 Hi folks, we're just going to give it another minute or two before we kick things off. Welcome. All right, we're going to go ahead and get started. Welcome everyone to today's LF networking webinar. The title and topic today is BPP in your home lab. Yep, right now today's webinar is comes to us from the FIDO team within LF networking. We've got a great group of speakers here for you today. So just a couple of quick housekeeping items before we do full intros. All of our attendees are on mute. However, if you have a question there's a Q&A window at the bottom right of your screen so feel free to type in a question anytime during the presentation. We will reserve some time towards the end for open Q&A, but feel free to type in your questions anytime some of our panelists may go ahead and answer those questions in text in the chat form. But we will reserve time for open questions at the end. And also this recording will be available for on demand viewing within the next couple of days so stay tuned for that all of our registered attendees will get a link email to them with the on demand link. Today's host is Audien Paxson. He is with NetGate and he is going to be speaking with Dan Struyfert. He's with ADSB exchange. Mike Jennings of Vox Telesis and Jerry Wilson with Region 5 Education Service Center. So without further ado, I'm going to turn the time over to Audien. Thank you. Hi everybody. My name is Audien Paxson. I'm a charge of product management at NetGate. And I'll be your host today. And as we talk about FIDO and VPP at a high level, how you can start using VPP in your home lab. And then we'll hear from three network operators and their journeys with VPP and to wrap things up at the very end we'll answer any questions that are submitted. So let's get started. At a high level for FIDO, this is a view of the presiding open source project where FIDO and VPP lives. In the stack diagram on the left you'll see that the Linux foundation has several open source projects from disaggregated hardware on the bottom of the stack up to the application layer at the top of the stack. And FIDO is one of the projects highlighted here in red in the middle, and it represents high performance IO services for dynamic compute environments. So if it looks small in this view it's worth noting by the way that FIDO is one of the founding members of the Linux foundation. And it's for people with network infrastructure providers, service provider organizations, cloud service providers, and vendors who want to leverage this technology for the commercial offerings. Technically speaking FIDO lives at the data plane. VPP enabled high performance software packet processing. It's done in software. It's in user space as opposed to kernel space processing. And it performs an action on a group or more accurately a vector of packets all at one time as opposed to processing a packet policy or an instruction on a single packet at a time. And this is what enables it to scale up to two or more orders of magnitude of throughput compared to what's possible in traditional kernel based processing. The vector of packets it subjects them to a graph note processing instructions a set of graph note processing instructions. And based on policy controls or program capabilities, you can force these packets to different policies or rule based engines and treat them according to how they should be routed were blocked if that's the case. And it's fully extensible and programmable through plugins or by building apps and it could be deployed just about anywhere on bare metal machines white boxes for tool machines and containers. Now that's just a quick high level to our VPP. I'd encourage you to go to the FIDO website for a much more in depth explanation of VPP. VPP is more than a project though it's a FIDO makes it consumable for a lot of real world applications and use cases that can leverage VPP certainly high performance routing which our guest speakers are going to be highlighting today. It includes over 80 features delivered as packages that enable the building of routers broadband network gateways cloud load balancers to intrusion prevention systems. And there's here's a few examples of some major communication network providers and equipment manufacturers that leverage the power of VPP in their commercial offerings. I represent neck gate down the bottom left hand side of this slide and 10 with we make tensor software. That's a high performance software router. To help help further promote VPP what we did is we made tensor available for free to make it easier for network operators interested in trying VPP. So, and that's available at no charge and this enables them to harness the power of VPP without having to spend time learning about the optional packages or doing any integration. So what you have to do to get started as you go to tensor.com to register will provide you a link to download the software it's a single software download that you, you can install and get started right away. And we also propose load loads of helpful documentation. So you get started deploying a full feature high performance router on your own hardware. So now I'd like to start, I'd like to introduce our first speaker who can go through an example of how he's using VPP Dan Struyfert with a DSB exchange. Hey everybody. Nice to be here. So yeah, we're a little bit of a unique application here. We are an aircraft tracking network and you can see kind of a map here of, you know, this is I think a 48 hour period of where we've tracked aircraft. And so, before we get started with VPP I'll just tell you a little bit about about what we do here. So this started as basically a hobby project in 2016 and uses software defined radio and a bunch of volunteers Raspberry Pis to send in this data from from all over the world. You know, it grew pretty quick and still is people, you know, send us send us their data about aircraft. And, you know, as sort of having a background is sort of a quote hobby project right. The budget was