External use

TM

Freescale Hardware & Software solutions targeting SDN/NFV markets

M a r , 2 6 2 0 1 5

Srini Addepalli

TM

External use 2

Agenda

• Introduction to SDN and NFV

• ETSI Architecture & Freescale focus

• Vswitch++ Acceleration

• vNF Acceleration

• Freescale Software Solutions

TM

External use 3

SDN

• Disaggregation of Layers• Centralization of CP across multiple data paths

(SDN Controllers such as ODL) – Central Intelligence

• Centralized Management (Openstack Neutron/Congress/GBP etc..) – Single dash board

• North bound protocols − JSON-over-HTTP, NetConf, OpFlex etc..

• South bound protocols− Openflow 1.x (OF)

Management Plane

Control Plane Service Plane (Normal Path)

Data Path

North bound Protocols

South bound Protocols

Data Path

Configuration / Management Agent

Control/Service Plane

Data Plane/Fast Path

Physical Network Function Appliance(Integrated control & Data)

SDN – Separation of Layers

Freescale Solutions

• SDN/OF-optimized SoCs• SDN/OF pipeline for fast path / Data Plane• Embedded OF controller • Integration with Linux Control/Service Plane• Augment OF with L3-L4 Extensions• Augment OF with IPSec & Tunnel Encap/decap

actions.

TM

External use 4

NFV – Network Function Virtualization

• Each network function as VM (vNF)− Scale-Out (Bring more VMs on demand basis based on load)− Multiple network functions can share a NFV node (Compute node)− One common hardware for all types of network functions

Virtual Switch, KVM / QEMU (NFVI)

vNF1 vNF2 vNF3

pNF1

pNF2

pNF3

Freescale Solutions & Initiatives

• ARM based SoCs for NFV nodes• NFV Enabled Linux SDK & Binary distributions

• KVM/QEMU/Libvirt support• Openstack Compute, Storage and Network Node support

• Speed up NFVI Increase the vNF density / Improve vNF performance• Enable vNFs to take advantage of accelerators using generic drivers.• Enable CP-DP vNFs to take advantage of packet processors using OF protocol• ETSI NFV ISG, OPNFV and Openstack Initiatives

TM

External use 5

Virtualized infrastructure manager(s)

Orchestrator

ETSI – NFV Reference Architecture

Orchestrator

VNF manager(s)

Virtualized infrastructure manager(s)

Or-Vnfm

Vi-Vnfm

Or-Vi

EMS1

Service, VNF and infrastructure definition

EMS2 EMS3

VNF1 VNF2 VNF3

virtual compute

virtual storage

virtual network

Virtualization layer

compute HW

storageHW

networkHW

OSS/BSSOs-ma

Se-ma

Ve-vnfm

Nf-vi

Vi-Ha

NFVI

TM

External use 6

Virtualized infrastructure manager(s)

Orchestrator

ETSI – NFV Reference Architecture

Orchestrator

VNF manager(s)

Virtualized infrastructure manager(s)

Or-Vnfm

Vi-Vnfm

Or-Vi

EMS1

Service, VNF and infrastructure definition

EMS2 EMS3

VNF1 VNF2 VNF3

virtual compute

Virtual storage

virtual network

Virtualization layer

compute HW

storageHW

networkHW

OSS/BSSOs-ma

Se-ma

Ve-vnfm

Nf-vi

vi-Ha

Fastpath offload

Layerscape HW(with look-aside accelerators & AIOP)

NFVI (vswitch++)acceleration

NFVI

Openstack Extensions (And) SFC

TM

External use 7

Vswitch++ (NFVI) Acceleration

TM

External use 8

NFV compute nodeNFVI concept and challenges

• NFVI (VMM) enables virtualization of hardware and exposes each virtual hardware to VMs

• NFVI consists of multiple SW modules− Orchestration agent− Libvirt− Hypervisor such as KVM− QEMU for emulating hardware

• Networking− VxLAN – Overlay based virtualization− OVS – Virtual Switching− Firewall – Filtering traffic going to/from VMs.− Traffic Control (Police & Shaping)− DDoS prevention (Syn flood and simple flood

prevention)− IPSec for security-on-wire− IP Fragmentation & Reassembly

• Challenges− More intelligence is being added to VMM –

Intelligence is pushed to the edge

− Amount of traffic processed by vNFs is much higher than typical IT applications, therefore networking performance is important

