Slide Show Title

Download Report

Transcript Slide Show Title

QNX Software Systems
Charles Eagan,
Engineering Vice President
[email protected]
QNX: The choice of Networking Leaders
All content copyright QNX Software Systems
2
Our Markets
Automotive
Consumer
Industrial
Automation
Military
Medical
Networking
Stable and Healthy Markets
QNX: An excellent
Networking
partner
Our Largest
Potential Market
Our Largest
Market
Our Fastest Growing Market
• QNX is the #1 for automotive.
• Most customers today
• 140 car models with QNX
• Most revenue today
• Infotainment suitable for consumer
All content copyright QNX Software Systems
• 2nd fastest growing market
• Largest customer (Cisco)
• Largest potential revenue
3
Networking Decision

How does a networking company decide on an
operating system strategy?
►
Many executives are not aware of the productivity
implications of a commercial operating system and
development tools
►
Engineers that are aware of the implications are often not able
to significantly influence decisions
►
The time window where an operating system can effectively
be transitioned is narrow
►
Strong leadership and determination is required to make an
effective transition
All content copyright QNX Software Systems
4
Why Companies Choose QNX
Customized
Business
Terms
Synergistic
Engineering
Culture
Advanced
Technology
Suite
Flexible
Operations
Model
Competitive
Roadmap
All content copyright QNX Software Systems
Tools and
Development
Aid
5
Development Dynamics

Cisco choose QNX as a strategic partner in the 1996/1997
timeline

This is interesting as at this time QNX was primarily an Intel
based technology and Cisco was mostly MIPS based

The skills and abilities of the QNX team combined with
engineering chemistry and aligned roadmaps and vision led
to the creation of an innovative joint collaboration

The use of QNX technologies has evolved into over 10
different groups within Cisco
All content copyright QNX Software Systems
6
Initial Public Announcement
All content copyright QNX Software Systems
7
QNX Ecosystem
Catalyst 6k
Ethernet switch
Cisco family of
service ports
adapters
CRS-12000
QNX
Core Technology
and
Tools Suite
CRS-1
Many
other
Many
other
Many
other
hardware
hardware
hardware
platforms
platforms
platforms
All content copyright QNX Software Systems
8
Important Technology Areas

Highly Available Fast Architecture

Flexible Scaleable Architecture – Fully distributed or monolithic

Secure

Using/following technology and development standards


►
IEEE
►
POSIX/Unix
►
Java/C++/C/gcc
Flexible
►
Endian abstraction
►
Processor neutral – MIPS/PPC/Intel
Productivity Tools
All content copyright QNX Software Systems
9
Scalable Solutions for Cisco
 QNX Neutrino used in
applications from framer
interface support to CRS-1
 From 1 CPU to thousands
networked and functioning
as a single compute
resource
QNX Confidential. All content copyright QNX Software Systems.
10
Industry Leading Multi-Core
The QNX solution enables software
transition to multi-core processors:
 Proven OS support for any multi-core
processing model
 Full suite of development tools to
characterize and optimize multi-core
applications
 Expert professional services and
support
 Wide range of multi-core board
support packages
Symmetric Multiprocessing
• Multi-core optimized applications
• Resource sharing handled by OS
• Transparent scaling beyond dual
core
Design
Needs
Asymmetric Multiprocessing
Bound Multiprocessing
• Support existing software base, non-optimized
uni-processor approach
• Heterogeneous OS approaches require AMP
• Sharing resources in AMP is non-trivial, scaling
beyond dual core is even tougher
• Migrate existing software base
• Mix existing applications with multicore optimized applications
• Transparent scaling beyond dual
core
• QNX Pioneer
QNX Confidential. All content copyright QNX Software Systems.
11
Highly Available Architecture
The best availability architecture in the world
Process communicate by sending messages
Process
Manager
File
System
BGP
ISIS
Ingress
Egress
µK
Message Bus
Microkernel
Forwarding
Forwarding
Memory Protection
Using Messages:
• Cleanly decouples processes
• POSIX calls built on messages
Shared memory
large data sets and
Allhardware
content copyrightaccess
QNX Software Systems
• The most important technology
that is mandatory for true system
availability
• 90% of all system failures are
due to foreign memory scribblers
12
Flexible Architecture – Fully Distributed or
Monolithic
internet
Message
Bridge
Process
Manager
File
System
Networking
Adding new services on any CPU can
transparently provide that service to all CPUs
OSPF
BGP
MPLS
µK
Microkernel
µK
Message Bus
Traffic
Engineering
Applications
and Servers
System
functions
as
one
single
router
Process
become network distributed
Netflow
Manager
seamlessly across many without
individual
any special code.
loosely or tightly coupled
CPU’s
You gain unified access to all
remote hardware and
software resources with
permission checking.
Custom
Application
Bridging the kernel allows messages to flow transparently from
one message bus to another over a variety of transports
(Ethernet, MOST, custom switching fabric, Internet, …)
All content copyright QNX Software Systems
13
Distributed Computing Architecture
Routing controller
Distributed Unified Router
Route Processor
SMP
BMP
AMP
OSPF
Line Card/Forwarded Plane
DMP
Transparent
Secure
Distribution
Protocol
MPLS
BGP
Applications can
seamlessly move to any
linecard
All content copyright QNX Software Systems
14
Auto-discovery and Load Balancing
Message Bridge (Ethernet, fabric, interconnect…)
Internet
Networking
Stack

