 Yeah, that's okay. Thank you. So we talked a bit about VPP this morning But but I realized many people here may not know about about VPP So let me calibrate my presentation who in the room knows about VPP Okay, so some of you know but not everybody so I can what I can do is I can I can Share a few slides about what VPP is and then while While Jill gals was talking I did set up a quick container demo using using VPP so perhaps I will be here and it's very risky because I just did it now, so we'll see and Maybe we'll have one of those demo effect and then I will share with you slides Explaining how VPP is integrated into open stack with this networking VPP ML to driver Okay, so let me Share a few slides first quickly and then we'll go into the demo Okay, so VPP stands for vector packet processing It's a project. It's an open source project under Linux foundation And it actually it's it is actually under another umbrella project, which is FD.io, which stands for fast data.io VPP is a software that does packet processing. What that means is that? Reads packet and forward them and modify them and forward them again So this kind of of thing which is usually done in Linux kernel or in other packet forwarding or in hardware, right? So it's a software implementation usually it works on DPDK, but then you have all their net packet.io that on top of which it can sit and This project sits here in the in the in the stack so this morning Charles was talking about open daylight, which is here. I guess later in the afternoon in the days There will be a presentation about OPNFV So a VPP is really low layer right the thing reading packet forwarding packet and the thing which needs to be really really fast so this Fido project is actually a multi-party project with many people coming from many companies Contributing so we see people from Intel, ARM, Ericsson, so many many companies are actually contributors and It's a very active project, right? So here it's I won't go into the details But basically I took a three project in the same domain So OVS, DPDK and VPP and try to show the number of commits. So it's it's a very active project You have many components, but on that I will go quickly. So that's the thing I'd like Well that I will go quickly Why is VPP fast and what is what is that really? Okay So what VPP does is it it treats packets and forward them So that does layer 2, layer 3 and now we also have layer 4 What is extremely important to understand is the secret source of VPP and don't tell it because it's a secret source it's it works with vectors of packets in order to Make the best use of Instruction cache as well as data cache, right? So what we do is when we have to process a packet We go through several nodes So for instance we can read packet from DPDK and then we'll get a bunch of packet from DPDK There will be processed at the internet level and then we perhaps will do IPv6 or IPv4 We do a lookup and then we'll forward it, right? So we have several steps, right? If you look at the usual cut data pass The usual cut for data pass. It's actually pretty long, right? So you have a lot of instructions to do because forwarding a packet is not that simple You may have to do a occult you may have to do not not or not You may have to do many many things, right? So it's a lot of lines of code and what what we are trying to do is to make sure that when we execute an Instruction to process a packet this instruction is actually in the cache of the CPU So how can we do that either we increase the instruction cache size? And I guess our friends from ARM from Intel they are all doing that But what we can do as well is try to be smarter in writing our software and instead of executing the full Data processing the full code for every packet and coming back again What we can do is have a small portions of code that are and that are applied to a bunch of packets So this bunch of packet is actually called a vector and what we will do is we will Execute a limited number of lines of code on this bunch of packet So with that we make sure that The code is always or 99% of the case the code is in the cache And then all the packets will take benefit of that because the penalty to fetch the cache The code from central memory is actually huge when you are processing millions of packet per second So that's really what VPP is about so that's secret source number one secret source number two is Okay, let's assume. We are good with our cache for the instruction We need we now need to also to make sure that when we have we are fetching data to process the packets the data here as well so in order to do that we We will process packets with a quad loops or dual loops, and I will show you how so This is a very slow animated slide. So I ate that So you have your vector of packet which arrives from your nick card, right or any other thing could be through DPDK If you have a VM that can come from a via a user interface that can come from regular Linux kernel and this vector of packet will arrive here and basically will process this vector of packet and Because we always have the we always process a vector. So let's assume. We are in this node called IPv6 rewrite When packets or packet zero is being processed Probably the code won't be in the cache because before that CPU was executing IPv6 lookup and before that he was executing IPv6 input so probably when when packet zero will be processed There is a very little probability to to have this The code of IPv6 rewrite in the instruction cache But but now the beauty of this model is that for packet one two and three They will all have the benefit of the car of the cache warm-up which was done for for packet zero So that is really One thing which is fundamental in VPP. So if processing this graph is slow What that means is when we will then come back to the AF packet input or to the Dpdk input will probably have a lot of packet waiting to be processed. So what we do in VPP is we tend to measure What is the vector size? So if we have small vectors that means that? VPP is doing nothing because it don't Because it's processing very small vectors and when VPP is very very active or when there is a lot lot of packet to Be processed then we'll have we'll have long vector So so the size of vectors is typically between one to two hundred and fifty six and if you have two hundred and fifty six vector size that means that Your CPU is under high pressure if it's if you have small packets It means that your CPU is no is doing nothing So that is that is what we do for For to process packets, of course You may have vectors that do not go through the same through the same path in this graph like here You have a packet which is an art