BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Pentabarf//Schedule 0.3//EN CALSCALE:GREGORIAN METHOD:PUBLISH X-WR-CALDESC;VALUE=TEXT:Software Defined Networking devroom X-WR-CALNAME;VALUE=TEXT:Software Defined Networking devroom X-WR-TIMEZONE;VALUE=TEXT:Europe/Brussels BEGIN:VEVENT METHOD:PUBLISH UID:11102@FOSDEM21@fosdem.org TZID:Europe-Brussels DTSTART:20210207T130000 DTEND:20210207T132000 SUMMARY:FastClick and Beyond: A Look at High-Speed Software Dataplanes and Their Upcoming Challenges DESCRIPTION:
In this talk, we first show how to prototype high-speed network functions with FastClick, an open-source packet processing framework, which comes with hundreds of pre-built building blocks and leverages DPDK or Netmap to build 100-Gbps-capable firewalls, load-balancers, NATs, or IDSes.
We then review the history of high-speed software dataplanes. We explain the evolution of graph-based (software) network packet processing from the early 2000s with the emergence of the Click Modular Router, and continue up to today's ecosystem, where many similar systems, such as VPP, BESS, and FastClick, coexist. We analyze the upcoming challenges to process packets at multi-hundred-gigabit-per-second rates. We argue that multi-hundred-gigabit networks should prevent performing memory accesses, as the interarrival time of packets is shrinking to a few nanoseconds, i.e., smaller than L3 cache access time. For instance, a 100-Gbps NIC could receive a minimal-sized frame every 6.72ns while operating at its maximum rate.
To address these challenges, we propose PacketMill, our latest work, where we discuss other efforts/optimizations required to improve the performance of packet processing. PacketMill's ideas are directly applied to FastClick, so it comes for free. More specifically, we develop/use a better integration of DPDK to minimize the memory footprint of the high-speed software dataplanes. Furthermore, we propose a pipeline to reduce the number of instructions required for processing packets by using new data structures directly derived from the graph of network functions and compiler optimization techniques.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:Software Defined Networking URL:https:/fosdem.org/2021/schedule/2021/schedule/event/sdn_fastclick/ LOCATION:D.sdn ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Tom Barbette":invalid:nomail ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Alireza Farshin":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:11172@FOSDEM21@fosdem.org TZID:Europe-Brussels DTSTART:20210207T132000 DTEND:20210207T135500 SUMMARY:Born Ready for Secure Terabit Internet! Tooling for Benchmarking. DESCRIPTION:Overview of fully automated open-source FD.io benchmarking (per patch, daily/weekly trending, per release) with focus on network data plane (VPP, DPDK). Quick walk through HW systems with CI'ed calibration and testing (Xeon, Atom, Cortex, EPYC, 10/25/40/100GE, QAT) and stateless / stateful network test methodologies using TRex.
Implemented benchmark and analytics strategies / algorithms for high volume non-stop CI benchmarks: i) optimized throughput rate discovery, ii) self-guiding soak tests, iii) per packet latency. Project achievements, lessons learned and a growing list of aspirations.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:Software Defined Networking URL:https:/fosdem.org/2021/schedule/2021/schedule/event/sdn_terabit_csit/ LOCATION:D.sdn ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Maciek Konstantynowicz":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:11213@FOSDEM21@fosdem.org TZID:Europe-Brussels DTSTART:20210207T135500 DTEND:20210207T141500 SUMMARY:Writing an Ostinato Protocol Builder DESCRIPTION:While the Ostinato traffic generator can import, edit and replay packets from PCAP files, most users prefer to craft packets from scratch using the Ostinato GUI which has support for common protocols out of the box. To add more protocols quickly and easily, Ostinato has a Protocol Builder framework using which new protocols can be added.
In this talk, Ostinato creator Srivats P shows you how to add a new protocol using this framework.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:Software Defined Networking URL:https:/fosdem.org/2021/schedule/2021/schedule/event/sdn_ostinatos/ LOCATION:D.sdn ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Srivats P":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:10984@FOSDEM21@fosdem.org TZID:Europe-Brussels DTSTART:20210207T141500 DTEND:20210207T143500 SUMMARY:hXDP: Efficient Software Packet Processing on FPGA NICs DESCRIPTION:I present a solution to run Linux’s eXpress Data Path programs written in eBPF on FPGAs, using only a fraction of the available hardware resources while matching the performance of high-end CPUs. The iterative execution model of eBPF is not a good fit for FPGA accelerators.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:Software Defined Networking URL:https:/fosdem.org/2021/schedule/2021/schedule/event/sdn_hxdp_fpga/ LOCATION:D.sdn ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Marco Spaziani Brunella":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:11067@FOSDEM21@fosdem.org TZID:Europe-Brussels DTSTART:20210207T143500 DTEND:20210207T145500 SUMMARY:NoRouter: instant multi-cluster & multi-cloud container networking DESCRIPTION:Setting up multi-cluster and multi-cloud container networking for dev environments has been too harder than it needs to be.NoRouter is a novel instant networking stack to overcome this difficulty, by transferring IP packets over stdio streams (aka "shell connections").NoRouter works with any container, any VM, and any baremetal machine, on anywhere, as long as the shell connection is available from your laptop, e.g. kubectl exec
, docker exec
, or ssh
.