never very high, but with a background in, you know, network engineering and, you know, just general IT. I was, you know, kind of geeking out but so to speak on the on the back end and So, you know, as this developed, you know, we started getting a lot of different customers fortune 500 companies, the UN, all sorts of different all sorts of different folks wanted this data. And it was, it was pretty large data. So we had some, we had some requirements. Let's see. All right, go ahead and get on the next slide there. Yeah, there we go. Okay, so, like I said, you know, driving this was lots of data coming both in and out 24 7365. We were on AWS. Some of our instances were starting to get big the bandwidth costs were getting expensive. And it just wasn't a sustainable thing for project like this so we decided to move to a colo and with that decision. You know, we needed a router that could handle a lot of a lot of data, a lot of connections. So, looking at the solutions that were available, you know, the traditional vendors with anything that can can run, you know, 10 plus gig with BGP and that's going to be pretty expensive. I liked the open source software capability, you know, not not using those proprietary six would bring down the cost quite a bit. And we found VPP and tensor through sort of a unique path we started looking at PF sense again sort of opens open source based and then we discovered that you know net gate had this tensor offering with VPP. And that really worked well, you know, it was open source that kind of met with our needs and our budget. You know, there's always the option of course to build your own box but you know net gate had some some hardware that they sold as a package with everything pre installed and, you know, honestly that made things pretty easy to get started and quick. And we were able to adjust redundancy by just simply buying two units instead of instead of one. So, you know, having really no previous experience with VPP and DP DK. You know, it was, you know, in the beginning I was kind of, I was kind of worried okay am I going to be able to figure out how to run this thing but yeah I mean ultimately it was pretty easy. The commands are, you know, if you know if you're familiar with Cisco. You know the commands are pretty similar. And we ended up, you know, setting up an infrastructure like this using you know vrp for some redundancy here and so we're doing. So we've got a couple of 10 gig well we've got a 10 gig internet connection that we've got a couple other one gig connections direct connect and we're doing some, some things with BGP and, you know, some dedicated customer stuff with direct connect back to AWS. You know, really tensors able to handle this with no problem and honestly it's a fraction of the cost of, you know, some of the some of the big names stuff that's proprietary so it's, it was working out very well for us so far. So, you know my suggestion here if you got a similar need and maybe you don't have a huge massive budget or you're just curious, and you're familiar with Cisco and Linux, you know hop on board and check it out. Excellent. Thank you Dan. Very cool, very cool. Our next speaker is Mike Jennings, CEO and network operator for box tell us this. Hi, my name is Mike Jennings. We have a voice company that supports basically mainly business communications so we do sit teams integrations. This is for for a large voice application for emergency broadcasting services, and we need the ability to go from zero to 1000 real quick, and most of our infrastructure is built on open source technologies. We have to be able to develop into those technologies to support, you know, 10 calls to 25,000 calls on a dime. And so we were looking for a solution for routing. And one of the issues that we always run into is, is if we go with a commercial product as a scale, and if it does scale how much does it cost. And that's where we came across VPP. If you can go to the next slide. Oh, thank you. So, one of the requirements we needed for our solution was that application integration. Not just at the router level but at the actual device that we're servicing the IP for so if we have a RTP server or we have a media gateway or we have a some kind of hosted PBX we want the ability to to integrate the IP services where this IPv4 v6 is natting traffic shaping ACLs, all of that stuff at at the actual infrastructure level and have it be done automatically as part of our systems integrations. And we wanted the ability to turn this thing into a service so that it's not, it's not a piece of hardware that sits off the side that we call out but that it's completely integrated into how we deploy our infrastructure. So combining the firewall, route traffic management, all of that stuff needed to be integral to whatever we went with. The other requirements we needed was the ability to support DRM redundancy. Simple VRP if we're going to replace our core routers. Vlanning, lags, BGP all the standards, IPsec to replace our our Cisco IPsec firewalls. We wanted to be able to do ACL scale and do it by source and destination based on criterias that's set up in our infrastructure. So dynamically deploying ACLs based on information that we glean from the traffic or the customer requirements. Traffic shaping API for management and automation. And at the time that we started in 2019 we needed the capabilities for 40 gigabits. We also knew that based on our growth and the directions we're having, we're heading, we also needed to see source based routing and 100 to 400 gate capabilities at some point. One of the main integrations that we're looking at as a infrastructure component was the ability to integrate to KVM and Docker. That's changed a little bit as we've matured over the last few years, but as the original assessment this was on our plate. So, when we got into it we played it played around with with a bunch of different application space and VPP bird. Some other things that actually operate at the Linux, at the Linux interface