 Okay, so I'm going to introduce Ulle, who's going to be talking about building high-performance network functions in VPP Okay, hello, my name is Ulle Trun. I'm an alcoholic. Oh, sorry. I was wrong meeting. I'm a coder. I want to be a coder I guess I'm a shit coder and a network engineer So my I got so inspired by the keynote this morning with you know all the low and the empathy My wife has just been to this presentation course and she told me that I had 30 seconds to grasp the attention of the audience and It really didn't matter what you said after that, but if you didn't you know you missed the first 30 seconds You could might as well just leave the stage And you had to start with a story So my story is that I come from proprietary software in Cisco been there for 20 years At least 15 of those working on proprietary software made me bitter and cynical and Despondent I guess Because life there was working on you know with clear case as your favorite source code management system You know the the development environment in itself was was good You know you go packets everything was you know run to completion in with pointers everywhere And you had full access to the packet you could do whatever you you wanted to do with the packets your date Nice data structure structures and stuff But then you have to deal with all these platforms Which was one thing and interfaces into platforms and you talk about pain with Nick drivers You know we could always you know walk over to the guy who wrote the hardware But or design it, but I didn't really make life much very much easier And then you had the other case of you know We had a double commit all your code fixes to 150 different branches and yet to run lots of you know Sancti checking on each of those that I would take you you know a month of Of Pleasurable work day But then I started working on VPP so VPP is is open source something come out of Cisco But lots of contributors now It's on GitHub use githas as the SCM use modern tools modern way of doing development Don't have to talk to any product managers Work, you know in my previous despondent life. You would spend you know seven days arguing with someone if you should write code and now you can spend you know seven days writing code and very little arguments, so that's I'm very much in love with open source. I'm in love with VPP, but I think this way of working is Incredibly much more efficient and much more fun, and if things aren't fun At least I'm built that way that then I just shy away from it Whatever much you paid might be a first world problem, but you get very Reluctant to you know fix bugs if it takes you, you know two years from your own decode until it reaches the customer Here you can fix the bug push the button Runs through you know all the CI stuff in in Jenkins and Garrett and and the code is there and available for everyone to use So that is a lot more fun. I mean does anyone in the room disagree with me on that No, anyone want to go back to the old world. I mean we have lots of jobs there, so you know So Purpose of this talk is to make you all into VPP developers at least think about becoming contributors to VPP or You know if you want to do anything with packets and of course you can do it on snap as well I mean Snap and and VPP are are you know quite similar in their approach to life So going a little bit more detail on on the VPP architecture and Talk a little bit about a V and F written in in VPP So, you know, let me just diverse a little bit with I Don't you know, I might Talk someone here now, but you know this NFV thing It's clearly designed by by someone on you know having retirement homes in in south of France, which is where these guys are based It seems insanely complicated. I mean what are they trying to achieve? so I'm what I'm working on is somewhere sort of down here somewhere and I'm sure there's some justification for this possibly But Yeah, I I've never figured it out. I might be you know, I might If someone buys me lots of beer this evening and and you know try to inject Some clue into me why why this is is really really necessary Especially when we're talking about this decomposed network where you you make these network functions into small small services I mean it is all in a data center. There's all you know your Apache web service have Doing a few sort of rest calls. Do they have all this malarkey around them? I Hope not Although, you know, I can see Charles who really wants, you know, net confining in models Everything has to be modeling, you know tools tools upon tools upon tool So there are regional approach for the for for you know building network function wasn't really that it was just take Take whatever hardware appliance you have ported to an x86 platform stuff it into a VM and and you're done And you can sort of do the same thing and oh with you know decomposition that you take Take off all the features and put those in separate VMs and and declare victory but What I'm trying to look at here is really just take That micro service that micro function just a few sort of Bits of packet mangling and move that On its own so that's kind of this idea of decomposition and disaggregation and you can do that with BPP you could put it on bare metal or in VM or in containers or in unicorns if you like Sort of the use cases. I'm largely looking at is with service providers who need To ship quite a lot of traffic So, you know last case I'm working on now is sort of building a six terabit CGN like large-scale nap So it doesn't really make so much sense to take that VM tax or you know Have a virtual switch that then is going to route packets to the VM because you just burn cores and not providing value so Some of the models were you know looking at would Typically be you know, you could just run it on a bare metal server Then it looks exactly like all the other products. This is going to make right more or less But there are some great benefits in in In sort of the deployment model of containers and you can just re-spin a container with a new version and have tools to Orchestrate that and deploy it. So so perhaps this person for that particular use case makes most sense where we have a container bound directly to physical physical interfaces And we currently about with VPP we currently have we can build I guess a four For you server doing what about the terabit a little bit less than a terabit per second And that's not Fantastic, right? We're about a decade after hardware. So you can buy now a you know one RU server with 64 100 gig ports right 6.4 terabit per second You know white box programmable with P4 so you know where where this is