Presentation is loading. Please wait.

Presentation is loading. Please wait.

Offloading Linux LAG devices Via Open vSwitch and TC

Published byYulia Hadiman Modified over 5 years ago

Similar presentations

Presentation on theme: "Offloading Linux LAG devices Via Open vSwitch and TC"— Presentation transcript:

1 Offloading Linux LAG devices Via Open vSwitch and TC
John Hurley Open vSwitch 2018 Fall Conference

2 Offloading Flows With TC Flower
ovs-vswitchd VM 1 VM 2 TC Flower OVS Datapath ovs-dpctl dump-flows in_port(2),eth_type(0x0800),ipv4(proto=6,frag=no), packets:98, bytes:14316, used:5.351s, actions:3 tc -s filter show dev nfp_v0.0 ingress filter protocol ip pref 1 flower chain 0 filter protocol ip pref 1 flower chain 0 handle 0x1 eth_type ipv4 ip_proto tcp ip_flags nofrag in_hw action order 1: mirred (Egress Redirect to device nfp_p0) stolen index 1 ref 1 bind 1 installed 12 sec used 11 sec Action statistics: Sent bytes 98 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 Nic Driver (NFP) (nfp_p0) (nfp_p1) (nfp_v0.0)

3 Offload Performance on SmartNIC
VXLAN encapsulated traffic Open vSwitch rules offloaded to SmartNIC via TC Traffic sent in physical port Forwarded to VM and bounced back on different port

4 LAG Devices and Representors
Link Aggregation (LAG) - combine multiple ports to act as single Load balance to increase bandwidth Active/backup failover Open vSwitch bonds Combination of OvS kernel, OvS bond, LACP, high throughput - link flapping Linux LAG devices Linux bond, Team Deployed in OpenStack environments What if a Linux LAG upper device has ‘offloadable’ lower devices and is added to an OVS bridge? ip link show 35: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 37: nfp_p0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP 38: nfp_p1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP

5 Egress Offload NETDEV_CHANGELOWERSTATE NETDEV_CHANGEUPPER
tc -s filter show dev nfp_v0.0 ingress filter protocol ip pref flower chain 0 handle 0x1 eth_type ipv4 in_hw action order 1: mirred (Egress Redirect to device bond0) stolen Kernel TC Bond Team NFP NETDEV_CHANGELOWERSTATE Record active/backup port states NETDEV_CHANGEUPPER Track new LAG upper and lower devs Packet hash on NIC gets egress port SmartNIC Group 1: nfp_p0 nfp_p1 _______ Group 2: …... match: nfp_v0.0, ipv4, action: Group 1

6 Ingress Offload SmartNIC is not aware of LAG devices (in-kernel representation) If ‘bond0’ contains offloadable ports there is a need to: Distribute filters to all lower devices Combine stats from all lower device offload to LAG upper device/flower rule No offload callback in the LAG drivers Difficult for SmartNIC driver to track changes Are there any TC features we can make use of to solve this? tc -s filter show dev bond0 ingress filter protocol ip pref flower chain 0 handle 0x1 eth_type ipv4 not_in_hw action order 1: mirred (Egress Redirect to device nfp_v0.0) stolen

7 TC Shared Blocks Introduced in Kernel 4.16
Each ingress qdisc has its own set of chains and filters called ‘blocks’ Shared blocks allow multiple qdiscs/netdevs to use the same chains/filters Prevent duplicating rules which may not scale on, say, TCAM device offload Each qdisc/netdev on block reports same filters and stats Block X tc qdisc add dev nfp_p0 ingress_block 22 ingress tc qdisc add dev nfp_p1 ingress_block 22 ingress tc filter add block 22 protocol ip parent ffff: flower ip_proto tcp skip_sw action drop nfp_p0 ingress qdisc nfp_p1 ingress qdisc

8 TC Shared Block as LAG Representations
Grouping LAG lower devices in shared blocks along with their upper device LAG netdev hierarchy not influenced outside the TC layer All lower devices receive same filters applied to master Effective distribution of offloaded filters - all offload ports get callback Stats correctly handled by default Block X bond0 upper netdev bond0 upper netdev nfp_p0 lower netdev nfp_p1 lower netdev nfp_p0 lower netdev nfp_p1 lower netdev

9 TC Shared Block Offload and Re-offload
TC shared blocks call offload hook for each netdev per filter Cannot (in ) add new qdiscs/netdevs to block if it has offloaded rules Filter deletion offload hooks are only triggered on block deletion Removing a netdev from a shared block may still leave offloaded rules LAG devices by their nature require flexible addition/removal of netdevs [PATCH 0/7] net: sched: support replay of filter offload when binding to block (kernel 4.19) Add the ability to replay offloaded filters when a new callback is registered Replay ‘delete’ filter messages for each netdev on block withdrawal

