an an an anal alysi ysis s of of con ontain tainer er
play

An An An Anal alysi ysis s of of Con ontain tainer er-based - PowerPoint PPT Presentation

An An An Anal alysi ysis s of of Con ontain tainer er-based based Pl Plat atforms forms for or NFV FV Sriram Natarajan, Deutsche Telekom Inc. Ramki Krishnan, Dell Inc. Anoop Ghanwani, Dell Inc. Dilip Krishnaswamy, IBM Research


  1. An An An Anal alysi ysis s of of Con ontain tainer er-based based Pl Plat atforms forms for or NFV FV Sriram Natarajan, Deutsche Telekom Inc. Ramki Krishnan, Dell Inc. Anoop Ghanwani, Dell Inc. Dilip Krishnaswamy, IBM Research Peter Willis, BT Plc Ashay Chaudhary, Verizon 1

  2. Virtual Machine vs. Container Stack Container-stack KVM VNF Libraries VNF Guest-OS Libraries Hypervisor Container Engine Host-OS Host-OS • Lightw htweight ght footp tprin rint: Very small • Deployment time : images with API-based control to Rapidly deploy Pod automate the management of services applications with minimal Container B (container Container A run-time requirements (Application group) A (Application • Reso sour urce ce Ove verhe rhead: Lower use of + (Application + system resources (CPU, memory, etc.) Libraries) + Libraries) • Updates : Depending on Libraries) by eliminating hypervisor & guest OS requirements, updates, overhead failures or scaling apps Container Engine can be achieved by scaling containers Kernel Functions and Modules: up/down Namespaces, cgroups, capabilities, chroot, SELinux Host-OS 2

  3. VM based Network Functions Key Challenges 3

  4. Service Agility/Performance • Provisioning time: VNF VNF VNF – Hypervisor configuration Libraries Libraries Libraries – Spin-up guest OS Guest-OS Guest-OS Guest-OS – Align dependencies between Guest-OS & VNFs Hypervisor Host-OS • Runtime performance overhead: – Performance proportional to resource allocated to individual VMs (throughput, line rate, concurrent sessions, etc.) – Overhead stems from components other than VNF process (e.g. guest OS) – Need for inter-VM networking solution – Meeting SLAs requires dynamic fine tuning or instantiation of additive features, which is complex in a VM environment 4

  5. Portability/ Elasticity/Scalability • Porting VNFs require: – Identifying suitable nodes for new VNF instances (or re-locating existing VNF VNF instances). For example, resource types, available capacity, guest OS images, Libraries Libraries hypervisor configs, HW/SW accelerators, etc.) Same Guest-OS Guest-OS – Allocating required resources for new Hypervisor instances Hypervisor Re-config – Provisioning configs to components in the Host-OS (vCPU, RAM, Host-OS guest OS, libraries and VNF SSL accelerator) • Elastic scalability needs are driven by workloads on the VNF instances, and stateful VNFs increase the latency to spin up new instances to fully working state. 5

  6. Security/Isolation ✗ If VNF is compromised VNF VNF VNF VNF Securely recover (misconfiguration, Libraries Libraries Libraries with minimal or no etc.), how to securely downtime Guest-OS Guest-OS Guest-OS quarantine the VNF, (reschedule VNF) but ensure continuity Hypervisor of other VNFs? Host-OS Guarantee complete isolation across Resource hungry VNF can starve the resource entities (hardware units, shared resources (noisy neighbor hypervisor, protection of shared effect) that are allocated to other VNFs; resource, isolation of virtual networks, Need to monitor and cut-off hungry L3 cache, QPI, etc.) VNF usage 6

  7. Containerized Network Functions Key Benefits, Challenges and Potential Solutions 7

  8. Service Agility/Performance/Isolation (1) Key Benefits: VNF VNF VNF - Containers can provide better B A C service agility (e.g. dynamically provision VNFs for offering on- Container Engine demand services), and performance Host-OS as it allows us to run the VNF process directly in the host environment Cluster - Inter-VNF communication latency Management VNF VNF depends on inter-process E Tool D communication option (when hosted in the same host) Container Engine Scheduler Host-OS 8

  9. Service Agility/Performance/Isolation (2) Key Challenges: - Isolation: Containers create a slice of the underlying host using techniques VNF VNF VNF B A like namespaces, cgroups, chroot etc.; C several other kernel features that are Container Engine not completely isolated. - Resource Mgmt: Containers do not Host-OS provide a mechanism to quota manage the resources and hence susceptible to Cluster the “noisy neighbor” challenge. Management VNF VNF Potential Solutions: E Tool D - Kernel Security Modules: SElinux, Container Engine Scheduler AppArmor - Resource Mgmt: Kubernetes Host-OS - Platform Awareness: ClearLinux 9

  10. Elasticity & Resilience Key Benefits: VNF VNF VNF Pod Pod Pod - Auto-scaling VNFs or achieving Container Engine service elasticity in runtime can be simplified by the use of container Host-OS Replication based VNFs due to the lightweight Controller resource usage of containers (e.g. Mesosphere/Kubernetes) Cluster Management - Container management solutions VNF VNF VNF Tool Pod Pod Pod (e.g. Kubernetes) provide self-healing features such as auto-placement, Container Engine Scheduler restart, and replacement by using Host-OS service discovery and continuous monitoring 10

  11. Operations & Management VNF VNF VNF Key Challenges: Pod Pod Pod Service - Containers are supported in Discovery Container Engine selective operating systems such as Linux, Windows and Solaris Replication Host-OS - In the current range of VNFs, many Controller don’t support Linux OS or other OSes Cluster such as Windows and Solaris Management Tool VNF VNF VNF Potential Solutions: Pod Pod Pod - Hybrid deployment with VMs and Container Engine Scheduler containers can be envisioned, e.g. leverage ideas from Aptible Host-OS technology currently used for Security applications 11

  12. Conclusion and Future Work 12

  13. Conclusion and Future Work • Use of containers for VNFs appears to have significant advantages compared to using VMs and hypervisors, especially for efficiency and performance – “Virtual Customer CPE Container Performance White Paper,” http://info.ixiacom.com/rs/098-FRB-840/images/Calsoft-Labs-CaseStudy2015.pdf • Test Setup: – COTS server with Intel Xeon E5-2680 v2 processor – Virtual CPE VNFs (Firewall etc.) fast path optimized using Intel DPDK – Measured L2-L3 TCP traffic throughput per core • VM (KVM) environment with SRIOV -- 5.8Gbps • Containers (LXC) environment -- 7.2Gbps – ~25% PERFROMANCE IMPROVEMENT OVER VMs • Opportunistic areas for future work – Distributed micro-service network functions – VNF Controller discovery/management/etc. standardization – etc. 13

  14. Call for Action • Address aforementioned challenges • Further research to identify currently unknown challenges • Vendors to consider developing container based solutions – especially to support proof of concepts and field trials • Reach consensus on a common framework for use of containers for NFV • Field trial container-based VNFs 14

Recommend


More recommend