From: Tom Barbette <tom.barbette@uclouvain.be>
To: "Kompella V, Purnima" <Kompella.Purnima@commscope.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>,
Thea Corinne Rossman <thea.rossman@cs.stanford.edu>,
"users@dpdk.org" <users@dpdk.org>
Subject: Re: Containernet (Docker/Container Networking) with DPDK?
Date: Wed, 20 Nov 2024 09:28:13 +0000 [thread overview]
Message-ID: <00808E3C-24A4-4D0C-A7EC-D07EA1F790B4@uclouvain.be> (raw)
In-Reply-To: <80E33329-12A0-418B-B2F1-CB85E2C2388B@uclouvain.be>
[-- Attachment #1: Type: text/plain, Size: 1819 bytes --]
Le 20 nov. 2024 à 10:27, Tom Barbette <tom.barbette@uclouvain.be> a écrit :
Hi Stephen, Thea,
If you uses SRIOV, then containers behave essentially like VMs, packets will be exchanged through the PCIe bus and switched on the NIC ASIC, which as Stephen mentions, will identify MAC addresses as « itself » and packets do not physically get out of the NIC . I’d argue these days it’s not as much of a problem. You can typically have a PCIe5 x16 ConnectX7 that has a bus BW of 500Gbps but has actually only one or two 100G ports, so you’ve got plenty of spare bandwidth for internal host exchange. We know NICs are getting smart and take a broader role than pure « external » I/O.
Internal host networking without going through PCIe can be handled like VMs too : with virtio and the DPDK vhost driver. Memory copies are involved in that case.
I suspect for your matter at hand Thea, the easiest is to use SRIOV. Research-wise, a simple solution is to use —networking=host …
Eg this is working well but uses privileged container and lets the docker access all host network for fastclick :
sudo docker run -v /mnt/huge:/dev/hugepages -it --privileged --network host tbarbette/fastclick-dpdk:generic --dpdk -a $VF_PCIE_ADDR -- -e "FromDPDKDevice(0) -> Discard;"
The related sample Dockerfile can be found at : https://github.com/tbarbette/fastclick/blob/main/etc/Dockerfile.dpdk
A problem also with DPDK-based dockers is that you generally don’t want to keep the -march=native, so personally I got that script to build a version of my docker image with many architectures : https://github.com/tbarbette/fastclick/blob/main/etc/docker-build.sh so the user can use the image that targets their own arch.
May that be helpful,
Tom
*sorry I meant Purnima, not Stephen
[-- Attachment #2: Type: text/html, Size: 2862 bytes --]
WARNING: multiple messages have this Message-ID
From: Tom Barbette <tom.barbette@uclouvain.be>
To: "Kompella V, Purnima" <Kompella.Purnima@commscope.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>,
Thea Corinne Rossman <thea.rossman@cs.stanford.edu>,
"users@dpdk.org" <users@dpdk.org>
Subject: Re: Containernet (Docker/Container Networking) with DPDK?
Date: Wed, 20 Nov 2024 09:28:14 +0000 [thread overview]
Message-ID: <00808E3C-24A4-4D0C-A7EC-D07EA1F790B4@uclouvain.be> (raw)
Message-ID: <20241120092814.QgskAPpp14cUUKt_tN01aTAbXadg6Cr8u7BsUnUdVZo@z> (raw)
In-Reply-To: <80E33329-12A0-418B-B2F1-CB85E2C2388B@uclouvain.be>
[-- Attachment #1: Type: text/plain, Size: 1819 bytes --]
Le 20 nov. 2024 à 10:27, Tom Barbette <tom.barbette@uclouvain.be> a écrit :
Hi Stephen, Thea,
If you uses SRIOV, then containers behave essentially like VMs, packets will be exchanged through the PCIe bus and switched on the NIC ASIC, which as Stephen mentions, will identify MAC addresses as « itself » and packets do not physically get out of the NIC . I’d argue these days it’s not as much of a problem. You can typically have a PCIe5 x16 ConnectX7 that has a bus BW of 500Gbps but has actually only one or two 100G ports, so you’ve got plenty of spare bandwidth for internal host exchange. We know NICs are getting smart and take a broader role than pure « external » I/O.
Internal host networking without going through PCIe can be handled like VMs too : with virtio and the DPDK vhost driver. Memory copies are involved in that case.
I suspect for your matter at hand Thea, the easiest is to use SRIOV. Research-wise, a simple solution is to use —networking=host …
Eg this is working well but uses privileged container and lets the docker access all host network for fastclick :
sudo docker run -v /mnt/huge:/dev/hugepages -it --privileged --network host tbarbette/fastclick-dpdk:generic --dpdk -a $VF_PCIE_ADDR -- -e "FromDPDKDevice(0) -> Discard;"
The related sample Dockerfile can be found at : https://github.com/tbarbette/fastclick/blob/main/etc/Dockerfile.dpdk
A problem also with DPDK-based dockers is that you generally don’t want to keep the -march=native, so personally I got that script to build a version of my docker image with many architectures : https://github.com/tbarbette/fastclick/blob/main/etc/docker-build.sh so the user can use the image that targets their own arch.
May that be helpful,
Tom
*sorry I meant Purnima, not Stephen
[-- Attachment #2: Type: text/html, Size: 2862 bytes --]
next prev parent reply other threads:[~2024-11-20 9:28 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-18 5:42 Thea Corinne Rossman
2024-11-19 20:53 ` Thea Corinne Rossman
2024-11-19 21:29 ` Stephen Hemminger
2024-11-19 21:39 ` Thea Corinne Rossman
2024-11-19 22:03 ` Stephen Hemminger
2024-11-20 7:10 ` Kompella V, Purnima
2024-11-20 9:27 ` Tom Barbette
2024-11-20 9:28 ` Tom Barbette [this message]
2024-11-20 9:28 ` Tom Barbette
2024-11-20 19:49 ` Thea Corinne Rossman
2024-11-19 22:14 ` Thomas Monjalon
2024-11-19 23:23 ` Thea Corinne Rossman
2024-11-19 23:30 ` Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00808E3C-24A4-4D0C-A7EC-D07EA1F790B4@uclouvain.be \
--to=tom.barbette@uclouvain.be \
--cc=Kompella.Purnima@commscope.com \
--cc=stephen@networkplumber.org \
--cc=thea.rossman@cs.stanford.edu \
--cc=users@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).