iben from spirent talks at the sdn world congress about the importance of and issues with nfv...

October 16th 2014 - SDN World Congress - Dusseldorf, Germany

Performance – Scaling out NFV implementation...

Iben RodriguezPrincipal ArchitectCloud / Virtualization

version 03–10-16-2014

2 PROPRIETARY AND CONFIDENTIAL

Background – virtualization - SDN (NVo3) - NFV (VNF) Decision Process Technology Adoption Lifecycle Typical use cases for Virtualized Network Functions Virtualization Impact on the Datacenter Options for Testing and traffic generation Importance of Testing Methodologies Example python script for automation and test case

generation CPU Core Distribution – lessons learned Continuous Testing – integrating all this into the

development and release deployment lifecycle.

Let me tell you a story...


Service Providers have big SDN/NFV plans


Must maintain SLAs

Limited bandwidth available in network – adding links is expensive

Increased VoIP/Video applications putting a stress on networks

Network resilience – convergence, failover, protection switching, fast reroute, minimal service disruption

Creation and management of Traffic Engineering service paths

Stringent requirements for fault management & OAM

SDN for Service Providers


Typical Technology Adoption S-Curve


SDN/NFV Timeline

2013

2015

2016

2017-2020

2014

POC

Field Trials

Start of Commercial Deployment

Widespread small Commercial Deployment

The new normal


Testing Implications

Performance Benchmarking

Security & Reliability

Management & Orchestration

Test VM M&O system for in lab environment

Seamless integration of test VMs with SPs M&O systems for live & post deployment environment

Test fault detection capability of M&O systems

Management & Orchestration

Performance Testing

Performance benchmarking of VNFs, hypervisors and COTS H/W

Portability & Interoperability

Performance isolation

On demand scale testing

VM Migration

Security & Reliability

Service continuity

Fail-over convergence time

Testing security for resources shared across VNFs

Topology validation


Virtualization Impact

SP Mobility

Cloud DC SP Access/Edge

Underlay Network

Network virtualization

vRouter testing

vBRAS testing

PCE/BGP-LS validation10/40/100G

Overlay Network

Orchestration

vEPC Capacity

Offload testing

Busy hour call Modeling

Service Chaining

Elastic Performance

Service Availability

VM Migration

Multi-tenancy

Virtual Infrastructure


P-GW

Network Service Provider

Data Center Interconnect

Cloud ServicesCloud

ServicesCloud Services

Intra-DC network

SDNNFV

Cloud Service Provider

VMVM …VNF VNF …

Cloud ServicesCloud

ServicesCloud Services

Intra-DC network

SDN NFV

Cloud Service Provider

VMVM …VNF VNF …

SP Core

SP Edge

Wireless

2G3G4GWifi

Residential

Enterprise

CopperFiberCable

CopperFiberCable

MBH

Testing for Service Provider and Cloud Datacenter VNFs

SDN

NFV

SDN NFVSDN

NFV

SDN

NFV

Edge

Core

Edge

MMES-GW

…P-GW

EPC

Layer 2-3 TestingAccess, Edge, Core

Mobility TestingvEPC Cloud Testing - Data Center


vFW

vBNG

vRouter

vCE

vFW

vBNG

vRouter

vCE

Controllerplatform

OSS/BSS Open Stack / Cloud Stack

Applications Test tools/Methodologie

sREST API

Open Flow

PCEPBGP-LS

NETCONG/YANG

SNMPNETCONF

Focus Areas – Network Testing

ControllerTopology / Config

Manager

Stats / Monitoring

Northbound API

Southbound API

Segment Routing

MPLS Switching Routing, VPNs


DX2

FX2

MX2

100GMODULES

DX2 FX2 MX2

Interface: CFP2 CFP4 (adaptor Q4)

QSFP-28 (adaptor Q4)

Speed per Interface: 1x100G (Now) 2x40G (4Q) 8x10G (4Q)Available: Now (100G)


QSFP-28 (adaptor in Q4)

Speed per Interface: 1x100G Available: Q4 (Dec), 2014


QSFP-28 (adaptor in Q4)