NoRouter heavily focuses on dev UX and does not need any setup other than deploying a single binary and writing a short YAML manifest.And yet it works even without the root privilege.
More info: https://norouter.io/docs/
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:Software Defined Networking URL:https:/fosdem.org/2021/schedule/2021/schedule/event/sdn_norouter/ LOCATION:D.sdn ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Akihiro Suda":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:11147@FOSDEM21@fosdem.org TZID:Europe-Brussels DTSTART:20210207T145500 DTEND:20210207T153000 SUMMARY:Optimizing External Kubernetes Traffic with Cloud Native SD-WAN DESCRIPTION:Kubernetes is becoming the platform of choice for more and more application developers. As applications become more complex and more distributed, they may span multiple Kubernetes clusters, or a combination of Kubernetes and on-premise workloads. While internal traffic within a Kubernetes cluster is handled by the CNI plugin, the external traffic between these workloads, or from workloads to end users, is often carried over a Software Defined Wide Area Network (SD-WAN), which is used for traffic optimization. The Cloud Native SD-WAN (CN-WAN) open source project was created to help SD-WAN deployments to identify Kubernetes applications and optimize traffic based on application requirements, thereby bridging together the DevOps from Kubernetes' cloud native world with the NetOps from the SD-WAN world.
CN-WAN enables developers to annotate their applications, specifying the type of network traffic generated by the Kubernetes workload, and this information is then published into a service registry. The NetOps configuring the SD-WAN can take these annotations and develop network optimization policies with the clear knowlegde of the traffic type they intend to optimize.
Join us for this presentation, where we will describe the components of the solution, the interfaces between the components, and how you can adapt this solution to different SD-WAN products and service registries.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:Software Defined Networking URL:https:/fosdem.org/2021/schedule/2021/schedule/event/sdn_k8s_cloud_native/ LOCATION:D.sdn ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Lori Jakab":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:11120@FOSDEM21@fosdem.org TZID:Europe-Brussels DTSTART:20210207T153000 DTEND:20210207T160500 SUMMARY:Deploying eBPF, XDP & AF_XDP for Cloud Native DESCRIPTION:There’s a fast-growing industry trend in the adoption of eBPF to accelerate Kubernetes infrastructure (Cilium, Calico …). AFXDP is a new type of socket that is optimized for high performance packet processing based on eBPF and eXpress Data Path-XDP. XDP allows you to attach an eBPF program to a lower-level hook inside the kernel (aka the NIC Driver). It offers some very promising performance increases for microservices while allowing them to adhere to cloud native design principles. There are however some challenges for deploying a microservice based on AFXDP. This talk will cover an introduction to AF_XDP, why it is suited to cloud native microservices, how it can be deployed today and the deployment challenges as well as their solutions.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:Software Defined Networking URL:https:/fosdem.org/2021/schedule/2021/schedule/event/sdn_ebpf_afxdp/ LOCATION:D.sdn ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Dave Cremins":invalid:nomail ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Gary Loughnane":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:11154@FOSDEM21@fosdem.org TZID:Europe-Brussels DTSTART:20210207T160500 DTEND:20210207T164000 SUMMARY:Calico/VPP : All You Can Eat Networking DESCRIPTION:There are classes of workloads that are notoriously hungry when it comes to networking. Think big data, storage, analytics, 5G, virtual network functions, then encrypt it all at 40Gbps line rates. Kubernetes and the Kubernetes network model are increasingly seen as essential to help manage these workloads at scale. But the cost of containerization and container networking can be hard to swallow for workloads that are often used to having dedicated NICs and physical hardware. Our novel solution was to cook up a feast that is a fusion of two worlds: combining Calico, the popular cloud native Kubernetes network plugin, with VPP, a very fast and scalable userspace packet processing software. In this talk we will lift the lid on what we’ve been cooking and the key ingredients that made it possible to offer an all you can eat buffet for your hungriest workloads.