Message
Queues
Flash File
System
QNX Transparent
Distributed Processing
►
►
Message-Passing Bus
Microkernel
Application
►
Database
Flash File
System
►
Microkernel
Application
►
Distributed POSIX model
Framework for dynamic
interconnection of hardware
and software among remote
nodes
Global Name Service for
discovery of new hardware
and applications
Stop applications on one
node and restart on a new
node
 No reboot required
 All connections are
maintained transparently
In use extensively in CRS-1
QNX Confidential. All content copyright QNX Software Systems.
15
Security Principles

Separation of privilege
►
►

Complete mediation
►

►
“Object oriented” design principles
 Abstract, modularize, encapsulate, isolate
Very helpful if the OS “enforces” these principles
Resource protection at the application level
►

Lowest level of privileges/access assigned by default
Design
►

Check all accesses — no exceptions
Fail-safe defaults
►

Different privilege levels available to different applications
Lowest level of privilege required assigned to application
Memory, CPU cycles, hardware registers, peripherals, etc.
Operating system architecture can greatly affect how (or even if) these
principles can be applied
All content copyright QNX Software Systems
16
Fault Removal and Recovery:
Availability

Recovery capability can be characterized by a systems
“availability”
►
The probability that a system or subsystem will perform its
intended function at a given instant of time.
MTBF
Availability =
MTBF + MTTR
►
MTBF is mean time between failures and MTTR is mean time to
repair

99.999% availability (five nines) = fewer than 5.25 minutes of annual
downtime (scheduled or unscheduled)

Networking companies and industry watchers constantly monitor these
statistics
All content copyright QNX Software Systems
17
System Guarantees: Increase Availability

Increase MTBF
►
Test and debug (repeat often!)
► Most OSs provide many tools to increase MTBF

Also reduce MTTR
►
Detect, contain, recover from error
► Availability approaches 100% as MTTR approaches 0

Recovery Scenarios
►
System reboot (real-time executive, monolithic kernel)
 Seconds to minutes to recover
► Restart service (microkernel, monolithic application)
 Milliseconds (<< 1 second) to recover

Combination of microkernel + recovery framework
►
Much easier to attain “five nines” availability
All content copyright QNX Software Systems
18
High Availability Framework - CPM

Developed with Cisco as lead customer

High Availability Framework
►
Construct custom failure recovery scenarios
►
Design your system to reconnect instantly and transparently
to minimize downtime
QNX Confidential. All content copyright QNX Software Systems.
19
Highly Available - CPM
CPM Checkpointed State
CPM
Guardian
App

High Availability Recovery Framework (CPM: Critical Process Monitor)
monitors components and handles recovery of component failures

Guardian process provides software failover to ensure that
the high availability process doesn’t become a single point of failure

Client-side library allows components to reconnect instantly and
transparently
►

User can easily add state information and customize recovery procedure
Can also provide heartbeat services to detect component hangs —
this allows the system to monitor itself
All content copyright QNX Software Systems
20
Critical Process Monitoring
Shared Memory State Information
Critical Process
Monitor (CPM)
CPM Guardian
Application A
Driver
Application B
Driver
Microkernel
1. Driver faults due to illegal access to memory outside memory-protected space
2. Kernel notifies CPM of process fault
3. Debug information on faulting process is collected (standard core file)
4. Driver exits and returns all resources to system; IPC channel destroyed
5. CPM restarts new driver
6. Driver IPC channels are reestablished by CPM client library
7. Driver requests information on last state checkpoint from CPM and
service is restored
All content copyright QNX Software Systems
21
Dynamic Upgradeability
Process
Manager
File
System
Application
is the only trusted
component
Audio
Driver
Graphics
Driver
Message Bus
Microkernel
Microkernel
Protocol
Stack
…
 Applications, File Systems and Drivers
► Exist as processes on a message bus
► Reside in memory-protected address space
► Can be started, stopped, added, removed, relocated and
upgraded without rebooting
► Cannot corrupt other software components
QNX Confidential. All content copyright QNX Software Systems.
22
Momentics: Eclipse Leader and Founder
Scalable, Reliable and High Performance
Out-of-the-box support for:
 Multiple hosts, targets, languages and BSPs
 Optimizing compilers
 Compatible with all 3rd party Eclipse plug-ins
QNX Confidential. All content copyright QNX Software Systems.
23
QNX: Introducing Adaptive Partitioning
A critical technology for networking applications
All content copyright QNX Software Systems
24
Introducing Adaptive Partitioning