− For a similar hardware, vNFs provide only 50-60%of the performance over pNFs

VNF1 VNF2 VNFn

NFVI

TM

External use 9

NFVI performance challenge

• Increasing complexity of infrastructure stack− Trending to more

intelligent networking stacks. Netflow, BFD, monitoring, replication, SLB-fast path, …

• Performance bottleneck from soft implementation of networking stack

IP tables+SYN cookie

OF vSwitch

VxLAN decap/demux

IP reasm + IPSec

VM

IP tables+SYN cookie

OF vSwitch

VxLAN decap/demux

IP reasm + IPSec

VM

TCP/IP OVS IPtables + OVS

OVS + VxLAN

IPtables + OVS + VxLAN

IPtables + OVS +

VxLAN + IPsec

64 370 279 195 181 136 49

390 2205 1652 1194 1072 824 146

390 (1K conn)

2205 1514 1051 914 639 98

1024 5722 4346 3085 2737 2080 190

1472 8042 6097 4334 2906 2365 197

50015002500350045005500650075008500

Native networking stack performanceT

hro

ug

hp

ut

TM

External use 10

Kernel space

TCP/IP

DPDK/ODP based NFVI-Networking fast path

• Ethernet Ports are attached to the fastpath user space process.− Cores are typically

dedicated to the process

• Higher throughput− Based on Lagopus and

extrapolated with IPTables, with all (except IPSec) NFVI functions enabled around 1 Gbps per core for 64 bytes and around 5 Gbps for IMIX traffic.

− 25Gbps at IMIX requires 6 to 7 cores (Almost 40% of CPU is used by NFVI, leaving 60% of CPU for VMs)

User space

IPtables

IPSec dataplane

VM

Datapath

Control path

Management

VM

Datapath

Control path

Management

Nova compute

Neutron agent

ovs-vsctl ovs-ofctl

OVSDBOVS

vSwitchD

IPSec fastpath

FW fastpath

OVS fastpath

VxLAN

VHOST user

TM

External use 11

48KBL1-I

32KBL1-D

48KBL1-I

2MB Banked L2

ARM A57

32KBL1-D

48KBL1-I

ARM A57

32KBL1-D

48KBL1-I

1MB Banked L2

ARM A57

32KBL1-D

48KBL1-I

ARM A57

32KBL1-D

48KBL1-I

LS2085A

Datapath Acceleration• SEC- crypto acceleration• DCE - Data Compression Engine• PME – Pattern Matching Engine

General Purpose Processing• 8x ARM A57 CPUs, 64b, 2.0GHz

• 4MB Banked L2 cache

• HW L1 & L2 Prefetch Engines• Neon SIMD in all CPUs• 1MB L3 platform cache w/ECC• 2x64b DDR4 up to 2.4GT/s

Accelerated I/O Processor• 40Gbps Packet Processing• 20Gbps SEC- crypto acceleration• 15Gbps Pattern Match/RegEx• 20Gbps Data Compression Engine• 4MB Packet Express Buffer

Express Packet IO• Supports1x8, 4x4, 4x2, 4x1 PCIe Gen3

controllers• 2 x SATA 3.0, 2 x USB 3.0 with PHY

Network IO• Wire Rate IO Processor:

• 8x1/10GbE + 8x1G• XAUI/XFI/KR and SGMII• MACSec on up to 4x 1/10GbE

Coherency Fabric

IO MMU IO MMU

Secure Boot

Trust Zone

Flash Controller

Power Management

SDXC/eMMC

2x DUART

4x I2C

SPI, GPIO, JTAG

IO MMU

64-bitDDR2/3Memory

Controller

64-bitDDR4

Memory Controller

1MBPlatform Cache

2x USB3.0 + PHY

Pre

-fet

ch

Queue Mgr.

BufferMgr.

