VPP中文名为向量包处理引擎,英文名是Vector Packet Processing,是Cisco2002年开发的商用代码。2016年2月11号,Linux基金会创建FD.io项目。Cisco将VPP代码的开源版本加入该项目,目前已成为该项目的核心。(对于向量的理解,还停留在高中数学阶段,顾名思义是有起点和终点的)。
原理
VPP运行于用户空间,支持多种收包方式,常用的是DPDK。VPP主要有两个主要功能:框架可扩展;成熟的交换/路由功能。
DPDK(Date plane development kit)是一个用来进行包数据处理加速的软件库。
1) 可扩展性
VPP平台是通过graphnode串联起来处理数据包,类似于freebsd的netgraph。
通过插件的形式引入新的graph node或者重新排列数据包的gpragh node。将插件添加到插件目录中,运行程序的时候就会自动加载插件。另外插件也可以根据硬件情况通过某个node直接连接硬件进行加速。
VPP平台可以用于构建任何类型的数据包处理应用。比如负载均衡、防火墙、IDS、主机栈。也可以是一个组合,比如给负载均衡添加一个vSwitch。
通过创建插件,可以任意扩展如下功能:
1) 自定义新的图结点
2) 重新排列图结点
3) 添加底层API
VPP从网络IO层读取最大的可用数据包向量。然后,VPP通过“数据包处理”图处理数据包的向量。VPP不会处理完整个图形中的第一个数据包然后处理整个图形中的第二个数据包,而是先处理通过一个图形节点的所有数据包向量然后再移动到下一个图形节点。
由于向量中的第一个数据包会预热指令缓存,因此其余数据包往往会以极高的性能进行处理。处理数据包向量的固定成本在整个向量中摊销。这不仅导致非常高的性能,而且还导致统计上可靠的性能。如果VPP落后一点,则下一个向量包含更多的数据包,因此固定成本将在更大数量的数据包中摊销,从而降低了每个数据包的平均处理成本,从而导致系统追赶。结果,吞吐量和等待时间非常稳定。如果有多个核可用,则图形调度程序可以将(向量,图形节点)对调度到不同的核。
2) 可编程能力
VPP还提供基于共享内存或者消息队列的高性能内部API。目前VPP平台支持C和JAVA客户端进行内部API绑定。
远程可编程能力通过外部API与Data Plane Management Agent进行通信。Data Plane Management Agent通过内部API与VPP应用(引擎)进行通信。
VPP的功能
VPP的扩展功能
VPP代码架构
Plugins:主要为实现一些功能,在程序启动的时候加载,一般情况下会在插件中加入一些node节点去实现相关功能
Vnet:提供网络资源能力:比如设备,L2/ L3/L4功能,session管理,控制管理,流量管理等
VLIB:主要提供基本的应用管理库:buffer管理,graph node管理,线程,CLI,trace等
VPP Infra:提供一些基本的通用的功能函数库:包括内存管理,向量操作,hash,timer等
源码安装
1) 使用git将VPP源码克隆下来(没有git可使用 yum install git -y 安装)
[root@localhost ~]# mkdir source
[root@localhost ~]# cd source
[root@localhost source]# git clone https://git.fd.io/vpp -b master
2) 安装依赖环境,进入VPP目录下执行:
[root@localhost source]# cd vpp
[root@localhost vpp]# yum install -y epel-release python-pip net-tools
[root@localhost vpp]# make install-dep
3) 安装dpdk,执行第4步代码编译时,会自动下载dpdk并一起编译(可忽略)
[root@localhost vpp]# make dpdk-install-dev
4) 进行代码编译(make distclean 可以清除编译生成文件 )
[root@localhost vpp]# make build
5) 制作rpm包
[root@localhost vpp]# make pkg-rpm
6) 安装VPP
[root@localhost vpp]# cd build-root/
[root@localhost build-root]# rpm -i vpp*.rpm
7) 启动VPP(并设置开机启动)
[root@localhost ~]# systemctl enable vpp
[root@localhost ~]# systemctl start vpp
[root@localhost ~]# systemctl status vpp
8) 测试安装是否成功
[root@localhost ~]# vppctl
VPP配置文件startup.cfg (/etc/vpp/startup.cfg)
/*************************************/
unix {
Interactive //将CLI命令加入到输入输出,提供调试
log /tmp/vpp.log //日志
full-coredump //请求Linux内核转储所有内存映射地址区域
cli-listen 127.0.0.1:5002 //绑定CLI监听TCP端口5002
}
api-trace {
on //程序崩溃时可以追踪
}
cpu {
//works
//skip_cores
main-core 0 //将主线程分配给第0个核
corelist-workers 1-3 //将worker线程放到核1 2 3上
}
dpdk {
dev default {
num-rx-desc 4096
num-tx-desc 4096
}
dev 0000:04:00.0 {num-rx-queues 1} //将网卡与网卡驱动绑定
dev 0000:04:00.1 {num-rx-queues 1}
dev 0000:05:00.0
dev 0000:05:00.1
num-mbufs 128000 //IO缓冲区数量
socket-mem 2048 //vpp感知NUMA,在NUMA0上分配2G内存
}
plugin_path{
/usr/lib/vpp_plugins
//插件路径
}
案例学习
案例1:Using VPP as a VXLAN Tunnel Terminator- An explanation of the VXLAN tunnel terminator, its features, architecture, and API support.
