►
Description
This sesion introduces PCI device passthrough to containers and VMs managed by KubeVirt.
An overview of PCI passthrough and the Generic Device API is provided, illustrated with a specific practical use case that uses Intel QAT to accelerate VNF/CNF in edge computing.
Presenters:
- Vladik Romanovsky, Principal Sofware Engineer, Red Hat
- Le Yao, Intel SSE/CSE
B
Yeah,
so
my
name
is
lyric
this
session
today,
like
we
said
there
will
have
two
parts.
First,
I
would
like
to
talk
about
was
this
whose
device
assigned
in
convert?
How
does
it
work
and
some
of
the
recent
changes
we've
made
and
then
we'll
see
a
practical
example
how
the
intel
qat
device
is
being
used
in
kubert
and
then
perhaps
some
time
for
questions
so
just
a
little
bit
of
history.
B
It
will
also
create
an
environment
variable
where
it
will
reference
the
the
allocated
device
either
pci
address
for
pci
devices
or
uid
of
vgpu
for
mediated
devices,
and
the
name
of
this
variable
will
be
constant.
It
will
be
either
gpu
or
vgpu
pass
through
devices
then
divert
launcher
will
consume.
This
variable
extract
the
device
id
and
will
form
a
configuration
for
for
libre
to
start
the
vm.
B
Now
this
model
works
fine
for
allocating
gpu
and
vgpu
devices,
or
it
doesn't
allow
us
to
allocate
devices
which
are
don't
call
themselves
gpu
and
we've
requested.
We
received
lots
of
requests
for
for
integrating
different
devices
into
keyboard.
I've
seen
that
every
time
that
we
would
need
to
integrate
a
new
device,
this
device
would
have
to
have
its
own
variable
name
with
its
own
prefix
and
its
own
handling
code.
That
would
configure
this
device.
This
would
create
a
lot
of
duplication
and
wouldn't
scale
for
us
going
forward.
B
B
So
we
had
to
make
a
few
changes
and
position
yourself
better
for
the
future,
and
we
started
with
introducing
a
mechanism
to
allow
administrators
to
have
a
better
handling
over
the
devices
which
are
allowed
in
the
cluster,
and
I
will
talk
about
this
in
the
next
slides.
We've
also
established
an
interface
between
device,
plugins
and
kubert,
and
we
require
we
will
require
the
device
plugins
to
create
a
uniform
variable
names
so
for
keyboard
to
consume,
and
then
we
generalized
a
lot
of
the
device
assignment
process.
B
B
B
This
basically
allows
us
to,
without
adding
any
additional
code
to
keyboard,
to
use
any
properly
configured
device
on
the
node
that
was
allowed
by
administrator
in
the
cluster
to
be
assigned
to
a
virtual
machine
just
out
of
the
box.
Without
any
additional
steps,
the
way
it
would
work
is
that
kubert
will
use
the
list
of
permitted
devices
in
the
cluster,
and
it
would
discover
these
devices
on
the
nodes
and
it
will
start
a
device
plug-in
according
to
the
type
for
these
devices
and
advertise
it
to
the
kubernetes.
B
B
Plugin,
we'll
just
need
to
make
some
changes
to
this
device
plugin,
so
it
will
use
the
new
the
new
interface
but
users
who
were
previously
using
this
device
plugin.
They
will
continue
to
do
so
in
the
future
and
here's
just
a
slide.
That
shows
how
everything
may
work
together,
and
this
assumes
that
the
administrator
has
already
posted
a
list
of
permitted
devices
in
the
cluster
and
kubert
has
started
the
generic
device
plugins
on
the
nodes
for
the
discover
devices.
B
But
we
could
see
the
the
environment
variables
that
these
device
plugins
will
form
according
to
the
new
interface
indicating
the
type
of
resource
and
the
resource
name
incorporated
inside
the
the
environment
variable,
this
will
be
consumed
by
by
virt
launcher
and
which
will,
in
its
turn,
form
a
configuration
for
liberty.
To
start
the
virtual
machines,
this
practical
compute
can
concludes
my
presentation.
I'm
sorry,
I
probably
forgot
half
of
the
things
that
they
want
to
say,
but
that's.
C
A
A
C
A
D
D
D
D
First
of
all,
I
would
like
to
introduce
the
projects
that
I'm
focusing
on
and
why
we
chose
to
integrate
kuberwort.
Next,
I
will
introduce
the
user
cases
acceleration
of
intel
q80
used
in
the
project
and
how
I
use
the
google
works
new
api
provided
to
implement
pci
password
of
qat
devices.
Finally,
I
would
introduce
the
performance
after
integrating
word
with
qatar.
D
D
It
can
integrate
infrastructure
or
registration
to
ensure
the
requirements
of
hash
cloud
services
are
installed
and
controlled,
and
it
is
a
cloud
native
compute
and
network
framework
to
integrate
every
application
to
the
factor
standard
and
setting
framework
to
address
5g,
iot
and
various
linux
foundation.
I
have
user
cases
in
coordinate
table
why
we
chose
google
working
acronym
because
in
icm
cluster
we
need
to
manage
the
vms
like
a
plant.
Ports
and
vm
should
be
integrated
into
connected
cluster
and
we
need
to
enable
the
standard.