SECDCE

8-Lane 10GHz SERDES

8-Lane 10GHz SERDES

8x1/10 + 8x1

PME WRIOP

64-bitDDR2/3Memory

Controller

64-bitDDR4

Memory Controller

AcceleratedPacket

Processor(AIOP)

Buffer

L2 Switch

PC

IeP

CIe

PC

IeP

CIe

SA

TA 3

.0

SA

TA 3

.0

32-bit DDR4Memory Controller

Other Parametrics• 37.5x37.5 Flipchip• 1mm Pitch• 1292pins

48KBL1-I

32KBL1-D

48KBL1-I

2MB Banked L2

ARM A57

32KBL1-D

48KBL1-I

ARM A57

32KBL1-D

48KBL1-I

1MB Banked L2

ARM A57

32KBL1-D

48KBL1-I

ARM A57

32KBL1-D

48KBL1-I

TM

External use 12

Datapath core complex (e200)

LayerScape Architecture

Parse/classify (+TCAM\), policing

L2 Switch

Co

nfi

gu

rab

leP

rog

ram

mab

leP

rog

ram

mab

le GPP

WRIOP

PME

DCE

SEC

AIOP Infrastructure (Work Scheduler, OSM)

DMA

General Purpose Cores64 bit ARMGeneral Purpose Cores

64 bit ARM

Datapath core complex

HW parse

TLU

Statistics

Timers

AIOP

BMan

QMan

QoS

AIOP

Fast path data plane/packet processor

Hardware task scheduler

No interrupt overheads

C programmable

Packet processing accelerators •Table lookup (EM/LPM/ACL)•Packet infrastructure (BQMan, DMA,…)•Parser, SEC, timer etc..

SG Buffer Management in hardware

Packet order maintenance & synchronization in hardware

Synchronous programming model

Deterministic performance (maintained for large number of flows)

TM

External use 13

AIOP

Kernel space

TCP/IP

Vswitch++ Accel in AIOP• Limited GPP involvement

(management only)• Offload as much packet

processing to AIOP− AIOP implementing all fast paths− Direct connectivity to VM− AIOP acting as virtio backend

• Faster Connection rate− IP Table Policy Caching− Entire OF pipeline processing for

switching− All OF based data paths (Easy

to add new features with no changes to AIOP)

• Goal: 25Gbps+ for IMIX traffic

User space

IPtables

IPSec dataplane

VM

Datapath

Control path

Management

VM

Datapath

Control path

Management

Nova compute

Neutron agent

ovs-vsctl ovs-ofctl

OVSDB OF agent

IPSec fastpath

Firewall

Switching

VxLAN

VHOST AIOP

OF control

FSL has all ingredients to develop NFVIxl in AIOP – OF Switch SW, VxLAN in AIOP, fast path technologies for firewall, IPSec and many more..

Entire NFVIxl solution is in works

TM

External use 14

Data path for vNFs

TM

External use 15

AIOP

Kernel space

TCP/IP

vNF Fast Path

• Move data path to AIOP• OF based FP• High throughput, Low

latency and low jitter• FSL provides embedded

controller to talk to OF based fast path in AIOP

• NF API over Controller for various fast path personalities.

• Glue layer to integrate with popular open source.

User space

IPtables

IPSec

VM 1

Emb. OF Control

Control path

Management

VM 2

Emb. OF Control

Control path

Management

Nova compute

Neutron agent

ovs-vsctl ovs-ofctl

OVSDB OF agent

IPSec fastpath

Firewall fast path

Switching

VxLAN

VHOST AIOP

OF control

Data Path for VM1Data Path for

VM2FSL has all ingredients (Hardware & Software) to create packet processing functionality in AIOP.

FSL provides data path technology using Openflow in addition to native implementation.

