Published by Addison-Wesley Professional (March 10, 2021) © 2020
Silvano Gai
Prepare for the future of cloud infrastructure: Distributed Services Platforms
By moving service modules closer to applications, Distributed Services (DS) Platforms will future-proof cloud architectures—improving performance, responsiveness, observability, and troubleshooting. Network pioneer Silvano Gai demonstrates DS Platforms’ remarkable capabilities and guides you through implementing them in diverse hardware.
Focusing on business benefits throughout, Gai shows how to provide essential shared services such as segment routing, NAT, firewall, micro-segmentation, load balancing, SSL/TLS termination, VPNs, RDMA, and storage—including storage compression and encryption. He also compares three leading hardware-based approaches—Sea of Processors, FPGAs, and ASICs—preparing you to evaluate solutions, ask the right questions, and plan strategies for your environment.
Building a Future-Proof Cloud Architecture is for network, cloud, application, and storage engineers, security experts, and every technology professional who wants to succeed with tomorrow’s most advanced service architectures.
By moving service modules closer to applications, Distributed Services (DS) Platforms will future-proof cloud architectures—improving performance, responsiveness, observability, and troubleshooting. Network pioneer Silvano Gai demonstrates DS Platforms’ remarkable capabilities and guides you through implementing them in diverse hardware.
Focusing on business benefits throughout, Gai shows how to provide essential shared services such as segment routing, NAT, firewall, micro-segmentation, load balancing, SSL/TLS termination, VPNs, RDMA, and storage—including storage compression and encryption. He also compares three leading hardware-based approaches—Sea of Processors, FPGAs, and ASICs—preparing you to evaluate solutions, ask the right questions, and plan strategies for your environment.
- Understand the business drivers behind DS Platforms, and the value they offer
- See how modern network design and virtualization create a foundation for DS Platforms
- Achieve unprecedented scale through domain-specific hardware, standardized functionalities, and granular distribution
- Compare advantages and disadvantages of each leading hardware approach to DS Platforms
- Learn how P4 Domain-Specific Language and architecture enable high-performance, low-power ASICs that are data-plane-programmable at runtime
- Distribute cloud security services, including firewalls, encryption, key management, and VPNs
- Implement distributed storage and RDMA services in large-scale cloud networks
- Utilize Distributed Services Cards to offload networking processing from host CPUs
- Explore the newest DS Platform management architectures
Building a Future-Proof Cloud Architecture is for network, cloud, application, and storage engineers, security experts, and every technology professional who wants to succeed with tomorrow’s most advanced service architectures.