going, you know, do you want to do everything on on General purpose CPUs or not. I don't know. I mean One benefit of competing with this is that we we make the hardware guys make their hardware a lot more programmable as well, which is cool So it's VPP as Said in a few earlier presentations as well. It's it's largely a framework for building forwarding functions It can be a router if you wanted to be a router It can be a switch if you wanted to be a switch or it can be anything in between Written fully in C I think Andrew Yoschenko did a a plug-in in Lua, you know, taking some ideas from the Lua guys In Lua Jet, so you could look at alternatives It's scathed linearly with numbers core number cores you put on it runs on arm x86 It's pure data plane So someone else should put the head on it Although you know that boundaries a little bit hard to To distinguish at at some points, you know, do you put our inside or outside you put maybe discovery inside or outside Where do you put your routing protocols? So you can certainly run, you know at home. I run VPP on its own Without the control plane just a CLI in configuration. That's my CP. That was fine Very integration with the Linux kernel so you can pump packets to the Linux kernel to run your routing protocols, for example We can pump over tap interfaces safe Sockets we have our own shared memory interfaces You can use if you need high performance or we can just send your packets over unix domain socket as well Lots of tracing logging encounters. So it makes it quite easy to After the fact see what happened We have full tracing of all the you know control plane to data plane API as well So you can replay all the commands that the Some controller gave you so you can easy to debug You know, so VPP in a sense is an OS just without the bootloader And I had unicorns in parenthesis there I really would like to put it on a unicorn and I had that bootloader and that that would make it its own OS, but it has a scheduler. It has lightweight processes It is a fairly self-contained user LAN application We also have a host stack with our own TCP implementation. SCTP is also also coming And the main drivers, you know for physical hardware, they come from DPDK We also have you know af packet tap memif and I think you know It would make sense to put VPP on top of you know af XDP as well That would be that would be a cool thing to have I think Because then you could You know, you could split off control plane traffic before it hit VPP for example So you just left VPP with doing the data plane and then you could you know split it split TCP port Once I've denied for BGP for example off In a XDP and send out directly to the Linux go So all that you know the highlights this was more for the people downloading the slide afterwards So some of the main differences in in VPP versus Cisco iOS Which I used to work on was in iOS we did scalar packet processing Which I think is what the Linux kernel does as well, which is take a single packet and run it through Every feature you could imagine, you know from our X to TX and you would Have lots of you know instruction cache would We'd get lots of mesoster you'd overflow that because the number of instructions you passed on a packet would be very high So the difference here is that you take a fairly limited Set of instructions run those on on up to 256 packets And so the first packet heats up the cache and then you run the rest more or less for free And that also has benefits for the for the data cache because the tables you look up You know you look at once particularly type of table for that graph node We have lots of data structures that are Designed and optimized for packet forwarding We don't use pointers. We use indexes of the dynamic arrays. They're very nice to program against Each of these graph nodes are Relatively independent and you could sort of assemble the graph any which way you like to achieve whatever forwarding function you want Of course, they are you know you can't combine You know random graph functions because I wouldn't necessarily make sense, but you can You can add on graphs as you know as plugins and you can inject or program the graph In in quite a few places to you know to add new functions That's not me I think We have you know pretty much all the features you'd expect from a From sort of a Framework we have all the tunneling mechanisms. We have the 4v6 MPLS bridging Sweat segment routing we have in-band OAM IPsec VPN Lisp support Lots of monitoring stuff are very easy and quick to write new functions for for these are all written from scratch I mean earlier today. We had some argument about You know do how much do you want to care about your legacy? Legacy code and in some cases it is nice to just write things again from scratch because you tend to become Better, you know you rarely get things right for the first time implement something and you know perhaps on the fourth time You implement art you got it reasonably right So I at least I'm not too worried about You know you provide a nice new and different and better Programming environment and then implement things from scratch, you know carrying things With you legacy things with you aren't necessarily a great thing So I think you had some of this with with Jerome, which is I hate people doing. Oh my god A few people who do these things with slides should have it, you know, they could be in the sort of Entertainment industry or something I have to be an engineering, but he's kind of says it all I mean we We have an RX point here You could again put for example spins round poles gets 256 packets in the frame sends that to to Depending, you know if it's hardware or flow hardware On the internet type people just send it directly to IP 6 input Otherwise it goes to ethernet input and it splits off here depending on what what the e2 type you have and it sort of trickles through this This graph checksum is already done by the by the neck and then it goes to the for look up and you can do You know rewrite or you can do low balancing In case you have you know multiple adjacencies going to the to the same destination in the food So you end up, you know with Most of the other frame are going more or less the same path because what we've seen in in real traffic is that You know the the next packet pretty much looks are quite likely to look like The one you're dealing with now Blah blah blah So I was thinking I should show you one Network function that that we built on top of EPP. This is a very very simple one I don't know if anyone knows about In the eyes I'm also in the ITF and we done lots of work on on v4 to v6 transition mechanisms