packet. Of course this packet will won't go here So we are not saying that all packets have to go in the same path in this in this graph Okay, one of the beauty of this model as well is This nodes are actually dot SO file, right? So it's really easy to extend if one wants to add nodes to do some special processing I don't know that maybe for for a curl that can be for whatever you want It's really easy to extend you just have to write a node here You do not modify the rest of the code So you can localize of your specific plug-in that can be open source or even closed source You do whatever you want with that you are you have you have your plugins And you can extend this graph at runtime without having to recompile VPP So that is something extremely powerful and You can think about hardware acceleration like we see people having unique cards Which are able or accelerators which are able to do crypto for instance In that case or that can do the first, you know levels of processing in this graph So that so of course VOS user and AF packet input these are software nodes But nothing for but forbids you having cards which will do some level of processing and inject Packet later in this poll in this processing graph in VPP Okay, that I will skip numbers When I when I say fast what what do I mean? So just few graphs and and I'm sorry. This is a bit all the Version and we can't read anything resolution is not good enough. Can you read something? No, it's It's it's actually very hard. So trust me that doesn't work Can we zoom in and I will show a live demo because slides are good But demo are better. So after that I prepare kind of a demo risky demo, but we'll see What is important here is I did a test with IPv4 and test with IPv6 By the way, we have with VPP. We have also a testing infrastructure, which is all public You can it's called CC it. It's in the cloud. You can connect to it It's under the Linux foundation and you can rerun the test Read the measurements all that is public. So We is what is interesting here is So we have IPv4 and we have IPv6 and what we did is we increased number of calls, right? To do routing what routing means it it means three operations Basically one is receiving packet two is taking your routing decision and three is forwarding the packet, right? so with two calls we do like 20 24 million packet per second whatever is packet size, right? So that is really good and and and one of the beauty of this model is that when you are adding calls Yeah, you have a linear increase of the performance with a number of cores That's extremely powerful because we did this test from two to two thirty six course And we see this line your increase thanks to this cash effect that we are taking so so that is really good This is with 1 million IPv4 entries and we have exactly same effect with IPv6 Where we have we are increasing number of calls and we have the same linear increase, right? Here it's 24 million packet per second on two calls which means 12 million packets per second per cause You seem a bit sleep I mean wake up 12 millions packet per second, right? Thank you 12 million packet per second per core receiving for routing and and then forwarding if you do the math That's not a lot of cycles per packet, right? So that's what we do in this test and then we did the same for It sounds like some people are still doing switching in this world So you have a layer 2 processing here and with with a layer 2 processing. This is a 20 million packet per second per core with the same linear increase, right? so that is pretty cool and Now it's enough talking and forgive me if that doesn't work because I just did this demo before Here it is so What I did here is I have I have two containers with an IPv4 address each IPv4, sorry about that and And and what I did is I put VPP to connect those two guys And I will run an IP of client and an IP of server between these guys, right? So and then please help me praying the user the gods of demo We'll see whether that will work So where where I'm lost Okay So I puff To a regular Linux containers running I puff it's it's this this is not a bare metal server This is actually this is a VM, right? So I have two containers in a VM Okay, running in a VMware if I remember correctly and and these two containers can do with with a regular TCP connection with VPP in between like 37 gigabit per 36 37 gigabit per second So that's cool, but I told you before what is actually important is what is the vector size for that, right? So what is let's have a look at let's have a look at vector size so so we have a magic comment for that So vector size So these are the nodes in the graph so you remember the graph in the graph we have the we have all these those nodes and vector size is thank you is six dot 93rd right for this top zero output and and And for the TX as well What that means is what that means the way you have to understand that is if we come back to this presentation Which was here When the vector when the vector of packet arrives, we typically process six packets here, right? That's the average we do In order to process 40 gigabit per second in regular Linux kernel Which is fun is that the bottlenecks so that and so so the but when when we are only processing six packets That means VPP is not the bottleneck here What that means is Let's have a look with with the bottleneck then so let me run again this hyper and So I don't know if you are familiar with H top, but the red is kernel processing The green is VPP VPP is in polling mode So it takes 110 percent CPU when it has to work right so in red this is a TCP stack so the TCP stack is actually the bottleneck here and If I stop my traffic, of course now everything is at zero VPP He does have this call so-called adaptive mode when there is traffic pressure It starts pulling the packets right so it's an active loop But when it when it When there is no longer a lot of traffic pressures and it stops doing that to avoid burning one core So that is what is VPP, but this presentation was supposed to be about networking VPP and I only have 10 minutes So I will what I will do now is I will switch to the other presentation Explaining you how that that can be integrated into open stack Because all that is useless if that is not Integrated somewhere Okay, so networking VPP is an ML to driver for open stack It was primarily designed to support NFV right at the beginning What are the open stack features we support with VPP VLAN VXLAN? VM connectivity is only with VOS to the interface otherwise. That's that's too slow We support many security features including regular open stack stuff such as security groups But very advanced stuff such as JSON web token with