Preface
Chapter 1: Introduction to Distributed Platforms
1.1 The Need for a Distributed Services Platform
1.2 The Precious CPU Cycles
1.3 The Case for Domain-Specific Hardware
1.4 Using Appliances
1.5 Attempts at Defining a Distributed Services Platform
1.6 Requirements for a Distributed Services Platform
1.7 Summary
Chapter 2: Network Design
2.1 Bridging and Routing
2.1.1 L2 Forwarding
2.1.2 L3 Forwarding
2.1.3 LPM Forwarding in Hardware
2.1.4 VRF
2.2 Clos Topology
2.3 Overlays
2.3.1 IP in IP
2.3.2 GRE
2.3.3 Modern Encapsulations
2.3.4 VXLAN
2.3.5 MTU Considerations
2.4 Secure Tunnels
2.5 Where to Terminate the Encapsulation
2.6 Segment Routing
2.7 Using Discrete Appliance for Services
2.7.1 Tromboning with VXLAN
2.7.2 Tromboning with VRF
2.7.3 Hybrid Tromboning
2.8 Cache-Based Forwarding
2.9 Generic Forwarding Table
2.10 Summary
2.11 Bibliography
Chapter 3: Virtualization
3.1 Virtualization and Clouds
3.2 Virtual Machines and Hypervisors
3.2.1 VMware ESXi
3.2.2 Hyper-V
3.2.3 QEMU
3.2.4 KVM
3.2.5 XEN
3.3 Containers
3.3.1 Docker and Friends
3.3.2 Kata Containers
3.3.3 Container Network Interface
3.3.4 Kubernetes
3.4 The Microservice Architecture
3.4.1 REST API
3.4.2 gRPC
3.5 OpenStack
3.6 NFV
3.7 Summary
3.8 Bibliography
Chapter 4: Network Virtualization Services
4.1 Introduction to Networking Services
4.2 Software-Defined Networking
4.2.1 OpenFlow
4.2.2 SD-WAN
4.2.3 gRIBI
4.2.4 Data Plane Development Kit (DPDK)
4.3 Virtual Switches
4.3.1 Open vSwitch (OVS)
4.3.2 tc-flower
4.3.3 DPDK RTE Flow Filtering
4.3.4 VPP (Vector Packet Processing)
4.3.5 BPF and eBPF
4.3.6 XDP
4.3.7 Summary on Virtual Switches
4.4 Stateful NAT
4.5 Load Balancing
4.6 Troubleshooting and Telemetry
4.7 Summary
4.8 Bibliography
Chapter 5: Security Services
5.1 Distributed Firewalls
5.2 Microsegmentation
5.3 TLS Everywhere
5.4 Symmetric Encryption
5.5 Asymmetric Encryption
5.6 Digital Certificates
5.7 Hashing
5.8 Secure Key Storage
5.9 PUF
5.10 TCP/TLS/HTTP Implementation
5.11 Secure Tunnels
5.11.1 IPsec
5.11.2 TLS
5.11.3 DTLS
5.12 VPNs
5.13 Secure Boot
5.14 Summary
5.15 Bibliography
Chapter 6: Distributed Storage and RDMA Services
6.1 RDMA and RoCE
6.1.1 RDMA Architecture Overview
6.1.2 RDMA Transport Services
6.1.3 RDMA Operations
6.1.4 RDMA Scalability
6.1.5 RoCE
6.1.6 RoCE vs iWARP
6.1.7 RDMA Deployments
6.1.8 RoCEv2 and Lossy Networks
6.1.9 Continued Evolution of RDMA
6.2 Storage
6.2.1 The Advent of SSDs
6.2.2 NVMe over Fabrics
6.2.3 Data Plane Model of Storage Protocols
6.2.4 Remote Storage Meets Virtualization
6.2.5 Distributed Storages Services
6.2.6 Storage Security
6.2.7 Storage Efficiency
6.2.8 Storage Reliability
6.2.9 Offloading and Distributing Storage Services
6.2.10 Persistent Memory as a New Storage Tier
6.3 Summary
6.4 Bibliography
Chapter 7: CPUs and Domain-Specific Hardware
7.1 42 Years of Microprocessor Trend Data
7.2 Moore’s Law
7.3 Dennard Scaling
7.4 Amdahl’s Law
7.5 Other Technical Factors
7.6 Putting It All Together
7.7 Is Moore’s Law Dead or Not?
7.8 Domain-specific Hardware
7.9 Economics of the Server
7.10 Summary
7.11 Bibliography
Chapter 8: NIC Evolution
8.1 Understanding Server Buses
8.2 Comparing NIC Form Factors
8.2.1 PCI Plugin Cards
8.2.2 Proprietary Mezzanine Cards
8.2.3 OCP Mezzanine Cards
8.2.4 Lan On Motherboard
8.3 Looking at the NIC Evolution
8.4 Using Single Root Input/Output Virtualization
8.5 Using Virtual I/O
8.6 Defining “SmartNIC”
8.7 Summary
8.8 Bibliography
Chapter 9: Implementing a DS Platform
9.1 Analyzing the Goals for a Distributed Services Platform
9.1.1 Services Everywhere
9.1.2 Scaling
9.1.3 Speed
9.1.4 Low Latency
9.1.5 Low Jitter
9.1.6 Minimal CPU Load
9.1.7 Observability and Troubleshooting Capability
9.1.8 Manageability
9.1.9 Host Mode versus Network Mode
9.1.10 PCIe Firewall
9.2 Understanding Constraints
9.2.1 Virtualized versus Bare-metal Servers