Speed per Interface: 1x100G Available: Q4 (Nov), 2014


100G TechnologyFlexibility

A Single Module for Multiple Technologies

Native Interface of CFP2

Pluggable & Mixable Adaptors for:• CFP4• QSFP-28• CXP

Available on all DX2, FX2 & MX2 Modules


Emulate CPE requesting multiple addresses Pack multiple IA_NA and IA_PD in a single message

sequence• IA_NA (Identity Association for Non-Temporary Address)

• IA_PD (Identity Association for Prefix Delegation)

DHCPv6 Multiple AddressesNew Product BPK-1320


Use case–Validate failure convergence of vRouter

Orchestrator(e.g. OpenStack)

SDN Controller

Monitor

Config

COTS Servers hosting VNFs

STC test orchestrator

(Velocity)

REST

Onboard vRouter, vFW and vIDS instances on COTs server and connect to STC chassis as shown

Initiate high scale control and data plane traffic from STC (e.g. BGP, OSPF) & establish vRouter upper limits

Initiate failure from STC (BFD timeout or link failure)

Validate the migration of VNFs to another server and measure convergence times for control plane and traffic

vRoutervIDSvFW

vRoutervIDSvFW

STCSTC

Primary

Backup


The Spirent EVCI Solution

Automation Virtualization

Continuous Integration

Source & Artifact Control

Build artifacts

Initiate iTestAutomation Manage VMs

iTest projectsTest artifacts

iTest automationprojects

Test Artifacts

Support files

Build artifacts

Leverage iTest automation to manage the integration between CI and the virtual environment


• PCI Bus Utilization

• CPU Wait Time per core

• Memory Utilization per socket

• Power usage - efficiency

• Storage Input Output

Metrics to evaluate during test iterations


Complex Vendors / Technologies Landscape

VSwitchVSwitchVSwitch

OpenFlow Controller

Management Console

NFVNFVNFV Compute / Storage

Overlay Network (VXLAN, NVGRE)

Underlay Network

NFV

NV

Open Flow


VSwitchVSwitchVSwitch

OpenFlow Controller

Management Console

IDSNATFirewall

Service Chaining Concepts =Need for Cross Layer Technology Validation

10/40/100G

24 PROPRIETARY AND CONFIDENTIAL© 2013 Brocade Communications Systems, Inc. Company Proprietary Information 24

Packet Pipeline

Packet Pipeline

Vyatta 5600 vPlane ArchitectureIntel DPDK

VM

Packet

Packet

Packet

Core 0 Core 1

Core 2 Core 3

Core 4 Core 5

Core 6 Core 7

Packet

Packet

Packet

25 PROPRIETARY AND CONFIDENTIAL 04/10/2023© 2010 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only 25

VNF Router Performance with DDoS MitigationETSI NFV POC #9 (NFVPER(14)000024a3)

Use case and scenario• ETSI use case #2, VNFaaS• Security VNF DDoS

mitigation

Benefits• Protects networks and

apps• Preserves bandwidth

Performance observation• Line rate forwarding• Line rate detection /

dropping


#! /usr/bin/env python # test-calc.py # Created by Iben Rodriguez on 7/14/14. import time import datetime row = 0 print ("*** BEGIN TEST-CALC.PY JOB RUN = " + datetime.datetime.now().strftime("%y-%m-%d-%H-%M-%S")) print ("row, dut, platform, fabric, driver") for dut in ["DevA","DevB", "DevC"]: for platform in ["KVM","Hyper-V","ESXi","LXC"]: for fabric in ["FLAT","LOCAL","VLAN","GRE","VXLAN"]: for driver in ["linuxbridge","openvswitch","hyperv","ncs","arista","cisco_nexus","l2population"]: row += 1 print ((format(row,'04d')) + ", " + (dut) + ", " + (platform) + ", " + (fabric) + ", " +

(driver) ) print ("row, dut, platform, fabric, driver") print ("*** END JOB RUN = " + datetime.datetime.now().strftime("%y-%m-%d-%H-%M-%S"))

Example Python Script for test case generation


Python script test output


8 ports, 1 CPUs, 8 cores, 1 DUT, single


8 ports, 2 CPUs, 8 cores, 2 DUTs, not distributed


8 ports, 2 CPUs, 8 cores, 2 DUTs, distributed


Management and Orchestration Architecture


Velocity EVCI – Virtual Network Test Beds Orchestration

Test Suites

Cloud Under Test (CUT)

