4 Tested Physical Topologies
5 --------------------------
7 CSIT VPP performance tests are executed on physical baremetal servers hosted by
8 LF FD.io project. Testbed physical topology is shown in the figure below.
12 +------------------------+ +------------------------+
14 | +------------------+ | | +------------------+ |
16 | | <-----------------> | |
17 | | DUT1 | | | | DUT2 | |
18 | +--^---------------+ | | +---------------^--+ |
21 +------------------------+ +------------------^-----+
26 +------------------> TG <------------------+
30 SUT1 and SUT2 are two System Under Test servers (Cisco UCS C240, each with two
31 Intel XEON CPUs), TG is a Traffic Generator (TG, another Cisco UCS C240, with
32 two Intel XEON CPUs). SUTs run VPP SW application in Linux user-mode as a
33 Device Under Test (DUT). TG runs TRex SW application as a packet Traffic
34 Generator. Physical connectivity between SUTs and to TG is provided using
35 different NIC models that need to be tested for performance. Currently
36 installed and tested NIC models include:
38 #. 2port10GE X520-DA2 Intel.
39 #. 2port10GE X710 Intel.
40 #. 2port10GE VIC1227 Cisco.
41 #. 2port40GE VIC1385 Cisco.
42 #. 2port40GE XL710 Intel.
44 From SUT and DUT perspective, all performance tests involve forwarding packets
45 between two physical Ethernet ports (10GE or 40GE). Due to the number of
46 listed NIC models tested and available PCI slot capacity in SUT servers, in
47 all of the above cases both physical ports are located on the same NIC. In
48 some test cases this results in measured packet throughput being limited not
49 by VPP DUT but by either the physical interface or the NIC capacity.
51 Going forward CSIT project will be looking to add more hardware into FD.io
52 performance labs to address larger scale multi-interface and multi-NIC
53 performance testing scenarios.
55 For test cases that require DUT (VPP) to communicate with
56 VirtualMachines(VMs)/LinuxContainers(LXCs) over vhost-user/memif
57 interfaces, N of VM/LXC instances are created on SUT1 and SUT2. For N=1
58 DUT forwards packets between vhost/memif and physical interfaces. For
59 N>1 DUT a logical service chain forwarding topology is created on DUT by
60 applying L2 or IPv4/IPv6 configuration depending on the test suite. DUT
61 test topology with N VM/LXC instances is shown in the figure below
62 including applicable packet flow thru the DUTs and VMs/LXCs (marked in
63 the figure with ``***``).
67 +-------------------------+ +-------------------------+
68 | +---------+ +---------+ | | +---------+ +---------+ |
69 | |VM/LXC[1]| |VM/LXC[N]| | | |VM/LXC[1]| |VM/LXC[N]| |
70 | | ***** | | ***** | | | | ***** | | ***** | |
71 | +--^---^--+ +--^---^--+ | | +--^---^--+ +--^---^--+ |
72 | *| |* *| |* | | *| |* *| |* |
73 | +--v---v-------v---v--+ | | +--v---v-------v---v--+ |
74 | | * * * * |*|***********|*| * * * * | |
75 | | * ********* ***<-|-----------|->*** ********* * | |
76 | | * DUT1 | | | | DUT2 * | |
77 | +--^------------------+ | | +------------------^--+ |
79 | *| SUT1 | | SUT2 |* |
80 +-------------------------+ +-------------------------+
85 *+--------------------> TG <--------------------+*
86 **********************| |**********************
89 For VM/LXC tests, packets are switched by DUT multiple times: twice for
90 a single VM/LXC, three times for two VMs/LXCs, N+1 times for N VMs/LXCs.
91 Hence the external throughput rates measured by TG and listed in this
92 report must be multiplied by (N+1) to represent the actual DUT aggregate
93 packet forwarding rate.
95 Note that reported DUT (VPP) performance results are specific to the
96 SUTs tested. Current LF FD.io SUTs are based on Intel XEON E5-2699v3
97 2.3GHz CPUs. SUTs with other CPUs are likely to yield different results.
98 A good rule of thumb, that can be applied to estimate VPP packet
99 thoughput for Phy-to-Phy (NIC-to-NIC, PCI-to-PCI) topology, is to expect
100 the forwarding performance to be proportional to CPU core frequency,
101 assuming CPU is the only limiting factor and all other SUT parameters
102 equivalent to FD.io CSIT environment. The same rule of thumb can be also
103 applied for Phy-to-VM/LXC-to-Phy (NIC-to-VM/LXC-to-NIC) topology, but
104 due to much higher dependency on intensive memory operations and
105 sensitivity to Linux kernel scheduler settings and behaviour, this
106 estimation may not always yield good enough accuracy.
