Today's Data Centers handle geographically dispersed data. In a virtualized environment the networking resources are shared among one or more virtual machines (VMs). Although no physical network is present, virtual networks still require network traffic handling at the packet level. Packets are routed according to their destination address using software just as if actual hardware was used. VM applications transmit and receive network traffic just as they were based on a physical host. In virtualized environments virtual switches or bridges are used for forwarding traffic between virtual machines and VM to physical networks through network interface cards (NICs). Virtual switch (vSwitch) and virtual bridge implementations vary (e.g., software hypervisor implementations, hardware as a virtual embedded switch in a NIC as well as virtual switch acceleration in a NIC to assist the software switch or bridge). VMs are connected to virtual switches using a virtual NIC (vNIC) implemented in either hypervisor software or provided by hardware in physical NICs.
Network Interface controllers that provide hardware virtualization of network interfaces mostly use single root IO (Input/Output) virtualization (SR-IOV) technology to provide multiple logical network interfaces to share one physical network interface (NIC) card. A physical function (PF) driver running in the host OS is used to configure the NIC hardware.
One or more PCIe (Peripheral Component Interconnect Express) Virtual Functions (VFs) are associated with the NIC which are attached to the NIC's PF. Each VF shares one or more physical resources of the NIC (e.g., memory and a network port) with the PF and other VFs supported on the device. Network traffic is kept separate using an IO memory management unit (IOMMU) to direct different data streams to and from VFs that are ultimately tied to different VMs. SR-IOV therefore enables traffic to bypass switches implemented by software (i.e., vSwitch). This allows network traffic to flow directly from the NIC VF to a particular VM without the extra burden imposed by software switching.
Service Function Chaining (SFC) provides the ability to define an ordered list of a network services (e.g., data compression, security, inspection, firewalls, load balancers). These services are typically implemented as Service Functions (SF) deployed in separate VMs because different services require different applications sometimes running on different operating systems. A SFC is “stitched” together in the network to create a chain of operations that perform processing on a data stream or individual packet.
Current software or hardware approaches for VM-to-VM forwarding are sufficient for traditional enterprise or cloud computing environments where direct NIC-to-VM hardware access is a common usage. However for emerging software defined network (SDN) virtualization usage models in enterprise, cloud and Telecommunication (Telco) networks, VM-to-VM access is also significant because certain virtual network functions (VNFs) (e.g., proxy, firewall, router) require multi-stage packet processing typically handled by different applications sometimes on different operating systems handled by different VMs.