IETF Logo Mail Archive

Re: [Nfvrg] Using container based hypervisor in NFV

GENG Liang <liang.geng@hotmail.com> Fri, 17 March 2017 02:41 UTC

Return-Path: <liang.geng@hotmail.com>
X-Original-To: nfvrg@ietfa.amsl.com
Delivered-To: nfvrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3156B129BC6 for <nfvrg@ietfa.amsl.com>; Thu, 16 Mar 2017 19:41:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.784
X-Spam-Level:
X-Spam-Status: No, score=-3.784 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.796, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9llyyN1ogqe9 for <nfvrg@ietfa.amsl.com>; Thu, 16 Mar 2017 19:41:37 -0700 (PDT)
Received: from COL004-OMC1S17.hotmail.com (col004-omc1s17.hotmail.com [65.55.34.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01326129BBE for <nfvrg@irtf.org>; Thu, 16 Mar 2017 19:41:36 -0700 (PDT)
Received: from APC01-HK2-obe.outbound.protection.outlook.com ([65.55.34.8]) by COL004-OMC1S17.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Thu, 16 Mar 2017 19:41:36 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=jS37JTwOvDnHeq0Etll9yMkaGN6WOjtC8oGBarhxp6Q=; b=cM/LlwJTiJVwBnAQAPwYeqhW/pET+QjYamPtvbVnI/OjloHamcLmxwKVzMNsFozwyyBFbae+YHlUI6gehBBYaeqNzkWC8qGQL5c6u2Nodj1fGxgzT+jYvUTmFvReqvD/Zd71/RFdFOWW8QyVko/78iLbjO6gwTdHoDKLsbYGOZUrCHCRbJY7x6z7fO9FBsQ8P6i/rBcmj36sULHeyDP7i3v68YJ+8QtsnYKeRxySuayriwHEOzTDTap4Qxe32kI6bLL0EJZBKYiObd+Ux2wfvgBl6wokMcXIvDsz/9F+pND2/sxZSjKeiBNwruA4ZNdiue7rDueo1vTyXEphucFYIA==
Received: from PU1APC01FT027.eop-APC01.prod.protection.outlook.com (10.152.252.59) by PU1APC01HT172.eop-APC01.prod.protection.outlook.com (10.152.253.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.947.7; Fri, 17 Mar 2017 02:41:34 +0000
Received: from KL1PR06MB1126.apcprd06.prod.outlook.com (10.152.252.52) by PU1APC01FT027.mail.protection.outlook.com (10.152.252.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.947.7 via Frontend Transport; Fri, 17 Mar 2017 02:41:34 +0000
Received: from KL1PR06MB1126.apcprd06.prod.outlook.com ([fe80::8811:1719:ea0a:e7e8]) by KL1PR06MB1126.apcprd06.prod.outlook.com ([fe80::8811:1719:ea0a:e7e8%14]) with mapi id 15.01.0961.022; Fri, 17 Mar 2017 02:41:34 +0000
From: GENG Liang <liang.geng@hotmail.com>
To: nikhil ap <niks3089@gmail.com>, nfvrg <nfvrg@irtf.org>
Thread-Topic: [Nfvrg] Using container based hypervisor in NFV
Thread-Index: AQHSnpVuS/VomOZ0N06FrPKapjaDZQ==
Date: Fri, 17 Mar 2017 02:41:34 +0000
Message-ID: <KL1PR06MB11260B628F6ABD09534F3FA687390@KL1PR06MB1126.apcprd06.prod.outlook.com>
References: <CACPJs-CP0Q0tyEy4CO4jB339LwHfFhhJZhivrOiz0tVpR9kc+Q@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=hotmail.com;
x-incomingtopheadermarker: OriginalChecksum:921614474C154927106D20CBA44967F7FB6B34D43EC878AAF5D38CB796801BBA; UpperCasedChecksum:B9CC8F2AB03F339304FA21EBF43AED2A34179817B0AE3FBF6B074DD1D5C757C5; SizeAsReceived:7585; Count:35
x-ms-exchange-messagesentrepresentingtype: 1
x-incomingheadercount: 35
x-eopattributedmessage: 0
x-microsoft-exchange-diagnostics: 1; PU1APC01HT172; 5:ARxWDPzQG18ohlU6g1E/84LEUDopTT0MXGhMiKn1C99SjSFi4fjVIiYJObJIOHPxLlO3sd97m0Kd6YAelrJh4RtGg8sbOfxmnjbJw51Fk3bx+LIPpS4UET+mr8/ZU+BTGlXoHXXqHbdqaYNHBwnlJg==; 24:XOXFSe6BOnml8VMA1gT65uz8y5lZCX4dhcNdA2OK3zN7DbS5CkGkHFG8OrJ8MAdpRl48DBl1JA2dhwWBzY8471qCkL7J/ci1hq5JhfAep9s=; 7:Luzg8eWiz9u20xnaWnTSheS36YHKxfrx+gwCS6c2YzjI05o4MZ1a/YBdArG+9gRtanvub4LW4/CXt8IDbkF7aPwv4Zlbqs+arGvLRzmhi4+joKv2pOUGcu2lWZjCw0HhnFBFBi/hmn++7Z03a+b6Vh8RquVU1s4WcQrMISMVKa+aAxZZRnPbnZEv8a1os4p7D+kwCM6aM1wlixzKKD7WGZTkEAuqK6kqSH+jfKowalS6gPosajF48cEGmupw8Z52ZwembE6ZPO+TxJFcNAa5DAX8dlkLXglSOIjPo3zus6FNdbHb+u3UY2KwlnDegQYW
x-forefront-antispam-report: EFV:NLI; SFV:NSPM; SFS:(10019020)(98900017); DIR:OUT; SFP:1102; SCL:1; SRVR:PU1APC01HT172; H:KL1PR06MB1126.apcprd06.prod.outlook.com; FPR:; SPF:None; LANG:en;
x-ms-office365-filtering-correlation-id: 1745bd37-6368-45d5-c232-08d46cdf1e24
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(1601125254)(1603101448)(1701031045); SRVR:PU1APC01HT172;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(432015087)(444000031); SRVR:PU1APC01HT172; BCL:0; PCL:0; RULEID:; SRVR:PU1APC01HT172;
x-forefront-prvs: 0249EFCB0B
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_KL1PR06MB11260B628F6ABD09534F3FA687390KL1PR06MB1126apcp_"
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2017 02:41:34.2191 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PU1APC01HT172
X-OriginalArrivalTime: 17 Mar 2017 02:41:36.0432 (UTC) FILETIME=[FF321B00:01D29EC7]
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfvrg/LyEOCXySb1VwUBeouCW7D8l9Bmw>
Subject: Re: [Nfvrg] Using container based hypervisor in NFV
X-BeenThere: nfvrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Network Function Virtualization Research Group \(NFVRG\) discussion list" <nfvrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/nfvrg>, <mailto:nfvrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfvrg/>
List-Post: <mailto:nfvrg@irtf.org>
List-Help: <mailto:nfvrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/nfvrg>, <mailto:nfvrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Mar 2017 02:41:39 -0000

