SlideShare a Scribd company logo

LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membership Library

L
LF_OpenvSwitch

The document discusses using the DPDK Membership Library to optimize Open vSwitch (OvS) flow classification performance. The Membership Library provides set summaries that allow OvS to perform a two-level lookup for megaflows, first checking the set summary to direct packets to the correct sub-table and avoiding a sequential search. This approach provides a 2-3x improvement in OvS throughput for uniform traffic patterns compared to the original OvS-DPDK implementation. The Membership Library is included in the recently released DPDK V17.11.

Technology
1 of 13
Downloaded 105 times
1
2
3
4
5
6
7
8
9
10
11
12
13
Optimizing OvS using DPDK Membership Library Intel Labs Yipeng Wang & Sameh Gobriel
2 Legal Disclaimers No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest forecast, schedule, specifications and roadmaps. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com. © 2017 Intel Corporation. Intel, the Intel logo, Intel. Experience What’s Inside, and the Intel. Experience What’s Inside logo are trademarks of Intel. Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others.
Contributors Charlie Tai Charlie.tai@intel.com Ren Wang ren.wang@intel.com Antonio Fischetti antonio.fischetti@intel.com
OvS De Facto Virtual Switch for NFV Environments 4 Memory C $ LLC $ Lx C $ Lx Memory C $ LLC $ Lx C $ Lx NIC NIC • General purpose processors withCache/memoryhierarchycan support muchlargerflowtables. • Multicores architectureprovide a scalablecompetitiveflow classificationperformance. TEM/OEM Proprietary OS ASIC, DSP, FPGA, ASSP • Network appliances use purpose-built H/W& ASICs (e.g., TCAM) forflowclassification • Cost & power consumption are limiting factors to support large number offlows Monolithic Purpose-built Boxes NFV Hypervisor (e.g. ESXi, KVM,.. etc.) O Open vSwitch Networking VMs on Standard Servers
5 Open vSwitch Flow Lookup Mask N 1xxx xxxx 0xxx xxxx Flow Mask Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Rules Match Packet Header 1. Set of disjoint sub-table withnopriority 2. Rule is only insertedintoone sub-table (lookupterminates after first match) 3. Lookup is donebysequentially searcheach sub-table untila matchis found Fig. Vtunes OVS flow lookup process (bypass EMC). Test case: 20 sub-tables, each has 100 rules. OvS Flow Classification is a bottleneck
6 Membership Test Usage (example) Blacklisted Flow 1 Blacklisted Flow 2 Blacklisted Flow 3 Blacklisted Flow N Clients Incoming Flows Legitimate Flows are Forwarded to Backend Server Build Set {..} Set of Blacklisted Flows to be Dropped Membership Test ? Check if Flow Belongs to Blacklisted Set SN S2 S1 Set Summary A Summary Instead Of Storing Original ListMembership Library is a DPDK Library to Provide Users the Functionality to Create Different Types of Set-Summaries
7 Overview of DPDK Membership Library in V17.11 Set Summary Is X in set? No Is X in set? Very probable yes Get X Summary of items in Probabilistic data structure • Handle membership test questions • Much smaller storage • Much faster than huge set lookup • [Multi-Set]: Returns X is not found or which set it belongs to (with high probability) Huge Set [Millions of Entries] 1- Too Much Storage 2- Slow Lookup Bloom Filter Vector Bloom Filter Hash Table Set Summary Cuckoo Distributor Membership Library
8 Two Level Lookup for MFC Mask N 1xxx xxxx 0xxx xxxx Flow Mask Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Rules Match Packet Header 1st Level of Indirection Set Summary Provided by Membership Library Mask N 1xxx xxxx 0xxx xxxx Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Match Packet Header • Membership library used to create a 1st level set-summary indirection • Flow Keys are looked up in set- summaries: • Hits: directs to the correct sub-table for searching (correct 97%) • Misses: “New” flow default sequential search & upcall if needed
9 Dynamic Operation & Sub-Table Ranking Mask N 1xxx xxxx 0xxx xxxx Flow Mask Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Rules Match Packet Header 1st Level of Indirection Set Summary Provided by Membership Library Number of Sub-tables Traversed Mask N 1xxx xxxx 0xxx xxxx Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Match Packet Header 1 2 • Sub-table Ranking: • Based on number of hits per sub-table à optimize the order of sequential search. • First level is switched ON/OFF • If average number of sub-tables (without first level) traversed is small à turn off
10 Implementation Overview Rte_member_lookup Sequential search of tuples (upcall possible) Pkt miss emc hit miss Rte_member_add() Initilization: Rte_member_create() to create set-summary Emc lookup packets tuple lookup miss Hit Return rules New ML Code OvS Code Legend
11 Performance Gain 2X-3X Throughput Improvement for OvS using DPDK Membership Library 1.8 1.6 5 4.4 0 1 2 3 4 5 6 EMC OFF EMC ON MaxForwardingRate(MPPS) 20 Sub-Table - 10k flow – Uniform Traffic Orig OvS-DPDK OvS-DPDK + ML Library 2.7X 2.7X
12 Conclusion • MegaFlow Lookup has scalability bottleneck, especially with uniform distribution traffic patterns. • The membership structure optimizes flow lookup in OvS and avoids the sequential search of the sub-tables. • Using DPDK Membership Library, first level of indirection is created to direct flow to the correct sub-table. • Dynamic turning on/off to avoid overhead of first level when not needed. • DPDK V17.11 released with Membership Library … Patch to be submitted to the mailing list, please review and test in your workload.
Questions? sameh.gobriel@intel.com charlie.tai@intel.com