And this is one of these How can you make v4 live forever? mechanisms which tunnels v4 over v6, but it it splits the v4 address So if this is an a service provider and it has you know a thousand you can take one single v4 address and split it among a thousand customers And each customer then gets 64 ports of utp and TCP space No other transport protocol works Well, if you're so stupid that you can't use v6. Well, that's what you get Well, so that's a fun thing now with with you know Yeah, well these people who refuse to move to v6 and and they think that v4 will just continue to work the way It's always worked, but not absolutely not. I mean we're we're Day by day making v4 work worse And you just have to learn to live with that So we're you know seriously thinking about you know one of the issues with these tunneling things which I'm sure you guys have Experienced as well as fragmentation And we have a draft coming up at the London ITF now in March where we should basically say well Don't do fragmentation because it's you know, it sucks. I'm gonna throw your fragments away anyway, so Which makes you learn people learn application developers learn very quickly when you throw all their packages away then You sort of try something else But this is essentially, you know a v6 only access network v4 packet comes in here You look at the destination address and the port you do either an algorithmic mapping or or a table look up Figure out what the v6 destination address is send it here, and then this runs a traditional not for four And the graphs nodes for that are Represented here, so you get the Ethernet input you do a bit more, you know v4 checking the packet We used to be for lookup table to find the particular Mapping table to use do the mapping Which generates a v6 packet do v6 rewrite and ship the packet back out again and Really, you know looking at this as a micro function. It's You can skip a lot of things right you because this package just loops around it goes into your Into your you know graph and comes back out again, there's you know same interface or there's no Complicated routing function you need to do here. This is just a bump bump in a wire so this is a few hundred lines of code 150 lines of code or something and For a particular project we did I'm sure the control plane was a million lines of codes it Which doesn't necessarily make too much sense But as you see, you know the only complexity here is what to do with fragmentation because a fragmented packet you don't see the TCP header and You can't do routing here unless you see there for information So you have to do virtual reassembly and you have to deal with fragments And let me see so I thought I for fun should just show you the code So this is oh This one no That one no that one no that one. Yes So this is the main graph function I can do that. I Have a Mac I can do anything. Oh My god, is that big enough? Yeah So here I get a frame and And left from tells me how packets are in the frame Then I spin through an outer loop through all those packets And I have one in the loop here where I spin through Two packets at a time Sorry, you know, it's quite simple. I have you know few buffer pointers few indexes the buffers So the four header and v6 header information and some port these are TCP or UDP ports and Then next tells me Where do I expect these packets to go next in the graph so they go to v6 look up And then To keep the Memory hierarchy busy So so now I'm processing in this loop. I'm processing packet zero and one But while I'm doing that I'm already Prefetching information and the headers for packets two and three so they're ready the next time I come around the track Then I will set up a few pointers here to To The next Next frames so these are the two next are the frames of in this case IPv6 look up So I just assume that things are going to go well That I can send this to the IPv6 lookup Graph note that might fail and then I will unwind this later Here I just get the pointers from the the buffer index I get the Heads v4 headers for both of these two I do a look up in the In smarter table I have to figure out to get a pointer to some domain information that which is specific for Which basically finds which v6 user this is And then I find the TCP ports You know decremented TGL lots of Let's see and then Yeah, I just do the Algorithmic mapping which is basically you take you 32. That's a v4 address you 16 is a TCP port I do a little bit of big magic or all that stuff and I return you The the first half of all the resulting v6 address And then I get I have a zero seven a similar function to get the v6 suffix Then I just knew my my buffer pointer round Slap all that information into a v6 header or two v6 headers actually like so I do everything here for for two packets at a time and then I do a little bit of checking to see if if What I expected to happen was was correct and then I Variated buffering and cube both of those two buffers and then I go back up again And then I have a similar loop just for for a for the single packet You know if I got 255 packets right there will be one left over and I do the same thing for that one as one and that does it sense Essentially all the code required for that for that, you know micro function if you like Right, so that's just an introduction of how you know vpp code can look like code is on github It's all open source or we do go into that repository And Yes, any questions so So actually the Could you repeat the question? Oh, sorry? Yeah, so the question is That you loop is it you know really worth it, you know, what gains do you see for that? I mean we do see Significant gains doing Do you lose actually to the extent that we're doing quad loops in the v4 look up node now? I Sort of remember the first, you know when I got a cbpp code I thought gee there must be a prettier way of writing this could there be you know domain specific language Or could you somehow make this less than some? So the guy who invented this day Barak yes, you know lots of emacs skeletons to sort of give you all the outline of this And and I would always write the single packet loop first And then when you optimize you and go back and and do the dual loop One issue is that it you know somewhat CPU specific right? So you might not get a quad loop might be great for you know the latest Italians it might not be the same on a different platform So I yeah, I I get your point right it would be a lot an improvement if this could be a lot more flexible and you could You know even dynamically adjust this right if you are at least generate code in it In a better way. Yeah If nothing else, thank you