"Currently, the NFV architecture dictates that virtual functions run on top of full fledged hypervisor. However, recent advancements in container based hypervisor  such as LXD looks promising. "

Much of the current NFV work is based on centralized DC environment where VM is considered a robust and secured solution. However there may be scenarios where containers are prefered because of its light-weight characteristic, especially in NFVI-PoPs with limited computing resources, i.e. distributed edge devices.

"I think there will be a significant performance benefit in using Lxd over KVM although security is the obvious concern. Going forward, do we see container based hypervisor replacing KVM like hypervisors in deploying network virtual function? "

These is a draft (expired)https://datatracker.ietf.org/doc/draft-natarajan-nfvrg-containers-for-nfv/  reviews the performance of containers.
I think you also need to be careful about the word "relacing". What I see is that VMs and Containers both have pros and cons. The different natures in terms of virtualization technologeis make them intrinsicly fit for differerent implementation scenarios.

I have also been closely looking at distributed NFV scenarios where I believe containers will play a considerably important role. You can find a very initial draft discussing the distributed NFV concept on https://datatracker.ietf.org/doc/draft-geng-nfvrg-distributed-nfv/




________________________________
Liang GENG
China Mobile Research Institute

From: nikhil ap<mailto:niks3089@gmail.com>
Date: 2017-03-17 05:09
To: nfvrg<mailto:nfvrg@irtf.org>
Subject: [Nfvrg] Using container based hypervisor in NFV
Currently, the NFV architecture dictates that virtual functions run on top of full fledged hypervisor. However, recent advancements in container based hypervisor  such as LXD looks promising.

I think there will be a significant performance benefit in using Lxd over KVM although security is the obvious concern. Going forward, do we see container based hypervisor replacing KVM like hypervisors in deploying network virtual function?

--
Regards,
Nikhil

v2.23.0 | Report a Bug | By Email