on the actual device physical device and experiment with maybe building out a router. And the truth is that the amount of engineering resources that went behind it was outside of our scope, we just we couldn't meet that level. The question was how do we take VPP to production if it can service all these requirements and we like the thought of it but we just couldn't take that on as a as a development project internally. So tensor offered quite a few of the initial packages that we had looked at, but they put it all into a managed product. Although they're, although it's a commercial product it's a managed open source project all they're contributing back to the environment, they're contributing back to the different projects and so it made a opportunity for us to get into the open source product without having to do all the development on our own. So tensor really filled that that that group. So, where we're at today. We spent 2019 late 2019 and all of 2020 deploying into our two data centers. We have deployed IPv4 and v6. We've set the groundwork for anycast so that we can deploy our anycast networks to both data centers. We're also working on a third data center to bring up, and that will be happening in 2020. Well, at this point 2022 because just timeframe and everything's wild. The accomplishments in this in 2020 where we have fully redundant router nodes at each location. We're supporting the VRP be landing lags BGP. And we also have ACL integrated and working towards the automation of the ACL. And what we're working on now is migrating off of our Cisco IP sec tunneling servers and going to migrate that completely into our tensor platform. Traffic shaping is is something that we're looking at doing we haven't quite figured out how we're going to accomplish that, but it's something that that is going to be required for for us to really fully implement the anycast but we've had conversations with tensor and it seems like it's it's something that we're working towards and we'll be able to get there. 100 gig is already on the table. We just have to upgrade some some hardware and we'll be there. So it's it's once again we're back to this you know by the card by the infrastructure and and you're you're up and running you don't have to. We know that tensor will support it so we're not worried about it. The API management for automation is is already in the project path for the roadmap for our develops this year we actually already have a developer assigned to it, and they're working to integrating that into our switch directly so that we can build out the dynamic routing stuff right away. So, I took a three hour snapshot from our network. When I built the slide. And in this in this slide I'm showing basically our current traffic flow and where we're going to from it to and from Provo and Fargo. This is a single router in Fargo that I have a snapshot of the load on. We operate about anywhere just just under one load of one on that box and we've never seen any kind of contention or any packet restrictions were not over subscribing on memory. And this is this is about a gig of voice traffic this is all RTP so very small packet thoughts of them. We also noticed that this router has been up for 104 days we've had no problems. We were confident in the in the actual stability of it so because there's two routers and the way they built we can shut one router down it doesn't drop the traffic, bring the other router up to update it do patches on it whatever repairs and then swap it out and do the other and we we barely see any blips in our network so the DR is is extremely polished in the tensor product right now we're not had we don't have any problems that sometimes you run into with open source where it wasn't configured, at least on my side from a engineer's perspective properly so they've actually done all that work to make that easy. So, where we're going in the future. We're in the process right now of migrating all of our Docker micro services to Kubernetes, and we're in the process of my migrating all of our media RTP and sip to Docker. And because of the integration of VPP to Kubernetes and how we're going to be using bird with Docker, we're going to be integrating VPP from the host all the way up to the router, and it's going to be seamlessly integrated across both networks. So on the roadmap, any cast at the host dynamic ACL by endpoint IPv6 automation so there's always going to be some some issues where you have to convert do some IPv6 netting so that's something that's in the conversations and we're using tensor to accomplish and VPP to accomplish automation for IP sec, our customer based IP sec where they want to just set up a tunnel we're going to be doing that through VPP and tensor, we also have, we're also going to be removing the layer three from the edge. We're also going to layer just a layer two device at the edge for, for carry in integration. We're also going to be doing bird at the VPP bird at the host for VGP any cast integration of the host on the skunk work side of things this is stuff that's that we're already working with and we see the ability to to integrate with VPP and that is taking which is a monitoring tool that we're using right now for we're integrating into all of our Docker components containers is that that Prometheus monitoring will allow us to collect the collect and analyze data based on traffic and performance and infrastructure in the United States or Docker, whatever service we're getting that Prometheus information from create an analytic engine that comes with Prometheus and then help us to build DDoS prevention and security protocols directly into our front and ACLs that we're currently using with tensor. So people are looking at the automated tap for tracing and debugs. That is something that is, is very interesting to us to be able to, to pick a Pacific interface, pick a specific interface or vlan or device and tap that into a debug trace and do that all automatically so that's where we're going and that's