| layout | title | group | data | presenters | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
default |
ACM SIGCOMM 2017 Tutorial (Full-Day): The Netmap framework for NFV applications |
Tutorials |
|
|
The first part of this tutorial provides an overview and an analysis of the challenges for fast user-space network I/O frameworks such as netmap, DPDK, PF_RING. These frameworks support packet processing applications (e.g., routers, middleboxes) that need to deal with millions of packets per seconds (e.g., 10 Gbps or higher), which are often needed in the context of Network Function Virtualization (NFV). For performance reasons, the frameworks typically bypass the kernel or its network stack, and provide user-space applications with a device-independent API for direct access to the physical or virtual Network Interface Card (NIC) hardware.
The tutorial then focuses on Netmap [1, 2, 3] because of its flexibility, multi-faceted capabilities and unique advantages to other frameworks, in particular for NFV use cases. We introduce Netmap along with its API and example programs. The different features are then presented one by one along with their corresponding use cases and performance numbers.
We aim at attendees becoming able to write a simple packet processing application using the netmap API and run it on several netmap ports on bare metal or inside containers and virtual machines.
{% include presenters.html presenters=page.presenters %}
{% include program.html type="tutorial-netmap-nfv" data=page.data %}
The need for an alternative mechanism and API for network I/O has been recognized by several O.S. bypass projects (DPDK, PF RING), and comes from the performance limitations of the traditional socket API (and the associated O.S. implementation) in terms of maximum packet rate. Using a traditional socket API a single processor core is not able to send or receive more than 1-2 million packets per second (Mpps) at minimum packet size (60 bytes), despite of much faster modern NICs which support 10-100 Mpps. These limitations are largely due to per-packet size-independent costs: system call, packet copy across user/kernel boundary, VFS layer overheads, dynamic (de)allocation of packet metadata (e.g. sk_buff on Linux), NIC register access and interrupts. Moreover, moving networking to userspace facilitates experimentation and improves portability. The bypass solutions overcome these limitations by pre-allocating packet buffers, mapping those buffers in the application address space and allowing applications to send and receive multiple packets using a single operation (e.g. a system call or a NIC register access). They also use simple packet representation structures optimized for raw packet I/O rather than for full-fledged protocol stack. When combined together, these techniques allow user-space applications to send/receive tens of millions of packets per second, saturating the NIC capacity even with short packets. The study of Netmap is a good introduction to these topics, common to all frameworks. However, Netmap brings some additional benefits that are not found elsewhere: it does not force applications to resort to busy-polling, it is available on several platforms (FreeBSD, Linux, Windows), it supports more devices and it introduces a common API which can also be used for VM networking and Inter-Process Communication.
The Netmap framework has evolved significantly from its inception as a user-space packet I/O interface to NIC hardware in 2011. It is now a flexible network I/O tool that supports many backends (in addition to NICs) and virtualized environments, accessible with the same API. The VALE [4,7] programmable switch (part of Netmap) acts as a virtual switch for Virtual Machines (VMs) and physical NICs, supporting hundreds of virtual ports and over 20 Mpps per-core between its ports. Netmap pipes [8] are point-to-point virtual links that connect processes or VMs at over 40 Mpps, useful for service function chaining. Netmap as a fast network backend has been integrated into hypervisors like QEMU, Bhyve and VirtualBox. Accelerated network I/O is also possible for lightweight virtualization (containers) by means of native support for Linux veth devices (over 40 Mpps). Finally, a virtual pass-through device [5, 6] allows any Netmap interface (e.g. a VALE port, NIC or pipe endpoint) to be safely exposed inside a VM, enabling unprecedented packet-rates (20-40 Mpps) between VMs.
These Netmap features constitute the datapath building blocks for Network Function Virtualization (NFV) deployments. We are not aware of other technologies that allow applications running in two VMs or containers to exchange up to 20-40 Mpps at minimum packet size. With such powerful I/O capabilities, we believe Netmap is the preferred candidate to implement NFV applications such as load balancers, Intrusion Detection Systems, firewalls, etc.
This tutorial will be given as lectures mixed with hands-on training supervised by the speakers. During the training sessions the participants will be given live images containing all the required software (Netmap, hypervisors, example applications, etc.). The images will also be available for download on the Netmap page.
The tutorial targets network engineers and system developers that want to learn what Netmap is and how it can help improving throughput, latency and energy efficiency of their packet processing pipelines, both on bare-metal and Virtual Machines.
Attendees must bring their own laptop, with a Linux distribution or FreeBSD installed directly on the laptop or in a Virtual Machine. Attendees are also expected to have familiarity with networking and programming in C or C++.
- [1] The Netmap page
- [2] The official Netmap code repository
- [3] L. Rizzo - netmap: a novel framework for fast packet I/O, USENIX ATC'12, June 2012, Boston, MA
- [4] L. Rizzo, G. Lettieri - VALE: a switched ethernet for virtual machines, ACM CoNEXT, December 2012, Nice, France
- [5] S. Garzarella, G. Lettieri, L. Rizzo - Virtual device passthrough for high speed VM networking, IEEE/ACM ANCS, May 2015, Oakland, CA
- [6] V. Maffione, L. Rizzo, G. Lettieri - Flexible Virtual Networking using netmap passthrough, IEEE LANMAN, June 2016, Rome, Italy
- [7] M. Honda, F. Huici, G. Lettieri, L. Rizzo - mSwitch: A Highly-Scalable, Modular Software Switch, ACM SOSR, June 2015, Santa Clara, CA
- [8] L. Rizzo, G. Lettieri, M. Honda - Netmap as a core networking technology, AsiaBSDCon, March 2014, Tokyo