Re: Re[4]: GRE Isolation Performance
David, Cross host private network (CHPN) performance in XenServer will be slower than VXLAN because traffic in the GRE tunnel is encrypted. At the time CHPN was implemented in 2010, VXLAN wasn't as well established as it is today, and we had a requirement of the communication being private. There were internal performance docs at the time which showed dom0 CPU usage maxed out with something like 100 tunnels from a host, so I'm not the least bit surprised with your observations. In looking at the support for VXLAN in XenServer, I'm of the opinion there isn't anything which would prevent the existing CS VXLAN implementation for KVM from being expanded to include XenServer. I however lack the infrastructure to test this theory. -tim On Sun, Nov 15, 2015 at 4:22 PM, David Amorín wrote: > Hi Remi, > I really apprecciate your comments. > > > If i have understood correctly, it is possible to use OVS with STT tunnels > over CS. Is that correct? > > > David > > > -Mensaje original- > > De: "Remi Bergsma" > > A: users@cloudstack.apache.org > > Fecha: 05/11/2015 09:52 > > Asunto: Re: Re[2]: GRE Isolation Performance > > > > Hi David, > > > > STT support was added to mainstream OVS only a few months ago, last > summer. Before that you had to patch it in. > > > > To be honest, in 2012 when we started using this, STT was the only > option that could use the offloading of the nic. Today, VXLAN also is able > to do that. For new deployments, that is the way forward as it is widely > adopted and supported. > > > > I never tried VXLAN without a controller, but it is worth investigating. > For sure Nicira and Nuage support it. > > > > We might consider dropping GRE support, but that's more of a subject for > the dev list. If you have stats/performance details to share, that might > help showing it is not a real option any more for production deployments. > > > > Regards, Remi > > > > Sent from my iPhone > > > > > On 05 Nov 2015, at 08:19, David Amorín > wrote: > > > > > > It looks VXLAN and STT are currently the best options. If OVS has > support for STT tunnels, why CS doesn't support this configuration? > > > > > > David > > > > > > > > > -Mensaje original- > > >> De: "Remi Bergsma" > > >> A: users@cloudstack.apache.org > > >> Fecha: 04/11/2015 20:29 > > >> Asunto: Re: GRE Isolation Performance > > >> > > >> Hi David, > > >> > > >> I haven’t used GRE myself, but I do know that performance wise you > need something that offloads to the nic, as with vlan tagging (instead of > having the cpu do all the work). Did you consider VXLAN? That has nic > offloading support in most nics these days. We are using STT (also does > offloading) with Nicira and it is very fast. If I had to build again, I’d > investigate VXLAN. > > >> > > >> > > >> > > >> Regards, > > >> Remi > > >> > > >> > > >>> On 04/11/15 12:31, "David Amorín" > wrote: > > >>> > > >>> Hi all, > > >>> We are working in an environment with CS 4.5.2 / XenServer 6.5 with > multiple zones (Spain and Netherlands) using GRE Isolation and we have some > concerns that we would like to share with you. Basically, we make a CPU > benchmark between VLAN isolation and GRE isolation and the results show us > that the consumption of CPU with GRE isolation is too much compared with > VLAN isolation. > > >>> > > >>> > > >>> Can anyone share with us the experience working with GRE isolation? > > >>> > > >>> > > >>> We are not sure if this configuration in production will be safe, > scalable and with an acceptable level of performance. > > >>> > > >>> > > >>> Thanks, > > >>> > > >>> > > >>> David > > > > >
Re[4]: GRE Isolation Performance
Hi Remi, I really apprecciate your comments. If i have understood correctly, it is possible to use OVS with STT tunnels over CS. Is that correct? David -Mensaje original- > De: "Remi Bergsma" > A: users@cloudstack.apache.org > Fecha: 05/11/2015 09:52 > Asunto: Re: Re[2]: GRE Isolation Performance > > Hi David, > > STT support was added to mainstream OVS only a few months ago, last summer. > Before that you had to patch it in. > > To be honest, in 2012 when we started using this, STT was the only option > that could use the offloading of the nic. Today, VXLAN also is able to do > that. For new deployments, that is the way forward as it is widely adopted > and supported. > > I never tried VXLAN without a controller, but it is worth investigating. For > sure Nicira and Nuage support it. > > We might consider dropping GRE support, but that's more of a subject for the > dev list. If you have stats/performance details to share, that might help > showing it is not a real option any more for production deployments. > > Regards, Remi > > Sent from my iPhone > > > On 05 Nov 2015, at 08:19, David Amorín wrote: > > > > It looks VXLAN and STT are currently the best options. If OVS has support > > for STT tunnels, why CS doesn't support this configuration? > > > > David > > > > > > -Mensaje original- > >> De: "Remi Bergsma" > >> A: users@cloudstack.apache.org > >> Fecha: 04/11/2015 20:29 > >> Asunto: Re: GRE Isolation Performance > >> > >> Hi David, > >> > >> I haven’t used GRE myself, but I do know that performance wise you need > >> something that offloads to the nic, as with vlan tagging (instead of > >> having the cpu do all the work). Did you consider VXLAN? That has nic > >> offloading support in most nics these days. We are using STT (also does > >> offloading) with Nicira and it is very fast. If I had to build again, I’d > >> investigate VXLAN. > >> > >> > >> > >> Regards, > >> Remi > >> > >> > >>> On 04/11/15 12:31, "David Amorín" wrote: > >>> > >>> Hi all, > >>> We are working in an environment with CS 4.5.2 / XenServer 6.5 with > >>> multiple zones (Spain and Netherlands) using GRE Isolation and we have > >>> some concerns that we would like to share with you. Basically, we make a > >>> CPU benchmark between VLAN isolation and GRE isolation and the results > >>> show us that the consumption of CPU with GRE isolation is too much > >>> compared with VLAN isolation. > >>> > >>> > >>> Can anyone share with us the experience working with GRE isolation? > >>> > >>> > >>> We are not sure if this configuration in production will be safe, > >>> scalable and with an acceptable level of performance. > >>> > >>> > >>> Thanks, > >>> > >>> > >>> David > >
Re: Re[2]: GRE Isolation Performance
Hi David, All I know is that you need NSX-mh (multi hypervisor version) and that works with KVM and xenserver. The licensing options changed a lot since it became VMware. Also checkout Nuage, they are actively maintaining and supporting their plugin (whereas the Nicira plugin was made by the community). Both controllers need to be licensed so that brings in extra costs one way or the other. But they also bring in many new features not possible without SDN. Regards, Remi Sent from my iPhone > On 05 Nov 2015, at 08:25, David Amorín wrote: > > Remi,Can you please confirm the cost of Nicira (VMware NSX) aprox.? I saw > that they offer a perpetual license per CPU socket $6K each one. Is that > correct? > > > http://searchsdn.techtarget.com/news/2240222952/VMware-NSX-price-finally-published-as-channel-starts-selling > > DA > > > -Mensaje original- >> De: "Remi Bergsma" >> A: users@cloudstack.apache.org >> Fecha: 04/11/2015 20:29 >> Asunto: Re: GRE Isolation Performance >> >> Hi David, >> >> I haven’t used GRE myself, but I do know that performance wise you need >> something that offloads to the nic, as with vlan tagging (instead of having >> the cpu do all the work). Did you consider VXLAN? That has nic offloading >> support in most nics these days. We are using STT (also does offloading) >> with Nicira and it is very fast. If I had to build again, I’d investigate >> VXLAN. >> >> >> >> Regards, >> Remi >> >> >>> On 04/11/15 12:31, "David Amorín" wrote: >>> >>> Hi all, >>> We are working in an environment with CS 4.5.2 / XenServer 6.5 with >>> multiple zones (Spain and Netherlands) using GRE Isolation and we have some >>> concerns that we would like to share with you. Basically, we make a CPU >>> benchmark between VLAN isolation and GRE isolation and the results show us >>> that the consumption of CPU with GRE isolation is too much compared with >>> VLAN isolation. >>> >>> >>> Can anyone share with us the experience working with GRE isolation? >>> >>> >>> We are not sure if this configuration in production will be safe, scalable >>> and with an acceptable level of performance. >>> >>> >>> Thanks, >>> >>> >>> David >
Re: Re[2]: GRE Isolation Performance