TM

External use 16

SDN/NFV Specific Solutions

TM

External use 17

SDN/NFV Infrastructure Software - OF Switch

Infrastructure Software DescriptionONSwitch Software (T2/T4 )LSx with AIOP – In works

Purpose•Optimized OF switch Software•Key component in NFVI Acceleration•Key component in SDN/OF based packet processor nodesFeatures• OF 1.3.x based & Many OF 1.5 extensions.•Multiple Data path Instances•Multi table (ACL, LPM and EM) support•Virtual Network Support (VLAN, VxLAN, VxLAN-over-IPSec)•Many Nicira extensions.•Support for OVSDB based configuration.•Many FSL extensions targeting VxLAN/L3/Firewall/NAT & IPSec.•SEC Offload to speed up IPSec•Groups/Queues/Meter/Bind Object support•All optional features are supported – Multipart Messages, IP fragmentation & Reassembly, Table features, Auxiliary channels, Controller role message support, Distribution across controllers and auxiliary channels.•Multi 10G performance on T4.•Commercial Software & Commercial support

AIOP based OF Switch•Takes advantage of AIOP HW features (TLU, Parser, Meters, Frag/Reassembly helpers, stats, timers, SEC accelerators)•Consistent performance even with millions of flows.

TM

External use 18

SDN/NFV Infrastructure Software – Embedded OF Control

Infrastructure Software

Description

OF Controller Software

Purpose•To easily embed into traditional control/service plane software•High flow setup rate.•Can be used to talk to packet processor nodes.Features•OF 1.3.x based & Many OF 1.5 extensions.•C based implementation and API.•TCP, TLS connection support•Support for FSL, Many nicira extensions.•Easy provisioning API to add new OF capable devices, OF logical devices, Grouping of logical devices etc..•Many sample applications (L2 Switching and L3 forwarding)•Interoperable with OVS, NOX open source switches.•Available on T4 and x86•Open Source & Commercial Support available.

TM

External use 19

SDN/NFV Infrastructure Software – Traffic Steering

Infrastructure Software

Description

Traffic Steering – Controller application

Purpose•Service Function Chaining•Steering to Data plane devices.Features•Steer the traffic across multiple compute nodes hosting vNFs.•Support for L2 transparent vNFs.•Service Chain Sets, Service Chains and Policy rules to select the chain.•Dynamic Service Insertion & Removal in the chain.•Scale-Out of individual services in the chain.Inworks :•Openstack-GBP Plugin•Multiple controller support•SCH OF extensions•Steer the traffic through data plane devices (Packet processor nodes) in case of disaggregated Control and Data Paths.

•Current release : Open source and commercial support

TM

External use 20

SDN/NFV Application Software– Secure Router ApplicationApplication Software Description

Secure Router Application on Controller

Purpose•vCPE (BO-HO office scenario)•eNB transport•Enterprise Routers•PGW Features•IPv4 Unicast & Multicast•IPv4 Firewall•IPv4 IPSec•Integration layer with Linux Open Source

• IPTables• Quagga, XORP• Linux IPSec with Strongswan• Linux TC

Inworks•IPv6 support•L2 Control Plane and integration with

• Linux Bridge, MSTPd etc..

•Commercial License and commercial support

TM

External use 21

SDN/NFV Integrated Solution – NFVIxl (iNIC & AIOP)

Application Software Description

NFVI Acceleration Purpose•Speed up the processing power of NFVI nodes•Decrease the use of cores to do NFVI processing•Increasing the vNF densityFeatures•IP Tables fast path using OF•OVSDB based virtual switch•VxLAN and VxLANoIPSec•Openstack integration•Direct connectivity of virtual ports with vNFs.Roadmap•NFVI acceleration for Network namespaces for network nodes.•NFVI acceleration for Dockers•NFVI acceleration for Storage Nodes•DDoS protection•Distributed Routing/Firewall/SLB support•Traffic Control, Traffic Mirroring & Traffic Monitoring

TM

External use 22

L2/L3 Switch Application

Switch HW

Switch SDKSAI API

OF AgentFlow API

Flow API to SAI API

OVSDB

OVSDB Relay

ovs-vsctl

ovs-ofctl

Tow

ards

Ext

erna

l SD

N

Con

trol

ler

(TC

P/T

LS

tran

spor

t)

ARPRoutes

IP Tables

Bridges

Kernel

Linux utilities (IP, ARP, VLAN,

bridge etc..)

VLAN

Linux Integration Modules (Unicast/Multicast, routes ARP,

VLAN, Bridges,

L2/L3 Switch TTP translation layer

OF Driver

STP/RSTP/MSTP

QuaggaXORP

NFAPI

UCM

• Support for multiple switches using network namespaces

• Familiar Linux management interface (Utilities, configuration files)

Linux open source

Freescale developed

Third party

TM

External use 23

QorIQ: Ease of Use Software Toolkit for AIOP

• Freescale provides • Service Layer for data path programming.

