A little over a year ago, at Intel Developer Forum in Beijing, I worked with Citrix Systems* to demonstrate how the PCI-SIG* Single Root I/O Virtualization and Sharing specification (SR-IOV) standard can overcome I/O limitations seen when virtualizing networking workloads. The goal of this work was to provide virtualized networking platforms that can easily slot into today’s virtualized, multi-tenant data centers but still achieve the network line rates of traditional networking gear. This allows IT to consolidate, but still maintain service levels.
Today, Citrix announced a new appliance platform – NetScaler* SDX – that uses SR-IOV and Intel® Virtualization Technology (Intel® VT) for Directed I/O (Intel® VT-d) to provide a fully virtualized network appliance able to sustain up to 50 Gbps of throughput. That’s full duplex by the way. Like Intel, Citrix measures throughput each way, so others might say sustained throughput of up to100Gbps.
If you’re not familiar with Citrix NetScaler, it’s a family of appliances deployed inline within the network to provide load balancing, acceleration, offload and security services. It’s used in front of some of the biggest websites in the world. If you’ve surfed the web, it’s almost guaranteed you’ve used a NetScaler.
For NetScaler, network I/O is the name of game. So, when the NetScaler team set out to virtualize the appliance so that multiple NetScaler instances can be run on the same box, they needed an approach that didn’t compromise the appliance’s throughput. This is where the work Intel and Citrix have done with SR-IOV comes in.
The SR-IOV and Intel® VT-d support built-in to the Intel® 82599 10 Gigabit Ethernet Controller used on the Intel® Ethernet Server Adapter X520 series provides for hardware-assisted virtualization. Up to 64 Virtual Functions (VFs) per port are exposed as virtual Ethernet devices directly to the host OS that can be assigned to each NetScaler SDX instance which provides direct I/O access, with the 82599 controller hardware managing device queues and address translation on behalf of each instance. This eliminates the performance overhead and extra management introduced by the need for the device emulation or split-mode driver approaches typically used in virtualization.
The result is that the fully virtualized NetScaler SDX appliances can achieve nearly same throughput as the “bare metal” NetScaler MPX appliances. For example, the NetScaler MPX-21500 is rated at up-to 50 Gbps. Citrix also rates the NetScaler SDX 21500, which uses the exact same hardware platform, at up-to 50 Gbps.
This means that when it comes time to consolidate and virtualize a data center, NetScaler SDX can be used to consolidate L4-7 services. However, using Intel® Ethernet with SR-IOV support, this consolidation doesn’t have to come at the cost of sacrificing instance isolation or performance.
Other SR-IOV Blog Posts