HW ACC for NFV - events.static.linuxfound.org · HW Crypto( Front end ) Session initial Set key Encrypt Decrypt Algorithm Key Request Request data data exit Guest Host backend, all

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential

35pt

32pt

) :18pt

47pt

30pt

反白

:

FrutigerNext LT Medium

: Arial

47pt

黑体

28pt

反白

细黑体

HW ACC for NFV

[email protected]

[email protected]

Yuhong Tao, Lei Gong


35pt

32pt

) :18pt

NFV and HW acceleration

HW Accelerators under Linux

First Part: Crypto Accelerator

Prototype

Front/back ends crypto in Linux Crypto Framework

Multi-process support & asynchronous operation

Test Environment & performance

Summary


35pt

32pt

) :18pt


Special computer systems are build as

network devices, to meet CT’s requirement.

Server Computer

& Linux OS

High cost both in financing and time

Services are difficult to scale up/down

NFV

Virtualization

technology with HW

accelerators

Embedded

network

devices


35pt

32pt

) :18pt

VNF Application

G-API Legacy-API

Acceleration core( AC )

r

Accele

ratio

n M

an

ag

em

en

t Layer

g-drivers

(For PV)

SW/HW Funcs

SIO + VirtIO HIO( e.g., srvio)

VM0 VM1 VMn …

SIO backend

Accele

ratio

n M

an

ag

em

en

t Layer

SW Routing Layer

Acceleration core( AC )

r

g-drivers

(For PV)

SW/HW Funcs

HIO

The latest OPNFV standard allows different

kinds of virtual machines to achieve NFV.

We would like to build our Hardware

accelerations in SIO+Virtio mode with

Para-virtualization

PV is Linux Standard (KVM)

Generic Linux device drivers for accelerators

HW ACC has no number limitation for VMs

HW and SW are decoupled


35pt

32pt

) :18pt




Prototype




Summary


35pt

32pt

) :18pt


Crypto Package

processing Codec

Linux Host

Virtual machine

VNF App

An universal I/F of HW

acceleration for programs

running inside the VM

under Linux

Virtual machine

VNF App

Virtual machine

VNF App

Hardware Devices of accelerators for NFV

Compress /

Decompress

What we need?

Interest

for

recent

VNF applications is running on

Linux user space, hardware

devices are invisible for them


35pt

32pt

) :18pt




Prototype




Summary


35pt

32pt

) :18pt


Based on Linux Crypto Framework

Verify/signature cipher

信degist

Encrypt

Decrypt

Linux Crypto Framework

Cryptographic hardware

Kernel AF_ALG Cryptodev

For Linux, new crypto algorithm(hardware driver), can be

registered into Linux crypto subsystem.

User Applications


35pt

32pt

) :18pt

Page 9


35pt

32pt

) :18pt




Prototype Front/back ends crypto in Linux Crypto Framework



Summary


35pt

32pt

) :18pt

Page 11

Prototype ( Front/back ends crypto in Linux Crypto Framework )


HW Crypto( Front end )

Encrypt

Decrypt Guest

host

Cryptodev-linuxx AF_ALG QAT

OpenSSL

APP

HW Crypto( Back end )

Cryptographic HW driver


HW Vendor’s SDK

自定义SDK

算法注册

Vendor write his

device driver

under Linux

Crypto Framework

Adaption


35pt

32pt

) :18pt

Page 12

Prototype: multi-process support


HW Crypto( Front end )

Session

initial Set key Encrypt

Decrypt

Algorithm

Key

Request Request

data data

exit

Guest

Host

For one task, a session will be created at the

backend, all encrypt/decrypt operation request of

this task belong to the session.

Thus, the backend complete every request without

any demand of sequence transmission.


35pt

32pt

) :18pt

Page 13

shm_alloc( szie )

VM

Backend

APP

session

APP

req req

req

session

req req

req

req

VM APP

session

req

Crypto requests of different tasks from one VM can be distinguished by their Sessions


35pt

32pt

) :18pt

Page 14

Alg

request

Current Process

Busy

request

awake callback

request

awake callback

Crypto Framework

Wait/sleep

async

done

Alg frontend

Frontend_request

&Transform_request

Guest

host


assigned an awake callback for

each asynchronous request

Just keep the address

of frontend request in

the backend request,

when encrypt/decrypt

is done at the backend,

we can tell the

frontend which process

need to be awaked,

Prototype: asynchronous operation

Backend request


35pt

32pt

) :18pt

Page 15

Prototype: Test Environment

CPU:Intel(R) Xeon(R) CPU E5-2640 v2 @ 2.00GHz (16 cores )

Memory: 198309704

Kernel: 4.1.0-rc2-0.11-default+

Guest IF: Cryptodev-linux

Simulator: Qemu-2. 2.0

Host IF: ivshmem Ivshmem is not an efficient way, we will improve this

in the next moment. Hardware: Intel QAT DH89500

Has Linux Crypto Framework Drivers

Actual encrypt/decrypt operations happen inside the

ivshmem drivers of Qemu simulator.


35pt

32pt

) :18pt

Prototype: Performance

0

50

100

150

200

250

300

350

400

450

512 1024 2048 4096 8192 16384 32768 65536

CBC-AES-128(Mb/s)

Without ACC With ACC

Block Size

Speed

Support for NFV:

Crypto HW ACC

AF_ALG

Cryptodev

Openssl

Because we

are based on

Linux Crypto

Framework

NFV Applications


35pt

32pt

) :18pt




Prototype




Summary


35pt

32pt

) :18pt

Page 18

Summary

Add asymmetric keys support

Other accelerators

Performance optimization for crypto accelerator

Lightweight Solution for Linux

Universal Interface

Extensible

Portable

Next work


35pt

32pt

) :18pt

Page 19

Q&A

HW ACC for NFV - events.static.linuxfound.org · HW Crypto( Front end ) Session initial Set key Encrypt Decrypt Algorithm Key Request Request data data exit Guest Host backend, all

Documents