,
Everything
Secure
Potential savings to
economy up to
half trillion dollars
Source: Euromonitor; Gartner; ARM Holdings; UBS; Center for Strategic and International Studies;
McAfee, NXP analysis, International Telecommunications Union
ProcessingConnectivity Security
2
Who is Digital Networking…
Virtualization
Security (Trust & Protocol Acceleration)
Software Solutions and Services
Enabling Secure Infrastructure
with Cost- & Power-Efficient Solutions
and unique expertiseSwitch & Control
Storage
Cellular
& Wi-Fi
Gateway
Industrial
DN Targeted Solution Segments
3
Enablement
Software
Software
Platforms
Mu
ltic
ore
Pro
cesso
rs
Silicon and Software Provide the Solutions our Customer Require
LS2088
LS2080
LS1088
LS1046
LS1043
LS1012
LS1021
Secure Embedded & Enterprise Linux Distributions
GW NFVvCPE Switch ITSWLANIOT &
Home
1W
35W
SD-WAN
Access NodeWi-Fi
Extender
Enterprise WAP
Carrier WAP
Services Routers
Retail
Router
High-End
GW
25Gbps
Services Switch
100Gbps
Services Switch
IOT
Gateway
Roadside
Infrastructure
Smart Home
vE-CPE NFV infrastructure
vCPE
Solutions deployed
by ODM and OEM partners
4
Outline
• Introduction – SDN, Virtualization and NFV
• NXP Solution & Focus
• NXP Differentiation and Advantage
• NXP NFV Performance
• NXP Distributed Cloud Computing Architecture
• Virtualization Use Case #1 – Virtualized Gateway for multi-services (inc. IoT etc)
• Virtualization Use Case #2 – DCCA with IOT functions support
• Virtualization Use Case #3 – AWS Greengrass demo with industrial IOT
5
INTRODUCTION
SDN, VIRTUALIZATION & NFV
6
Software Defined Networking (SDN)
• Physical Separation of the network control layer from the forwarding plane, and where a control plane controls several devices
• Directly Programmable, Agile, Centrally managed, Programmatically configured and Open standards-based Architecture
• Spans all forms of Environments — Carrier, Enterprise Campus,
Cloud Services — residential, business, intent-based,
non-intent-based Resources — physical, virtual, compute, storage,
forwarding
• Enables Security Policy enforcement Information Hiding
7
Software Defined Networking (SDN)
• Disaggregation of Layers
• Centralization of CP across multiple data
paths (SDN Controllers such as ODL,
OpenContrail) – Central Intelligence
• Centralized Management (Openstack
Neutron) – Single dash board
• North bound protocols
− JSON-over-HTTP, NetConf, OpFlex etc..
• South bound protocols
− Openflow 1.x (OF)
NXP Strategy
• SDN-optimized SoC• SDN/OF pipeline for fast path • Augment OF with L3-L4 Extensions
Data Path
Configuration / ManagementAgent
Control/Service Plane
Data Plane/Fast Path
Physical Network Function Appliance(Integrated control & Data)
North bound Protocols
South bound Protocols
SDN – Separation of Layers
Data Path
Control Plane
Service Plane (Normal Path)
Management Plane
8
What is Virtualization?• Virtualization – Hardware and Software technologies that
provides an abstraction layer that enables running multiple operating systems on a single system
• A hypervisor is a software component that creates and manages virtual machines which can run operating systems.