9.2.2 Greenfield versus Brownfield Deployment
9.2.3 The Drivers
9.2.4 PCIe-only Services
9.2.5 Power Budget
9.3 Determining the Target User
9.3.1 Enterprise Data Centers
9.3.2 Cloud Providers and Service Providers
9.4 Understanding DSN Implementations
9.4.1 DSN in Software
9.4.2 DSN Adapter
9.4.3 DSN Bump-in-the-Wire
9.4.4 DSN in Switch
9.4.5 DSNs in an Appliance
9.5 Summary
9.6 Bibliography
Chapter 10: DSN Hardware Architectures
10.1 The Main Building Blocks of a DSN
10.2 Identifying the Silicon Sweet Spot
10.2.1 The 16 nm Process
10.2.2 The 7 nm Process
10.3 Choosing an Architecture
10.4 Having a Sea of CPU Cores
10.5 Understanding Field-Programmable Gate Arrays
10.6 Using Application-Specific Integrated Circuits
10.7 Determining DSN Power Consumption
10.8 Determining Memory Needs
10.8.1 Host Memory
10.8.2 External DRAM
10.8.3 On-chip DRAM
10.8.4 Memory Bandwidth Requirements
10.9 Summary
10.10 Bibliography
Chapter 11: The P4 Domain-Specific Language
11.1 P4 Version 16
11.2 Using the P4 Language
11.3 Getting to Know the Portable Switch Architecture
11.4 Looking at a P4 Example
11.5 Implementing the P4Runtime API
11.6 Understanding the P4 INT
11.7 Extending P4
11.7.1 Portable NIC Architecture
11.7.2 Language Composability
11.7.3 Better Programming and Development Tools
11.8 Summary
11.9 Bibliography
Chapter 12: Management Architectures for DS Platforms
12.1 Architectural Traits of a Management Control Plane
12.2 Declarative Configuration
12.3 Building a Distributed Control Plane as a Cloud-Native Application
12.4 Monitoring and Troubleshooting
12.5 Securing the Management Control Plane
12.6 Ease of Deployment
12.7 Performance and Scale
12.8 Failure Handling
12.9 API Architecture
12.10 Federation
12.10.1 Scaling a Single SDSP
12.10.2 Distributed Multiple SDSPs
12.10.3 Federation of Multiple SDSPs
12.11 Scale and Performance Testing
12.12 Summary
12.13 Bibliography
Index
Chapter 1: Introduction to Distributed Platforms
1.1 The Need for a Distributed Services Platform
1.2 The Precious CPU Cycles
1.3 The Case for Domain-Specific Hardware
1.4 Using Appliances
1.5 Attempts at Defining a Distributed Services Platform
1.6 Requirements for a Distributed Services Platform
1.7 Summary
Chapter 2: Network Design
2.1 Bridging and Routing
2.1.1 L2 Forwarding
2.1.2 L3 Forwarding
2.1.3 LPM Forwarding in Hardware
2.1.4 VRF
2.2 Clos Topology
2.3 Overlays
2.3.1 IP in IP
2.3.2 GRE
2.3.3 Modern Encapsulations
2.3.4 VXLAN
2.3.5 MTU Considerations
2.4 Secure Tunnels
2.5 Where to Terminate the Encapsulation
2.6 Segment Routing
2.7 Using Discrete Appliance for Services
2.7.1 Tromboning with VXLAN
2.7.2 Tromboning with VRF
2.7.3 Hybrid Tromboning
2.8 Cache-Based Forwarding
2.9 Generic Forwarding Table
2.10 Summary
2.11 Bibliography
Chapter 3: Virtualization
3.1 Virtualization and Clouds
3.2 Virtual Machines and Hypervisors
3.2.1 VMware ESXi
3.2.2 Hyper-V
3.2.3 QEMU
3.2.4 KVM
3.2.5 XEN
3.3 Containers
3.3.1 Docker and Friends
3.3.2 Kata Containers
3.3.3 Container Network Interface
3.3.4 Kubernetes
3.4 The Microservice Architecture
3.4.1 REST API
3.4.2 gRPC
3.5 OpenStack
3.6 NFV
3.7 Summary
3.8 Bibliography
Chapter 4: Network Virtualization Services
4.1 Introduction to Networking Services
4.2 Software-Defined Networking
4.2.1 OpenFlow
4.2.2 SD-WAN
4.2.3 gRIBI
4.2.4 Data Plane Development Kit (DPDK)
4.3 Virtual Switches
4.3.1 Open vSwitch (OVS)
4.3.2 tc-flower
4.3.3 DPDK RTE Flow Filtering
4.3.4 VPP (Vector Packet Processing)
4.3.5 BPF and eBPF
4.3.6 XDP
4.3.7 Summary on Virtual Switches
4.4 Stateful NAT
4.5 Load Balancing
4.6 Troubleshooting and Telemetry
4.7 Summary
4.8 Bibliography
Chapter 5: Security Services
5.1 Distributed Firewalls
5.2 Microsegmentation
5.3 TLS Everywhere
5.4 Symmetric Encryption
5.5 Asymmetric Encryption
5.6 Digital Certificates
5.7 Hashing
