Ask google to undelete. And make that video about the tunnel.

DPDK has a way to handle this, but you're right, it's optimized for heavier throughput, with smaller packets seeing higher latency then you would normally see. (Set your icmp packet sizes larger and you'll see the latency problem disappear) Think about DPDK like more of a "pipe" connecting the two end devices together, it doesn't matter how much volume of fluid you put in there and it'll get there in a timely fashion, especially if there is heavy throughout on the system. DPDK works great for things like SCTP. 🤘

Properly efficient routing (and switching) is done WITHOUT copying. The hardware receives the frame into memory, and that's where it stays. Any forwarding is done by reference to that memory buffer. Copying is what kept linux and BSD networking so slow for so long.

@@jfbeam that’s kind of true but irrelevant because the Direct Memory Access thing I’m talking about is how the NIC gets the data from main memory via PCIe. en.m.wikipedia.org/wiki/Direct_memory_access

There's a reason real enterprise routers are rated in pps not bps.

Thank you for pointing in out!

there is linux vpp stuff, there is a guy doing a ring with x86 of the shelve hardware.

​@@lyth1umDo you know which guy is doing that stuff? I want to check it out

That’s what i have been saying all along. 10 Gb/s the easy way is 812743 Mpps with 1500 byte MTU packages. 10 Gb/s the hard way is 14,88 Mpps with 64 bytes MTU packets. 10 Gb/s the realistic way is a realistic IMIX traffic profile.

@@Galileocrafteror jumbo frames.

Yep, with them open sourcing the necessary parts, proprietary solution starts to feel better than the vpp, due to compatibility with commonly used tools.

It's not so much "open source" as them not caring what you do with the SDK after your $40k check clears. (when almost everything is in a microcode blackbox, there's no secrets in the SDK.)

@@jfbeam you're right, to a degree, but microcode isn't something that's normally revealed by, well, anyone really.

NXP really seems like a good partner. They were willing to open source, AND helped them to find an alternative(and risk loosing income from licensing fees).

@@jfbeam lol yeah sure, feel free to release as "opensource" or even just allow redistribution of the stuff from most vendor SDK and see how fast you get sued to oblivion for breaching NDA and the SDK's own license. If NXP has moved all the proprietary bs to a firmware/microcode and allow people to redistribute it, its a good thing.

Thank you! 🙏

That's true! Even many enteprise solutions guarantee about 3Gbps when encrypting/decrypting traffic on 10Gbps interface!

​@@morsikpl yeah, that's some fast hardware.

RIP Tilera

What is the issue with Mikrotik?

@@TheStuartstardust there is no problem. Just some platforms perform better than others

DPDK has no impacts on latency under real world circumstances. Many datacenters (ISPs) running DPDK applicances for DDoS mitigation. At my previous employeer we had a DPDK appliance to protect game server traffic from DDoS and maybe you know that but game server traffic is one of the most challenging things when it comes to latency. And guess, it worked like a charm, it used iBGP to route entire networks thru the appliance after being processed from the router before hitting the core switching stack.

​@@BirknerAlexI'm sure ya right that latency isn't an issue. The cores only job is busy-waiting, when not already processing data currently anyway. It even saves on ISR entry/exit delays, so it should be rather faster than slower in my view. I'd still share the concern about the wasted energy tho. Sure those cores are more efficient than some beefy x86 Server CPU, but they're not "free", I mean that's why ARM also has power saving modes and dynamic frequency scaling for example. I also don't whine about one core on a 64 core server with a daily load overage of 40 being dedicated to burn 1% more energy in my rack at work, and that core will have plenty of real work to do as well. But let's be honest, any home router is going to spent 99% of it's time idling, or exchanging a few dozen packets a second processing background noise. I got a 6 core Xeon E-2146G in my server sipping like sub 10-12W System total with the 10G NIC (excluding SSDs and some other extensions/peripherals, don't have exact numbers in my head anymore rn), so this router core HW (without Wi-Fi and other stuff ofc) hopefully ain't gonna be sipping such numbers for way less performance, just because it's busy all day checking if maybe finally someone has a packet for DPDK. I'm very interested in this project, because hosting/running your Router/Firewall/Networking on your main server has plenty downsides, and I still run a separate AP for Wi-Fi ofc, but not if I'd be investing in yet another 24/7 energy hog 😅