Hi David, STT support was added to mainstream OVS only a few months ago, last summer. Before that you had to patch it in. To be honest, in 2012 when we started using this, STT was the only option that could use the offloading of the nic. Today, VXLAN also is able to do that. For new deployments, that is the way forward as it is widely adopted and supported. I never tried VXLAN without a controller, but it is worth investigating. For sure Nicira and Nuage support it. We might consider dropping GRE support, but that's more of a subject for the dev list. If you have stats/performance details to share, that might help showing it is not a real option any more for production deployments. Regards, Remi Sent from my iPhone > On 05 Nov 2015, at 08:19, David Amorín wrote: > > It looks VXLAN and STT are currently the best options. If OVS has support for > STT tunnels, why CS doesn't support this configuration? > > David > > > -Mensaje original- >> De: "Remi Bergsma" >> A: users@cloudstack.apache.org >> Fecha: 04/11/2015 20:29 >> Asunto: Re: GRE Isolation Performance >> >> Hi David, >> >> I haven’t used GRE myself, but I do know that performance wise you need >> something that offloads to the nic, as with vlan tagging (instead of having >> the cpu do all the work). Did you consider VXLAN? That has nic offloading >> support in most nics these days. We are using STT (also does offloading) >> with Nicira and it is very fast. If I had to build again, I’d investigate >> VXLAN. >> >> >> >> Regards, >> Remi >> >> >>> On 04/11/15 12:31, "David Amorín" wrote: >>> >>> Hi all, >>> We are working in an environment with CS 4.5.2 / XenServer 6.5 with >>> multiple zones (Spain and Netherlands) using GRE Isolation and we have some >>> concerns that we would like to share with you. Basically, we make a CPU >>> benchmark between VLAN isolation and GRE isolation and the results show us >>> that the consumption of CPU with GRE isolation is too much compared with >>> VLAN isolation. >>> >>> >>> Can anyone share with us the experience working with GRE isolation? >>> >>> >>> We are not sure if this configuration in production will be safe, scalable >>> and with an acceptable level of performance. >>> >>> >>> Thanks, >>> >>> >>> David >
Re[2]: GRE Isolation Performance
Remi,Can you please confirm the cost of Nicira (VMware NSX) aprox.? I saw that they offer a perpetual license per CPU socket $6K each one. Is that correct? http://searchsdn.techtarget.com/news/2240222952/VMware-NSX-price-finally-published-as-channel-starts-selling DA -Mensaje original- > De: "Remi Bergsma" > A: users@cloudstack.apache.org > Fecha: 04/11/2015 20:29 > Asunto: Re: GRE Isolation Performance > > Hi David, > > I haven’t used GRE myself, but I do know that performance wise you need > something that offloads to the nic, as with vlan tagging (instead of having > the cpu do all the work). Did you consider VXLAN? That has nic offloading > support in most nics these days. We are using STT (also does offloading) with > Nicira and it is very fast. If I had to build again, I’d investigate VXLAN. > > > > Regards, > Remi > > > On 04/11/15 12:31, "David Amorín" wrote: > > >Hi all, > >We are working in an environment with CS 4.5.2 / XenServer 6.5 with multiple > >zones (Spain and Netherlands) using GRE Isolation and we have some concerns > >that we would like to share with you. Basically, we make a CPU benchmark > >between VLAN isolation and GRE isolation and the results show us that the > >consumption of CPU with GRE isolation is too much compared with VLAN > >isolation. > > > > > >Can anyone share with us the experience working with GRE isolation? > > > > > >We are not sure if this configuration in production will be safe, scalable > >and with an acceptable level of performance. > > > > > >Thanks, > > > > > >David > > > > > > > > > > > > > > > > > > > > > >
Re[2]: GRE Isolation Performance
