+ All Categories
Home > Technology > Linux con berlin-2016-presentation-deitchera

Linux con berlin-2016-presentation-deitchera

Date post: 19-Feb-2017
Category:

Technology
Upload: deitcher
View: 184 times
Download: 4 times
Download Report this document
Share this document with a friend
35
Networking (Containers) in Ultra- Low-Latency Environments Avi Deitcher [email protected]
Transcript
Page 1: Linux con berlin-2016-presentation-deitchera

Networking(Containers)inUltra-Low-LatencyEnvironments

[email protected]

Page 2: Linux con berlin-2016-presentation-deitchera

WhoAmI?

[email protected]

Page 3: Linux con berlin-2016-presentation-deitchera

WhoAmI?

[email protected]

Page 4: Linux con berlin-2016-presentation-deitchera

WhoAmI?

[email protected]

(not24601)

Page 5: Linux con berlin-2016-presentation-deitchera

WhoAmI?•  Lifeintechbusiness:–  10yrslarge-scalemission-criKcalIT–  10+yrsconsulKng&training–  Somestartupsontheway

•  Avid(ifnotverygood)icehockeyplayer•  Long-Kmeloverofgreatengineering….whenusedtomakearealdifference

•  AtomicInc:– GeneralistpracKKoner

•  Networkjustoneelement–  Product:engineering:operaKons

[email protected]

(not24601)

Page 6: Linux con berlin-2016-presentation-deitchera

ALiVleHistory

[email protected]

Page 7: Linux con berlin-2016-presentation-deitchera

ALiVleHistory

Summer2015

•  FintechX:“Containerizeus!”–  Hint:Itisharderthanyou

think…andworthit–  Culture/process>technology

•  QuesKon:Networking?•  Answer:ScienKficmethod

[email protected]

Page 8: Linux con berlin-2016-presentation-deitchera

ALiVleHistory

Summer2015

•  FintechX:“Containerizeus!”–  Hint:Itisharderthanyou

think…andworthit–  Culture/process>technology

•  QuesKon:Networking?•  Answer:ScienKficmethod

Fall2016•  GoodpracKcedemands:

1.  RedotestswithnewopKonsandversions

2.  Maketestsavailable3.  Explainitallwell

[email protected]

Page 9: Linux con berlin-2016-presentation-deitchera

WhatIs“Ultra-Low”Latency?

[email protected]

Page 10: Linux con berlin-2016-presentation-deitchera

WhatIs“Ultra-Low”Latency?

1.  hVp://home.blarg.net/%7Eglinden/StanfordDataMining.2006-11-29.ppt

[email protected]

“every100msofdelaycosts1%ofsales”[1]

Page 11: Linux con berlin-2016-presentation-deitchera

WhatIs“Ultra-Low”Latency?

“extra0.5sinsearchpagegeneraKonKmedroppedtrafficby20%”[2]

1.  hVp://home.blarg.net/%7Eglinden/StanfordDataMining.2006-11-29.ppt2.  hVp://glinden.blogspot.com/2006/11/marissa-mayer-at-web-20.html

[email protected]

“every100msofdelaycosts1%ofsales”[1]

Page 12: Linux con berlin-2016-presentation-deitchera

WhatIs“Ultra-Low”Latency?

“extra0.5sinsearchpagegeneraKonKmedroppedtrafficby20%”[2]

1.  hVp://home.blarg.net/%7Eglinden/StanfordDataMining.2006-11-29.ppt2.  hVp://glinden.blogspot.com/2006/11/marissa-mayer-at-web-20.html

[email protected]

Not.Even.Close.

“every100msofdelaycosts1%ofsales”[1]

Page 13: Linux con berlin-2016-presentation-deitchera

Ultra-LowLatency

38messagesin7milliseconds1message(avg)every184𝓊-sec!

[email protected]

Page 14: Linux con berlin-2016-presentation-deitchera

TwoTypesofNetworking…

Direct

[email protected]

Page 15: Linux con berlin-2016-presentation-deitchera

TwoTypesofNetworking…

Direct Fabric+Overlay

[email protected]

Page 16: Linux con berlin-2016-presentation-deitchera

…maybefour

WorkloadAwareness

[email protected]

Page 17: Linux con berlin-2016-presentation-deitchera

…maybefour

WorkloadAwareness FabricAwareness

[email protected]

Page 18: Linux con berlin-2016-presentation-deitchera

NetworkingOpKonsDirectMetalmacvlanBridge/vSwitch(noNAT)net=hostSR-IOV

OverlayFlannelWeaveDockerOverlayCalico(IPIP)

WorkloadAwarenessDockerbridge(NAT)

FabricAwarenessCalico(NaKve)

[email protected]