how we're using VPP. I think that's very interesting. This is good stuff. And I'll remind everybody that if you have questions for any one of the speakers and anything you saw so far. Go ahead and put that into the chat panel and we'll cover those when we're done. Next, like to introduce Jerry Wilson he's the network manager at Region five. So yeah, network manager region five education service center. So what we are. We're one of 20 service centers that were created by the Texas legislature to support school districts in their academic goals. RS ESC supports about 40 school districts and that's about 90,000 staff and students. So the role of our service and what we do is we're kind of a support and guidance for school districts to help achieve the goals that Texas lays out for education and in particular my department. Technology is there to support the SC with technology obviously and also offer services districts and one of the ways we do that. Offering internet access we've been doing that for many years and that helps correct us towards the goal of effective and efficient use of technology and school districts. So, we have a number of our 40 school districts that get internet access through us. They also have some other services they take advantage of through us, but as you can see, we have our generalized network diagram you can see there we basically have them tied into our network, we have two ISPs for redundancy one of those is this learn network, which is a kind of consortium of education in Texas, and it offers some extra services like internet to access some period caching pretty good and DDoS mitigation. One of the things that we have to look at is bandwidth needs are increasing in school districts, one to ones, pretty common at this point, and a lot of school districts are getting higher speed links to us all the time. One of the challenges for us, however, since we're in education, we were basically acting like an ISP for them, but it's a small market it's obviously less than 40 school districts are not going to be any more than that. I mean, our revenues kind of more like a nonprofit we have to keep costs down and offer services just as good as an ISP are actually better in some cases because we really have a relationship with our customers. So, our previous solution. We had this more or less generalized network diagram here where we had a routing situation where we had a device that a limited number of 10 gig ports. We had limited throughput on it, five gig of it, but we could increase that it would cost more than we have to pay for licensing fees for that. We also have some support maintenance costs are kind of high with that because we need to make sure that if we have any kind of device failure we've got the ability to recover really quickly. It also provided some design problems for us a little bit you can see there that we have to, as people needed more and more 10 gig links to us we had to like kind of tie in with other switching infrastructure that we had and we didn't really want to go that direction. That's where the device we had was reaching end of life, and we're going to have to replace it. It was going to be expensive to replace and or upgrade it. So, we started looking around investigating our alternatives and our requirements for basically kind of what you see there we need some more flexible hardware with additional, you know, 10 gig links we need the ability to, you know, look at our distance at higher speed. We also need more throughput and be able to scale it up. Currently, we need at least a little bit over 10 gig to make sure we can support it. So, the other big requirement for us was that it had to be maintainable that we're not going to see growth in our, so to speak, we kind of have a limited market. Jerry, your audio just started to get a little bit garbled. I wonder if maybe mute unmute or wiggle something. Try again. Is that better. That's much better. Thank you sorry for the interruption. No problem. So anyway, I was just covering requirements, you know, we needed to make sure that we had enough 10 gig connectivity. We needed more scalable throughput and the ability to scale that up year after year as we needed without having to spend a lot of money. So the cost have to be maintainable. And another requirement really that kind of is inherent with this because we have a small staff and pressed for time a lot is that we didn't need to put a lot of extra work into it. So we were looking around. Most vendors, if it was going to have the throughput automatically just kind of solve for us, it was going to be really expensive hardware. And if it wasn't really expensive hardware, it just wasn't going to handle the throughput. And so we're looking at every network hardware vendor we could think of and we came across Netgate, which we were familiar with. And we saw tensor and we saw VPP and we thought, well, this is pretty interesting. I was actually kind of surprised. I knew it existed. I thought it was just code that vendors would use to build a product off of and that it wasn't anything you could really approach without, you know, without being a vendor basically. I knew it was open source, but I knew the work would be a lot. So tensor helped see me help me see it as a product something that you could take and you could put into practice really quickly. And it addressed all our requirements basically it checked all the boxes and we knew we could grow on it. So that moves me on to our deployment. So it was a really nice process. We took our old config and from our old router and put it to tensor and it was fully featured we didn't have to like say oh gee what about being able to do this being able to do that it just did everything. And VPP supports all the features that, you know, we would get out of another product, another vendor. We were able to rack it configure it power up new cables all within the same day it took very little time to put into actual performance, and the performance has been great. We