It looks VXLAN and STT are currently the best options. If OVS has support for STT tunnels, why CS doesn't support this configuration? David -Mensaje original- > De: "Remi Bergsma" > A: users@cloudstack.apache.org > Fecha: 04/11/2015 20:29 > Asunto: Re: GRE Isolation Performance > > Hi David, > > I haven’t used GRE myself, but I do know that performance wise you need > something that offloads to the nic, as with vlan tagging (instead of having > the cpu do all the work). Did you consider VXLAN? That has nic offloading > support in most nics these days. We are using STT (also does offloading) with > Nicira and it is very fast. If I had to build again, I’d investigate VXLAN. > > > > Regards, > Remi > > > On 04/11/15 12:31, "David Amorín" wrote: > > >Hi all, > >We are working in an environment with CS 4.5.2 / XenServer 6.5 with multiple > >zones (Spain and Netherlands) using GRE Isolation and we have some concerns > >that we would like to share with you. Basically, we make a CPU benchmark > >between VLAN isolation and GRE isolation and the results show us that the > >consumption of CPU with GRE isolation is too much compared with VLAN > >isolation. > > > > > >Can anyone share with us the experience working with GRE isolation? > > > > > >We are not sure if this configuration in production will be safe, scalable > >and with an acceptable level of performance. > > > > > >Thanks, > > > > > >David > > > > > > > > > > > > > > > > > > > > > >
Re: GRE Isolation Performance
VXLAN is very fast. We've been testing it in our lab for our next gen platform. Note that the VXLAN implementation in CloudStack today was built with KVM support only and uses the native linux VXLAN support (with multicast). As Remi pointed out, other options for you include Nicira (VMware NSX MH) and we've also been investigating Nuage (uses VXLAN and MPLS over GRE under the covers). - Si From: Remi Bergsma Sent: Wednesday, November 4, 2015 1:22 PM To: users@cloudstack.apache.org Subject: Re: GRE Isolation Performance Hi David, I haven’t used GRE myself, but I do know that performance wise you need something that offloads to the nic, as with vlan tagging (instead of having the cpu do all the work). Did you consider VXLAN? That has nic offloading support in most nics these days. We are using STT (also does offloading) with Nicira and it is very fast. If I had to build again, I’d investigate VXLAN. Regards, Remi On 04/11/15 12:31, "David Amorín" wrote: >Hi all, >We are working in an environment with CS 4.5.2 / XenServer 6.5 with multiple >zones (Spain and Netherlands) using GRE Isolation and we have some concerns >that we would like to share with you. Basically, we make a CPU benchmark >between VLAN isolation and GRE isolation and the results show us that the >consumption of CPU with GRE isolation is too much compared with VLAN isolation. > > >Can anyone share with us the experience working with GRE isolation? > > >We are not sure if this configuration in production will be safe, scalable and >with an acceptable level of performance. > > >Thanks, > > >David > > > > > > > > > > >
Re: GRE Isolation Performance
Hi David, I haven’t used GRE myself, but I do know that performance wise you need something that offloads to the nic, as with vlan tagging (instead of having the cpu do all the work). Did you consider VXLAN? That has nic offloading support in most nics these days. We are using STT (also does offloading) with Nicira and it is very fast. If I had to build again, I’d investigate VXLAN. Regards, Remi On 04/11/15 12:31, "David Amorín" wrote: >Hi all, >We are working in an environment with CS 4.5.2 / XenServer 6.5 with multiple >zones (Spain and Netherlands) using GRE Isolation and we have some concerns >that we would like to share with you. Basically, we make a CPU benchmark >between VLAN isolation and GRE isolation and the results show us that the >consumption of CPU with GRE isolation is too much compared with VLAN isolation. > > >Can anyone share with us the experience working with GRE isolation? > > >We are not sure if this configuration in production will be safe, scalable and >with an acceptable level of performance. > > >Thanks, > > >David > > > > > > > > > > >
GRE Isolation Performance
Hi all, We are working in an environment with CS 4.5.2 / XenServer 6.5 with multiple zones (Spain and Netherlands) using GRE Isolation and we have some concerns that we would like to share with you. Basically, we make a CPU benchmark between VLAN isolation and GRE isolation and the results show us that the consumption of CPU with GRE isolation is too much compared with VLAN isolation. Can anyone share with us the experience working with GRE isolation? We are not sure if this configuration in production will be safe, scalable and with an acceptable level of performance. Thanks, David
