HW ACC for NFV Yuhong Tao, Lei Gong taoyuhong@huawei.com arei.gonglei@huawei.com HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential NFV and HW acceleration HW Accelerators under Linux First Part: Crypto Accelerator Prototype Front/back ends crypto in Linux Crypto Framework Multi-process support & asynchronous operation Test Environment & performance Summary HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential NFV and HW acceleration Special computer systems are build as network devices network devices, to meet CT’s requirement. Embedded High cost both in financing and time Services are difficult to scale up/down NFV Server Computer & Linux OS Virtualization technology with HW accelerators HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential VNF Application Legacy-API Acceleration Management Layer G-API Acceleration core( AC ) g-drivers (For PV) SW/HW Funcs r SIO + VirtIO HIO( e.g., srvio) The latest OPNFV standard allows different kinds of virtual machines to achieve NFV. We would like to build our Hardware accelerations in SIO+Virtio mode with VM0 VM1 … VMn SW Routing Layer Acceleration core( AC ) r g-drivers (For PV) SW/HW Funcs Acceleration Management Layer SIO backend Para-virtualization PV is Linux Standard (KVM) Generic Linux device drivers for accelerators HW and SW are decoupled HW ACC has no number limitation for VMs HIO HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential NFV and HW acceleration HW Accelerators under Linux First Part: Crypto Accelerator Prototype Front/back ends crypto in Linux Crypto Framework Multi-process support & asynchronous operation Test Environment & performance Summary HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential HW Accelerators under Linux Virtual machine VNF App Virtual machine Virtual machine VNF App VNF App What we need? Linux Host Hardware Devices of accelerators for NFV Crypto Package processing Codec Compress / Decompress An universal I/F of HW acceleration for programs running inside the VM under Linux VNF applications is running on Linux user space, hardware Interest for recent HUAWEI TECHNOLOGIES CO., LTD. devices are invisible for them Huawei Confidential NFV and HW acceleration HW Accelerators under Linux First Part: Crypto Accelerator Prototype Front/back ends crypto in Linux Crypto Framework Multi-process support & asynchronous operation Test Environment & performance Summary HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential First Part: Crypto Accelerator Based on Linux Crypto Framework User Applications AF_ALG Cryptodev Kernel Linux Crypto Framework Encrypt Verify/signature cipher 信degist Decrypt For Linux, new crypto algorithm(hardware driver), can be registered into Linux crypto subsystem. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Cryptographic hardware HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 9 NFV and HW acceleration HW Accelerators under Linux First Part: Crypto Accelerator Prototype Front/back ends crypto in Linux Crypto Framework Multi-process support & asynchronous operation Test Environment & performance Summary HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Prototype ( Front/back ends crypto in Linux Crypto Framework ) APP OpenSSL AF_ALG Cryptodev-linuxx QAT Linux Crypto Framework 算法注册 Encrypt HW Crypto( Front end ) Decrypt Guest host HW Crypto( Back end ) 自定义SDK Adaption Linux Crypto Framework Vendor write his device driver HW Vendor’s SDK HUAWEI TECHNOLOGIES CO., LTD. Cryptographic HW driver Huawei Confidential Page 11 under Linux Crypto Framework Prototype: multi-process support For one task, a session will be created at the backend, all encrypt/decrypt operation request of this task belong to the session. Linux Crypto Framework Thus, the backend complete every request without any demand of sequence transmission. HW Crypto( Front end ) initial Encrypt Decrypt Set key exit Guest Host Session Algorithm Key HUAWEI TECHNOLOGIES CO., LTD. Request Request data Huawei Confidential data Page 12 VM VM APP APP APP req shm_alloc( szie ) req session req req session req req session req req Backend Crypto requests of different tasks from one VM can be distinguished by their Sessions HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 13 Prototype: asynchronous operation Current Process Frontend_request Just keep the address request of frontend request in Wait/sleep the backend request, when encrypt/decrypt Crypto Framework is done at the backend, we can tell the request Busy frontend which process need to be awaked, awake callback Alg Alg frontend Guest host async Backend request request Linux Crypto Framework assigned an awake callback for each asynchronous request HUAWEI TECHNOLOGIES CO., LTD. &Transform_request awake callback done Huawei Confidential Page 14 Prototype: Test Environment CPU:Intel(R) Xeon(R) CPU E5-2640 v2 @ 2.00GHz (16 cores ) Memory: 198309704 Kernel: 4.1.0-rc2-0.11-default+ Simulator: Qemu-2. 2.0 Actual encrypt/decrypt operations happen inside the ivshmem drivers of Qemu simulator. Guest IF: Cryptodev-linux Host IF: ivshmem Hardware: Intel QAT DH89500 Ivshmem is not an efficient way, we will improve this in the next moment. Has Linux Crypto Framework Drivers HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 15 Prototype: Performance Speed CBC-AES-128(Mb/s) 450 400 350 300 250 200 150 100 50 0 512 1024 2048 4096 8192 Without ACC 16384 32768 65536 Block Size With ACC Support for NFV: Because we Crypto HW ACC are based on AF_ALG Linux Crypto Cryptodev Framework HUAWEI TECHNOLOGIES CO., LTD. Openssl Huawei Confidential NFV Applications NFV and HW acceleration HW Accelerators under Linux First Part: Crypto Accelerator Prototype Front/back ends crypto in Linux Crypto Framework Multi-process support & asynchronous operation Test Environment & performance Summary HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Summary Lightweight Solution for Linux Universal Interface Portable Extensible Next work Performance optimization for crypto accelerator Add asymmetric keys support Other accelerators HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 18 Q&A HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 19
© Copyright 2025