didn't run into any question marks about you know throughput or anything like that maintenance has been easy we've been able to make config changes it's very. The documentation is clear it's very intuitive that you're familiar with Cisco or Juniper or any of the major vendors then it's very easy to go from that mindset to configuring VPP or tensor and upgrading spend just as easy as any other commercial router that I could get. So, we additionally got a cold spare to just to have, you know, some redundancy we're probably going to get a VRP eventually but it was nice to have it to kind of make changes on play around with practice on and just make upgrade changes and that was before the home lab was available. And now home lab makes that even easier. So, we could use to be PPP directly but we went the tensor route because we really, like I said small staff we needed to get started and have something that didn't take us a lot of time. So, where we are now what we've learned. And that was the answer. It's ready to go. It does what we need to do it's full featured. It's actually been around for quite a long time I don't know how many years but quite a while, the documentation is nice. It's a lot of really good information out there and tensor built a really nice product on top of it. The other really good thing is we know we have room to grow. We know we're not going to run into the same problem we just had in two more years we know that we can super scale this will probably have to get, you know, more capable hardware but it won't be super expensive. And we've got the software in place to do it. It's surprisingly easy and affordable to deploy like it says right there. I was kind of, you know, not sure at first and we thought it was a little bit experimental but it's, it just, it just worked. So I recommend if whatever size your organization is, you can do this download it follow the documentation and, and you'll be up and running it's, it's great. Excellent. Thank you. So, kind of wrap up everything what we've covered in summary here that DPP yields significant performance and ultimately some price price performance gains and is Jerry was talking about gives them provides you an option to be able to leverage software to be able to scale your, your deployment needs. So in each of these cases we saw all three of them. We saw deployments that had immediate increase in needs for throughput and bandwidth and growth. And then right around the corner next year for each of these, the need room to be able to add more bandwidth and capacity, and the available covers the ability to use software to do that. I think this make it really easy to make VPP consumable today with solutions are available from VPP and vendors that are highlighted there. And if you want to get started with it without having to jump in and download code and without spending any money. And then you can do that at tensor.com, just sign up for a subscription and then learn more about other options at phyto.com phyto.io specifically, the links are there at the bottom of the screen. So, and now we can field any questions from the attendees. So we have so far. Let's see just just a couple questions actually. I'll ask the attendees here first. How long does it take to get familiar with VPP and what skill sets do you guys think is required to give VPP a full valuation. And any one of you guys can go ahead and chime in there. This is Mike Jennings. You know, from a VPP perspective, if you're going to be using this at the, at the host or you're going to be building on top of VPP, you're going to need to have infrastructure. You're going to have to have experience with Linux and development and and Linux kernel and how you how you build it and assemble everything to get the full performance out of it. I mean, there are other systems like like bird and stuff that make that a little easier but and there's a lot of really good documentation on it. It's just that you're going to have to have a lot of familiarity with, with just how that all works. When it comes to what skill sets you need for tensor, it is like running a Cisco, it is like running any, any command based router or firewall that you've ever worked with. So Mike on that note, another question that came in is how do you leverage VPP with open source routing demons such as FRR bird. I think you mentioned a couple of those examples. So we don't. So we chose to go with tensor as our, as our, as our routing demon bird just basically allows you to, to integrate that into your VGP. But we're using, we're not like inhaling the entire route table with that with that Linux device we're just using it as a, as a negotiation and IBGP between that and tensor. So we're not using FRR at the host. We're relying once again on tensor which is using FFR, FRR for routing. And I mean, I didn't you would be better to talk to how you guys utilize it from our perspective. The VPP layer at the host is just that is just first off it's giving us that, you know, vector packet stuff at the host, and also gives us the ability with bird to do BGP to tensor. That's how we're utilizing it. Excellent. And also, we've mentioned several ways that Fido has made VPP more consumable and available either through commercial offerings or through software that you can download from Fido or from tensor.com. But we encourage any of the attendees also to look for opportunities to be able to contribute to the to the project as well. And see, there's, you can find out more information on how to do that at fight ft.io. And that's those are the only questions we have so far from the audience. So Joe, I'll hand it back to you. Okay, great. Thank you everybody we really appreciate you attending today's session. As I mentioned at the start on demand recording of this will be available in the coming days so look out for that if you're interested. And stay tuned for more LFN webinars we've got a couple more coming up this week as well so make sure you tune in and have a great day everyone thank you.