Page 19: Linux con berlin-2016-presentation-deitchera

OurTests

WhatWeTested•  netperf⇒netserver•  UDP&TCPround-robin•  Sizes:300,500,1024,2048•  NoorchestraKon=complete

control•  50000iteraKons

–  Lawoflargenumbers•  Latency(Avg,%iles),CPU•  DifferenQals,notabsolutes

HowWeTested•  .net

–  Becauseithadtobemetal–  Wickedsmartteam

•  Completetestrun–  Networkchanges–  HardwarevariaKons,errors

hVps://github.com/deitch/[email protected]

Page 20: Linux con berlin-2016-presentation-deitchera

Localvs.Remote

[email protected]

Page 21: Linux con berlin-2016-presentation-deitchera

[email protected]

Page 22: Linux con berlin-2016-presentation-deitchera

[email protected]

Page 23: Linux con berlin-2016-presentation-deitchera

[email protected]

Page 24: Linux con berlin-2016-presentation-deitchera

LocalNetworkingSummary•  SR-IOVhorriblelatencybutgreatCPU– Holdthatthought…

•  net=hostonparwithmetal•  macvlanclosestvirtualizedtometal•  Restinsamerange:–  Latency:5-10𝓊-secoverhead–  CPU:negligibledifference

•  Calico(IPIP&naKve)&Dockeroverlayslightlymoreperformant(marginoferror?)

•  WatchoutforverylargeTCPpackets

[email protected]

Page 25: Linux con berlin-2016-presentation-deitchera

[email protected]

Page 26: Linux con berlin-2016-presentation-deitchera

[email protected]

Page 27: Linux con berlin-2016-presentation-deitchera

[email protected]

Page 28: Linux con berlin-2016-presentation-deitchera

RemoteNetworkingSummary

•  Weave(sleeve)addslatencyandCPU– Reasonfor“fastdatapath”

•  Again,macvlanbestvirtualized•  Alltherest:– Latency:within50𝓊-secofeachother,exceptSR-IOVwithverylargeTCPpackets

– CPU:similar,butkeepaneyeonFlannel(UDP)

[email protected]

Page 29: Linux con berlin-2016-presentation-deitchera

AboutthatSR-IOVType1:IntelI3501GbpsType3:MellanoxMT27500ConnectX-310Gbps

[email protected]

Page 30: Linux con berlin-2016-presentation-deitchera

SR-IOVSR-IOVdoesnotautomaQcallymeanbeWer

•  Switchinnetworkcard•  TradeshostCPUforcardprocessor•  Qualityvariesdrama3cally–  EvenMellanoxfarworselocally

•  My2€:SR-IOVfallsfurtherbehinddueto:–  SpeedofiteraKon–  Open-source–  Sosware+CPU

[email protected]

Page 31: Linux con berlin-2016-presentation-deitchera

Whatelsecouldwedo?Ø  OtherhardwaretypesØ  OthernetworkfabricsØ  Othernetworkoverlayversions(wehavethedata…)Ø  DockermacvlannetworkdriverØ  ipvlanØ  IPv6Ø  KernelandnetworkstacktuningØ  DistantnetworksØ  OthertrafficpaVerns(mulKcastvsunicast)Ø  Otherhost-to-hostencrypKonØ  OtherkernelversionsØ  OtherOSes(Illumos-based?)Ø  Awholelotmore…

[email protected]

Page 32: Linux con berlin-2016-presentation-deitchera

Headaches(andThanks)•  Headaches

–  WeaveSYN-(nothing)–  etcdis“touchy”–  PacketL3networkispowerfulbut…unique

•  Macvlan,weave,flannel:allrequiredpingsformac•  Sexngupbridgew/oNAT,Calico,macvlanwas“different”

–  SR-IOViscomplicatedandflaky,especiallyMellanox–  netperfwithUDPpacketscangetstuck(Calico-ipip)–  Andawholelotmore(askmeoffline)

•  Andthanks:

–  BryanBoreham,AdamHarrisonatweave.works–  ZacSmith,Adam,Aaron,Andy,Lucas,everyoneatPacket

[email protected]

Page 33: Linux con berlin-2016-presentation-deitchera

Conclusions•  SR-IOV:mostoftheKme,justnotworthit•  Performance:– Metal(+net=host):alwaysperformsbest–  Directnetwork++:macvlanisyourfriend–  Others:Roughlysimilar,carefulofWeave(sleeve)

•  What’syourusecase?–  ULL:Metal/net=host>macvlan>calico>overlay–  Everythingelse:Focusonyourarchitectureandskills

Pickintelligently:easier,notsimple

[email protected]

Page 34: Linux con berlin-2016-presentation-deitchera

Conclusions•  SR-IOV:mostoftheKme,justnotworthit•  Performance:– Metal(+net=host):alwaysperformsbest–  Directnetwork++:macvlanisyourfriend–  Others:Roughlysimilar,carefulofWeave(sleeve)

•  What’syourusecase?–  ULL:Metal/net=host>macvlan>calico>overlay–  Everythingelse:Focusonyourarchitectureandskills

