• 08/19/2015
    7:00 AM
  • Rating: 
    0 votes
    Vote up!
    Vote down!

IO Visor: Where The Kernel Meets The Network

Find out how the latest open source project to launch can help network performance by moving functionality inside the Linux kernel.

The IO Visor Project launched this week at LinuxCon, with the goal of enabling developers to innovate, create and share IO and networking functions. The open source project brings universal extensibility to the Linux kernel, enabling developers to easily "add" new modules to the kernel without recompiling the kernel or rebooting the cluster. It is based on technology I helped develop at PLUMgrid.

Why does this matter?

Creating and running IO modules in-kernel is challenging in a virtualized data center; loading and unloading IO modules frequently requires recompiling or even rebooting software. Multiply that impact across many servers running large applications, and you can be faced with rebooting essentially an entire data center. The lack of flexibility and performance is an increasing problem that the industry hasn't been able to solve quite yet. 

How is IO Visor different?

IO Visor brings user space flexibility (in which you an simply write a new program) to the kernel, creating handy tools for anyone that wants to bring IO-related features and functionalities to the kernel. Packaged with developer tools that aid in portability and extensibility, the IO Visor Project community promises to be vibrant and growing, delivering ideas and solutions that disrupt the status quo.

So … what can I do with it?

Think about the IO Visor Project as a new toolkit opening up for a broad array of applications that can be built leveraging it. The IO Visor community has already identified three primary areas of applicability for the IO Visor Project technology: networking, security and tracing. Other use cases will emerge over time.

The main driver for its adoption is certainly the need for a flexible data plane component that can adapt to new demands and services. This data plane will be programmable so that the provisioning of new services is driven by the application, rather than manual intervention. This satisfies extensibility requirements without performance tradeoffs.

To understand more about how to use IO Visor technologies, let's look at the networking use case. 

DevOps, large-scale cloud deployments, SDN and NFV all constitute strong drivers for IO Visor adoption to solve networking challenges. The networking layer needs to move closer to the server, if not ideally into the server. Why? Because physical servers are running multiple virtual machines or containers, and each virtual entity is running multiple services, apps, and workloads. 

The traditional approach of physical or virtual appliance-based insertion of network functionalities falls flat in these environments. With IO Visor, however, you can have a software instance of your switch, router, load balancer, or security appliance. These can be dynamically loaded and stitched together to define the service chain needed by an application and dynamically rendered as a complete network inside the kernel of your compute node. Traffic can arrive there from your VM or container and traverse the entire chain locally within the kernel. It leaves the local compute node only when that's required to reach the destination.

The biggest benefit of IO Visor is that you can program ANY network logic (present or future) for ANY new version of your protocol. This implementation will exist in all your compute nodes, thanks to its distributed architecture. You can easily see how this fits nicely within the NFV and SDN paradigms.

Let's look at another use case. Similarly to networking, IO Visor constitutes the perfect platform to build distributed monitoring and tracing applications. The insertion of a new IO module can be used to monitor interfaces in real time, keeping statistics on traffic health and behavior as it traverses the environment without affecting live traffic or creating performance bottlenecks. Developers can then build applications on top of that data, turning traffic statistics into a graph showing the current health of the infrastructure.

Although the IO Visor Project just launched this week, a great deal of work has been taking place behind the scenes. There is already a community of developers working on the project, some of whom have been working together for several years. Founding corporate members of the IO Visor Project include Barefoot, Broadcom, Canonical, Cavium, Cisco, Huawei, Intel, PLUMgrid and SUSE.

The community leverages Github for developer resources at The IO Visor Project is open to all developers, and there is no fee to join or participate.




The internet of things requires better networks, tracing, security and device/application control of the available resources. I take that it is fair to assume that a trade-off exists between security and device control -- developers will have to think about the details (risks and rewards) before granting control to a device/application for certain resources. 

Re: IoT

Brian, that's an excellent point that wasn't covered in this article at all. Maybe we can ask Valentina to write an additional piece on how security factor in with these new architechtires.

Re: IoT

@Susan, that is a great idea and it would be extremely valuable to learn more about this new architecture. I might be off but, it seems that the architecture was built with embedded and edge devices in mind. Networks are important for these devices but equally important is the cloud resources that lie at the other end of the network -- resources that can be controlled through the kernel.