More Related Content

PDF
LF_OVS_17_IPSEC and OVS DPDK
LF_OpenvSwitch
 
PDF
LF_OVS_17_Riley: Pushing networking to the edge
LF_OpenvSwitch
 
PDF
6 profiling tools
videos
 
PDF
Introduction to nfv movilforum
videos
 
PDF
Intel NFVi Enabling Kit Demo/Lab
Michelle Holley
 
PDF
Making Networking Apps Scream on Windows with DPDK
Michelle Holley
 
PDF
Accelerating Virtual Machine Access with the Storage Performance Development ...
Michelle Holley
 
PDF
3 additional dpdk_theory(1)
videos
 
LF_OVS_17_IPSEC and OVS DPDK
LF_OpenvSwitch
 
LF_OVS_17_Riley: Pushing networking to the edge
LF_OpenvSwitch
 
6 profiling tools
videos
 
Introduction to nfv movilforum
videos
 
Intel NFVi Enabling Kit Demo/Lab
Michelle Holley
 
Making Networking Apps Scream on Windows with DPDK
Michelle Holley
 
Accelerating Virtual Machine Access with the Storage Performance Development ...
Michelle Holley
 
3 additional dpdk_theory(1)
videos
 

What's hot (20)

PPTX
Revisit DCA, PCIe TPH and DDIO
Hisaki Ohara
 
PDF
Intel dpdk Tutorial
Saifuddin Kaijar
 
PPTX
Performance out of the box developers
Michelle Holley
 
PDF
DPDK Architecture Musings - Andy Harvey
harryvanhaaren
 
PDF
Polyteda Power DRC/LVS July 2016
Oleksandra Nazola
 
PDF
Quieting noisy neighbor with Intel® Resource Director Technology
Michelle Holley
 
PDF
Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...
Haidee McMahon
 
PPT
CCNA Icnd110 s06l03
computerlenguyen
 
PDF
Exadata deployment life cycle
Umair Mansoob
 
PDF
Polyteda: Power DRC/LVS, October 2016
Oleksandra Nazola
 
PPTX
Device Programmability with Cisco Plug-n-Play Solution
Cisco DevNet
 
PPTX
Oracle Database Appliance RAC in a box Some Strings Attached
Fuad Arshad
 
PDF
Oracle11g Security
Inprise Group
 
PDF
Better Network Management Through Network Programmability
Cisco Canada
 
PDF
XPDDS18: Xen Testing at Intel - Xudong Hao, Intel
The Linux Foundation
 
PPT
POLYTEDA: Power DRC/LVS, June 2017
Oleksandra Nazola
 
PDF
Building, deploying and testing an industrial linux platform @ Open source su...
SZ Lin
 
PDF
82599 sriov vm configuration notes
Ryan Aydelott
 
PPTX
VMworld 2016: Troubleshooting 101 for Horizon
VMworld
 
PDF
AMD EPYC™ Microprocessor Architecture
AMD
 
Revisit DCA, PCIe TPH and DDIO
Hisaki Ohara
 
Intel dpdk Tutorial
Saifuddin Kaijar
 
Performance out of the box developers
Michelle Holley
 
DPDK Architecture Musings - Andy Harvey
harryvanhaaren
 
Polyteda Power DRC/LVS July 2016
Oleksandra Nazola
 
Quieting noisy neighbor with Intel® Resource Director Technology
Michelle Holley
 
Ligato - A platform for development of Cloud-Native VNF's - SDN/NFV London me...
Haidee McMahon
 