certificates I will show you what that means and we do layer 2 and layer 3 with a chair and all those stuffs so Networking VPP has this architecture. It's a TV centric What that means is when you want when when you turn up to create a port instead of communicating directly with With the compute nodes what it does is it will put that in at CD and then The the compute nodes will be weaker We will wake up and we'll take into account that stuff That is really cool because the problem with open stack in such a distributed system is you don't know When a failure will arrive, but the failure will will arrive at some point and what we are doing here is we are making sure that when Let's assume Neutron wants to create a port on this VM Okay on this on this compute node if this compute node is dead for some reason sorry rebooting or whatever you want When it will restart it will actually fetch the states from at CD instead of reading that them from from Neutron so it's kind of intent based networking if you will because Neutron is writing its intent the desired states in In at CD and then the compute nodes are actually reading these those desired states and If the agent so let me show you what that means So typically creating a port will go through these several steps So first there is Neutron asking to create a port then this is stored in at CD Later that will be Understood by the agent and then the agent will send the feedback and will notify Neutron so that the VM can be created If for some reasons the agent crash what it will do when it when it will restart it It will do what we call state reconciliation What that means is every object within VPP comes with a unique ID and when we restart this agent will actually fetch the state from from at CD state fetch the states from from VPP and will Reconciliate the we will do a diff between those guys and and and remove states which are useless now and include new states Which are required? So that is something interesting Also interesting thing is it's very much at CD centric, which means that if for some reasons at CD fails There is another one which can end over there are many many cool features with with networking VPP One of them is now we have this Redulency between layers three routers Based on keeper live D. So that is so if one dies then the other one can end over. So that's also extremely useful in production Security Security we have a role-based access control So when only few compute nodes the compute nodes comes with rights and there you cannot write and read anything in at CD So basically if there is a malicious compute node for some reasons then you are sure That the database cannot be overwritten by someone who doesn't have the rights. So that is another cool feature We have these Jason web tokens that can make sure that The states which are written in the database have been written by the right compute node. So we have all that right? So I will just go to the roadmap slide We are now have a lot of features the next thing we need to work on is this villa nowhere VMs that we don't have and Have a better app ending for for v6 So these are really the remaining features we have now and you are more than welcome to contribute or to test it If you want I realize I may no longer have time. So do you do we have time for questions or? Okay Yep, five minutes to until the start of the next presentation before questions I just like to for those who aren't on the mailing list. We're having a gathering. There's some space in the man can piece cafe Later this evening from 730. So you're all well Some of you are welcome to join us come along if there's room there's room and if there isn't room Then then it's it's also the center center center part of town. So and so it's a big enough place We should be able to fit a good number of us in With that any questions about VPP VPP or VPP used to connect containers or for open stack I know it was a lot of things being showed in these Presentation there is there is another VPP presentation later, which will go into more detail I think in the in the higher-level technical details of VPP Anybody have any questions you shout it out. I'm Jean. Can you? The question just for the record the question was does the agent of VPP replace replace the agent of neutron on the compute nodes I will answer So there is an I Mean there is not an agent for for a neutron in general people are you people may use will be the agent Which which is on the compute node will depend on the virtual switch you will use right? So if you are obvious you will get a neutron agent if you are using You know regularly the next bridge you will use another agent So we have written an agent which is running on the compute node and that will drive VPP So yes the agent on the compute node Replaces this agent because this agent knows how to talk to VPP and knows how to talk to hcd. I Actually have a question as well. Is this different from the honeycomb agent? It is absolutely Honeycomb is is a net confiung agent and here. It's an hcd thing right so it's this one is written in python You said VPP run mostly on top of the pdk I know there is also an option to run on top of ODP Please can you explain the benefit? sure, so in the past in the past VPP was tightly coupled with the pdk and during the last version what we did is trying to have Dpdk being a plug-in an important plug-in, but but just a plug-in beside others So there are many reasons why not having not using dpdk So for instance in the demo. I was showing before I was connecting regular containers, which doesn't work with dpdk. So So on ODP right now I Don't know to be honest with you because I have not done a lot of tests a lot of tests with it But I know people who are using with it working with it So I guess there may be some better performance with some new cards, but I'm not too sure about that So I don't want to answer so last question Anybody else have a question? I'll go beyond the usual suspects. Yeah So the question was can you use the VPP agent along with the OpenStack enables this option to have hierarchical driver So I I don't see good reasons why that wouldn't work, but I don't really see the benefit of doing such a thing Right, so in theory. Yes, but why would you do that? I mean if you use one for water It's probably for a good reason. So I don't see why you would you would have those two guys Was that alongside just again for the recording that the VPP agent alongside the OVS ML 2 Okay, well or another costume agent It looks to me a bit like a Frankenstein solution, but but but why not why not? Okay, that's World of time so thank you very much So my next speakers I will be meeting them for the first time on the stage so