Polling *can* have way less latency than interrupts. Interrupts are good for occasional events, but when you have a lot of them you have to do context switching for every interrupt separately, and finish performing the previous thing, before you can take on the next one. When polling, you can bunch multiple events together into an array/vector, and process them in one go. So the result is that you have worse latency in optimal conditions and low load, but better performance under heavy conditions. In Computer graphics the same kind of optimisation is used. Graphics drivers when receiving data/drawcalls used to wait for more data, to send a bigger chunk of data, and the graphics driver would need some algorithm to estimate how much to wait, and how often to send data to GPU; but with the introduction of Vulkan this task (along with other tasks) moved to the application/game. And a lot of other optimisations and tweaks that used to be done in the driver (Kernelmode) during the directx11/openGL days, are now done inside of a game (Usermode) thanks to Vulkan. Do you see the resemblance to where DPDK+VPP is going 😉?

@@sasjadevries Yep, I mentioned in one of the other comments that I worked with microcontrollers that had a similar batching interrupt system, where an SPI controller would send an interrupt when a message arrives but will not send any more interrupts for next messages until you empty the buffer, so you can batch process multiple messages on single interrupt without creating hundreds of context switches. That would be good to have on linux, but I gess it might not be so easy without hardware support.

​@@hubertnnn VPP stands for Vector Packet Processing. So sending a vector of packages is the whole idea of that software package😉, they even put it in the name. I'm not a network expert, but I just got curious a few months ago, when someone in the comments mentioned VyOS, with the DPDK+FDIOVPP stack. That's when I looked into it... Basically the whole vectorisation is done in VPP, and their main selling points are that VPP runs 100% in userspace, that it's hardware agnostic, and deployment agnostic. I kinda like this approach for high throughput. So the low level interface (DPDK) is simpler and more predictable, by polling instead of handling interrupts. And the application level software (VPP) can pick the vector size that fits the polling rate.

GET DOWN AND GIVE ME 20!

@@tomazzaman 🤣

​@@tomazzamanyes sir!!!

It's because English is not his primary language.

​@@PoteRomo So his native language is always spoken so violently? 🤔😲😂

It's pegged, but probably not actually using much power. I guess it's just busy-waiting on packets, which should be just some conditional branches and compares, nothing too crazy. Nevertheless, it's taking CPU time that could have been used elsewhere.

You're right, the core is at 100%, but it's basically just a constant loop of polling the interfaces.

I'd like to know this as well

According to the docs, for best performance, the CPU governor should be set, well, to performance, so I think that yes, it will prevent it from scaling down the clocks. That being said, according to VPP documentation, it's also possible to change between polling and interrupt mode depending on the load (of traffic). I'm afraid this part is quite new to me, so I'm trying to figure it out myself as well.

@tomazzaman Hmm, maybe for home applications the governor could only ramp up when the load gets high enough? Likewise the polling mode could also be enabled automatically when needed.

my previous answer was hidden, cause i linked to the vpp manual. Short answer: yes, yes there is. Long answer: they have a python package that can access a lot of statistics, it's really easy to use!

Yep, fairly simple, actually. In fact, I'm strongly in favor of this approach!

This has been debated over times by hardware vendors and OS providers. Their conclusion was that DTs don't offer the required to support consumer computing platforms. On servers is more about using the already existing frameworks which are tailored to UEFI and ACPI. DTs are better suited to embedded platforms with lots of hardwired hardware and almost no configurability as everything is mostly and already confined in the SoC. As the case of your phone or your router.

@@hyoenmadan Device trees could provide everything that UEFI and ACPI can do but it would require support from OS vendors, namely Microsoft. And since Microsoft has always been betting on backwards compatibility and vendor lock-in, it makes zero financial sense for Microsoft to support switching from UEFI to device trees. As a result, device tree has no future in PC hardware as long as Microsoft Windows has such a big market share.

