You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by David Amorín <da...@adderglobal.com> on 2015/11/05 08:19:41 UTC

Re[2]: GRE Isolation Performance

It looks VXLAN and STT are currently the best options. If OVS has support for STT tunnels, why CS doesn't support this configuration?

David


-----Mensaje original----- 
> De: "Remi Bergsma" <RB...@schubergphilis.com> 
> A: users@cloudstack.apache.org 
> Fecha: 04/11/2015 20:29 
> Asunto: Re: GRE Isolation Performance 
> 
> Hi David,
> 
> I haven’t used GRE myself, but I do know that performance wise you need something that offloads to the nic, as with vlan tagging (instead of having the cpu do all the work). Did you consider VXLAN? That has nic offloading support in most nics these days. We are using STT (also does offloading) with Nicira and it is very fast. If I had to build again, I’d investigate VXLAN.
> 
> 
> 
> Regards,
> Remi
> 
> 
> On 04/11/15 12:31, "David Amorín" <da...@adderglobal.com> wrote:
> 
> >Hi all,
> >We are working in an environment with CS 4.5.2 / XenServer 6.5 with multiple zones (Spain and Netherlands) using GRE Isolation and we have some concerns that we would like to share with you. Basically, we make a CPU benchmark between VLAN isolation and GRE isolation and the results show us that the consumption of CPU with GRE isolation is too much compared with VLAN isolation.
> >
> >
> >Can anyone share with us the experience working with GRE isolation?
> >
> >
> >We are not sure if this configuration in production will be safe, scalable and with an acceptable level of performance.
> >
> >
> >Thanks,
> >
> >
> >David
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >

Re: Re[4]: GRE Isolation Performance

Posted by Tim Mackey <tm...@gmail.com>.

David,

Cross host private network (CHPN) performance in XenServer will be slower
than VXLAN because traffic in the GRE tunnel is encrypted.  At the time
CHPN was implemented in 2010, VXLAN wasn't as well established as it is
today, and we had a requirement of the communication being private.  There
were internal performance docs at the time which showed dom0 CPU usage
maxed out with something like 100 tunnels from a host, so I'm not the least
bit surprised with your observations.

In looking at the support for VXLAN in XenServer, I'm of the opinion there
isn't anything which would prevent the existing CS VXLAN implementation for
KVM from being expanded to include XenServer.  I however lack the
infrastructure to test this theory.

-tim

On Sun, Nov 15, 2015 at 4:22 PM, David Amorín <da...@adderglobal.com>
wrote:

> Hi Remi,
> I really apprecciate your comments.
>
>
> If i have understood correctly, it is possible to use OVS with STT tunnels
> over CS. Is that correct?
>
>
> David
>
>
> -----Mensaje original-----
> > De: "Remi Bergsma" <RB...@schubergphilis.com>
> > A: users@cloudstack.apache.org
> > Fecha: 05/11/2015 09:52
> > Asunto: Re: Re[2]: GRE Isolation Performance
> >
> > Hi David,
> >
> > STT support was added to mainstream OVS only a few months ago, last
> summer. Before that you had to patch it in.
> >
> > To be honest, in 2012 when we started using this, STT was the only
> option that could use the offloading of the nic. Today, VXLAN also is able
> to do that. For new deployments, that is the way forward as it is widely
> adopted and supported.
> >
> > I never tried VXLAN without a controller, but it is worth investigating.
> For sure Nicira and Nuage support it.
> >
> > We might consider dropping GRE support, but that's more of a subject for
> the dev list. If you have stats/performance details to share, that might
> help showing it is not a real option any more for production deployments.
> >
> > Regards, Remi
> >
> > Sent from my iPhone
> >
> > > On 05 Nov 2015, at 08:19, David Amorín <da...@adderglobal.com>
> wrote:
> > >
> > > It looks VXLAN and STT are currently the best options. If OVS has
> support for STT tunnels, why CS doesn't support this configuration?
> > >
> > > David
> > >
> > >
> > > -----Mensaje original-----
> > >> De: "Remi Bergsma" <RB...@schubergphilis.com>
> > >> A: users@cloudstack.apache.org
> > >> Fecha: 04/11/2015 20:29
> > >> Asunto: Re: GRE Isolation Performance
> > >>
> > >> Hi David,
> > >>
> > >> I haven’t used GRE myself, but I do know that performance wise you
> need something that offloads to the nic, as with vlan tagging (instead of
> having the cpu do all the work). Did you consider VXLAN? That has nic
> offloading support in most nics these days. We are using STT (also does
> offloading) with Nicira and it is very fast. If I had to build again, I’d
> investigate VXLAN.
> > >>
> > >>
> > >>
> > >> Regards,
> > >> Remi
> > >>
> > >>
> > >>> On 04/11/15 12:31, "David Amorín" <da...@adderglobal.com>
> wrote:
> > >>>
> > >>> Hi all,
> > >>> We are working in an environment with CS 4.5.2 / XenServer 6.5 with
> multiple zones (Spain and Netherlands) using GRE Isolation and we have some
> concerns that we would like to share with you. Basically, we make a CPU
> benchmark between VLAN isolation and GRE isolation and the results show us
> that the consumption of CPU with GRE isolation is too much compared with
> VLAN isolation.
> > >>>
> > >>>
> > >>> Can anyone share with us the experience working with GRE isolation?
> > >>>
> > >>>
> > >>> We are not sure if this configuration in production will be safe,
> scalable and with an acceptable level of performance.
> > >>>
> > >>>
> > >>> Thanks,
> > >>>
> > >>>
> > >>> David
> > >
>
>

Re[4]: GRE Isolation Performance

Posted by David Amorín <da...@adderglobal.com>.