D
D
Why
we
use
the
needed
a
qat,
preset
device
to
do
acceleration
because
the
software
defined
the
added
one.
It
is
a
project
in
icm
and
I'm
focusing
on
it.
It
is
a
solution
to
enable
sd1
functionalities,
include
multiple
one-link
support
when
traffic
management
id
firewall
episode
and
traffic
shipping
with
fox
to
address
the
challenge
when
applying
on
edge
computing
environment
like
resource
limitations,
no
public
id,
and
I
did
all
this
traffic
sentinel
data
automation
under
other
cases.
D
So
it
has
a
below
component
test
cf
and
we
have
a
crd
controller
and
a
central
controller
to
control
these
edge
cases,
edit
class
clusters,
and
then
I
will
give
a
brief
introduction
to
intel
qatar's
device
as
short
for
intel
quick
assist
technology
and
has
a
generic
pcr
device.
You
can
find
more
information
on
this
web
link
and
the
security
can
be
involved
in
the
ipsec
in
the
implementation
tool.
Is
a
workload
of
cpu
on
data
encryption
and
decoration?
D
It
can
be
unlocked,
so
the
dpdk
crypto
data
api
in
this
kernel
crypto
framework
as
well
as
open,
ssl
yeah.
Oh,
it
can
offload
the
specific
workloads
from
cpu
to
qh.
Here
it
makes
it
easy
for
develops
to
integrate
accelerations
in
their
data.
It
can
increase
the
business
flexibility
and
reduce
the
damage
on
the
platform,
especially
cpu
utilization.
D
Where
we
use
it
in
the
ic1,
because
in
sd1
we
need
a
buildup
or
kernel-based
ipsec,
acceleration
back
q80,
where
I
have
in
container
in
there.
They
are
launched
by
google
world
yeah
and
the
vpn
is
templates
required
configuration
integrity
and
authentication
circuit
to
graph
so
on.
The
qet
can
accelerate
this
workload
and
the
initial
exact
is
used
to
connect
different
edge
nodes
and
the
traffic
have
zero
one
because
of
different
scenarios
and
requirements.
Both
then
I
have
an
awareness
needed
in
icl
and
to
maximize
the
cpu
utilization.
D
D
Before
kubovos
released
version
0.36,
if
you
want
to
use
your
generic
pc
device,
you
need
a
lot
of
code
work
to
do
first,
for
example,
qap
which
need
to
build
intellectuality
driver
on
host
and
the
config
host
lmu
group
and
a
builder
and
the
precedes
our
focus
here
in
cluster
3b
faster
and
the
deployed
interactivity
directory
in
dbtk
mode
in
cluster,
and
I
had
a
there
are
a
lot
of
code
work
to
do
to
add
function.
Another
day
to
google
word
to
handle
security
device
element.
D
D
It
has
a
lot
of
work
to
do
so.
After
google
world
release
version
zero,
pointer
366.
There
are
two
ways
for
us
to
use
the
ucl
device.
One
is
for
the
kubernetes
device
and
now
another
is
the
google
world
internal
diversitarian,
using
your
own
dress,
plugin,
for
example,
qat
device
value.
We
need
the
direct
flying,
config
specific
container
environment
value
in
the
container
runtime.
D
It
will
use
the
in
the
converter,
api
yeah
and
we
need
the
brand
we
have
our
pc
address.
We
interact
with
and
configure
kubernetes
there
to
accelerate
the
external
device
results.
It's
it's
also.
The
resource
name
is
the
key.
It's
hosted
by
the
qt
device,
parking
yeah
and
the
config
host
dash
field.
D
So
we
have
launched
the
coverage
vehicle
to
do
some
testing.
First
of
all,
open
ssl,
we
can
say
the
algorithm
is
rsa
esa,
tsa
and
ies,
and
the
software
is
only
run
by
cpu.
Under
the
synchro
is
with
the
q80
device
we
can
say
in
the
16
kilo
batteries
we
could
have
six
times
better
performance
and
yeah.
The
stands
very
fast
sounds
very
fans
in
the
with
qr8.
D
Here
is
a
better
performance
than
only
runned
by
security
run
by
cpu
software
yeah
and
for
ipsec
we
launched
the
two
or
cooper
world
war
amps
under
a
one
first
server,
one
for
client.
We
use
where
then
two
on
qtvfs
in
the
robot,
vm
and
use
branch,
one
to
is
established
the
ipsec
and
the
proposal
is
this:
this
yeah
and
then
you
see
the
links
kernel
crypto
framework,
so
we,
when
we
build
the
security,
we
have
struggle.
We
needed
some
some
feature
enabled
yeah.
D
D
A
Okay,
so
I
guess
now
it's
time
for
questions.
There
was
a
question
raising
the
chat
that
because
the
chat
will
disappear
after
the
event,
it
is
a
mine,
nikola
and
vladik.
I
will
repeat
the
question
again
here
live,
so
you
can
probably
vladik
answer
it
and
elaborate.
A
bit
more
so
nicola
was
asking
in
the
example
slide
slides
with
two
nodes.
Could
we
specify
the
gpus
as
host
devices
rather
than
gpu,
and
if
not,
why.