OpenFlowController & Switch

EmulationVXLAN/Geneve

Switch Emulation

10/40/100G

Spirent Elements

Test SuitesTest Suites

Test Suites

Topology TemplatesvDUT Image Management

Spirent VCT LAB – NEPHOSCALE Public Clouds –

RAVELLO

Test VMs

Customer’s Servers, Spirent HW/SW

10/40/100G Test VMs

Spirent Hosted Elastic Virtual Private Test BedsBenchmark-A-A-S

AmazonGoogle

Test VMs

Azure

Customer’s CI

Orchestration

Bare Metal Servers

Bare Metal Servers

Customer / On-Premise

Jenkin Jobs (instantiate test environment, run

test)

Results

Virtual Test Bed Instances / Jenkins Jobs

Virtual Test Bed Instances / Jenkins Jobs

=


33

Spirent TestCenter

OpenFlow Switch

Emulation

Spirent Communications Thank You – Questions?

For this and other exciting testing products for SDN and OpenFlow please see us at booth #28

• Emulate 1000+ OpenFlow 1.3 Switches using pre-canned topologies per port

• Support LLDP Topology Discovery• High Rate Packet-In testinghttp://www.spirent.com/go/sdnshowcase [email protected]

• Interactive, multidimensional network topology view

• 360⁰ navigation with context-aware network controls

• Clearly see areas of congestion

http://www.real-status.com/sdn

http://www.spirent.com/go/sdnshowcase

mailto:[email protected]





BACKUP


Fail-over Convergence

Spirent Velocity

VNF

VNF

Southbound Interface

Netconf, Openflow, PCE,

BGP-LS

Spirent Velocity

VNF


Service Chaining

Spirent Velocity

VNF VNFVNF

Spirent Velocity



BGP-LS


VM Migration

VNF

VNF

VNF

Spirent Velocity

Spirent Velocity

VNFVNF

Server 1

Server 2



BGP-LS


Typical Multi-Core CPU Network Port Mapping


4 Core CPU balanced across PCI BUS


LACP Hot-Standby & Multi Chassis LAG New Product LAG Emulation BPK-1312

DUT

STC

ICCP

Traffic

Support for Active/Stand-by ports in a MC-LAG configuration

Support for DUT configured Min and Max ports in a LAG DUT is typically the Master (higher System ID)

• DUT determines which ports are Active based on Partner Port ID

• Remaining ports put in (Hot)Standby mode (LACP Out-Of-Sync)

Break one or more links on the Active set

Measure Frame Loss Duration for traffic to switch to Standby-Ports

https://sites.google.com/site/amitsciscozone/home/link-aggregation/multichassis-link-aggregation-group/MC-LAG_1.png?attredirects=0









BGP Router Block Coming Soon – Q4 (Oct)

DUT

Route Count=1MStartIP= iMix 11.0.0.0 Netmask /8 - /31

Bidirectional traffic

BGP Router Count=16KRtrID:199.1.1.1/32IPv6 RtrID=2999::1/128

DUT

Route Count=160KStartIP= 2011:: Netmask /64

PPPoE/DHCP/L2TPoPPoE

Session Count=16KIpv6 Intf Start=2000::/32

STC Route

Blk

Usecase3

BGP with BFD CPD Router Count=10KRtrID:199.1.1.1/32Intf. IP=10.1.1.1/24VlanID 1 - 200010K BFD @ 100ms

DUT

Route Count=200KStartIP= 11.0.0.0 Netmask /24

Bidirectional trafficUsecase2

BGP Router Count=10KRtrID:199.1.1.1/32Intf. IP=10.1.1.1/16

BGP Router Block

BGP Router Block Access Session Block

BGP Route Block

BGP BGP Router Count=10KRtrID:198.1.1.1/32Inf. IP=100.1.1.1/16

BGP Router Block

BGP Route Count=1MStartIP= iMix 101.0.0.0 Netmask /8 - /31

BGP with BFD CPD Router Count=10KRtrID:198.1.1.1/32Intf. IP=100.1.1.1/24VlanID 1 - 200010K BFD @ 100ms

