Session
Schedule FOSDEM 2022
Network

Challenges and Opportunities in Performance Benchmarking of Service Mesh for the Edge

<p>As Edge deployments move closer towards the end devices, low latency communication among Edge aware applications is one of the key tenants of Edge service offerings. In order to simplify application development, service mesh architectures have emerged as the evolutionary architectural paradigms for taking care of bulk of application communication logic such as health checks, circuit breaking, secure communication, resiliency (among others), thereby decoupling application logic with communication infrastructure. The latency to throughput ratio needs to be measurable for high performant deployments at the Edge. Providing benchmark data for various edge deployments with Bare Metal and virtual machine-based scenarios, this paper digs into architectural complexities of deploying service mesh at edge environment, performance impact across north-south and east-west communications in and out of a service mesh leveraging popular open-source service mesh Istio/Envoy using a simple on-prem Kubernetes cluster. The performance results shared indicate performance impact of Kubernetes network stack with Envoy data plane. Microarchitecture analyses indicate bottlenecks in Linux based stacks from a CPU micro-architecture perspective and quantify the high impact of Linux’s Iptables rule matching at scale. We conclude with the challenges in multiple areas of profiling and benchmarking requirement and a call to action for deploying a service mesh, in latency sensitive environments at Edge.</p>
The pervasiveness of Edge computing and Service Mesh constructs within a cloud native environment have almost been at the same time during last few years. Requirements of Edge compute to be able to unify both Information &amp; Communication Technology (ICT) and Operational Technology (OT) have brought together cloud native deployments and microservice based service offerings to the Edge infrastructure]. While Kubernetes been the most popular model of deploying cloud native infrastructure to offer software services, service mesh is the emergent application deployment paradigm that decouples application from developing most of the software defined networking aspects of microservice interactions. This paper introduces features of service mesh that are architecturally suitable for Edge compute service offerings and application development principles. To understand applicability of service mesh, architectural principles need to be understood to figure out suitability of various benefits mesh benefits to customized Edge deployments. This talk introduces and correlates various Edge requirements to the service mesh’s architectural guidelines. Then further dig into deployment considerations of service mesh with Edge deployment types to provide practical communication challenges between the two. This talk: - Provides benchmark tests and their results that provides the impact of service mesh on simple Kubernetes based deployments using Istio &amp; Envoy as service mesh and its sidecar proxy, that can be leveraged for Edge environments. - Provides detailed analysis of the software used to identify bottlenecks using Top-Down Microarchitectural Analysis and CPU Hot Spot analysis. - Summarizes the gaps identified during the detailed testing of these open-source components - Showcases the impact of utilizing service mesh for edge computing.

Additional information

Type devroom

More sessions

2/6/22
Network
Luca Deri
D.network
<p>Security and monitoring applications need to classify traffic in order to identify applications protocols, misuses, similarities, communications patterns not easily identifiable by hand. nDPI is a library that implements various algorithms for traffic analysis able to detect outliers, anomalies, traffic clusters, behavioural changes efficiently in streaming (i.e. while traffic is flowing). Goal of this presentation is to show how nDPI can be used in real life to inspect network traffic and ...
2/6/22
Network
D.network
<p>A rules-based approach has been the standard in network monitoring for many years, for a good reason. In this talk, we'll recap the advantages of a rule-based approach and how it's still relevant to this day. The speaker will also show how you can implement rules using <a href="https://checkmk.com/">Checkmk</a>, an open source IT monitoring software and discuss the entry of AI technology into infrastructure monitoring.</p>
2/6/22
Network
Max Leonard Inden
D.network
<p><a href="https://libp2p.io">libp2p</a> is a universal, cross-platform, multi-language, modular peer-to-peer networking library powering multiple large-scale networks, for example IPFS.</p> <p>In the first part of the talk we’ll present the basic building blocks of the library and explain how they fit together. In the second part, we’ll take a closer look at the recently added decentralized hole punching feature, allowing NAT and firewall traversal without the need for any central ...
2/6/22
Network
D.network
<p><a href="https://fd.io/">VPP (aka Vector Packet Processing)</a> is a fast network stack running in Linux userspace. It is designed to handle packets with high performance, which makes gathering statistics efficiently a must have.</p> <p>The model that has been chosen in <a href="https://fd.io/">VPP</a> to provide up to date statistics is built upon shared memory and optimistic locking. The counters are updated in this shared memory at a rather low cost by the data plane and can be read out at ...
2/6/22
Network
Nathan Brown
D.network
<p><a href="https://www.dpdk.org">DPDK</a> added a RCU library with a novel method to reclaim resources. We have been running tests to understand the performance differences between the <a href="https://www.dpdk.org">DPDK</a> RCU and the <a href="https://liburcu.org/">user space RCU library</a>. In our tests, we find that <a href="https://www.dpdk.org">DPDK</a> RCU can perform reclamation faster and perform significantly better when pre-emptive readers are involved. Other than the performance, ...
2/6/22
Network
Pim van Pelt
D.network
<p>In this talk, we will demonstrate high performance routing using open-source <a href="https://fd.io">VPP</a> and it's underlying <a href="https://dpdk.org">Data Plane Development Kit</a>. This talk highlights the authors work on integrating the Linux ControlPlane which makes BGP, OSPF, etc available with VPP. We'll then turn to a popular DPDK based loadtesting tool <a href="https://trex-tgn.cisco.com">TRex</a>, and discuss performance benchmarking results from the field using the author's <a ...
2/6/22
Network
D.network
<p>The software applications of the Cloud Native era have a huge dependency on the network, these microservices are bound to a single concern and utilize the network to communicate with each other. The dependency on the network continues to grow as more and more microservices depend on it. However, there is no way to predictably leverage the network for the specific demands of your application. What if we could tag certain applications as needing a priority from the network. This would enhance ...