CCNA Icnd110 s06l03
computerlenguyen
 
Exadata deployment life cycle
Umair Mansoob
 
Polyteda: Power DRC/LVS, October 2016
Oleksandra Nazola
 
Device Programmability with Cisco Plug-n-Play Solution
Cisco DevNet
 
Oracle Database Appliance RAC in a box Some Strings Attached
Fuad Arshad
 
Oracle11g Security
Inprise Group
 
Better Network Management Through Network Programmability
Cisco Canada
 
XPDDS18: Xen Testing at Intel - Xudong Hao, Intel
The Linux Foundation
 
POLYTEDA: Power DRC/LVS, June 2017
Oleksandra Nazola
 
Building, deploying and testing an industrial linux platform @ Open source su...
SZ Lin
 
82599 sriov vm configuration notes
Ryan Aydelott
 
VMworld 2016: Troubleshooting 101 for Horizon
VMworld
 
AMD EPYC™ Microprocessor Architecture
AMD
 
Ad

Viewers also liked (15)

PDF
LF_OVS_17_Ingress Scheduling
LF_OpenvSwitch
 
PDF
LF_OVS_17_Day 1 Opening Remarks
LF_OpenvSwitch
 
PDF
LF_OVS_17_Conntrack + OvS
LF_OpenvSwitch
 
PDF
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OpenvSwitch
 
PDF
LF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OpenvSwitch
 
PDF
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OpenvSwitch
 
PDF
LF_OVS_17_OVN at Nutanix
LF_OpenvSwitch
 
PDF
LF_OVS_17_OVN and Containers - An update.
LF_OpenvSwitch
 
PDF
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OpenvSwitch
 
PDF
LF_OVS_17_State of the OVN
LF_OpenvSwitch
 
PDF
LF_OVS_17_OVS-DPDK for NFV: go live feedback!
LF_OpenvSwitch
 
PDF
LF_OVS_17_Day 2 Opening Remarks
LF_OpenvSwitch
 
PDF
LF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrack
LF_OpenvSwitch
 
PDF
LF_OVS_17_CORD: An open source platform to reinvent the network edge
LF_OpenvSwitch
 
PDF
LF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...software
LF_OpenvSwitch
 
LF_OVS_17_Ingress Scheduling
LF_OpenvSwitch
 
LF_OVS_17_Day 1 Opening Remarks
LF_OpenvSwitch
 
LF_OVS_17_Conntrack + OvS
LF_OpenvSwitch
 
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OpenvSwitch
 
LF_OVS_17_OVS-DPDK Installation and Gotchas
LF_OpenvSwitch
 
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OpenvSwitch
 
LF_OVS_17_OVN at Nutanix
LF_OpenvSwitch
 
LF_OVS_17_OVN and Containers - An update.
LF_OpenvSwitch
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OpenvSwitch
 
LF_OVS_17_State of the OVN
LF_OpenvSwitch
 
LF_OVS_17_OVS-DPDK for NFV: go live feedback!
LF_OpenvSwitch
 
LF_OVS_17_Day 2 Opening Remarks
LF_OpenvSwitch
 
LF_OVS_17_DigitalOcean Cloud Firewalls: powered by OvS and conntrack
LF_OpenvSwitch
 
LF_OVS_17_CORD: An open source platform to reinvent the network edge
LF_OpenvSwitch
 
LF_OVS_17_The birth of SmartNICs -- offloading dataplane traffic to...software
LF_OpenvSwitch
 
Ad

Similar to LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membership Library (15)

PDF
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
harryvanhaaren
 
PDF
LF_DPDK17_DPDK Membership Library
LF_DPDK
 
PDF
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
LF_OpenvSwitch
 
PDF
Accelerate Service Function Chaining Vertical Solution with DPDK
OPNFV
 
PPTX
DPDK layer for porting IPS-IDS
Vipin Varghese
 
PDF
LF_DPDK17_Integrating and using DPDK with Open vSwitch
LF_DPDK
 
PDF
What are latest new features that DPDK brings into 2018?
Michelle Holley
 
PDF
Platform Observability and Infrastructure Closed Loops
Open Source Technology Center MeetUps
 
