KR102216976B1 - low latency high-speed flow analysis and processing method - Google Patents

Abstract

The present invention relates to a low latency high-speed flow analysis and processing method for open virtual switch offloading for a smart new interface card (NIC). The present invention includes: a step of confirming a 12-tuple flow in a work thread; a step of executing packet processing by searching for the flow; and a step of performing packet parsing through the packet processing executed in the step and transmission using veth and eth. According to the present invention, the server packing processing performance of the smart NIC has a direct effect on edge computing technique performance and has an indirect effect on edge computing resource and function virtualization performance. Accordingly, the present invention can be of great help for industries related to network function virtualization (NFV) and a software defined network (SDN).

Description

Low latency high-speed flow analysis and processing method

The present invention relates to a low-latency high-speed flow analysis and processing method. In more detail, by offloading to a smart NIC (Network Interface Card), you can maximize the available space available for server applications and reduce delays for packets that do not need to go through VNF (Virtual Network Function). It relates to flow analysis and processing method.

Network refers to a communication network that is a combination of communication devices, devices, and transmission lines used to interconnect these devices so that information can be exchanged with devices (telephone, fax, computer, terminal, etc.) located in geographically distant locations. . Communication devices and devices include circuit multiplexing devices, switching devices, and transmitting and receiving devices, and transmission paths are composed of various media such as copper cables, optical fibers, microwave links, and communication satellites.

Network Function NFV (Network Function) that implements software-centered networking through virtualization of network functions (mainly excluding dependence on hardware such as operating system (OS), central processing unit (CPU), storage, etc., or major means for integration) Virtualization) technology, SDN (SDN) that enables various network path setting and control by software, by separating network equipment into Control Plane and Data Plane, and providing an open API (Application Programmer Interface) that can define the functions of network equipment to the outside. Software Defined Networking) is rapidly emerging as a next-generation network that will innovate existing network technologies based on cloud computing technology.

Edge computing is a computing method in contrast to cloud computing, and is a technology for solving network instability, unnecessary data problems, privacy, and delay problems of cloud computing by allowing computing to be performed at the end of the network rather than in the cloud or the center.

Edge computing is also designed with virtualized SDN/NFS to implement software-oriented networking and control it with software.

In such a system, numerous packet I/O operations occur in the data plane area, and a software switch such as an OVS (Open Virtual Switch) is required for high-speed packet switching between VNFs.

One of the measurement methods using such a device is a flow measurement method. The flow is a collection of packets having the same characteristics, and usually constitutes a row of a table used in a relational model of a database. Packets with the same set of attribute values, that is, source IP address, right IP address, protocol number, source port number, and right port number) are defined as one flow.

Meanwhile, one flow may be defined by adding additional information in the packet as necessary or by omitting some of the 5 tuples in some cases.

In the measurement method for such a flow, first, a flow meter receives a packet and generates a flow in consideration of the aforementioned 5-tuple.

More specifically, a new flow is detected in the flow, the flow is maintained, the flow is determined to end, and the flow is generated and sent to a storage device or an analyzer.

Figure 1 is a conventional virtual switch (Virtual switch: a software switch that performs all switching functions without having hardware, and serves to reduce cost by allowing one network interface card (NIC) port of a server to be used by dividing it into several. ) Is a picture of the structure diagram.

In the drawing, when the software virtual switch function is implemented in software on a host server, there is a problem that a problem occurs that affects the performance of other main applications by occupying resources on the host server.

Therefore, offload the virtual switch (OVS) function to the smart NIC in order to secure the available resources so that more processing can be performed on the server application (if there are several devices capable of performing the same task in the computer system, the workload is relatively The development and implementation of systems and methods capable of supporting functions by receiving and processing part of the work of a device with a large amount of work from a device with a small amount of allocation has been constantly required.

Korean Patent Publication No. 2006-0066034 Korean Patent Publication No. 2008-0021492 Korean Patent Publication No. 2010-0062851

Accordingly, the present invention provides a low-latency, high-speed flow analysis and processing method capable of supporting the function by offloading the software virtual switch function from a smart NIC (Network Interface Card) in order to enable the server application to perform more processing. We aim for what we can do.