5.8 Secure Key Storage
5.9 PUF
5.10 TCP/TLS/HTTP Implementation
5.11 Secure Tunnels
5.11.1 IPsec
5.11.2 TLS
5.11.3 DTLS
5.12 VPNs
5.13 Secure Boot
5.14 Summary
5.15 Bibliography
Chapter 6: Distributed Storage and RDMA Services
6.1 RDMA and RoCE
6.1.1 RDMA Architecture Overview
6.1.2 RDMA Transport Services
6.1.3 RDMA Operations
6.1.4 RDMA Scalability
6.1.5 RoCE
6.1.6 RoCE vs iWARP
6.1.7 RDMA Deployments
6.1.8 RoCEv2 and Lossy Networks
6.1.9 Continued Evolution of RDMA
6.2 Storage
6.2.1 The Advent of SSDs
6.2.2 NVMe over Fabrics
6.2.3 Data Plane Model of Storage Protocols
6.2.4 Remote Storage Meets Virtualization
6.2.5 Distributed Storages Services
6.2.6 Storage Security
6.2.7 Storage Efficiency
6.2.8 Storage Reliability
6.2.9 Offloading and Distributing Storage Services
6.2.10 Persistent Memory as a New Storage Tier
6.3 Summary
6.4 Bibliography
Chapter 7: CPUs and Domain-Specific Hardware
7.1 42 Years of Microprocessor Trend Data
7.2 Moore’s Law
7.3 Dennard Scaling
7.4 Amdahl’s Law
7.5 Other Technical Factors
7.6 Putting It All Together
7.7 Is Moore’s Law Dead or Not?
7.8 Domain-specific Hardware
7.9 Economics of the Server
7.10 Summary
7.11 Bibliography
Chapter 8: NIC Evolution
8.1 Understanding Server Buses
8.2 Comparing NIC Form Factors
8.2.1 PCI Plugin Cards
8.2.2 Proprietary Mezzanine Cards
8.2.3 OCP Mezzanine Cards
8.2.4 Lan On Motherboard
8.3 Looking at the NIC Evolution
8.4 Using Single Root Input/Output Virtualization
8.5 Using Virtual I/O
8.6 Defining “SmartNIC”
8.7 Summary
8.8 Bibliography
Chapter 9: Implementing a DS Platform
9.1 Analyzing the Goals for a Distributed Services Platform
9.1.1 Services Everywhere
9.1.2 Scaling
9.1.3 Speed
9.1.4 Low Latency
9.1.5 Low Jitter
9.1.6 Minimal CPU Load
9.1.7 Observability and Troubleshooting Capability
9.1.8 Manageability
9.1.9 Host Mode versus Network Mode
9.1.10 PCIe Firewall
9.2 Understanding Constraints
9.2.1 Virtualized versus Bare-metal Servers
9.2.2 Greenfield versus Brownfield Deployment
9.2.3 The Drivers
9.2.4 PCIe-only Services
9.2.5 Power Budget
9.3 Determining the Target User
9.3.1 Enterprise Data Centers
9.3.2 Cloud Providers and Service Providers
9.4 Understanding DSN Implementations
9.4.1 DSN in Software
9.4.2 DSN Adapter
9.4.3 DSN Bump-in-the-Wire
9.4.4 DSN in Switch
9.4.5 DSNs in an Appliance
9.5 Summary
9.6 Bibliography
Chapter 10: DSN Hardware Architectures
10.1 The Main Building Blocks of a DSN
10.2 Identifying the Silicon Sweet Spot
10.2.1 The 16 nm Process
10.2.2 The 7 nm Process
10.3 Choosing an Architecture
10.4 Having a Sea of CPU Cores
10.5 Understanding Field-Programmable Gate Arrays
10.6 Using Application-Specific Integrated Circuits
10.7 Determining DSN Power Consumption
10.8 Determining Memory Needs
10.8.1 Host Memory
10.8.2 External DRAM
10.8.3 On-chip DRAM
10.8.4 Memory Bandwidth Requirements
10.9 Summary
10.10 Bibliography
Chapter 11: The P4 Domain-Specific Language
11.1 P4 Version 16
11.2 Using the P4 Language
11.3 Getting to Know the Portable Switch Architecture
11.4 Looking at a P4 Example
11.5 Implementing the P4Runtime API
11.6 Understanding the P4 INT
11.7 Extending P4
11.7.1 Portable NIC Architecture
11.7.2 Language Composability
11.7.3 Better Programming and Development Tools
11.8 Summary
11.9 Bibliography
Chapter 12: Management Architectures for DS Platforms
12.1 Architectural Traits of a Management Control Plane
12.2 Declarative Configuration
12.3 Building a Distributed Control Plane as a Cloud-Native Application
12.4 Monitoring and Troubleshooting
12.5 Securing the Management Control Plane
12.6 Ease of Deployment
12.7 Performance and Scale
12.8 Failure Handling
12.9 API Architecture
12.10 Federation
12.10.1 Scaling a Single SDSP
12.10.2 Distributed Multiple SDSPs
12.10.3 Federation of Multiple SDSPs
12.11 Scale and Performance Testing
12.12 Summary
12.13 Bibliography
Index