PDF
[Thomas chamberlain] learning_om_ne_t++(z-lib.org)
wissem hammouda
 
PDF
Dev Conf 2017 - Meeting nfv networking requirements
Flavio Leitner
 
PDF
DPDK: Multi Architecture High Performance Packet Processing
Michelle Holley
 
PDF
P4/FPGA, Packet Acceleration
Liz Warner
 
PPTX
Closed Loop Platform Automation - Tong Zhong & Emma Collins
Liz Warner
 
PPTX
Closed-Loop Platform Automation by Tong Zhong and Emma Collins
Liz Warner
 
PPTX
OVS v OVS-DPDK
Md Safiyat Reza
 
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
harryvanhaaren
 
LF_DPDK17_DPDK Membership Library
LF_DPDK
 
LF_OVS_17_Enabling hardware acceleration in OVS-DPDK using DPDK Framework.
LF_OpenvSwitch
 
Accelerate Service Function Chaining Vertical Solution with DPDK
OPNFV
 
DPDK layer for porting IPS-IDS
Vipin Varghese
 
LF_DPDK17_Integrating and using DPDK with Open vSwitch
LF_DPDK
 
What are latest new features that DPDK brings into 2018?
Michelle Holley
 
Platform Observability and Infrastructure Closed Loops
Open Source Technology Center MeetUps
 
[Thomas chamberlain] learning_om_ne_t++(z-lib.org)
wissem hammouda
 
Dev Conf 2017 - Meeting nfv networking requirements
Flavio Leitner
 
DPDK: Multi Architecture High Performance Packet Processing
Michelle Holley
 
P4/FPGA, Packet Acceleration
Liz Warner
 
Closed Loop Platform Automation - Tong Zhong & Emma Collins
Liz Warner
 
Closed-Loop Platform Automation by Tong Zhong and Emma Collins
Liz Warner
 
OVS v OVS-DPDK
Md Safiyat Reza
 

More from LF_OpenvSwitch (8)

PDF
LF_OVS_17_Day 2 Closing Remarks
LF_OpenvSwitch
 
PDF
LF_OVS_17_OVN and Kelda
LF_OpenvSwitch
 
PDF
LF_OVS_17_OvS manipulation with Go at DigitalOcean
LF_OpenvSwitch
 
PDF
LF_OVS_17_OvS Hardware Offload with TC Flower
LF_OpenvSwitch
 
PDF
LF_OVS_17_Red Hat's perspective on OVS HW Offload Status
LF_OpenvSwitch
 
PDF
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OpenvSwitch
 
PDF
LF_OVS_17_Enabling Hardware Offload of OVS Control & Data plane using LiquidIO
LF_OpenvSwitch
 
PDF
LF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OpenvSwitch
 
LF_OVS_17_Day 2 Closing Remarks
LF_OpenvSwitch
 
LF_OVS_17_OVN and Kelda
LF_OpenvSwitch
 
LF_OVS_17_OvS manipulation with Go at DigitalOcean
LF_OpenvSwitch
 
LF_OVS_17_OvS Hardware Offload with TC Flower
LF_OpenvSwitch
 
LF_OVS_17_Red Hat's perspective on OVS HW Offload Status
LF_OpenvSwitch
 
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OpenvSwitch
 
LF_OVS_17_Enabling Hardware Offload of OVS Control & Data plane using LiquidIO
LF_OpenvSwitch
 
LF_OVS_17_LXC Linux Containers over Open vSwitch
LF_OpenvSwitch
 

Recently uploaded (20)

PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
A Presentation on Artificial Intelligence
memembruh336
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Cloud computing and distributed systems.
kkkkkhan
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Teaching material agriculture food technology
LiaRayya
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 

LF_OVS_17_OvS-CD: Optimizing Flow Classification for OvS using the DPDK Membership Library