108 For detailed LF FD.io test bed specification and physical topology
110 `LF FD.io CSIT testbed wiki page <https://wiki.fd.io/view/CSIT/CSIT_LF_testbed>`_.
112 Performance Tests Coverage
113 --------------------------
115 Performance tests are split into two main categories:
117 - Throughput discovery - discovery of packet forwarding rate using binary search
118 in accordance to RFC2544.
120 - NDR - discovery of Non Drop Rate packet throughput, at zero packet loss;
121 followed by one-way packet latency measurements at 10%, 50% and 100% of
122 discovered NDR throughput.
123 - PDR - discovery of Partial Drop Rate, with specified non-zero packet loss
124 currently set to 0.5%; followed by one-way packet latency measurements at
125 100% of discovered PDR throughput.
127 - Throughput verification - verification of packet forwarding rate against
128 previously discovered throughput rate. These tests are currently done against
129 0.9 of reference NDR, with reference rates updated periodically.
131 CSIT |release| includes following performance test suites, listed per NIC type:
133 - 2port10GE X520-DA2 Intel
135 - **L2XC** - L2 Cross-Connect switched-forwarding of untagged, dot1q, dot1ad
136 VLAN tagged Ethernet frames.
137 - **L2BD** - L2 Bridge-Domain switched-forwarding of untagged Ethernet frames
138 with MAC learning; disabled MAC learning i.e. static MAC tests to be added.
139 - **IPv4** - IPv4 routed-forwarding.
140 - **IPv6** - IPv6 routed-forwarding.
141 - **IPv4 Scale** - IPv4 routed-forwarding with 20k, 200k and 2M FIB entries.
142 - **IPv6 Scale** - IPv6 routed-forwarding with 20k, 200k and 2M FIB entries.
143 - **VMs with vhost-user** - virtual topologies with 1 VM and service chains
144 of 2 VMs using vhost-user interfaces, with VPP forwarding modes incl. L2
145 Cross-Connect, L2 Bridge-Domain, VXLAN with L2BD, IPv4 routed-forwarding.
146 - **COP** - IPv4 and IPv6 routed-forwarding with COP address security.
147 - **iACL** - IPv4 and IPv6 routed-forwarding with iACL address security.
148 - **LISP** - LISP overlay tunneling for IPv4-over-IPv4, IPv6-over-IPv4,
149 IPv6-over-IPv6, IPv4-over-IPv6 in IPv4 and IPv6 routed-forwarding modes.
150 - **VXLAN** - VXLAN overlay tunnelling integration with L2XC and L2BD.
151 - **QoS Policer** - ingress packet rate measuring, marking and limiting
153 - **CGNAT** - Carrier Grade Network Address Translation tests with varying
154 number of users and ports per user.
156 - 2port40GE XL710 Intel
158 - **L2XC** - L2 Cross-Connect switched-forwarding of untagged Ethernet frames.
159 - **L2BD** - L2 Bridge-Domain switched-forwarding of untagged Ethernet frames
161 - **IPv4** - IPv4 routed-forwarding.
162 - **IPv6** - IPv6 routed-forwarding.
163 - **VMs with vhost-user** - virtual topologies with 1 VM and service chains
164 of 2 VMs using vhost-user interfaces, with VPP forwarding modes incl. L2
165 Cross-Connect, L2 Bridge-Domain, VXLAN with L2BD, IPv4 routed-forwarding.
166 - **IPSec** - IPSec encryption with AES-GCM, CBC-SHA1 ciphers, in combination
167 with IPv4 routed-forwarding.
168 - **IPSec+LISP** - IPSec encryption with CBC-SHA1 ciphers, in combination
169 with LISP-GPE overlay tunneling for IPv4-over-IPv4.
171 - 2port10GE X710 Intel
173 - **L2BD** - L2 Bridge-Domain switched-forwarding of untagged Ethernet frames
175 - **VMs with vhost-user** - virtual topologies with 1 VM using vhost-user
176 interfaces, with VPP forwarding modes incl. L2 Bridge-Domain.