In addition, it aims to provide a low-latency, high-speed flow analysis and processing method that can provide speed by reducing delay for packets that do not need via VNF (Virtual Network Functions).

In order to solve this problem, the present invention provides a low-latency high-speed flow analysis and processing method for offloading an open virtual switch to a new interface card (NIC), a 12-tuple in a control thread. ) Checking a flow in the form, searching for the flow and executing packet processing h, and parsing the packet through the packet processing executed in the above step and transmitting it using veth and eth. Is to do.

In addition, the datapath of the virtual switch is characterized in that it operates on the AI Edge NIC, which is a network device.

In addition, the collection of traffic information transmitted and received through the AI Edge NIC is characterized in that it is collected through packet information processed by a packet processing thread.

And, the 12-tuple is characterized in that the Ingress port, VLAN ID, LAN priority, MAC src, MAC dst, Eth type, IP src, IP dst, IP protocol, IP ToS, port src, Port dst.

In addition, the packet processing method of the datapath is characterized in that a slow path method and a fast path method.

Accordingly, the present invention offloads the OVS (Open Virtual Switch) function to a programmable smart NIC to maximize the available resources of the server application, and omits passing through packets that do not require a virtual network function. By doing so, there is a possible effect of reducing the delay.

In addition, the packet processing performance of the smart NIC in the server directly affects the performance of edge computing technology and indirectly affects the resource virtualization and function virtualization performance of edge computing, so NFV (Network Function Virtualization) and SDN (Software Defined Network) There is an effect that can greatly help related industries.

1 is a photograph showing a conventional virtual switch off-load structure.
2 is a diagram showing a virtual switch offload structure of the present invention.
3 is a structural diagram of a virtual switch data path of the present invention.
4 is a flow chart of a low-latency high-speed flow analysis and processing method according to the present invention.
5 is a diagram showing a packet processing method of Datapath.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. First of all, in adding reference numerals to elements of each drawing, it should be noted that the same elements have the same numerals as possible, even if they are indicated on different drawings.

In addition, in the following description of the present invention, when it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted.

In addition, since the terms used in the present application are only used to describe specific embodiments, it is not intended to limit the present invention, and the expression in the singular is disclosed in advance that the expression in the singular also refers to a plurality of expressions unless the context clearly indicates otherwise. I want to leave it.

In the method according to the present invention, the present invention provides a low-latency high-speed flow analysis and processing method for offloading an open virtual switch to a smart NIC (New Interface Card), in a 12-tuple (tuple) in a control thread. ) Checking the flow, searching for the flow and executing packet processing, parsing the packet through the packet processing executed in the above step, and transmitting it using veth and eth.

In addition, the datapath of the virtual switch operates on the AI Edge NIC, which is a network device, and the collection of traffic information transmitted/received to the AI Edge NIC is collected as packet information processed by a packet processing thread.

And, the 12-tuple is characterized in that the Ingress port, VLAN ID, LAN priority, MAC src, MAC dst, Eth type, IP src, IP dst, IP protocol, IP ToS, port src, Port dst.

And, the packet processing method of the datapath is a slow path method and a fast path method.

Hereinafter, a preferred embodiment of the method according to the present invention will be described with reference to the drawings.

2 is a diagram showing a virtual switch offload structure according to the present invention, FIG. 3 is a structural diagram of a virtual switch data path according to the present invention, and FIG. 4 is a flow chart of a low-delay high-speed flow analysis and processing method according to the present invention. , FIG. 5 is a diagram showing a packet processing method of Datapath.

Referring to FIG. 2, it is a structure in which a proposed virtual switch (v-Switch) is offloaded to the multicore smart NIC 60. The main part of offloading is a part corresponding to the Data Plane 20 called the Datapath 10 of the virtual switch. When comparing FIG. 1 and FIG. 2 as a whole, the datapath is converted to the openswitch Datapath 10 and the driver 15 is added.

Referring to the drawings, ovs-vswitchd(31), ovsd-server(32), ovsdb(33), ovs and each daemon (demon: a procedure that starts to operate when the startup conditions in the program are satisfied) corresponding to the control area ) To control ovs-dpctl(34), ovs-appctl(35), ovs-vsctl(36), ovs-client(37), and ovs-tool(38) operate in the user space(30).

In addition, the driver 15 of the NIC for interworking the multi-core smart NIC 60 corresponding to the AI (artificial intelligence) Edge NIC (New Interface Card) and the host 50 is located at the center of the kernel (operating system). Thus, a program operating in a privileged mode) operates in space (40).

The datapath of the virtual switch is a network device (drawing code is omitted), that is, it operates in the multi-core smart NIC 60, which is an AI edge NIC, and a message between the control area (numbers 31 to 38) and the data plane 20 area Transmission and reception is performed based on tcp/ip socket.

The transmission/reception method is a TCP/IP interface method, and communication through it is performed through the driver 15 of the multi-core smart NIC 60.

In addition, referring to FIG. 3, the host 50 is offloaded to the multi-core smart NIC 60 by offloading the Datapath 10 operating in the host 50 in which the control area of the OVS (Open Virtual Switch) is realised. It is not necessary to secure the available resources of the datapath (10), directly process it in the Datapath (10), and raise a packet to the host server (50) for traffic to be sent to the outside, resulting in a low-latency effect.

The function of the Datapath 10 offloaded to the multi-core smart NIC 60 can be confirmed by the structure of the Datapath 10 of FIG. 3.

As shown in Fig. 3, the traffic stats 70 extracts statics information and uses a P2P (peer to peer: connection method between individuals and individuals on the Internet that allows individuals to directly share files) to the host 50. This thread is for sending.

The datapath 10, which is a virtual switch, is a type in which a multi-core smart NIC 60 is mounted on the host 50, and has a structure in which a low-latency high-speed flow analysis and processing method according to the present invention is provided.

The multicore smart NIC 60 executes the function of the Datapath 10 area of the Open Virtual Switch or Open vSwitch.

The host 50 monitors the traffic by collecting traffic information transmitted and received to the multicore smart NIC 60, and the collection of traffic information transmitted and received to the multicore smart NIC 60 is a packet processed by a packet processing thread. It is collecting based on information.

The control thread 80 operates a thread (thread) using each individual core in the multi-core smart NIC 60.

The control thread 80 receives an instruction from OVS vswitchd (a reference numeral is omitted) of the host 50 and performs a role input to the Datapath 10.

And, as shown in Figure 3, one of the important and special in the present invention, the connection between the host 50 and the multi-core smart NIC 60 is implemented by SR-IOV (Single-Root I/O Virtualization) technology. Has been.

The SR-IOV technology is a technology that virtualizes a PCI card based on the PCI (Pheripheral Component Interconnect)-SIG (Special Interest Group) standard, and uses the multi-core smart NIC 60 as a virtual function in the Docker Engine 90. It is a function to recognize and provide a virtual PCI card.

That is, the SR-IOV interface (a reference numeral is omitted) is an interface used for data transmission between the driver 15 of the multi-core smart NIC 60 and the Docker Engine 90.

When using the SR-IOV interface, since the multi-core smart NIC 60 is recognized as a virtual function, the kernel (not shown) of the host 50 transmits packets to the virtual machine of the Docker Engine 90 without any packet processing operation. It is a way of delivering.

Hereinafter, a low-latency high-speed flow analysis and processing method for offloading an open virtual switch according to the present invention to a multi-core smart NIC (New Interface Card) with reference to FIGS. 2, 3 and 4 Let's explain the steps.

First, a control thread (80) is operated using an individual core in the multicore smart NIC (60). The operation method of the control thread 80 is to receive an instruction from OVS vswitchd (see FIG. 3, reference numerals are omitted) and perform a role input to the datapath 10.

In the control thread 80 operating as described above, a 12-tuple type flow is identified and classified. (Step 1)

When describing the above flow, it is a 5 tuple that is commonly used in the Internet. For example, referring to the 5 tuples, five of the source IP address, destination IP address, protocol number, source port number, and destination port number are the same, and if all the five values are the same, the flow is classified as the same flow.

In the present invention, there are 12 tuples, and the contents of the 12 tuples are Ingress port, VLAN ID, LAN priority, MAC src, MAC dst, Eth type, IP src, IP dst, IP protocol, IP ToS, port These are src, Port dst.

Next, the second step is to check and search the flows to perform packet processing.

In the second step, a virtual machine between the multi-core smart NIC 60 and the host 50 is interlocked with each other using an SR-IOV interface.

As described above, the SR-IOV interface is an interface used for data transmission between the driver 15 of the multicore smart NIC 60 and the Docker Engine 90. In addition, the driver 15 functions to generate a Virtualization Function (VF) in the multi-core smart NIC 60.

In the second step, the collection of traffic information transmitted/received to the multicore smart NIC 60 is collected through packet information processed by a thread such as a control thread 80 that executes packet processing.

In the next step, veth (v-ethernet) and eth (ethernet) are performed by performing packet parsing through the packet processing performed in the second step (a process in which a compiler or translator in a computer translates the raw code into machine language). It consists of a third step of transmission.

Additionally, in the present invention, the packet processing method of the Datapath 10 takes a slow path method and a fast path method.

Referring to FIG. 5 (a reference numeral is omitted), the Slow Path operates when there is no policy for a packet introduced into the policy table of the Datapath 10.

If a packet is received and there is no related policy, the packet information is transmitted to the Virtual Switch Daemon block operating in the user space of the host server to check the packet policy information and input the information to the Datapath. And it processes the packet according to the policy. This is the same as the red packet flow in FIG. 5.

In addition, the Fast Path operates when there is a policy for a packet introduced into the policy table of the Datapath. When a packet is received and there is a related policy, the table is checked in the Datapath and processed immediately without checking the Virtual Switch Daemon. This is the same as the green packet flow of FIG. 5.

Those skilled in the art to which the present invention with the above contents pertains will be able to understand that it can be implemented in other specific forms without changing the technical spirit or essential features of the present invention. Therefore, it should be understood that the above-described embodiments are illustrative and non-limiting.

The scope of the present invention is indicated by the appended claims rather than the detailed description, and all changes or modified forms derived from the meaning and scope of the claims and their equivalent concepts should be interpreted as being included in the scope of the present invention. do.

10: Datapath
15: driver
20: Data Plane
30: User space
31: ovs-vswitchd
32: ovsd-server
33: ovsdb
34: ovs-dpctl
35: ovs-appctl
36: ovs-vsctl
37: ovs-client
38: ovs-tool
39: ovs-ofctl
40: kernel space
50: host
60: Multi-core smart NIC (AI edge NIC)
80: Control thread
90: Docker Engine

Claims (5)

In the low-latency high-speed flow analysis and processing method of offloading an open virtual switch to a smart NIC (New Interface Card),
Checking a 12-tuple type flow in a control thread;
Searching for the flow and performing packet processing;
Parsing packets through packet processing performed in the above step and transmitting them using veth and eth;
The data path 10 of the virtual switch operates using a multi-core smart NIC (AI Edge NIC),
The packet processing method of the data path (10) is a slow path method and a fast path method,
The slow path operates when there is no policy for a packet introduced into the policy table of the data path 10,
When a packet is received and there is no policy related to data processing, packet information is transmitted to the Virtual Switch Daemon block operating in the user space of the host server to check the packet policy information Enter information into the datapath (10), process the packet according to the policy,
The Fast Path operates when there is a policy for a packet introduced into the policy table of the data path 10, and when a packet is received and there is a related policy, a Virtual Switch Daemon A low-delay high-speed flow analysis and processing method, characterized in that the packet is processed immediately after checking the table in the data path (10) without checking in ).
delete The method of claim 1,
A low-latency high-speed flow analysis and processing method, characterized in that the collection of traffic information transmitted/received to the multicore smart NIC is collected through packet information processed by a packet processing thread.
The method of claim 1,
The 12-tuple is an Ingress port, VLAN ID, LAN priority, MAC src, MAC dst, Eth type, IP src, IP dst, IP protocol, IP ToS, port src, and Port dst. High-speed flow analysis and processing method.
delete

Images