  • 1. Optimizing OvS using DPDK Membership Library Intel Labs Yipeng Wang & Sameh Gobriel
  • 2. 2 Legal Disclaimers No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest forecast, schedule, specifications and roadmaps. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com. © 2017 Intel Corporation. Intel, the Intel logo, Intel. Experience What’s Inside, and the Intel. Experience What’s Inside logo are trademarks of Intel. Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others.
  • 3. Contributors Charlie Tai Charlie.tai@intel.com Ren Wang ren.wang@intel.com Antonio Fischetti antonio.fischetti@intel.com
  • 4. OvS De Facto Virtual Switch for NFV Environments 4 Memory C $ LLC $ Lx C $ Lx Memory C $ LLC $ Lx C $ Lx NIC NIC • General purpose processors withCache/memoryhierarchycan support muchlargerflowtables. • Multicores architectureprovide a scalablecompetitiveflow classificationperformance. TEM/OEM Proprietary OS ASIC, DSP, FPGA, ASSP • Network appliances use purpose-built H/W& ASICs (e.g., TCAM) forflowclassification • Cost & power consumption are limiting factors to support large number offlows Monolithic Purpose-built Boxes NFV Hypervisor (e.g. ESXi, KVM,.. etc.) O Open vSwitch Networking VMs on Standard Servers
  • 5. 5 Open vSwitch Flow Lookup Mask N 1xxx xxxx 0xxx xxxx Flow Mask Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Rules Match Packet Header 1. Set of disjoint sub-table withnopriority 2. Rule is only insertedintoone sub-table (lookupterminates after first match) 3. Lookup is donebysequentially searcheach sub-table untila matchis found Fig. Vtunes OVS flow lookup process (bypass EMC). Test case: 20 sub-tables, each has 100 rules. OvS Flow Classification is a bottleneck
  • 6. 6 Membership Test Usage (example) Blacklisted Flow 1 Blacklisted Flow 2 Blacklisted Flow 3 Blacklisted Flow N Clients Incoming Flows Legitimate Flows are Forwarded to Backend Server Build Set {..} Set of Blacklisted Flows to be Dropped Membership Test ? Check if Flow Belongs to Blacklisted Set SN S2 S1 Set Summary A Summary Instead Of Storing Original ListMembership Library is a DPDK Library to Provide Users the Functionality to Create Different Types of Set-Summaries
  • 7. 7 Overview of DPDK Membership Library in V17.11 Set Summary Is X in set? No Is X in set? Very probable yes Get X Summary of items in Probabilistic data structure • Handle membership test questions • Much smaller storage • Much faster than huge set lookup • [Multi-Set]: Returns X is not found or which set it belongs to (with high probability) Huge Set [Millions of Entries] 1- Too Much Storage 2- Slow Lookup Bloom Filter Vector Bloom Filter Hash Table Set Summary Cuckoo Distributor Membership Library
  • 8. 8 Two Level Lookup for MFC Mask N 1xxx xxxx 0xxx xxxx Flow Mask Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Rules Match Packet Header 1st Level of Indirection Set Summary Provided by Membership Library Mask N 1xxx xxxx 0xxx xxxx Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Match Packet Header • Membership library used to create a 1st level set-summary indirection • Flow Keys are looked up in set- summaries: • Hits: directs to the correct sub-table for searching (correct 97%) • Misses: “New” flow default sequential search & upcall if needed
  • 9. 9 Dynamic Operation & Sub-Table Ranking Mask N 1xxx xxxx 0xxx xxxx Flow Mask Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Rules Match Packet Header 1st Level of Indirection Set Summary Provided by Membership Library Number of Sub-tables Traversed Mask N 1xxx xxxx 0xxx xxxx Mask L 01xx xxxx 10xx xxxx 1110 0000 110x xxxx 101x xxxx 111x xxxx 011x xxxx 1111 0000 1010 xxxx 0011 xxxx 1011 xxxx Match Packet Header 1 2 • Sub-table Ranking: • Based on number of hits per sub-table à optimize the order of sequential search. • First level is switched ON/OFF • If average number of sub-tables (without first level) traversed is small à turn off
  • 11. 11 Performance Gain 2X-3X Throughput Improvement for OvS using DPDK Membership Library 1.8 1.6 5 4.4 0 1 2 3 4 5 6 EMC OFF EMC ON MaxForwardingRate(MPPS) 20 Sub-Table - 10k flow – Uniform Traffic Orig OvS-DPDK OvS-DPDK + ML Library 2.7X 2.7X
  • 12. 12 Conclusion • MegaFlow Lookup has scalability bottleneck, especially with uniform distribution traffic patterns. • The membership structure optimizes flow lookup in OvS and avoids the sequential search of the sub-tables. • Using DPDK Membership Library, first level of indirection is created to direct flow to the correct sub-table. • Dynamic turning on/off to avoid overhead of first level when not needed. • DPDK V17.11 released with Membership Library … Patch to be submitted to the mailing list, please review and test in your workload.