178 - 2port10GE VIC1227 Cisco
180 - **L2BD** - L2 Bridge-Domain switched-forwarding of untagged Ethernet frames
183 - 2port40GE VIC1385 Cisco
185 - **L2BD** - L2 Bridge-Domain switched-forwarding of untagged Ethernet frames
188 Execution of performance tests takes time, especially the throughput
189 discovery tests. Due to limited HW testbed resources available within
190 FD.io labs hosted by Linux Foundation, the number of tests for NICs
191 other than X520 (a.k.a. Niantic) has been limited to few baseline tests.
192 CSIT team expect the HW testbed resources to grow over time, so that
193 complete set of performance tests can be regularly and(or) continuously
194 executed against all models of hardware present in FD.io labs.
196 Performance Tests Naming
197 ------------------------
199 CSIT |release| follows a common structured naming convention for all
200 performance and system functional tests, introduced in CSIT |release-1|.
202 The naming should be intuitive for majority of the tests. Complete
203 description of CSIT test naming convention is provided on `CSIT test naming wiki
204 <https://wiki.fd.io/view/CSIT/csit-test-naming>`_.
206 Methodology: Multi-Core and Multi-Threading
207 -------------------------------------------
209 **Intel Hyper-Threading** - CSIT |release| performance tests are
210 executed with SUT servers' Intel XEON processors configured in Intel
211 Hyper-Threading Disabled mode (BIOS setting). This is the simplest
212 configuration used to establish baseline single-thread single-core
213 application packet processing and forwarding performance. Subsequent
214 releases of CSIT will add performance tests with Intel Hyper-Threading
215 Enabled (requires BIOS settings change and hard reboot of server).
217 **Multi-core Tests** - CSIT |release| multi-core tests are executed in
218 the following VPP thread and core configurations:
220 #. 1t1c - 1 VPP worker thread on 1 CPU physical core.
221 #. 2t2c - 2 VPP worker threads on 2 CPU physical cores.
223 VPP worker threads are the data plane threads. VPP control thread is
224 running on a separate non-isolated core together with other Linux
225 processes. Note that in quite a few test cases running VPP workers on 2
226 physical cores hits the tested NIC I/O bandwidth or packets-per-second
229 Methodology: Packet Throughput
230 ------------------------------
232 Following values are measured and reported for packet throughput tests:
234 - NDR binary search per RFC2544:
236 - Packet rate: "RATE: <aggregate packet rate in packets-per-second> pps
237 (2x <per direction packets-per-second>)"
238 - Aggregate bandwidth: "BANDWIDTH: <aggregate bandwidth in Gigabits per
239 second> Gbps (untagged)"
241 - PDR binary search per RFC2544:
243 - Packet rate: "RATE: <aggregate packet rate in packets-per-second> pps (2x
244 <per direction packets-per-second>)"
245 - Aggregate bandwidth: "BANDWIDTH: <aggregate bandwidth in Gigabits per
246 second> Gbps (untagged)"
247 - Packet loss tolerance: "LOSS_ACCEPTANCE <accepted percentage of packets
250 - NDR and PDR are measured for the following L2 frame sizes:
252 - IPv4: 64B, IMIX_v4_1 (28x64B,16x570B,4x1518B), 1518B, 9000B.
253 - IPv6: 78B, 1518B, 9000B.
255 All rates are reported from external Traffic Generator perspective.
257 Methodology: Packet Latency
258 ---------------------------
260 TRex Traffic Generator (TG) is used for measuring latency of VPP DUTs. Reported
261 latency values are measured using following methodology:
263 - Latency tests are performed at 10%, 50% of discovered NDR rate (non drop rate)
264 for each NDR throughput test and packet size (except IMIX).
265 - TG sends dedicated latency streams, one per direction, each at the rate of
266 10kpps at the prescribed packet size; these are sent in addition to the main
268 - TG reports min/avg/max latency values per stream direction, hence two sets
269 of latency values are reported per test case; future release of TRex is
270 expected to report latency percentiles.
271 - Reported latency values are aggregate across two SUTs due to three node
272 topology used for all performance tests; for per SUT latency, reported value
273 should be divided by two.
274 - 1usec is the measurement accuracy advertised by TRex TG for the setup used in
275 FD.io labs used by CSIT project.
276 - TRex setup introduces an always-on error of about 2*2usec per latency flow -
277 additonal Tx/Rx interface latency induced by TRex SW writing and reading
278 packet timestamps on CPU cores without HW acceleration on NICs closer to the
282 Methodology: KVM VM vhost
283 -------------------------
285 CSIT |release| introduced test environment configuration changes to KVM Qemu vhost-
286 user tests in order to more representatively measure |vpp-release| performance
287 in configurations with vhost-user interfaces and different Qemu settings.
