In this blog, we continue our focus on the changes needed to Kubernetes to accommodate 5G use cases. The last blog in this series focused on Multus – https://www.vamsitalkstech.com/5g/why-5g-implementations-will-need-a-meta-cni-aka-multus/. 5G use cases need direct connectivity between CNFs (Cloud Native Functions), running on Kubernetes pods, and physical NICs. SR/IOV has been used for quite some time and thanks to plugin contributions from Intel and others, it is now available for enterprise use.
SR-IOV (Single Root Input/Output Virtualization) is a standard that allows the isolation of PCI Express resources between different users. It is already used by the specification that allows the isolation of PCI Express resources between different users on a server. When these hardware resources enable Virtual Functions, these can be segmented and accessed across K8s pods. SR-IOV is already used as the standard to share networking resources such as NICs and to secure traffic. SR-IOV is used when applications running on K8s clusters need high bandwidth and low latency performance. When used with VMs, SR-IOV enables applications to bypass vSwitch thus enabling the VM to directly access the device as opposed to going through vSwitch. Intel provides an SE-IOV network device plugin that enables high-performance network I/O by enabling the discovery and advertisement of NFs in a given host. The intel SR-IOV CNI plugin works in two modes. The first mode uses the standard VF driver in the container host’s kernel. The second mode supports DPDK, which enables VNFs to execute the network protocol stack in userspace. When used with Intel NIC cards, as an example, the system includes three components – the Multus CNI (discussed in a previous blog), the SR-IOV Network Device Plugin, and the SR-IOV CNI.
The above diagram shows how the above components are used to deploy SR-IOV into Kubernetes. The flow is as follows –
- The SR-IOV CNI plugin interfaces with both the pod and the NIC. interacts both with the pod and the physical NIC. It adds a – to the pod it adds an interface net0-SR-IOV.
- The SR-IOV device plugin manages the inventory of SR-IOV VFs and connects to the Kubernetes device plugin manager.
- In the above diagram, the Multus plugin is used which allows the use of the SR-IOV CNI.
As discussed above, SR-IOV allows the physical NIC (Network Interface Card) to be split into multiple VFs(virtual functions). These are then available for direct IO to a VM or a Container application running in the userspace.
The Kubernetes Intel SR-IOV network device plug-in extends the capabilities of Kubernetes to address high-performance network I/O by discovering and advertising SR-IOV network virtual functions (VFs) in a Kubernetes host. In this way, SR-IOV can be leveraged for Container Network Functions (CNFs) in a 5G setting. Applications can achieve high throughput, different levels of hardware QoS at low latency. The next blog will look at another complementary feature – DPDK, which provides user-space networking for CNFs.