• Virtualization Use Cases
- Cost Reduction (Improved HW utilization)- Reliability & Protection- Flexibility & Scalability
Benefits:
• Isolation
• Dedicated Resources
• Migration –
• Auto Failover
• Load Balancing
• Legacy Software Support
Configuration / Managementgent
Control/Service Plane
9
Virtualization Use Cases Configuration / Managementgent
Control/Service Plane
10
NFV – Network Function Virtualization
pNF1
vNF1 vNF2 vNF3pNF2
Virtual Switch, KVM/LXC/Docker (NFVI)
pNF3
• NFV offers a new way to design, deploy and manage networking services/functions
• What you can do with NFV?- Run network functions on general-purpose common hardware- Take network functions in and out of service, and scale them up and down easily- Multiple network functions can share a NFV node (Compute Node) - Automate service delivery with orchestration
• Proven Cloud technologies for IT applications in data centers (same can be used for NFV)- Orchestration tools such as OpenStack, Opencontrail etc.- Hypervisors such as KVM,LXC,Dockers etc..- Virtual switch using OVS,DPDK-OVS etc.- Opencontrail using vrouter agent for Dynamic service chaining
11
NFVI (NFV Infrastructure) Concept and Challenges
vNF1
vNF vNF3
• NFVI enables virtualization of hardware and exposes each virtual hardware to VMs
• NFVI consists of multiple SW modules
- Orchestration agent- Libvirt- Hypervisor such as KVM, LXC, Docker etc..- QEMU for emulating hardware
• Networking
- VxLAN – Overlay based virtualization- OVS – Virtual Switching- Firewall – Filtering traffic going to/from VMs.- Traffic Control- DDoS prevention- IPSec for security-on-wire
• Challenges
- More intelligence is being added to VMM, Intelligence is pushed to the edge
- Amount of traffic processed by vNFs is much higher than typical IT applications, therefore networking performance is important
12
On-Demand Virtualized Network Appliances
• Reduce CapEx
• Reduce OpEX
• Accelerate Time-to-Market
• Deliver Agility and Flexibility
13
NXP
SOLUTION & FOCUS
14
Physical Hosts Virtual Hosts - Cores
Physical Network Virtual Network - Cores
Virtual Networking Models
Host
App
Host
App
Host
App
NIC
NIC
NIC
Cry
pto
Cry
pto
Switch
vHost
App
vHost
App
vHost
App
vN
IC
vN
IC
vN
IC
vC
ryp
to
vC
ryp
to
Switch
Virtual Hosts - Cores
Virtual Network – on Chip
vHost
App
vHost
App
vHost
App
vN
IC
vN
IC
vN
IC
vC
ryp
to
vC
ryp
to
Switch
Compute and
I/O virtualization
on cores
Network
virtualization
on cores
Compute
virtualization
on cores
Network and I/O
virtualization on
SoC
Traditional Networking
– multiple devices
Virtual Networking
emulated on cores
Virtual Networking
provided by hardware
LayerScape Architecture provides Complete Network Virtualization in Hardware
15
Open Platform for NFV – Mapping to Hardware
• Expanded acceleration capability to
offload Hypervisor and VMs
VxLAN, OVS, Firewall, Traffic
Control, IPSec, Netflow, SDN
• Driving standardization
Linux, ODP, Virtio, DPDK
• Driving relevant open standards bodies
ETSI NFV, OPNFV, ONF, LNF
• Standard SW installation environment
• UEFI, ONIE, ACPI, uboot
Open, Scalable, Performance / Cost Optimized Solution
Software fully compatible with open standards
QorIQ Layerscape Platform
ARMv8ARMv8ARMv8
VM VM Container
MAC MAC MAC
Hypervisor Packet,
Crypto, TM
AccelerationInline Acceleration
Ethernet
Virtualized
Network
Function
General Purpose Processors
Virtualized
Network
Function
Web
Server
Software Virtualization & Partitioning Layer
Web
Server
