1 of 24

CNF Testbed Multi-Gateway Use Case

NSM Enabling More Complex Use Cases in the CNF Testbed

Taylor Carpenter

taylor@vulk.coop

taylor

Nikolay Nikolaev

nnikolay@vmware.com

nickolaev

2 of 24

Presentation Prepared By:

Taylor Carpenter

@taylor

Michael S. Pedersen

@michaels

pedersen

Nikolay Nikolaev

@nickolaev

3 of 24

Agenda - 30 Minutes

  • Contributors
  • Intro to CNF Testbed
  • Overview of components, stages and structure
  • Use case: multi-gateway + packet filter
  • Q/A
  • Stay Connected

4 of 24

CNF Testbed Contributors

Dan Kohn

@dankohn

Ed Warnicke

@edwarnicke

Taylor Carpenter

@taylor

Denver Williams

@denverwilliams

W.Watson

@wavell

Lucina Stricko

@lixuna

Michael S. Pedersen

@michaels

pedersen

Robert Starmer

@robertstarmer

Peter Mikus

@rpmikus

Maciek Konstantynowicz

@maciekatbgpnu

Nikolay Nikolaev

@nickolaev

Fred Sharp

@linkous8

5 of 24

CNF Testbed Contributors

6 of 24

Cloud Native Network Function (CNF) Testbed

Intro

7 of 24

CNF Testbed

  • Open source initiative from CNCF�
  • Collaborating with CNCF Telecom User Group�
  • Testing and reviewing emerging cloud native technologies in the Telecom domain�
  • Funneling the new technology to early adopters�
  • Providing fully reproducible use cases and examples�
  • Running on top of on-demand hardware from the bare metal hosting company, Packet

BARE-METAL�SERVER

BARE-METAL�SERVER

HARDWARE

NETWORK FUNCTIONS

OPENSTACK

VIRTUAL MACHINES

VM

#include

#include

KUBERNETES

CONTAINERS

8 of 24

We Welcome Your Participation

  • Replicate our results from github.com/cncf/cnf-testbed with an API key from packet.com/cnf
  • Package your internal network functions in containers (ideally following cloud native principles) and run on your instance of the testbed
    • We don’t need to see the code but would love to see the results�
  • Create pull requests to have the CNF Testbed run on your bare metal servers or other cloud bare metal servers like AWS i3.metal

9 of 24

Components, Examples and Use Cases

10 of 24

Components of the CNF Testbed

  • Hardware provisioning (eg. Packet machines)
  • Workload provisioning (eg. K8s, OpenStack, SRIOV, VLANs)
  • Use Cases and Examples
  • Network Functions (eg. Packet Filter, NIC Gateway)
  • Testing tools (eg. NFVbench)

11 of 24

CNF Testbed Software Components

QEMU/KVM

VM NF

VM NF

VM NF

Kernel

vhost-user

DPDK

VPP vSwitch

VPP Neutron Agent

Ubuntu 18.04 LTS

OpenStack controller

Kernel

OS “rocky” services�Neutron, API

etcd

HW GW

Container NF

Container NF

Ubuntu 18.04 LTS

Kernel

K8s

NSMgr

NSM Forwarder

DPDK

Kernel

K8s

Kubernetes master

Packet API

DPDK

TRex

NFVbench

DPDK

TRex

Kernel

Docker

memif

12 of 24

Overview of Infra Provisioning

  • Underlying physical infrastructure
    • Terraform + Ansible
    • Packet Machine, network provisioning
  • Kubernetes workload infra
    • Kubespray (via k8s-infra), Helm/kubectl, Ansible
    • Node host configuration, K8s add-ons

13 of 24

Overview of Examples and Use Cases

  • Structure (eg. tools, examples)
  • Multiple types of examples (infra, workloads)
  • Different implementations
    • Out of band
    • Multus
    • DANM
    • Network Service Mesh

14 of 24

Multi-Gateway + Packet Filter Use Case

15 of 24

Use Case: Multi-Gateway + Packet Filter

  • Github use_case/nsmcon-ext-pf
  • 2 client containers, packet filtering NF, 2 gateway NFs
  • Each GW has dedicated access to a single physical network port
  • Multiple service chains with private networks
  • DPDK + VPP-based access to Packet’s Intel x710 NIC
    • n2.xlarge machine type
    • host provisioning required
    • privileged GW container
  • Helm and NSM

16 of 24

Example #3 Multiple Network Paths for Clients

Kernel Client

VPP Client

NSM Forwarder

Ext. System #1

Ext. System #2

K8s Node

vEth

Memif

Packet Filter

Memif

Memif

Ext. Gateway #1

Ext. Gateway #2

17 of 24

Provisioning the Network Service

  • Network Service - descriptor + service chain composition + deployment
  • Packet filter NF
    • VPP: ACL-based filtering + routing
    • NS Endpoint
    • NS Client
  • Physical NIC GW
    • VPP + DPDK
    • NS Endpoint

18 of 24

Accessing the Network Service

  • Clients request access to the service chain
    • Side-car container
    • SDK client

19 of 24

Stay Connected

@nservicemesh

@cnftestbed

20 of 24

Connect with Network Service Mesh

    • Create issues/PRs on GitHub:
    • Join the #nsm channel on CNCF slack
      • slack.cncf.io
    • Subscribe to the Network Service Mesh mailing list:
    • Attend Network Service Mesh Working Group meetings:
      • Weekly: every Tuesday at 8:00AM PT
      • Biweekly: every other Tuesday at 10:00AM CET
    • Follow us on twitter: @nservicemesh

21 of 24

Connect with the CNF Testbed

    • Create issues/PRs on GitHub:
    • Join the #cnf-testbed channel on CNCF slack
      • slack.cncf.io
    • Subscribe to the CNCF Telecom User Group mailing list:
    • Attend CNCF Telecom User Group meetings on Zoom:
    • Follow us on twitter: @cnftestbed

22 of 24

Questions?

23 of 24

Thank you

@nservicemesh @cnftestbed

24 of 24

Thank you to the sponsors of the �Inaugural Network Service Mesh Con