Pickintelligently:easier,notsimple

[email protected]

Page 35: Linux con berlin-2016-presentation-deitchera

QuesKonsandhelp:@[email protected]


Recommended
Linux Containers: Future or Fantasy? - DEF CON

Linux Containers: Future or Fantasy? - DEF CON

Documents

Forensica Con Kali Linux

Forensica Con Kali Linux

Documents

Montar un Servidor con Debian GNU/Linux - · PDF fileMontar un Servidor con Debian GNU/Linux Carlos Lamparero Este trabajo se distribuye bajo la licencia Creative Commons Attribution-ShareAlike

Montar un Servidor con Debian GNU/Linux - · PDF fileMontar un Servidor con Debian GNU/Linux Carlos Lamparero Este trabajo se distribuye bajo la licencia Creative Commons Attribution-ShareAlike

Documents

Linux Day 2010: Virtualizzare con OpenVZ

Linux Day 2010: Virtualizzare con OpenVZ

Technology

Troyanizando Windows 10 con Kali Linux 2016 · Troyanizando Windows 10 con Kali Linux 2016 30 de noviembre de 2017 luigiasir.wordpress.com 2 Índice Introducción..... 3

Troyanizando Windows 10 con Kali Linux 2016 · Troyanizando Windows 10 con Kali Linux 2016 30 de noviembre de 2017 luigiasir.wordpress.com 2 Índice Introducción..... 3

Documents

Programmare in assembly in GNU/Linux con sintassi AT&T · Programmare in assembly in GNU/Linux con sintassi AT&T Fulvio Ferroni fulvioferroni@teletu.it 2011.08.05 Questo documento

Programmare in assembly in GNU/Linux con sintassi AT&T · Programmare in assembly in GNU/Linux con sintassi AT&T Fulvio Ferroni [email protected] 2011.08.05 Questo documento

Documents

Hacking con Kali Linux - hackeruna.com · Hacking con Kali Linux Guía de Prácticas Alonso Eduardo Caballero Quezada Correo electrónico: reydes@gmail.com Sitio web: Versión 2.7

Hacking con Kali Linux - hackeruna.com · Hacking con Kali Linux Guía de Prácticas Alonso Eduardo Caballero Quezada Correo electrónico: [email protected] Sitio web: Versión 2.7

Documents

olsr - CCC Event Blog€¦ · olsrd 0.4.10 – Linux, *BSD, Mac OS X, Windows Reasonably stable – Berlin and Amsterdam (More than 200 Nodes in Berlin) Plugin interface (OLSR …

olsr - CCC Event Blog€¦ · olsrd 0.4.10 – Linux, *BSD, Mac OS X, Windows Reasonably stable – Berlin and Amsterdam (More than 200 Nodes in Berlin) Plugin interface (OLSR …

Documents

Ubuntu Server con interfaz gráfica « Slice of Linux

Ubuntu Server con interfaz gráfica « Slice of Linux

Documents

Hardware accelerated virtio networking for nfv linux con

Hardware accelerated virtio networking for nfv linux con

Technology

Enterprise apps using ruby droid con berlin 2012

Enterprise apps using ruby droid con berlin 2012

Technology

Next Generation Data Forensics & Linux CON 10/DEF CON 10 presentations/DE… · Next Generation Data Forensics & Linux Thomas Rude, CISSP August 2002

Next Generation Data Forensics & Linux CON 10/DEF CON 10 presentations/DE… · Next Generation Data Forensics & Linux Thomas Rude, CISSP August 2002

Documents

Monitorización de Unix/Linux con Operations Manager 2007 R2

Monitorización de Unix/Linux con Operations Manager 2007 R2

Documents

Tuning Linux for your database OSDC Berlin 2016

Tuning Linux for your database OSDC Berlin 2016

Documents

Hacking con Kali Linux - municanta.gob.pe · Kali Linux viene con algunos servicios de red, lo cuales pueden ser de utilidad en varias situaciones y ...

Hacking con Kali Linux - municanta.gob.pe · Kali Linux viene con algunos servicios de red, lo cuales pueden ser de utilidad en varias situaciones y ...

Documents

Virtualizzazione con Gnu/Linux e Xen

Virtualizzazione con Gnu/Linux e Xen

Technology

Linux-Stack Based V2X Framework: SocketV2V All You Need to ... CON 25/DEF CON 25 presentations/DEF CON 25... · Linux-Stack Based V2X Framework: SocketV2V All You Need to Hack Connected

Linux-Stack Based V2X Framework: SocketV2V All You Need to ... CON 25/DEF CON 25 presentations/DEF CON 25... · Linux-Stack Based V2X Framework: SocketV2V All You Need to Hack Connected

Documents

Administrando tu parque de ordenadores Linux con MigasFree

Administrando tu parque de ordenadores Linux con MigasFree

Technology