[openstack-dev] [snabb-devel] RE: [Neutron] Building a new open source NFV system for Neutron
luke at snabb.co
Mon Jan 27 09:24:47 UTC 2014
On 23 January 2014 17:42, Calum Loudon <Calum.Loudon at metaswitch.com> wrote:
> That sounds fantastic. As an NFV application developer I'm very pleased
> to see this contribution which looks to eliminate the key bottleneck
> hitting the performance of very high packet throughput apps on
Thanks for the kind words!
A couple of questions on features and implementation:
> 1. If I create a VM with say neutron and Open vSwitch then I get a TAP
> device + Linux bridge + veth device between the VM and the vSwitch, with
> the Linux bridge needed for implementing anti-spoofing iptables rules/
> security group support. What will the stack look like with your NFV
> driver in place? Will your stack implement equivalent security functions,
> or will those functions not be available?
Snabb NFV will implement equivalent security functions, and these will be
configured via the standard Neutron APIs for Ports and Security Groups.
Our goal is to offload most of these functions to the NIC using hardware
features like Intel's Flow Director. Standard NICs actually have hardware
sitting idle that can do most of the work that iptables/ebtables/ovs/bridge
is doing for OpenStack -- we hope to put this hardware to work and free up
the CPU for running VMs.
The Snabb Switch traffic plane is internally structured as a network of
"apps" that each implement one networking function and are connected by
virtual Ethernet links (shared memory rings). This is a fairly accurate
illustration of the internal components of Snabb NFV:
2. Are you planning to support live migration?
This is a priority if-and-only-if KVM's basic live migration mechanism is
adequate for NFV applications.
Do you know? (are some operators evaluating KVM for live migration and
concluding that it is practical?)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev