An open and modular architecture
But first, let’s set the context of the discussion. NFV and uCPE are built on the idea of moving from a closed network appliance to an open and modular system. The example below shows the following layers, from top to bottom:
- Virtual network functions (VNFs): the applications that implement network services, routing, firewalls, SD-WAN, etc.
- NFV infrastructure (NFVI) software: the network operating system (NOS) that hosts the VNFs
- NFVI hardware: commercial off-the-shelf server from any of a wide variety of suppliers, all powered by Intel – ranging from Intel Atom® processors to Intel Xeon® processors.
What’s the overhead?
The NFVI software or NOS serves to abstract unique hardware requirements, provide a common operating environment for the VNFs, and provide management functions for the VNFs as well as the networking and platform. These are valuable functions, but what’s the cost of adding this additional software layer in terms of performance overhead? If the overhead is high, then we might be faced with extra cost for more processing power, or an inability to meet performance requirements for packet throughput and latency.
To answer this question, ADVA, 6WIND, and Intel commissioned EANTC to do performance testing on 6WIND’s Virtual Service Router (VSR). The objective of the test was to compare the VSR performance running directly on the server (AKA bare metal) with the performance while running in a virtual machine (VM) on ADVA’s Ensemble Connector. Ensemble Connector supports a wide range of Intel CPUs and third-party servers, but we wanted to show what was possible with a small and economical device. These tests were run on a pair of Dell VEP 1445 servers powered by Intel Atom® C3758 CPUs with eight cores running at 2.2 GHz. The servers were connected by an encrypted IPsec tunnel over a 10Gbit/s Ethernet link, as shown below.
The report is available here, and the results are highlighted below.
Ensemble Connector adds minimal overhead
EANTC benchmarked a comparison of the encrypted performance of the 6WIND VSR on bare metal versus hosting the router as a VNF on Ensemble Connector. They ran these tests on a small footprint, low-cost processor without using the available Intel® QuickAssist Technology (Intel® QAT) hardware-based encryption acceleration. We can draw two conclusions from the results. First, the overhead for Connector virtualization is quite small. For large packets, running the router hosted on Connector was almost as good as bare metal, with only a 5% throughput reduction. Second, even without Intel® QAT, the encrypted performance of the 6WIND VSR was a very high 6Gbit/s in both bare metal and VNF configurations. This is summarized in the chart below.
Hardware acceleration has a big impact
Another important question for open systems is whether the software VNFs have the same features running in a VM as they do when running on bare metal. Sometimes the VNF will be missing features, such as the ability to leverage hardware acceleration enablers like Intel® QAT, which provides support for up to 100Gbit/s of symmetric data encryption, public key encryption and lossless data compression. And sometimes the suppliers of these VNFs will use that missing feature to steer the buyer to a bare metal implementation, enabling the supplier to lock in their win. But not 6WIND.
The 6WIND VSR and Ensemble Connector can leverage Intel® QAT when available, as it is on the Intel Atom processor in the Dell VEP 1445. EANTC tested this also, and the chart below shows the acceleration provided by the Intel® QAT built into the Intel Atom processor.
For IMIX we see an almost 60% increase in throughput, and a 95% improvement for large packets. There is a small drop-off in throughput for small packets, but this is not a typical scenario.
Summary
At ADVA, we’ve worked hard to provide a truly open system for networking virtualization. It delivers high performance in software, and it can utilize any available hardware acceleration. These tests performed at EANTC show that we’ve achieved that goal. That means you can get the benefits of virtual hosting and high throughput performance – all at the same time.
ADVA is an Intel Network Builders partner and an awarded Titanium member of Winners’ Circle program.