WIXLIB

White PaperCloud Networking applicationsCloud Applications, Security, and Wireless CommunicationsCloud NativeData PlaneData Plane development for 5G Mobility Edge made easy.AuthorsEdwin VerplankeSenior Principal EngineerSerge MaskalikVP EngineeringOverview . 1Highway9 Networks Virtual Mobility Edge . 2Migration Made Easy. 2Wireless applications. 3CNDP . 3Addressing challenges . 3Cloud integration. 3Performance. 3Cloud orchestration . 3Faster Time to Market . 4CNDP Toolkit . 4Network Stack . 4Language Bindings . 4Vector Packet Processor (VPP) . 4Enabling Data Plane CI/CD . 5OverviewIt is no secret that mainstream Data Center applications aremigrating to cloud. Similarly in the Security and WirelessCommunications industry, this trend is emerging as well. Securityapplications such as Firewall, DDoS prevention, WAF, etc., havea natural affinity since the business logic has already moved inthis direction and requires protection and portability. Over the lasttwo decades, all major security and networking appliancesbecome virtualized on-premise and in the public cloud, untetheredand agnostic from hardware they run on. Also, as telecom andenterprise customers adopted the hybrid cloud strategy, the needfor platform portability gained more momentum as customers mayhave a different cloud platform on-premise and in the public cloudwhile using the same networking functions.Fast forward to today, where we build the reality of edge cloudwith low latency applications of AR/VR, video data acquisition withlocal inferencing engines, robotics controllers in manufacturing,clinical communications and imaging for healthcare, etc. Cloudvendors transformed from regional clouds to near-edge cloudswith lots of sites near the enterprise locations. The making of thenext hybrid 5G cloud is the intersection of the following trends: Multi-cloud – in order to get near-edge proximity, it will take avillage (AWS Local Zones, Azure Edge, VMware on-premise,Google Edge, Vapor I/O, etc.) Cloud Native principle adoption by all network functionvendors 5G technology integration with Software-Defined Networkingdomains as 5G enters the hands of enterprise IT operation Cloud Native Data Plane (CNDP) can be used to create ormigrate Data Center applications to the cloud infrastructure.In Summary . 61

White Paper Cloud Native Data PlaneAn example of such a solution is the Highway9Networks Virtual Mobility Cloud, allowingcloud-consumption of 5G services for theEnterprise. The Virtual Mobility Cloud (VMC)workflows simplify and automate theprovisioning of private CBRS wirelessnetworks with templates for common usecases to minimize user input. The VMCdedicated instances are rapidly deployed foreach enterprise tenant to provide a securecloud-first enterprise deployment model. TheVirtual Mobility Edge provides the control anduser plane for private CBRS networks –flexibly deployed on-premise or on aproximate Edge or Public Cloud. Simple tooperate, the indoor and outdoor radios areactivated by the Highway9 Networks cloudservice and integrated into corporate AAAservices like Network Access Control (NAC),Active Directory and Mobile DeviceManagement.Figure 1: Highway9 5G Mobility Edgecommon deployment be achieved with tools like Helmacross all K8s cloud platforms? Is there a standardway to do logging, metrics, event handling and othertransparency requirements for telemetry? How canupgrades be managed in a Cloud Native fashion fordata plane applications while meeting the lowdowntime and resilience goals? Previously, deployingcloud native data plane solutions meant sacrificingportability and compatibility across platforms – butnow CNDP offers an elegant solution where thedeveloper can easily balance performance &compatibility. The multi-cloud abstraction viaAF XDP, the Kubernetes orchestration and theavailability of CNDP deployment operator with CNDPdevice plugin and the CNI largely solves the multicloud problem. The native integration into Kubernetestelemetry tool chain via Prometheus sidecar that isincluded.The Mobility Edge houses the 5G controller withfastpath user plane functions like 5G UPF andfeatures like MEC local breakout which applies to allNG RAN instances in a given site. This system alsomanages the subscriber authentication and policiesby integrating with IT systems of record such asActive Directory to map the hardware root of trust inSIM to enterprise users, Network Access Controlpolicies for ACLs and VXLAN/VLAN routing and enduser devices grouping from Mobile DeviceManagement systems. To satisfy the enterprise multicloud requirements, the Mobility Edge has to integratewith all common flavors of private and public cloud:VMware with VMXNET3, AWS with Nitro, baremetalfor embedded appliances and Google cloud (GCP) aswell.In order to build an open multi-cloud compatibleLike other high speed networking systems, Highway9solution without any technology “lock-in,” adoption ofNetworks leverages VPP to achieve low latency andCNDP using AF XDP is highly attractive. Previously,high speed for its 5G Mobility Edge instances.Highway9 Networks Mobility Edge solution had to beAdopting CNDP is made easy because it is a gradualcognizant of all SDN choices. It is further exacerbatedprocess without knife edge cutovers required. CNDPwith different ways to manage SRIOV access inincludes a VPP plugin that allows for existing VPPclouds. CNDP toolkit bring a level of portability andapps to begin to leverage CNDP benefits without ainteroperability required to provide multi-cloud highrewrite. A good strategy is to sediment functionalityspeed, low latency networking solutions.natively into CNDP as the business objectives aremet without a costly re-platforming exercise. Similarly,Cloud Native principles, furthermore, make thelots of functionality fromportability possible, but alsoDDPK is available. Onecome with its own set ofother aspect Highway9challenges for data placeNetworks found attractiveapplications. Can youThe next generation of enterpriseabout CNDP was themaintain combability withcampus SDNs are being built on multi- redefined relationship withall populate KubernetesLinux Networking.flavors, with variance ofcloud, 5G technologies and cloudPreviously, Linux networkingcontainer storage andnative design principles – CNDPwas effectively bypassednetworking (CNI/CSI)enables the ultimate portability andwith SRIOV/DPDK – but nowsubsystems? Can theit is embraced. This enablessecurity posture befeature velocity to bring this to market. additionalinstallation,maintained withoutorchestration and automationrequiring privilegedbenefits that were previouslycontainer access? How can2