DPDK is used in server environments where the host OS doesn't need to interfere with the data, when you can tunnel the traffic to separate containers or guest VM's. Cellular infrastructure/mobility cores for LTE infrastructure do this to optimize hardware requirements (and space available). It's really cool tech, weird to think about it's complexities tho. Not sure how Linus or any of the kernel maintainers agreed to implement it 😂

Never heard of it either, but the interface looks like CISCO's router command line interface, and since it was made by cisco, I wouldn't be surprised if it actually is their router CLI. And if it is, then administrators already know it. It would be a bit worse for non administrators, because cisco's cli is a pain to learn with many non obvious things.

@@hubertnnn but administrators don't necessarily know how to work with Cisco. I also don't quite trust Cisco as these are big corporations and you don't really know what you're getting into and it could turn out to be a huge enterprise mess.

Context switching is expensive - en.wikipedia.org/wiki/Context_switch#Cost

@@triffid0hunter Doesn't polling need context switching too? I mean each time you ask the kernel "is there a packet yet?" you enter momentarily kernel space for the kernel response. I could be totally wrong though.

@@sledgex9the whole point is to allow direct device-userspace interaction without the kernel being involved

Fair question! 😂

My guess would be that at zero to very little traffic, Kernel networking with interrupts would be slightly more efficient/faster, but at any level of traffic above that VPP would get the advantage. That because, even with no traffic at all, VPP would still be polling NICs to know if there's something new while the kernel would be doing other things waiting for NICs to tell it something happened. With more traffic instead things wouldn't change much for VPP, but a lot for the kernel which would be receiving lots of interrupts and having to constantly stop what it was doing to listen to what NICs have to say.

@@qdaniele97 I see that as well. Maybe release 2 versions of the OS/firmware, one with classic Linux kernel (the default one) and one with VPP.

@@hubertnnn That could be an option (or you could install your own OS). But I think it's likely a router will always in a situation where VPP has the advantage

Negligible. Maybe half a watt.

@tomazzaman I would rather take the proprietary option as this is something I don't think I can get as a regular consumer and it seems to provide better integration with the hardware which could lead to better performance. Otherwise I could simply get a Raspberry Pi or something similar such as the Banana Pi R4 and build my own router from scratch.

we truly need to tame all of those build systems and packaging formats with something like Nix or Guix

Adds about half a watt to total power consumption. Negligible, but once we have the cases manufactured, we'll of course run the proper tests to make sure it really doesn't impact anything.

@tomazzaman does the software only work with polling? I haven't done much with networking on embedded linux or device drivers myself but it seems not ideal to constantly poll for data (but i have 0 experience with this so who am i to judge)

According to VPP docs, it can switch between polling and interrupt modes, and it the latter, it should be able to lower the frequency. Can't confirm for sure though, at least not yet.

I see no reason not to - multi-WAN is a software thing.

@ good point. I was looking at one of those ubiquiti dream machines for my network when I asked that question… I figured that I’d rather use your router instead when that time comes. Do you feel like it’ll be something that you’ll already have coded in?

“Coded in”

Correct. VPP does come with it's own firewall though. Both statefull and stateless.

No idea, honestly, I don't have access to a 25Gb NIC.

Yep.

Negligible difference. Around half a watt.

Unlikely, at least in the near future. We're already stretched too thin as it is.

I was still able to get 10Gb, but never on a single thread, those get to about half that.

Still have a couple in stock, so no need to, but I must admit, I did buy the wooting to test out their halo-effect switches :)

Not sure yet, we'll be fundraising soon (venture capital) so I want to use that for the first batch, rather than my viewers' money.

@ using DPDK with VPP is a bold move. Most of open source small solutions are still in Kernel Mode. I hope Your device will be available in short time.

Those do HW offloading.

But they have switching ASIC, and CPU is there only for configuration and housekeeping functions. All switching is done in ASIC, not in the processor. For example, for 48 10Gbps switch, you can use, for example, Maevell Prestera ASIC and processor will be at 0% usage at Layer 2 ans Layer 3 wire-speed switching. SoC, in this case, is missing that functionality. Basically, on a good day, in reality, this SoC is gigabit capable L3 switch (comparable ARM SoC are sub gigabit in real world user case, most are in range 300-600Mbps)

Yep, on my to-do list!