Hi Remi,
I really apprecciate your comments.


If i have understood correctly, it is possible to use OVS with STT tunnels over CS. Is that correct?


David


-----Mensaje original----- 
> De: "Remi Bergsma" <RB...@schubergphilis.com> 
> A: users@cloudstack.apache.org 
> Fecha: 05/11/2015 09:52 
> Asunto: Re: Re[2]: GRE Isolation Performance 
> 
> Hi David,
> 
> STT support was added to mainstream OVS only a few months ago, last summer. Before that you had to patch it in. 
> 
> To be honest, in 2012 when we started using this, STT was the only option that could use the offloading of the nic. Today, VXLAN also is able to do that. For new deployments, that is the way forward as it is widely adopted and supported. 
> 
> I never tried VXLAN without a controller, but it is worth investigating. For sure Nicira and Nuage support it. 
> 
> We might consider dropping GRE support, but that's more of a subject for the dev list. If you have stats/performance details to share, that might help showing it is not a real option any more for production deployments. 
> 
> Regards, Remi 
> 
> Sent from my iPhone
> 
> > On 05 Nov 2015, at 08:19, David Amorín <da...@adderglobal.com> wrote:
> > 
> > It looks VXLAN and STT are currently the best options. If OVS has support for STT tunnels, why CS doesn't support this configuration?
> > 
> > David
> > 
> > 
> > -----Mensaje original----- 
> >> De: "Remi Bergsma" <RB...@schubergphilis.com> 
> >> A: users@cloudstack.apache.org 
> >> Fecha: 04/11/2015 20:29 
> >> Asunto: Re: GRE Isolation Performance 
> >> 
> >> Hi David,
> >> 
> >> I haven’t used GRE myself, but I do know that performance wise you need something that offloads to the nic, as with vlan tagging (instead of having the cpu do all the work). Did you consider VXLAN? That has nic offloading support in most nics these days. We are using STT (also does offloading) with Nicira and it is very fast. If I had to build again, I’d investigate VXLAN.
> >> 
> >> 
> >> 
> >> Regards,
> >> Remi
> >> 
> >> 
> >>> On 04/11/15 12:31, "David Amorín" <da...@adderglobal.com> wrote:
> >>> 
> >>> Hi all,
> >>> We are working in an environment with CS 4.5.2 / XenServer 6.5 with multiple zones (Spain and Netherlands) using GRE Isolation and we have some concerns that we would like to share with you. Basically, we make a CPU benchmark between VLAN isolation and GRE isolation and the results show us that the consumption of CPU with GRE isolation is too much compared with VLAN isolation.
> >>> 
> >>> 
> >>> Can anyone share with us the experience working with GRE isolation?
> >>> 
> >>> 
> >>> We are not sure if this configuration in production will be safe, scalable and with an acceptable level of performance.
> >>> 
> >>> 
> >>> Thanks,
> >>> 
> >>> 
> >>> David
> >

Re: Re[2]: GRE Isolation Performance

Posted by Remi Bergsma <RB...@schubergphilis.com>.

Hi David,

STT support was added to mainstream OVS only a few months ago, last summer. Before that you had to patch it in. 

To be honest, in 2012 when we started using this, STT was the only option that could use the offloading of the nic. Today, VXLAN also is able to do that. For new deployments, that is the way forward as it is widely adopted and supported. 

I never tried VXLAN without a controller, but it is worth investigating. For sure Nicira and Nuage support it. 

We might consider dropping GRE support, but that's more of a subject for the dev list. If you have stats/performance details to share, that might help showing it is not a real option any more for production deployments. 

Regards, Remi 

Sent from my iPhone

> On 05 Nov 2015, at 08:19, David Amorín <da...@adderglobal.com> wrote:
> 
> It looks VXLAN and STT are currently the best options. If OVS has support for STT tunnels, why CS doesn't support this configuration?
> 
> David
> 
> 
> -----Mensaje original----- 
>> De: "Remi Bergsma" <RB...@schubergphilis.com> 
>> A: users@cloudstack.apache.org 
>> Fecha: 04/11/2015 20:29 
>> Asunto: Re: GRE Isolation Performance 
>> 
>> Hi David,
>> 
>> I haven’t used GRE myself, but I do know that performance wise you need something that offloads to the nic, as with vlan tagging (instead of having the cpu do all the work). Did you consider VXLAN? That has nic offloading support in most nics these days. We are using STT (also does offloading) with Nicira and it is very fast. If I had to build again, I’d investigate VXLAN.
>> 
>> 
>> 
>> Regards,
>> Remi
>> 
>> 
>>> On 04/11/15 12:31, "David Amorín" <da...@adderglobal.com> wrote:
>>> 
>>> Hi all,
>>> We are working in an environment with CS 4.5.2 / XenServer 6.5 with multiple zones (Spain and Netherlands) using GRE Isolation and we have some concerns that we would like to share with you. Basically, we make a CPU benchmark between VLAN isolation and GRE isolation and the results show us that the consumption of CPU with GRE isolation is too much compared with VLAN isolation.
>>> 
>>> 
>>> Can anyone share with us the experience working with GRE isolation?
>>> 
>>> 
>>> We are not sure if this configuration in production will be safe, scalable and with an acceptable level of performance.
>>> 
>>> 
>>> Thanks,
>>> 
>>> 
>>> David
>