> -----Original Message----- > From: Damjan Marion (damarion) [mailto:[email protected]] > Sent: Friday, February 17, 2017 5:06 PM > To: Zhou, Danny > Cc: vpp-dev > Subject: Re: [vpp-dev] memif - packet memory interface > > > > On 17 Feb 2017, at 06:30, Zhou, Danny <[email protected]> wrote: > > > > Very Interesting... > > > > Damjan, > > > > Do you think if it makes sense to use virtio_user/vhost_user pairs to > > connect two VPPs instances running inside two container? > > > > Essentially, the memif and virtio_user/vhost_user pairs both leverage > > shared memory for fast inter-process communication, within similar > > performance and same isolation/security concern, but the later one obviously > is realistic standard. > > > I think using the virtio/vhost-user is this specific use case is bad idea. > It is simply built to address different problem. > > - pointer conversions (guest mem mapping) is unnecessary and expensive > - ring layout is not optimal > - too many different options doesn’t help with speed (anylayout, mergeable rx > buffers, different size of virtio header, indirect desc) > - too many different options also make whole code hard to maintain > - it is hard to protect from misbehaving client in efficient way, as it deals > with > pointers > - standard is still very qemu/linux kernel focused > > The question is do we really need a standard for something which is very > simple > (like memif should be) and can be explained in one page of text. > If answer is yes, we can build one instead trying to adopt virtio. My personal > preference is to build neutral library and document things properly. >
If it targets a simple, easy to use and high performance mechanism for container to container IPC for packet processing Apps like VPP, it is a good but still has certain limitations as below: - Current performance data does not show advantage over virtio_user/vhost_user pairs, though optimization still ongoing. - To address security concern, virtio_user/vhost_user sacrifices performance by memcpy packet, and it looks memif adopts zero copy but that is a potential security hole. - Limited inter-operability in the hybrid environment mixing container and VMs as well as other vSwitch (e.g. native OVS or DPDK OVS) together. -Danny _______________________________________________ vpp-dev mailing list [email protected] https://lists.fd.io/mailman/listinfo/vpp-dev