VXALN提供了允许L2层桥接域 bridge domains (BDs)跨多台主机的功能。这是通过使用VXLAN隧道在L3网络底层之上构建L2覆盖层来完成的。
在VPP引擎中对VXLAN隧道的实现包括以下功能:
1) 利用现有的VPP L2桥接和交叉连接功能。
2) 允许根据RFC-7348创建VXLAN,以在L3底层上扩展L2网络。
3) 提供单播模式,该模式下,数据包的复制是在前端向远程VTEPS进行的。
4) 在数据包复制中支持水平分割组Split Horizon Group(SHG)编号。
5) 支持与网桥虚拟接口(BVI)的互操作,以允许VXLAN或VLAN数据包之间通过路由转发。
6) 支持VXLAN到VLAN的网关。
7) 支持ARP请求终止。
8) 同时支持基于IPv6和IPv4的VXLAN。
VXLAN Tunnel Encap and Decap
The VXLAN tunnel encap includes IP, UDP and VXLAN headers as follows:
VTEPs and VXLAN Tunnel Creation
1) Create VXLAN Tunnel with VTEPs
VTEPs (VXLAN Tunnel End Points) are specified via VXLAN tunnel creation – the source and destination IP addresses of each VXLAN tunnel are the local server VTEP address and the destination server VTEP address. The VNI value used for the VXLAN tunnel is also specified on VXLAN tunnel creation. Once a VXLAN tunnel is created, it is like a VPP interface and not yet associated with any BD.
2) Associate VXLAN Tunnel with BD
Once a VXLAN tunnel interface is created, it can be added to a bridge domain (BD) as a bridge port by specifying its BDID, just like how a local Ethernet interface can be added to a BD. As a VXLAN tunnel is added to a BD, the VNI used for creating the VXLAN tunnel will be mapped to the BDID. It is a good practice to allocate the same value for both VNI and BDID for all VXLAN tunnels on the same BD or VXLAN segment for all servers to prevent confusion.
3) Connecting VXLAN Tunnels among Multiple Servers
To setup a VXLAN segment or BD over multiple servers, it is recommended that a VPP BD with the same BDID should be created on each server and then a full mesh of VXLAN tunnels among all servers should be created to link up this BD in each server. In other word, on each server with this BD, a VXLAN tunnel with its VNI set to the same value as the BDID should preferably be created for each of the other servers and be added to the BD. Making all BDIDs and VNIs the same value makes VXLAN segment connectivity much more apparent and less confusing.
