Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Analysis of Tungsten Fabric Architecture: deployment of vRouter

2025-04-03 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Hi! This is the fifth installment of Tungsten Fabric Architecture Parsing, describing vRouter deployment options.

Tungsten Fabric architecture analysis series of articles, presented by TF Chinese community for you, aims to help new TF community friends answer questions. We will systematically introduce TF features, how it works, how it is collected/analyzed/deployed, how it is orchestrated, how it connects to physical networks, etc.

vRouter has a variety of deployment options that offer different benefits and ease of use:

Kernel Module--Default Deployment Mode DPDK--Provides forwarding acceleration using Intel libraries SR-IOV--Provides direct access to NIC Smart NIC from VM-- vRouter Repeater implemented in programmable NIC

These options are as follows:

The features and benefits of each option are described below:

kernel module vRouter

The way the vRouter forwarder runs as a module in the Linux kernel is currently the default deployment option. vRouter implements networking functionality that would otherwise be performed using iptables or Open vSwitch. Running in the kernel gives the forwarder direct access to network traffic as it traverses KVM's network stack and can achieve significant performance gains compared to running the forwarder as a process in user space. Implemented optimizations include:

TCP fragmentation offload bulk receive offload using multi-queue virtio packet processing

The kernel module approach allows users to virtualize networks using Tungsten Fabric with minimal dependencies on the underlying server and NIC hardware. However, this approach only supports certain Linux kernel versions.

DPDK vRouter

Intel's Data Plane Development Kit (DPDK) is a set of libraries and drivers that allow applications running in user space to access the NIC directly without going through the KVM network stack. Version of vRouter repeater that can run in user space and support DPDK.

Compared to kernel modules with unmodified VMs, DPDK vRouter provides accelerated packet throughput and better performance if guest VMs are also DPDK-enabled.

The DPDK vRouter works by dedicating the CPU kernel to packet forwarding, which keeps forwarding packets waiting in a loop. These kernels cannot be used to run guest VMs because they run 100% continuously, which can be a problem in some environments.

SR-IOV (Single Root -Input/Output Virtualization)

SR-IOV is not a strict deployment option for vRouter itself, but can be used with vRouter in some applications.

SR-IOV allows the hardware resources of a NIC to be shared among multiple clients as if each client had unique access rights, just as a hypervisor does to a CPU. It enables VM interfaces to access the NIC directly, so the data path bypasses the hypervisor networking stack, improving performance. SR-IOV is useful when VMs perform gateway functions between physical and virtual networks, but because SR-IOV involves bypassing vRouters, interfaces do not participate in Tungsten Fabric virtual networks, nor do they participate in network policies and network services.

Smart NIC vRouter

Some new programmable NIC's are becoming available. Tungsten Fabric vRouter repeater functionality can be implemented on these new NICs, which provides substantial performance gains, especially for small byte packets that dominate certain environments.

In addition, forwarding is almost completely offloaded from the server's x86 CPU, thus freeing up CPU kernels for more VMs.

Smart NICs look very promising, but clearly require that they be available in production environments and that they take time to gain widespread adoption.

MORE

More Tungsten Fabric Analysis Articles

Part 1: TF Main Features and Use Cases

Part 2: How TF Works

Part 3: Detailed explanation of vRouter architecture

Part 4: TF's Service Chain

Follow WeChat: TF Chinese Community

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report