289 FD.io CSIT performance lab is testing VPP vhost with KVM VMs using following environment settings
291 - Tests with varying Qemu virtio queue (a.k.a. vring) sizes:
292 [vr256] default 256 descriptors, [vr1024] 1024 descriptors to
293 optimize for packet throughput;
295 - Tests with varying Linux CFS (Completely Fair Scheduler)
296 settings: [cfs] default settings, [cfsrr1] CFS RoundRobin(1)
297 policy applied to all data plane threads handling test packet
298 path including all VPP worker threads and all Qemu testpmd
301 - Resulting test cases are all combinations with [vr256,vr1024] and
302 [cfs,cfsrr1] settings;
304 - Adjusted Linux kernel CFS scheduler policy for data plane threads used
305 in CSIT is documented in
306 `CSIT Performance Environment Tuning wiki <https://wiki.fd.io/view/CSIT/csit-perf-env-tuning-ubuntu1604>`_.
307 The purpose is to verify performance impact (NDR, PDR throughput) and
308 same test measurements repeatability, by making VPP and VM data plane
309 threads less susceptible to other Linux OS system tasks hijacking CPU
310 cores running those data plane threads.
312 Methodology: LXC Container memif
313 --------------------------------
315 CSIT |release| introduced new tests - VPP Memif virtual interface
316 (shared memory interface) tests interconnecting VPP instances over
317 memif. VPP vswitch instance runs in bare-metal user-mode handling Intel
318 x520 NIC 10GbE interfaces and connecting over memif (Master side)
319 virtual interfaces to another instance of VPP running in bare-metal
320 Linux Container (LXC) with memif virtual interfaces (Slave side). LXC
321 runs in a priviliged mode with VPP data plane worker threads pinned to
322 dedicated physical CPU cores per usual CSIT practice. Both VPP run the
323 same version of software. This test topology is equivalent to existing
324 tests with vhost-user and VMs.
326 Methodology: IPSec with Intel QAT HW cards
327 ------------------------------------------
329 VPP IPSec performance tests are using DPDK cryptodev device driver in
330 combination with HW cryptodev devices - Intel QAT 8950 50G - present in
331 LF FD.io physical testbeds. DPDK cryptodev can be used for all IPSec
332 data plane functions supported by VPP.
334 Currently CSIT |release| implements following IPSec test cases:
336 - AES-GCM, CBC-SHA1 ciphers, in combination with IPv4 routed-forwarding
337 with Intel xl710 NIC.
338 - CBC-SHA1 ciphers, in combination with LISP-GPE overlay tunneling for
339 IPv4-over-IPv4 with Intel xl710 NIC.
341 Methodology: TRex Traffic Generator Usage
342 -----------------------------------------
344 The `TRex traffic generator <https://wiki.fd.io/view/TRex>`_ is used for all
345 CSIT performance tests. TRex stateless mode is used to measure NDR and PDR
346 throughputs using binary search (NDR and PDR discovery tests) and for quick
347 checks of DUT performance against the reference NDRs (NDR check tests) for
348 specific configuration.
350 TRex is installed and run on the TG compute node. The typical procedure is:
352 - If the TRex is not already installed on TG, it is installed in the
353 suite setup phase - see `TRex intallation`_.
354 - TRex configuration is set in its configuration file
359 - TRex is started in the background mode
362 $ sh -c 'cd /opt/trex-core-2.25/scripts/ && sudo nohup ./t-rex-64 -i -c 7 --iom 0 > /dev/null 2>&1 &' > /dev/null
364 - There are traffic streams dynamically prepared for each test. The traffic
365 is sent and the statistics obtained using trex_stl_lib.api.STLClient.
367 **Measuring packet loss**
369 - Create an instance of STLClient
370 - Connect to the client
373 - Send the traffic for defined time
376 If there is a warm-up phase required, the traffic is sent also before test and
377 the statistics are ignored.
379 **Measuring latency**
381 If measurement of latency is requested, two more packet streams are created (one
382 for each direction) with TRex flow_stats parameter set to STLFlowLatencyStats. In
383 that case, returned statistics will also include min/avg/max latency values.