Service routines to HW accelerators, Libc, Network utilities and functions to send response/events to GPP software (AIOP framework)

• Development environment: Compiler, linker and debugger, performance & trace tools.

• Freescale network function deliverables− AIOP data path software for popular network

functions− API functions in GPP to program data path

software. (NF API)− Sample software : Changes to popular open

source software (as shown in green boxes) to take advantage of AIOP data path software

• Open Model− Develop your data path software using AIOP

library and development environment. Use FSL supplied NFs as reference.

− Use FSL supplied NF and NF DP API from your applications in GPP

− Modify FSL supplied NF DP API and NF DP software to suit to your requirements

TM

External use 24

Summary

• Freescale is committed to support SDN and NFV technologies.− SDN/NFV friendly hardware (AIOP for acceleration & ARM)− Comprehensive Software SDN/OF Switch Embedded OF controller Service Chaining End-to-End solution PoCs.

• Standardization is the key and Freescale is working in following forums− ONF Extensibility group− Openstack integration (with Multiple blue prints)− OPNFV (Hardware agnostic Drivers)− ETSI NFV (Accelerator Usages and requirements)− Linaro ODP

TM

External use 25

Backup

TM

External use 26

AIOP role in implementing OF based packet processors

TM

External use 27

OFLS – Data Path

Software based OF LS Data path

27

Val

idat

ion

Rea

sse

mbl

y

Par

se

Key

Ext

ract

&

Loo

kup

Inst

ruct

ion

I1 I2 I3 I4 I5

Action Write Meter

A1 A2 G1 A3

A11 A12 A13 A14

A W M

Par

se

Inst

ruct

ion

Par

se

Inst

ruct

ion

I1 I2 I3 I4 I5

Action

A1 A2 A3 A4

A

O

Output

Port

Tra

ffic

Man

age

men

t

Software GlueSoftware

PKT-IN

PKT-Out

Key

Ext

ract

&

Loo

kup

Key

Ext

ract

&

Loo

kup

TM

External use 28

Hardware support for OF (AIOP)

Performance Challenges in SW based OF Data Paths

Performance is limited by number of cores

Almost 8 high performance cores are required to achieve 20Gbps of performance for IMIX traffic -> Criteria including 5 tables, 1M flow entries.

28

HW Support – AIOP

Complete flexibility for software developers to add newer features and newer OF specifications (Cores in AIOP that control the packet flow)

Hard functions and used on per packet basis in OF 1.3 + Freescale + Nicira extensions• IP Reassembly.• Parsing• Key Composition• Table Lookup (ACL, LPM and EM)• Multi band metering• Statistics Caching accelerator• Timer operations• Protocol Operations (eg. IPSec)

Deterministic performance with large number of flows

TM

External use 29

OFLS – Data Path

Open Flow Data Path – with Protocol Processing Engines

29

Val

idat

ion

Rea

sse

mbl

y

Par

se

Inst

ruct

ion

I1 I2 I3 I4 I5

Action Write Meter

A1 A2 G1 A3

A11 A12 A13 A14

A W M

Par

se

Inst

ruct

ion

Par

se

Inst

ruct

ion

I1 I2 I3 I4 I5

Action

A1 A2 A3 A4

A

O

Output

Port

Tra

ffic

Man

age

men

t

Software Glue Software

Val

idat

ion

Rea

sse

mbl

y

Par

se

Ke

y C

om

po

se

& L

oo

kup

AC

L,

LPM

, Exa

ct M

atch

Par

se

Par

se

Hardware

IPSecDPI

DPI Engine IPSec Engine

Hardware – Protocol Processing Engines

Ke

y C

om

po

se

& L

oo

kup

AC

L,

LPM

, Exa

ct M

atch

Ke

y C

om

po

se

& L

oo

kup

AC

L,

LPM

, Exa

ct M

atch

TM

External use 30

SDN/NFV Software toolkits

TM

© 2014 Freescale Semiconductor, Inc. | External Use

www.Freescale.com