Session
FOSDEM Schedule 2021
Software Defined Networking

Is your elephant a gazelle?

How to accelerate IPsec elephant flows
D.sdn
Fan Zhang
<p>Elephant flows appear irregularly, can consume almost half of the available bandwidth and are consequently associated with a host of issues. Securing elephant flows with IPsec is a well-known challenge to SDN and SD-WAN solutions on commodity hardware. The key problems for those developing solutions are: - How to seamlessly enable dedicated HW to accelerate IPsec processing when available? - How to distribute workloads to more CPU cores and maintain packets ordering to scale? - How to scale up/scale down the computer resource usage when the elephant flow appears and disappears? In this talk we will discuss our recent work done on open-source project FD.io/VPP to address the above problems. We will describe how we utilized and enriched the VPP architecture to accelerate on-demand IPsec elephant flow processing in a unified and seamless way.</p>

Additional information

Type devroom

More sessions

2/7/21
Software Defined Networking
D.sdn
<p>In this talk, we first show how to prototype high-speed network functions with FastClick, an open-source packet processing framework, which comes with hundreds of pre-built building blocks and leverages DPDK or Netmap to build 100-Gbps-capable firewalls, load-balancers, NATs, or IDSes.</p> <p>We then review the history of high-speed software dataplanes. We explain the evolution of graph-based (software) network packet processing from the early 2000s with the emergence of the Click Modular ...
2/7/21
Software Defined Networking
Maciek Konstantynowicz
D.sdn
<p>Overview of fully automated open-source FD.io benchmarking (per patch, daily/weekly trending, per release) with focus on network data plane (VPP, DPDK). Quick walk through HW systems with CI'ed calibration and testing (Xeon, Atom, Cortex, EPYC, 10/25/40/100GE, QAT) and stateless / stateful network test methodologies using TRex.</p> <p>Implemented benchmark and analytics strategies / algorithms for high volume non-stop CI benchmarks: i) optimized throughput rate discovery, ii) self-guiding ...
2/7/21
Software Defined Networking
Srivats P
D.sdn
<p>While Ostinato allows you to import, edit and replay packets from PCAP files, most users prefer to craft packets from scratch using the Ostinato GUI which has support for the most common protocols out of the box. For unsupported protocols, Ostinato has a Protocol Builder framework that can be used to quickly add support.</p> <p>In this talk, Ostinato creator Srivats P shows you how.</p>
2/7/21
Software Defined Networking
Marco Spaziani Brunella
D.sdn
<p>I present a solution to run Linux’s eXpress Data Path programs written in eBPF on FPGAs, using only a fraction of the available hardware resources while matching the performance of high-end CPUs. The iterative execution model of eBPF is not a good fit for FPGA accelerators.</p>
2/7/21
Software Defined Networking
Akihiro Suda
D.sdn
<p>Setting up multi-cluster and multi-cloud container networking for dev environments has been too harder than it needs to be. NoRouter is a novel instant networking stack to overcome this difficulty, by transferring IP packets over stdio streams (aka "shell connections"). NoRouter works with any container, any VM, and any baremetal machine, on anywhere, as long as the shell connection is available from your laptop, e.g. <code>kubectl exec</code>, <code>docker exec</code>, or ...
2/7/21
Software Defined Networking
Lori Jakab
D.sdn
<p>Kubernetes is becoming the platform of choice for more and more application developers. As applications become more complex and more distributed, they may span multiple Kubernetes clusters, or a combination of Kubernetes and on-premise workloads. While internal traffic within a Kubernetes cluster is handled by the CNI plugin, the external traffic between these workloads, or from workloads to end users, is often carried over a Software Defined Wide Area Network (SD-WAN), which is used for ...
2/7/21
Software Defined Networking
D.sdn
<p>There’s a fast-growing industry trend in the adoption of eBPF to accelerate Kubernetes infrastructure (Cilium, Calico …). AF<em>XDP is a new type of socket that is optimized for high performance packet processing based on eBPF and eXpress Data Path-XDP. XDP allows you to attach an eBPF program to a lower-level hook inside the kernel (aka the NIC Driver). It offers some very promising performance increases for microservices while allowing them to adhere to cloud native design principles. ...