Hardware Virtualization & Partitioning Layer
IO, Network Virtualization
vSwitch /
VMM
OpenFlow
Switch
Dumb
NIC
Smart
NIC
Network
Interface
Network
InterfaceNetwork IO High Speed Serial IO
Controller Controller
NFV Compute Node
16
NXP’s NFV Solutions
Hardware
Silicon
Install/Deploy
Com
pute
I/O
Netw
ork
ing
Management
Orchestration
Open-Source vNF Customer vNF NXP vNF
vRouter
vVPN
vFirewall
vCPE vE-CPE
vRouter vEPC
vPE vRAN
vCPE
vVPN
vProxy
OP-NFV
- OpenStack
- Open DayLight
- Fuel, Apex
Cisco Virtual
Topology System
Juniper
OpenContrail
KVM
Docker
Ceph
DPDK
VirtIO
VFIO
OVS
OVS offload
VPP, Contrail
UEFI CentOS, Ubuntu, Debian Fuel, Apex
LS1043 LS1046 LS1088 LS2085 LS2088 LX2
RDB Blades, iNICs Servers
HW/SoC
Enablement SW
Commercial SW
OpenSource SW
Customer SW
17
Layerscape Platform
NFV Solution Architecture
Veth-port
10G Eth
vVPN vRouter/Fwl
User Space
Kernel Space (Ubuntu)
IKE StrongSwan
so
cke
t
User Space
Kernel Space (OpenWRT)
Route, dhcp, etc
so
cke
t
fpm
DPDK
Open fastpath
3rd-Party vNF
User Space
Kernel Space (Ubuntu)
so
cke
t
3rd-Party App
OP-NFV(Orchestration,
Mgmt)
Open
Contrail,
Daylight
Open Stack
Fuel, Apex
Installer
Compute Virt
KVM
Qemu
libvirt
Do
cke
rs, C
ep
h
I/O and Network Virt
OVS -
kernel
10G Eth
OVS -
DPDK
Virtio-net
vhost-user
OVS, Service-
Chaining – HW
Packet Engine
OP-NFV • Colorado 3.0
• Fuel 9.0
DPDK • 16.07
OVS • v2.6.1
• DPDK 16.07 in VM
• OVS Packet-Engine
KVM • v2.2
Qemu • v2.6
Libvirt • 1.3.5
Linux • LTS Kernel 4.1.35
Orchestration • OpenStack (Mitaka)
• OpenDaylight (Boron)
Reference
vNFs
Open Source
• vRouter,
• vFW (iptables),
• vVPN (strongSwan)
Distro • UEFI
• CentOS
• Ubuntu
• Yocto
NFV Development Kit
UEFI, CentOS
Re-use from
OP-NFV
community and
run un-modified
NXP enablement for NFV
– upstreamed to
community, competitive
performance
NXP HW
assists for
extra
performance
Virtio (Qemu)
Virtio-
crypto
VFIO (direct)
Virtual
NIC, SEC
virtio vfio
DPDK
virtio vfio
NXP Sample vNF
User Space
Kernel Space (CentOS)
Virtio-net,crypto
NW Stack
socket DPDK
virtio vfio
Virtio-net,crypto
NW Stack
Virtio-net,crypto
NW Stack
Virtio-net,crypto
NW Stack (ipsec)
net
perf
OSSL
speed-
test
L3-
Fwd
IPSec
Fwd
SECARMv8
Re-use from 3rd-
Party sources
and run un-
modified
Service-chain
Kernel virt User-space virt HW assisted
Packet Engine
18
NXP Virtualization Platform Focus- Smart Access, Intelligent Edge
Internet Service Provider
Cloud
QorIQ LS 20xx/x86
LS1043/LS1046LS 1012
Edge of the ISP Cloud
Customer Premise
vCPE
On Demand Adaptive End-to-End Distribution of
Virtualized Network Services (vNFs)
Clients
Service
Chaining
Cloud
Orchestration
vCPE
LS1088/LS20xx
vCPE
Single Cortex-A53
DataCenter
Cloud
Smart
Edge
Smart
Access
Optimized
vNFs
Optimized
vNFs
vNFs – Virtual Network Functions
19
NXP NFV Solution offering
• ARMv8: LS1043, LS1046, LS1048, LS1088, LS2080, LS2088Standard Hardware Platforms
• CentOS, UEFI, Debian, UbuntuStandard Linux Distro
• KVM, QEMU, Docker, CephStandard Virtualization
components
• OP-NFV: OpenDayLight, OpenStack, Open ContrailStandard Orchestration and
Management
• DPDK, ODP, OVS, VirtioStandard API and libraries
• vFirewall, vNAT, vRouter, vVPN, vTrendMicroVirtual Network Functions
• Benchmarks, User-guide, DocumentationOut-of-the-Box Experience
20
NXP DIFFERENTIATION AND
ADVANTAGE
21
NFV Solutions
AIOP Acceleration
Hardware Acceleration
High vNF Coremark/W
22
Layerscape AIOP – A New Architecture for a New Network
60
MUST HAVE:50
40
Advance Packet Processing
