hw acc for nfv - events.static.linuxfound.org · hw crypto( front end ) session initial set key...
Post on 19-Sep-2020
9 Views
Preview:
TRANSCRIPT
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
47pt
30pt
反白
:
FrutigerNext LT Medium
: Arial
47pt
黑体
28pt
反白
细黑体
HW ACC for NFV
taoyuhong@huawei.com
arei.gonglei@huawei.com
Yuhong Tao, Lei Gong
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
NFV and HW acceleration
HW Accelerators under Linux
First Part: Crypto Accelerator
Prototype
Front/back ends crypto in Linux Crypto Framework
Multi-process support & asynchronous operation
Test Environment & performance
Summary
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
NFV and HW acceleration
Special computer systems are build as
network devices, to meet CT’s requirement.
Server Computer
& Linux OS
High cost both in financing and time
Services are difficult to scale up/down
NFV
Virtualization
technology with HW
accelerators
Embedded
network
devices
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
VNF Application
G-API Legacy-API
Acceleration core( AC )
r
Accele
ratio
n M
an
ag
em
en
t Layer
g-drivers
(For PV)
SW/HW Funcs
SIO + VirtIO HIO( e.g., srvio)
VM0 VM1 VMn …
SIO backend
Accele
ratio
n M
an
ag
em
en
t Layer
SW Routing Layer
Acceleration core( AC )
r
g-drivers
(For PV)
SW/HW Funcs
HIO
The latest OPNFV standard allows different
kinds of virtual machines to achieve NFV.
We would like to build our Hardware
accelerations in SIO+Virtio mode with
Para-virtualization
PV is Linux Standard (KVM)
Generic Linux device drivers for accelerators
HW ACC has no number limitation for VMs
HW and SW are decoupled
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
NFV and HW acceleration
HW Accelerators under Linux
First Part: Crypto Accelerator
Prototype
Front/back ends crypto in Linux Crypto Framework
Multi-process support & asynchronous operation
Test Environment & performance
Summary
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
HW Accelerators under Linux
Crypto Package
processing Codec
Linux Host
Virtual machine
VNF App
An universal I/F of HW
acceleration for programs
running inside the VM
under Linux
Virtual machine
VNF App
Virtual machine
VNF App
Hardware Devices of accelerators for NFV
Compress /
Decompress
What we need?
Interest
for
recent
VNF applications is running on
Linux user space, hardware
devices are invisible for them
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
NFV and HW acceleration
HW Accelerators under Linux
First Part: Crypto Accelerator
Prototype
Front/back ends crypto in Linux Crypto Framework
Multi-process support & asynchronous operation
Test Environment & performance
Summary
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
First Part: Crypto Accelerator
Based on Linux Crypto Framework
Verify/signature cipher
信degist
Encrypt
Decrypt
Linux Crypto Framework
Cryptographic hardware
Kernel AF_ALG Cryptodev
For Linux, new crypto algorithm(hardware driver), can be
registered into Linux crypto subsystem.
User Applications
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
Page 9
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
NFV and HW acceleration
HW Accelerators under Linux
First Part: Crypto Accelerator
Prototype Front/back ends crypto in Linux Crypto Framework
Multi-process support & asynchronous operation
Test Environment & performance
Summary
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
Page 11
Prototype ( Front/back ends crypto in Linux Crypto Framework )
Linux Crypto Framework
HW Crypto( Front end )
Encrypt
Decrypt Guest
host
Cryptodev-linuxx AF_ALG QAT
OpenSSL
APP
HW Crypto( Back end )
Cryptographic HW driver
Linux Crypto Framework
HW Vendor’s SDK
自定义SDK
算法注册
Vendor write his
device driver
under Linux
Crypto Framework
Adaption
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
Page 12
Prototype: multi-process support
Linux Crypto Framework
HW Crypto( Front end )
Session
initial Set key Encrypt
Decrypt
Algorithm
Key
Request Request
data data
exit
Guest
Host
For one task, a session will be created at the
backend, all encrypt/decrypt operation request of
this task belong to the session.
Thus, the backend complete every request without
any demand of sequence transmission.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
Page 13
shm_alloc( szie )
VM
Backend
APP
session
APP
req req
req
session
req req
req
req
VM APP
session
req
Crypto requests of different tasks from one VM can be distinguished by their Sessions
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
Page 14
Alg
request
Current Process
Busy
request
awake callback
request
awake callback
Crypto Framework
Wait/sleep
async
done
Alg frontend
Frontend_request
&Transform_request
Guest
host
Linux Crypto Framework
assigned an awake callback for
each asynchronous request
Just keep the address
of frontend request in
the backend request,
when encrypt/decrypt
is done at the backend,
we can tell the
frontend which process
need to be awaked,
Prototype: asynchronous operation
Backend request
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
Page 15
Prototype: Test Environment
CPU:Intel(R) Xeon(R) CPU E5-2640 v2 @ 2.00GHz (16 cores )
Memory: 198309704
Kernel: 4.1.0-rc2-0.11-default+
Guest IF: Cryptodev-linux
Simulator: Qemu-2. 2.0
Host IF: ivshmem Ivshmem is not an efficient way, we will improve this
in the next moment. Hardware: Intel QAT DH89500
Has Linux Crypto Framework Drivers
Actual encrypt/decrypt operations happen inside the
ivshmem drivers of Qemu simulator.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
Prototype: Performance
0
50
100
150
200
250
300
350
400
450
512 1024 2048 4096 8192 16384 32768 65536
CBC-AES-128(Mb/s)
Without ACC With ACC
Block Size
Speed
Support for NFV:
Crypto HW ACC
AF_ALG
Cryptodev
Openssl
Because we
are based on
Linux Crypto
Framework
NFV Applications
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
NFV and HW acceleration
HW Accelerators under Linux
First Part: Crypto Accelerator
Prototype
Front/back ends crypto in Linux Crypto Framework
Multi-process support & asynchronous operation
Test Environment & performance
Summary
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
Page 18
Summary
Add asymmetric keys support
Other accelerators
Performance optimization for crypto accelerator
Lightweight Solution for Linux
Universal Interface
Extensible
Portable
Next work
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
35pt
32pt
) :18pt
Page 19
Q&A
top related