Route Count=200KStartIP= 101.0.0.0 Netmask /24

BGP & BFD Router Block

BGP & BFD Router Block

BGP & BFDBGP & BFD

Bidirectional traffic


DHCP over L2GRE New Product – Emulation over L2GRE (BPK-1319)

Wi-Fi Offload

Gateway

3GCore

4GCore

Data Networks

STC emulates UE, SSID, & AP

STC emulates Core side

UE SSID AccessPoint DHCP Server

GRE Tunnel Wifi

Offload Gateway

DHCP

DHCP Discover

DHCP Offer

DHCP Request

GRE Tunnel

DHCP Ack

Data Packet

Data


Segment Routing w/ IGP(OSPF/ISIS)MPLS Simplified and OptimizedNew Part Number BPK-1317 (OSPFv2) & BPK-1318 (ISIS)

DUT B

STC D

STC C

STC A STC-E

10.1.1.0/24

RID= 1.1.1.12SID=12

RID= 1.1.1.10SID=10

RID= 1.1.1.11SID=11 RID= 1.1.1.99

SID=99

IF=0,

Cost=

x,

Adj=90

01

RID= 1.1.1.2SID=2

RID= 1.1.1.1SID=1PHP off

IF=1, Cost=

y

Adj=9002

IP dest=10.1.1.1

Label=99

IP dest=10.1.1.1

Label=1,9002,99

IF Cost x=y, =>ECMP, Equal Cost Multi-path, load sharing

IF Cost x<y, => Path through Node C preferred

Explicit path

IGP determined path

Leverage existing MPLS forwarding and VPN services Reduced State – LDP & RSVP protocols no longer needed Scalable – Fewer number of MPLS Labels to manage Reliability & Availability - entirely automated 50msec Fast Reroute

or Failover


SP-SDN – Testing the PCE controllerNew Product BPK-1315 (PCC) & BPK-1316 (PCE)

SDN (PCE)Controller(DUT)

A

DRequestSLA Path

Traffic Engineering Database (TED)

Stateful PCE Traffic Engineering status

BGP-LS/BGP-TEReport

Data Analytics

Capacity planningCalendaring

REST APIThrift API

North

South

UpdateInitiate

STC

STC

STC

Top Down Design - Use existing network infrastructure, only update head-end/ingress node

In built High Availability - No need to replicate MPLS and IGP Fast ReRoute(FRR), protection switching mechanisms

Separates Network Path Computation from Topology Determination

Networks nodes still have knowledge of the topology and can fast reroute in case of failure

PCE controller – Optimizes paths to meet SLAs without using the High Cost Links(Shortest Path)


Use case–Validate performance and auto scaling of vBNG

Orchestrator(e.g. OpenStack)

SDN Controller

Monitor

Config

Compute

Storage Network

Virtualization

vSTCvBNG

vSTC

vBNG

COTS Server hosting VNFs

STC test orchestrator

REST

Onboard vBNG and vSTC VMs using vendor orchestrator and/or Spirent plugin

Assign appropriate cores/memory to VNFs and originate/terminate traffic on vSTC

Measure the vBNG’s upper limits for control and data plane performance

Validate the auto scaling capability of the BNG by ensuring that additional cores are assigned to vBNG or additional vBNGs are spawned under following circumstances• Data plane scale beyond normal limits

• Control plane scale (increasing PPPoE sessions)


Spirent‘s Strategic Foundation

Validate high density edge & core

routers

Next-gen protocols &

scale testing

Improve customer

experience

Leader in SDN/NFV testing

Embed Spirent in millions of

devices

• FX2/MX2100G

• FX2/MX2 10G, 1G

• CFP2/CFP4• 400G

• Transport vehicles

• Home appliances

• Monitoring in SDN/NFV environments

• Port Grouping

• MVPN• LDPv6• Protocol &

stream scale

• Virtual infrastructure testing

• VNF testing• Methodolog

ies• PCE, BGP-

LS

• Site surveys

• CR reduction

• CET

Currently Available In Progress 1-3 years

iben from spirent talks at the sdn world congress about the importance of and issues with nfv...

Technology

dx2 fx2 mx216 proprietary

big sdnnfv plans4 proprietary

service providers

adaptor q4speed

continuous testing

cfp2cfp4 adaptor q4qsfp

vnfs test vm mo system

migration of vnfs