• Tightly coupled accelerators
called as C functions
• H/W preloaded task state,
headers, stack frame
• Customer programmable
30
20
10
0
PQ3 P Series T Series Layerscape
Network IO DDR CPU Acceleration CPU + NPU + Accel
• Run-to-completion modelusing standard C (C99)
Many-core processor approach is not
sustainable due to power, software
complexity and integration costs 4-6xPerformanceover general purpose coresin a lower power envelope
Need to provide right mix of highperformance and programmability
Confidential and Proprietary | 4
23
Layerscape HW-Assist
User
Host
User
I/O & Network virtualization – Compatibility
User
Kernel
Host
Kernel
Layerscape
Hardware
Legacy User Application
Guest / VM
Host
User Application
VirtIO
Linux NW stack DPDK, ODP API
VirtIO VFIO
VirtIO
Kernel Drivers
OVS
VirtIO
ODP, DPDK
OVS
vSECvEth
OVS
Ethernet Port Security Accelerator
Front/Back-end Kernel/Kernel Kernel/User User/User User/HW
Portability Highest High High Medium
Performance Low Medium Medium Highest
Differentiation Low Medium Medium High
Easy Migration
for Legacy
Applications
24
Layerscape HW-Assist
User
Host
User
I/O & Network virtualization – Differentiation
User
Kernel
Host
Kernel
Layerscape
Hardware
Legacy User Application
Guest / VM
Host
User Application
VirtIO
Linux NW stack DPDK, ODP API
VirtIO VFIO
VirtIO
Kernel Drivers
OVS
VirtIO
ODP, DPDK
OVS
vSECvEth
OVS
Ethernet Port Security Accelerator
Front/Back-end Kernel/Kernel Kernel/User User/User User/HW
Portability Highest High High Medium
Performance Low Medium Medium Highest
Differentiation Low Medium Medium High
NXP Differentiation
Hardware Assisted
NW Virtualization
25
Layerscape HW-Assist
User
Host
User
I/O & Network virtualization – NXP Advantage
User
Kernel
Host
Kernel
Layerscape
Hardware
Legacy User Application
Guest / VM
Host
User Application
VirtIO
Linux NW stack DPDK, ODP API
VirtIO VFIO
VirtIO
Kernel Drivers
OVS
VirtIO
ODP, DPDK
OVS
vSECvEth
OVS
Ethernet Port Security Accelerator
Front/Back-end Kernel/Kernel Kernel/User User/User User/HW
Portability Highest High High Medium
Performance Low Medium Medium Highest
Differentiation Low Medium Medium High
NXP Advantage
Hybrid Model
Support
26
Use Case Example: Power Efficient NFV with LS2088A
• VMM network and IO
virtualization consumes
CPU resources
• Most of it can be assisted by
the Layerscape packet
engine
• Therefore
− More cycles allocated to VM
− and better integration…
LS2 with AIOP E5-2618Lv3 Xeon-D 1548
Cores 8 @ 2GHz 8 @ 2.3GHz 8 @ 2 GHz
CoreMark/MHz/Core 5.4 8.2 8.2
Power (TDP) 35W 75W 45W
vNF Capability
Virtual Networking
NIC, Crypto Included +10W, +40W
Cores for Virtual NW, IO 2 4 5
vNF CoreMark 65k 75k 49k
Combined Power 35W 125W 45W
vNF CoreMark/W 1857 600 1089
Cores
Packet
Engine
Layerscape Architecture provides a 2x to 3x Performance/Watt advantage
Included
Virtual I/OCores
$779 $675$100
27
SUMMARY
2828
NXP’s Virtualization Platform Solutions • SDN and OPN-NFV based open-source virtualization platform that
delivers Service velocity, CAPEX, OPEX Reduction,
and Scalable/Elastic networking
• Opensource platform easily supports integration with customers (COTs)
and partners commercial vNFs (For example, Trend Micro DPI security package)
• NXP Differentiation and Advantage
AIOP, Hardware Acceleration
• Full suite of OPN-NFV Virtualization Platform package optimized for
NXP Layerscape
supports dynamic service chaining, intelligent Edge
working with customers in vCPE, SD-WAN markets…etc
top related