Brocade has re-architected the Vyatta virtual router to deliver 10 Gbps of throughput per CPU core on an x86 server,...
positioning the company to enable network functions virtualization and deliver a high-performance network virtualization overlay.
The new Vyatta 5600 virtual router delivers a tenfold performance improvement over the previous generation of software -- the Vyatta 5400.
"In lab environments, our 5400 router [could process] around one million packets per [x86 CPU core]," said James Kwon, director of product management for Brocade's Vyatta team. "Our alpha version of the 5600 can process 14.5 million packets per core, which is equivalent to 10 Gbps throughput."
In fact, the 5600 appears to have the potential for even greater throughput. The only thing holding the software back is the PCI Express bus on x86 platforms.
"We've tested up to 85 million packets per second, but we couldn't get any higher because that was as high as our Spirent [test] gear would go," Kwon said. "But when we hit 85 million, the CPU utilization was hovering at around 35%, so we know it could go faster."
Brocade, which acquired Vyatta late last year, has achieved this performance leap by separating the control and data forwarding planes inside its software.
"The  is based on Linux and uses Linux attributions. In the 5600, the control plane still sits on Linux, but the data plane is written on C, which allows us to get better performance," Kwon said.
In Vyatta's old software model, the virtual router had very little control over how Linux assigned CPU resources to different elements within platforms, such as routing protocols, forwarding engines, firewall and VPN functions. This led to contention over those resources and limited the performance. Kwon said the new architecture allows a network engineer to dedicate CPU cores on an x86 server to specific functions.
"If you have a four-core Intel CPU, the user can allocate one core for the control plane and multiple cores for the forwarding plane. We're pinning every single core of our data plane into an Intel CPU core. Because I'm core-pinning the data plane to the Intel CPU from ingress to egress as a packet goes through the system, that packet has 100% dedication of that Intel core. It uses the full Layer 1 and Layer 2 cache of the CPU," he said.
With the Vyatta 5600, "the price per gigabit of throughput goes down by an order of magnitude," said Paul Parker-Johnson, practice lead for cloud computing and virtual infrastructure technologies at Gilbert, Ariz.-based ACG Research.
But the technology also "expands the realm of possibility from the virtual routing point of view," Parker-Johnson said.
"You could easily design it so that tenant A would consume resources at a gross level from half the cores of a machine and tenant B would consume the other half," he said. "If you have eight CPU cores, you could easily have four tenants, or four different application services."
Vyatta 5600 answers the call for NFV
With the Vyatta 5600, Brocade is positioned to deliver many elements of network functions virtualization (NFV), an initiative led by the European Telecommunications Standards Institute (ETSI) to specify how service providers and vendors can use hardware-based network services and functions and deploy them as software on commodity hardware.
"Brocade is taking [NFV] very seriously. We have a breadth of products that really position us well," Kwon said. "Vyatta has routing, firewall and VPN. Also, Brocade is launching a virtual ADX product for virtual load balancing, so we currently have around four different types of NFV products, and going forward we're going to enhance that and deeply participate in the NFV movement."
"Being able to support VPN, firewall and routing in a virtual platform in the way that the Vyatta 5600 is doing is in line with what the ETSI group is looking for," Parker-Johnson said.
High-performance network virtualization overlay
The Vyatta 5600 will form the basis of Brocade's own network virtualization overlay, a technology several networking vendors are bringing to market for service automation and multi-tenancy in virtualized data centers. Kwon said high-performance overlays will become important as data centers deploy more 10 Gbps server network interface controllers (NICs).
"We see an inflection point coming in server NICs where 10 Gbs will start outpacing 1 Gb," Kwon said. "In that case, the customer will say, 'Great, you have this overlay, but I have 2x10 Gb NICs on my server and that's the performance I'm expecting. If you tell me your data plane can only perform a gig or two, then I'm only using 10%, or maybe 20%, of my capabilities on the server. What benefit am I going get on an overlay at that point?'
"[Our] strategy [is to] figure out and solve the performance issue and then utilize that platform to come out with a more proper overlay that caters to the networking needs of the servers of today and tomorrow."
The opportunity to deliver a more cost-efficient virtual network element in an overlay design is clearly there, Parker-Johnson said. "[Brocade] could evolve in a way that the functions that are desired in a virtual server cluster could be implemented at a higher performance profile. That's very conceivable with this design if they worked very closely with Linux or other hypervisor communities."