4 Configuration and Verification
4.1 Configuration Sequence
4.1.1 Bridge Domain Creation
The following example command shows the configuration sequence to create a bridge domain with BD ID of 13 with learning, forwarding, unknown-unicast flood, flooding enabled and ARP-termination disabled
# create bridge-domain 13 learn 1 forward 1 uu-flood 1 flood 1 arp-term 0
4.1.2 VXLAN Tunnel Creation and Setup
Following is the configuration sequence to create a VXLAN tunnel and put it into a bridge domain with BD ID of 13:
# create vxlan tunnel src 10.0.3.1 dst 10.0.3.3 vni 13 encap-vrf-id 7 decap-next l2
# set interface l2 bridge vxlan_tunnel0 13 1
4.1.3 VXLAN Tunnel Tear-Down and Deletion
Following is the configuration sequence to delete a VXLAN tunnel which must first be removed from any BD it is attached:
# set interface l3 vxlan_tunnel0
# create vxlan tunnel src 10.0.3.1 dst 10.0.3.3 vni 13 del
4.1.4 BVI Interface Creation and Setup
Following is the configuration sequence to create a loopback interface, put it into BD 13 as a BVI interface, put it into VRF 5 and assign an IP address with subnet of 6.0.0.250/16。
# loopback create mac 1a:2b:3c:4d:5e:6f
# set interface l2 bridge loop0 13 bvi
# set interface state loop0 up
# set interface ip table loop0 5
# set interface ip address loop0 6.0.0.250/16
4.1.5 BVI Interface Tear-Down and Deletion
Following is the configuration sequence to delete a loopback interface which is the BVI of a BD. Before the deletion, the loopback interface must be first removed from BD together with its IP address/subnet:
# set interface ip address loop0 del all
# set interface l3 loop0
# loopback delete loop0
4.1.6 Example Config of BD with BVI/VXLAN-Tunnel/Ethernet-Port
# loopback create mac 1a:2b:3c:4d:5e:6f
# create vxlan tunnel src 10.0.3.1 dst 10.0.3.3 vni 13 encap-vrf-id 7 decap-next l2
# set interface state loop0 up
# set interface state GigabitEthernet2/2/0 up
# set interface l2 bridge GigabitEthernet2/2/0 13 0
# set interface l2 bridge vxlan_tunnel0 13 1
# set interface l2 bridge loop0 13 0 bvi
# set interface ip table loop0 5
# set interface ip address loop0 6.0.0.250/16
4.1.7 Enable/Disable ARP termination of a BD
# set bridge-domain arp term 13
# set bridge-domain arp term 13 disable
4.1.8 Add/Delete IP to MAC Entry to a BD for ARP Termination
# set bridge-domain arp entry 13 7.0.0.11 11:12:13:14:15:16
# set bridge-domain arp entry 13 7.0.0.11 11:12:13:14:15:16 del
4.2 Show Command Output for VXLAN related Information
4.2.1 Bridge Domain and Port Info
4.2.2 VXLAN Tunnel Info
vpp# show vxlan tunnel
[0] 10.0.3.1 (src) 10.0.3.3 (dst) vni 13 encap_fib_index 1 decap_next l2
4.2.3 Interface Address and Modes
4.2.4 Interface Stats
4.2.5 Graph Node Global Counters
4.3 Packet Trace
The following example shows typical output from a packet trace of a ping (an ICMP echo request packet). In the following example, the ping is sent from a port with IP address 7.0.0.2 in a BD (with bd_index 1) to an IP address 6.0.4.4.
A typical VPP command to capture the next 10 packets is:
# trace add dpdk-input 10
The VPP command to show packet trace is:
# show trace
The destination IP of 6.0.4.4 resides in another BD (with bd_index 0) on another server. Thus, the packet was forwarded from the 1st BD the 2nd BD via BVI and then be sent from the 2nd BD via VXLAN tunnel to the other server. The ICMP echo response was received at the local VTEP IP address and then forwarded in the 2nd BD after VXLAN header decap. The packet was then forwarded from the 2nd BD to 1st BD via BVI and finally output on the port with IP address 7.0.0.2.
Look for output from the vxlan-encap node and vxlan-input node by searching for the strings: vxlan-encap vxlan-input
点击查看更多usecase
To get started with VPP check out: GettingStartedwithVPP
UseVPPasaRouterBetweenNamespaces - An example configuration of the VPP platform as a router.
UseVPPwithdynamicTAPinterfacesasaRouterBetweenContainers - Another example of inter-namespace/inter-container routing, using TAP interfaces.
UseVPPtoConnectVMsUsingVhost-UserInterface - An example of connecting two virtual machines using VPP L2 Bridge and vhost-user interfaces.
Getting started with VPP development
Installing VPP binaries from packages - using APT/YUM to install VPP
Pulling, Building, Hacking, and Pushing VPP Code - Explains how to get up and going with the vpp code base. NOTE: supercedes Setting Up Your Dev Environment
Building and Installing A VPP Package - Explains how to build, install and test a VPP package
参考
https://blog.csdn.net/a673281846/article/details/101279052 VPP简介
https://blog.csdn.net/rong_toa/article/details/107055636 VPP如何运作的
https://zhuanlan.zhihu.com/p/41211629
https://wiki.fd.io/view/VPP/Command-line_Interface_(CLI)_Guide
https://wiki.fd.io/view/VPP
https://wiki.fd.io/view/VPP/Using_VPP_as_a_VXLAN_Tunnel_Terminator
https://wiki.fd.io/view/VPP/Software_Architecture
https://wiki.fd.io/view/VPP/What_is_VPP%3F