Jump to: navigation, search

StarlingX/IA Features

StarlingX Intel Vendor Features

This page is for work items and status to enable Intel Architecture specific features.

New IA features for StarlingX

We will almost always wait for upstream communities to implement features e.g. the kernel, OpenStack, Kubernetes and pick them up as we adopt newer versions of upstream packages. However some features may require StarlingX specific work and all features will require Testing in StarlingX.

The features below have not been reviewed or scoped or planned at all.

Feature Description Baseline Use Cases Implementation Dev Status Testing Status
FPGA support Enable guest access to platform FPGA TBD AI, ML, etc... TBD Work in progress for OpenStack upsteam for Rocky / Stein TBD
Intel SGX Software Guard Extensions - Intel® SGX protects selected code and data from disclosure or modification. Developers can partition their application into processor-hardened enclaves or protected areas of execution in memory that increase security even on compromised platforms. 7th gen Intel Core Security, privacy, DRM TBD TBD TBD
Intel EPID Enhanced Privacy ID - for security, anonymity and ID revocation TBD TBD TBD TBD TBD
Intel NEV SDK Network Edge Virtualization - reference libraries and APIs for MEC (Mobile Edge Computing) N/A MEC TBD TBD TBD

IA Features in already in StarlingX

These features are already present in StarlingX. Test cases need to be developed and automated for them.

Feature Description Baseline Use Cases Implementation Testing Status
Vt-X Accelerates virtual machines to near bare metal performance Xeon / XeonD Near native virtualized CPU performance Performance enhancement of VMs, live migration from one Intel CPU generation to another
Vt-D Enables physical NICs and/or GPUs to be mapped directly to virtual machine Xeon / XeonD Native I/O performance PCI Passthrough and SR-IOV support
AVX-512 Enables high performance vector workloads Xeon Skylake, Xeon Scalable Processor Telecom, AI, high performance storage, encryption and compression Enhanced KVM performance, guest AVX-512 support
Trusted Execution Technology Used to attest system authenticity and state TPM 2.0 Secure boot and verified system state Secure boot, TPM 2.0 storage of communication keys, vTPM 2.0 support in guests.
AES-NI Accelerates encryption/decryption Xeon Westmere + Full disk encryption and faster communications Linux encryption performance enhancements
UEFI Boot Secure Boot UEFI spec 2.6+ Secure boot and faster boot Secure boot and fast boot
DPDK Acceleration library for networking Intel DPDK High speed VM-to-VM networking Optimized DPDK libraries
QuickAssist Hardware-based compression and encryption Coleto Creek, VT-d Exposing QuickAssist engine to VMs and virtualization of QuickAssist across VMs Support PCI passthrough and SR-IOV access for VMs to QuickAssist accelerators
Enhanced Platform Awareness (EPA) Set of enabling features that take full advantage of Intel Architecture through OpenStack N/A Performance / determinism controls such as core pinning, NUMA awareness / controls, hyperthreading awareness / controls, CPU model selection Suite of features that provide fine grained control for VMs. Can specify core pinning, NUMA affinity to vSwitch and NICs, split NUMA VMs, hyperthreading isolate or require, select CPU model to enable / disable CPU capabilities / instruction sets, huge page sizes.
BMC / IMPI Integration with BMCs for hardware monitoring N/A Discovery of and monitoring of hardware through BMC using IPMI Integration with BMCs to discover and collect hardware sensor data with capability to alarm on the values.
Cache Allocation Technology (CAT) Ability to isolate portions of cache for improved determinism All SKUs starting with the Xeon E5 v4 family Isolating cache of critical VM from noisy neighbor to guarantee performance TBD TBD