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:Software Defined Networking URL:https:/fosdem.org/2021/schedule/2021/schedule/event/sdn_calicovpp/ LOCATION:D.sdn ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Aloys Augustin":invalid:nomail ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Casey Davenport":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:11134@FOSDEM21@fosdem.org TZID:Europe-Brussels DTSTART:20210207T164000 DTEND:20210207T170000 SUMMARY:Using WireGuard VPN DESCRIPTION:WireGuard is a simple, fast and modern VPN that utilizes state-of-the-art cryptography. It is quite flexible and can be used in many situations. In this workshop we will see how to install a WG server with docker-scripts, some of the usecases supported by it, and we will test/demonstrate a couple of them.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:Software Defined Networking URL:https:/fosdem.org/2021/schedule/2021/schedule/event/using_wireguard_vpn/ LOCATION:D.sdn ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Dashamir Hoxha":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:10910@FOSDEM21@fosdem.org TZID:Europe-Brussels DTSTART:20210207T170000 DTEND:20210207T172000 SUMMARY:Fast Wireguard Mesh: VPP + wgsd + wg = ❤ DESCRIPTION:We will show how to leverage VPP, wgsd and WireGuard to build a dynamic, fast and secure overlay network to interconnect service nodes wherever they are: on-prem, in public clouds or behind NATs.
VPP is one of the fastest and versatile open-source networking dataplane running on general purpose CPU, implementing network services such as routing, bridging, ACLs, cryptography and more.
wgsd is an open source project maintained by Jordan Whited implementing DNS Service Discovery for Wireguard endpoints and automatically interconnecting them through a mesh of Wireguard tunnels.
WireGuard is a new VPN technology created by Jason A. Donenfeld that is getting popular thanks to its simplicity.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:Software Defined Networking URL:https:/fosdem.org/2021/schedule/2021/schedule/event/sdn_vpp_wireguard/ LOCATION:D.sdn ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Benoît Ganne":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:10954@FOSDEM21@fosdem.org TZID:Europe-Brussels DTSTART:20210207T172000 DTEND:20210207T174000 SUMMARY:Is your elephant a gazelle? DESCRIPTION:Elephant flows appear irregularly, can consume almost half of the available bandwidth and are consequently associated with a host of issues. Securing elephant flows with IPsec is a well-known challenge to SDN and SD-WAN solutions on commodity hardware. The key problems for those developing solutions are:- How to seamlessly enable dedicated HW to accelerate IPsec processing when available?- How to distribute workloads to more CPU cores and maintain packets ordering to scale?- How to scale up/scale down the computer resource usage when the elephant flow appears and disappears?In this talk we will discuss our recent work done on open-source project FD.io/VPP to address the above problems. We will describe how we utilized and enriched the VPP architecture to accelerate on-demand IPsec elephant flow processing in a unified and seamless way.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:Software Defined Networking URL:https:/fosdem.org/2021/schedule/2021/schedule/event/sdn_ipsec_vpp/ LOCATION:D.sdn ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Fan Zhang":invalid:nomail END:VEVENT BEGIN:VEVENT METHOD:PUBLISH UID:11228@FOSDEM21@fosdem.org TZID:Europe-Brussels DTSTART:20210207T174000 DTEND:20210207T180000 SUMMARY:Community ID Flow Hashing DESCRIPTION:Network security practitioners frequently need to correlate logs and alerts produced by the systems installed in their networks. For example, a Suricata alert might require the context of Zeek's connection logs for the alert to become actionable. Normally the best way to make such correlations is by manually identifying the flow tuple involved, in each of the monitor outputs involved, around the timestamps in question -- a tedious and error-prone task.
To simplify this process we're standardizing a straightforward algorithm, dubbed "Community ID" (https://github.com/corelight/community-id-spec), that produces short textual hashes that reliably identify network flows directly at the source. Flow correlation then becomes a straightforward string comparison operation. Popular open-source network monitoring solutions now include support for this emerging standard, including Suricata, Wireshark, and Zeek, and there's a growing library of reusable implementations in various common programming languages.
In this talk we will motivate the Community ID standard, report on its current implementation status, and demonstrate it to the community.
CLASS:PUBLIC STATUS:CONFIRMED CATEGORIES:Software Defined Networking URL:https:/fosdem.org/2021/schedule/2021/schedule/event/sdn_community_id/ LOCATION:D.sdn ATTENDEE;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVIDUAL;CN="Christian Kreibich":invalid:nomail END:VEVENT END:VCALENDAR