White Paper Cloud Native Data Planelost. The visibility and accounting for networkingpseudo-devices and new capabilities in testing ispossible.In Figure 2: CNDP Overview, it shows the high-leveloverview of CNDP and where it sits in the system. ACNDP application sits in user space and interacts withthe kernel to send/receive packets via the AF XDPsockets interface. Using AF XDP sockets for packetI/O allows the application to run without having toknow or require specific hardware, which makes theapplication more portable. The application still hasaccess to other system interfaces, if needed.For Wireless types of applications, it is less obvious,however the 5G control plane has an affinity toward acloud native deployment since it has adopted HTTP/2for its application layer. However, the cloud migrationfor communications centric applications does comewithout challenges. For example, a communicationsapplication often maintains elements of (legacy)monolithic code that don’t lend itself to be refactoredin micro services. Code migrating from an appliancetype of solution where it is the expectation that theaccess to Layer 2 and/or Layer 3 network protocolaccess may be hampered since public cloud may notallow access. These are just a few examples, andclearly there are many more, such as the data planemigration element. The latter is reviewed in the nextsection.Whether the communications application addresses awireless or security requirement, there is one thingthey have in common: each needs to move largevolumes of packets or data frames betweeninterfaces, commonly referred to as the data plane.We can break down the data plane migrationchallenges into the following categories: Data Plane or User Plane functionality often thehigh-performance data movement requirementand are typically designed following a run tocompletion model and do not lend themselves tobe refactored in micro services. The Linux Networking infrastructure iscomprehensive but small packet movementperformance is typically not sufficient for networkinfrastructure applications. To guarantee the performance requirementsdedicated resource allocation is typically required.For example, huge page memory allocation, limitscheduling overhead by utilizing core pinning anddedicated network resource assignment isrequired. Because of the above two challenges, theorchestration complexity has increased. Anoperator would have to find the hardware specthat aligns with the requirements above tomaintain the performance requirements.Figure 2: CNDP OverviewThe Kubernetes integration via the device plugin andCNI helps the developer install the application withouthaving to know about most of the details in thesystem to run the application. Having theorchestration available and accessed by theKubernetes standard interface allows the developersto understand the application’s performance andconfiguration.The CNDP set of libraries provide a lightweightintegration of CNDP components into the applicationto enhance the performance and/or deployment. Thelibraries provide performance and features to give thedevelopers a solid foundation to build applicationswhile achieving the best performance. Some of theseperformance features utilize Intel architectureenhancements i.e., Intel AVX-512 instructions andperformance optimizations. Highway9 Networkslearned over time to get the best performance fromapplications running on Intel architecture. Becausethe best-known methods (BKMs) are put into CNDPlibraries, the developer can focus on the businessaspects of the application, which provide the featuresand solutions cloud applications require.CNDP is a collection of user space libraries foraccelerating packet processing for cloud applications.It aims to provide better performance than that ofstandard network socket interfaces using an I/O layerprimarily built on AF XDP, an interface that deliverspackets directly to user space, bypassing the kernelnetworking stack. CNDP provides a custom TCP/UDPstack, libraries for RIB, FIB, ACL, Hash, etc. It alsoprovides JSON parsing and libraries to exposemetrics and telemetry with examples to deployservices on Kubernetes.Orchestration of cloud applications is complex and iscritical to having a good application, as it needs tointegrate with the management systems to makedeployment easy and clean.CNDP provides new integration plugins and tools toallow systems like Kubernetes to deploy theapplication in the cloud. Making it easier for thedevelopers is one of the primary goals of CNDP.3