12 min read

Single Root I/O Virtualization (SR-IOV) -Pt 2- LynxOS-178 10G network benchmarkS

By Tim Loveless | Principal Solutions Architect on Mar 16, 2021 12:33:11 PM

_______________

Single Root I/O Virtualization (SR-IOV) virtualizes network interface cards (NICs) to allow a single NIC to present itself as dozens of virtual NICs to a hypervisor. It is a hardware standard, part of the PCI-SIG (Peripheral Component Interconnect - Special Interest Group) and is heavily used in data centers. It is a key software defined networking (SDN) component that allows data centers to efficiently host internet servers as virtual machines (VMs). SR-IOV provides a pool of hardware virtualized NICs that a cloud computing platform such as OpenStack dynamically assigns to VMs as they are launched. This infrastructure uses Linux orchestration platforms and mainly Linux based enterprise guest OSs.

In our first blog post on the topic (Part I), we saw that the Intel® Atom® C3858 (Denverton) Processor has 4 built-in X550 NICs that present 256 virtual NICs. LynxSecure was used to build a system with 5 Buildroot Linux guests, 4 of which used virtual SR-IOV NICS. This article (Part II), takes the next step and illustrates how to build a system with 3 LynxOS-178 RTOS guests and a Buildroot Linux. LynxSecure is used to assign 14 SR-IOV NICs to the guests before we run benchmarks to measure the overhead of SR-IOV virtual networking. These are high performance 10G bit/sec NICs, so the benchmarks are also an interesting comparison of Linux vs LynxOS-178 networking performance for UDP and TCP at various packet sizes.

Topics: Multicore Safety MCP embedded systems hardware development Single-root IO Virtualization hypervisors virtualization software certifications Virtual Machines 10G Benchmark
10 min read

Who Needs a Hypervisor?

By Tim Loveless | Principal Solutions Architect on Feb 25, 2021 12:59:58 PM

_______________

The standard benefits of a hypervisor are well known and often touted. Every RTOS has its hypervisor and they do genuinely help embedded designers to:

  1. Partition multicore processors into virtual machines; an elegant way to consolidate OSs
  2. Isolate guests; to improve security and safety
  3. Oversubscribe high performance multicore processors; use time slicing to host more OSes than cores
Topics: Multicore Safety CAST-32A Certification MCP embedded systems hardware development hardware interference software certifications DO-178
11 min read

What is Cache Coloring and How Does it Work?

By Tim Loveless | Principal Solutions Architect on Feb 5, 2021 11:52:40 AM

_______________

There are substantial challenges in building secure and safe systems on multicore processors (MCPs). Last level cache contention is undoubtedly the largest source of multicore interference, and a significant challenge for real-time systems. Here we discuss a proposed solution, called cache coloring. Opinions on cache coloring are mixed, sometimes extreme, and the implementation can be difficult and risky. This article aims to demystify cache coloring by clarifying exactly how it works. We hope that the example using a real Intel processor and accurate diagrams allows you to grasp cache coloring without getting lost in lines, sets and ways.

Topics: Multicore Safety TC-16/51 CAST-32A Certification MCP embedded systems hardware development hardware interference software certifications DO-178
25 min read

Challenges Building Safe Multicore Systems

By Tim Loveless | Principal Solutions Architect on Jun 15, 2020 8:12:09 AM

_______________

Topics: Multicore Safety TC-16/51 CAST-32A Certification MCP embedded systems hardware development hardware interference software certifications DO-178
19 min read

What Is A Separation Kernel?

By Tim Loveless | Principal Solutions Architect on Mar 22, 2020 12:02:33 PM

_______________

Having built both separation kernels and real-time operating systems—and supported customers using both across a wide range of industries—we are familiar with the pros and cons of each software technology, as well as their security, safety, reliability, and adaptability impact on complex system designs. Yet despite providing strong security and safety benefits and being the foundation of some of the world’s largest mission-critical systems, separation kernels remain largely unknown and poorly understood. In this article, we hope to:

  1. Bring some clarity to the topic of separation kernels vs. real-time operating systems (RTOSes) and embedded hypervisors
  2. Discuss the benefits and drawbacks of using a separation kernel as the software foundation of your embedded systems design
  3. Introduce LynxSecure®, our own separation kernel
Topics: Safety Certification MCP Least Privilege Systems Architecture Security Trusted Codebase architecture linux rtos embedded systems hardware vulnerabilities development real-time LynxSecure separation kernel hypervisors virtualization
3 min read

Field Notes: Safety-Critical Systems Symposium 2020

By Tim Loveless | Principal Solutions Architect on Feb 24, 2020 12:34:50 PM

_______________

Topics: Multi-core Avionics Demo Cache-partitioning Lynx MOSA.ic™ Events FAA Safety TC-16/51 CAST-32A Certification MCP Systems Architecture Cache Allocation Technology embedded systems hardware development Technical Blog Standards
4 min read

TC-16/51: Adding Bottom Up Interference Analysis for MCPs

By Mark Brown | Systems Architect on Jan 28, 2020 2:20:00 PM

_______________

I hadn't heard of "bottom up" avionics certification before I read FAA's TC-16/51.  But now, looking back at it, I think the authors from Thales Avionics, including Xavier Jean, PhD, proposed a big change in perspective.  In their own words, here's their proposal to add "bottom up" analysis to aircraft safety certifications on Multi-Core Processors (MCP):

Topics: Multi-core Avionics FAA Safety TC-16/51 CAST-32A Certification MCP Systems Architecture rtos embedded systems partitioning hardware development real-time Technical Blog
6 min read

What is SR-IOV and Why is It Important for embedded devices?

By Tim Loveless | Principal Solutions Architect on Oct 7, 2019 2:09:00 PM

_______________

Topics: Multi-core Demo Safety MCP Systems Architecture embedded systems hardware development Single-root IO Virtualization SR-IOV PCI-E
12 min read

What is the Cost of a Board Support Package?

By Tim Loveless | Principal Solutions Architect on Oct 1, 2019 10:35:00 AM

_______________

Topics: Multicore Certification MCP embedded systems TCO hardware development BSPs board support costs
3 min read

Design Prevails: Protecting Systems from Meltdown and Spectre

By Will Keegan | CTO on Feb 19, 2018 10:21:00 AM

_______________

Topics: Press Release Least Privilege Systems Architecture Security spectre CVEs hardware side channels privilege escalation meltdown vulnerabilities