SDN Transforms The Business Model for Networking
From the perspective of the network operator or service provider, SDN promises significant improvements in CAPEX, in OPEX, in network manageability and in the time required to deploy new network-oriented applications.
Based on transitions from hardware-centric to software-centric architectures, SDN transforms the business model for networking.
The traditional, vertically-integrated model characterized by proprietary software running on proprietary hardware is replaced by a horizontally-disaggregated model comprising generic hardware platforms based on general purpose processors, as well as an OS or hypervisor to deploy applications. This basically applies the standard computing model to networking.
To be cost-effective, however, this concept requires high-performance networking software running on industry-standard software platforms. Specifically, data plane performance must be maximized because that determines the overall networking throughput of the system. As discussed below, standard Operating Systems and hypervisors present performance limitations that must be addressed in order for them to be viable in mainstream SDN applications.
Standard Operating Systems and hypervisors present performance challenges for networking
In an OS such as Linux, widely deployed in physical network appliances, the standard networking stack uses services provided by the kernel and is subject to significant overheads associated with functions such as preemptions, threads, timers and locking. These processing overheads are imposed on each packet passing through the system, resulting in a major performance penalty for overall throughput. Furthermore, although some improvements can be made to an OS stack to support multicore architectures, performance fails to scale linearly over multiple cores and a processor with, for example, eight cores may not process packets significantly faster than one with two cores. All in all, a standard OS stack does a poor job of exploiting the potential data plane performance of a multicore platform and fails to deliver the networking performance required for cost-effective SDN architectures.
Similar performance limitations apply to the standard hypervisors required for virtual network appliances. To ensure reasonable ROI at the system level, virtual appliances should deliver performance comparable to that of physical appliances, but standard hypervisors present significant bottlenecks.
With reference to the following diagram there are three significant challenges:
First, the overall throughput between the physical NIC and the (guest) virtual appliance is constrained by performance limitations within the host and guest networking stacks as well as in the virtual switch. The problem is amplified when un-optimized NIC drivers are used.
Second, VM-to-VM bandwidth and scalability is impacted by bottlenecks in the virtual switch. This problem is especially important for data center applications with high “East-West” (VM-to-VM) traffic as a result of VM sprawl and multi-tenant environments.
Third, when running in a VM just as in a physical appliance, a standard OS stack does a poor job of exploiting the potential packet processing performance of a multicore processor and fails to deliver the networking performance required for cost-effective SDN architectures.
Addressing these challenges with 6WINDGate networking software
6WIND is the only commercial software company providing software that solves these networking performance challenges, with a proven history of successful deployments in service provider networks worldwide. 6WIND has invested over a hundred man-years of engineering effort into developing the 6WINDGate™ software which is completely based on SDN concepts, continuing to evolve it in order to proactively address new applications (such as data center networking) and deliver additional features.
The architecture of 6WINDGate is based on SDN principles, in that the control plane and data plane run on different sets of processor cores. Within the 6WINDGate data plane running in Linux userspace, fast path protocols process the majority of network packets, without incurring any of the Linux overheads that degrade overall performance.
The 6WINDGate fast path implements a run-to-completion model, whereby all cores run the same software and can be allocated as required, according to the necessary level of networking performance.
Thanks to this architecture, 6WINDGate delivers 10x the networking performance of a standard Linux stack. At the same time, it provides linear performance scalability across blades and racks (including across equipment that is in different physical locations).
For virtual networking equipment, 6WINDGate solves the performance problems discussed above by running the 6WINDGate fast path within the virtual network appliances, with full support for industry-standard hypervisors such as ESX, KVM and XEN.
To accomplish this, 6WIND has implemented several innovative enhancements to the Intel® Data Plane Development Kit (Intel® DPDK) software library which is integrated within 6WINDGate itself, on top of which the fast path runs.
IOMMU and SR-IOV are supported in order to bypass the hypervisor virtual switch and to achieve the best possible packet processing performance using the DPDK poll-mode drivers for the physical NICs.
Poll-mode drivers are also included for virtual NICs (both emulated and para-virtualized) to improve VM-to-VM communication through the hypervisor virtual switch. And for ultimate performance, direct VM-to-VM communication could be supported through a VM2VM poll-mode driver, completely bypassing the hypervisor virtual-switch.
These enhancements represent the foundation that enables the 6WINDGate fast path to run at full speed in VMs and to offload packet processing from the networking stack of the VM’s operating system. This enables virtual network appliances to deliver the level of performance that is required for cost-effective implementations of SDN-based equipment.
Network appliance example
A common application for 6WINDGate within an SDN ecosystem is in network equipment (gateways, firewalls, routers etc), whether located in mobile infrastructure, in enterprise IT environments or in data centers.
The diagram illustrates the use of 6WINDGate in a virtual firewall or IPS. A comprehensive set of networking protocols, implemented within the 6WINDGate fast path, delivers approximately 15Mpps per core of IP forwarding performance on a dual Intel Xeon E5-2600 Series platform running at 2.7GHz. As mentioned above, full support is provided for industry-standard hypervisors and the architecture is fully scalable across processors, boards and racks.
Studies show that 6WINDGate reduces CAPEX by 80% compared to traditional physical network appliances (using proprietary ASICs or network processors). At the same time, it reduces OPEX by 80% compared to software-based appliances (implemented with a standard OS networking stack running on a multicore processor).
Data center example
A second SDN-oriented application for 6WINDGate is in data center networking. 6WINDGate solves network performance problems on the application server blades.
East-West traffic requires VM-to-VM communication at a level of performance beyond the capabilities of existing protocols.
At the same time, as processor performance increases so does the number of VM instantiated on each server blade. For multi-tenant environments, this drives a need for an accelerated virtual switch that also provides high-performance tunneling protocols for VM-to-VM communication.
While retaining full compatibility with the standard virtual switch, 6WINDGate provides a data plane solution that delivers 5x – 10x acceleration for the baseline Layer 2 switching function. At the same time, it delivers high performance on the necessary secure tunneling protocols such as IPsec, GRE, NVGRE, VLAN and VxLAN.
While providing this high-performance switching, tunneling and security, the virtual switch accelerated by 6WINDGate remains fully-compatible with OpenFlow and completely transparent to the applications running on the platform, which do not need to be recompiled or re-verified in order to work with this high-performance solution.
SDN has the potential to solve significant problems for enterprises and service providers, including (1) the need for improved CAPEX and OPEX, achieved through the better utilization of their networking equipment, (2) the need for rapid deployment of new features and services, which requires flexible, centrally-managed networks and (3) the trend towards network virtualization as mobile infrastructure moves to a cloud-based model, in order to maximize network scalability and flexibility.
In order for this potential to be realized within equipment that is cost-effective, high-performance networking software is essential. Uniquely, 6WIND has been delivering such software for several years and has a proven track record of solving the above problems, with deployments in service provider networks worldwide.