10 Working with Open vSwitch
ovs-vswitchd Open vSwitch 2.10 [Patch 0/6] offload Linux LAG devices to the TC datapath Add shared block ID support to OVS-TC API Track Linux kernel netdevs and record LAG info If a LAG upper dev is added to the OVS bridge, assign its qdisc a unique block ID If a lower dev’s related upper dev is on the OVS bridge then associate it with the upper devices block User Space Kernel TC Datapath Block X Upper Dev Qdisc Lower Dev 1 Qdisc Lower Dev 2 Qdisc NFP Driver SmartNIC NFP SmartNIC Lower Device 1 filters/stats Lower Device 2 filters/stats

11 Thank You

Download ppt "Offloading Linux LAG devices Via Open vSwitch and TC"

Similar presentations

Thoughts on Potential OF 1.1 Features Martin Casado, Brandon Heller, Glen Gibb, Rajiv Ramanathan, Leon Poutievski, Edward Crabbe, You.

Thoughts on Potential OF 1.1 Features Martin Casado, Brandon Heller, Glen Gibb, Rajiv Ramanathan, Leon Poutievski, Edward Crabbe, You.
NetFPGA Project: 4-Port Layer 2/3 Switch Ankur Singla Gene Juknevicius

NetFPGA Project: 4-Port Layer 2/3 Switch Ankur Singla Gene Juknevicius
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.

OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
Intel ® Ethernet Depths of the Cloud: How Linux Networking needs to evolve Peter (PJ) Waskiewicz Shannon Nelson.

Intel ® Ethernet Depths of the Cloud: How Linux Networking needs to evolve Peter (PJ) Waskiewicz Shannon Nelson.
Performance Evaluation of Open Virtual Routers M.Siraj Rathore

Performance Evaluation of Open Virtual Routers M.Siraj Rathore
Scalable Flow-Based Networking with DIFANE 1 Minlan Yu Princeton University Joint work with Mike Freedman, Jennifer Rexford and Jia Wang.

Scalable Flow-Based Networking with DIFANE 1 Minlan Yu Princeton University Joint work with Mike Freedman, Jennifer Rexford and Jia Wang.
Keith Wiles Keith.Wiles@Intel.com DPACC vNF Overview and Proposed methods Keith Wiles Keith.Wiles@Intel.com 2015.04.03 – v0.5.

Keith Wiles DPACC vNF Overview and Proposed methods Keith Wiles – v0.5.
© 2014 VMware Inc. All rights reserved. Open vSwitch for Microsoft Hyper-V Eitan Eliahu, Nithin Raju, Ankur Sharma Network & Security Business Unit.

© 2014 VMware Inc. All rights reserved. Open vSwitch for Microsoft Hyper-V Eitan Eliahu, Nithin Raju, Ankur Sharma Network & Security Business Unit.
SDN Scalability Issues

SDN Scalability Issues
OpenFlow Switch Limitations. Background: Current Applications Traffic Engineering application (performance) – Fine grained rules and short time scales.

OpenFlow Switch Limitations. Background: Current Applications Traffic Engineering application (performance) – Fine grained rules and short time scales.
Net Optics, Inc. - Proprietary Director Pro™ Overview February 2010.

Net Optics, Inc. - Proprietary Director Pro™ Overview February 2010.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Networking Features Upon completion of this module, you should be able to: Discuss and configure VNX networking features This module continues the discussion.

Networking Features Upon completion of this module, you should be able to: Discuss and configure VNX networking features This module continues the discussion.
NDIS LBFO Miniports (Load Balancing And Failover) Larry Cleeton Program Manager Windows Networking And Communications Microsoft Corporation.

NDIS LBFO Miniports (Load Balancing And Failover) Larry Cleeton Program Manager Windows Networking And Communications Microsoft Corporation.
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
Implementation and Performance Analysis of a Delay Based Packet Scheduling Algorithm for an Embedded Open Source Router Master’s Thesis Presentation June.

Implementation and Performance Analysis of a Delay Based Packet Scheduling Algorithm for an Embedded Open Source Router Master’s Thesis Presentation June.
Virtualization Infrastructure Administration Network Jakub Yaghob.

Virtualization Infrastructure Administration Network Jakub Yaghob.

Similar presentations

Ads by Google