What is Adaptive Partitioning?
►
Adaptive partitioning is a new QNX product that extends the Neutrino RTOS
► Allows you to build secure compartments or “partitions” around a set of
applications or threads
► Partitions enforce CPU guarantees for applications, controlled by easy to
use budgets


Why is it Adaptive?
►
Patent-pending design ensures all available CPU cycles are given to
partitions that need processing time – no CPU cycles wasted
►
Provides performance advantage by permitting full processor utilization to
accommodate spikes in demand
Easy to get started
►
No changes to how designers work today
 POSIX programming model for the same, familiar design, programming
& debugging techniques
► No code changes are required to implement partitions
All content copyright QNX Software Systems
25
Microkernel Architecture for Security
QNX
Neutrino
Microkernel
Disk
Graphics
Application
ARM,
MIPS, SH4,
PowerPC,
Xscale, x86
>
>
>
>
>
Audio
Application
Network
Serial
Application
Applications and Drivers
Are processes which plug into a message bus
Reside in their own memory-protected address space
Cannot corrupt other software components or kernel
Can be started, stopped and upgraded on the fly
Failures in drivers do not require system restarts
All content copyright QNX Software Systems
26
Introducing Adaptive Partitioning
File System
QNX Neutrino
Microkernel


Device
Driver
10%
Core
Application
Core
Application
Core
Application
70%
Add-On
Application
Add-on
Application
20%
QNX® Neutrino ® RTOS provides the basic structure
►
Application and OS service encapsulation with message passing
►
Hardware memory protection for security and reliability
Adaptive partitioning extends the Neutrino micro-kernel to
provide secure partitions and guaranteed CPU time
►
A collection of processes and threads make up a partition
►
A partition is assigned a percentage of CPU time, averaged over a
time window
►
Overlays on existing thread scheduling
All content copyright QNX Software Systems
27
Maximum Performance
70%
Application
Partition
10%
I/O Partition
QNX Neutrino
Microkernel
File
System
Device
Drivers
Core
Application
Dynamic allocation of
CPU cycles when not
fully loaded
10%
5%
0%
Core
Application
Core
Application
Networking
CPU guarantees for
partitions at full
system load
20%
Untrusted
Partition
70%
30%
Add-On
Add-On
20%
55%
10%
Idle CPU
time
50%
100%
CPU Utilization
All content copyright QNX Software Systems
28
Understanding “Adaptive”
Management
Interfaces
(CLI, SNMP)
Routing &
Forwarding
Reconfiguration
Processing
Load
Scenarios
Topology
Change
70%
10%
5%
20%
90%
5%
80%
Steady State
System Restart
Maintenance
5%
0%
10% 10%
Idle Time
95%
20%
40%
60%
80% 100%
All content copyright QNX Software Systems
29
Partitioning to Contain Threats


Without Partitioning
►
Rogue software can starve core applications of CPU time
►
Distributed DOS attacks can busy your system with network processing
With Partitioning
►
Create OS enforced partitions to ensure critical system resources are
protected
►
Contain threats and protect core applications and services
QNX Neutrino
Microkernel
Network
Management
Control
Plane
Attacked
Denial of
Service
Control
Plane
Attack
Protocols
Contained
Adaptive Partitioning
CPU Time Guarantees
10%
50%
File
System
Core
Application
Add-On
Rogue
add-on
contained
Device
Drivers
Core
Application
5%
25%
All content copyright QNX Software Systems
Add-On
10%
30
CPU Guarantees: Increase Availability

Guaranteed CPU time for recovery actions
►

Failed components isolated, contained and
cannot impact fault recovery processes
Guaranteed CPU time for notification and
user intervention
►
Ensure that remote user interfaces remain
operational and cannot be starved
QNX Neutrino
microkernel
Remote
Interface
Networking –
DOS Attack
Contained
Networking
Device
Drivers
Core
Application
File
System
Core
Application
User
Interface
Alarm
Notification
Fault
Recovery
Automatic Recovery
Reduce MTTR
All content copyright QNX Software Systems
31
Software Complexity
Development View

Large teams, multi-site development
►

Maintenance
Differing designer skill sets
License and integrate 3rd party
technologies to reduce development
costs
►

Geographic and time zone separation
Division of responsibilities,
functional areas and expertise
►

Management
Interfaces
Lack of developer control of 3rd party
technology
Parallel development, followed by
system integration & verification
Routing &
Forwarding
All content copyright QNX Software Systems
32
Building Complex Systems
System Integration

System integration is a significant portion of the overall project
schedule
►



Always on the project’s critical path
Problems detected late in design cycle are the most costly
►
Initial verification cost to find bugs
►
Typically hold up whole project
►
Require system experts to troubleshoot and resolve
►
Cost of re-implementation, re-test
Design changes introduced late add project risk
►
Typically, band-aid solutions are used to limit churn and maintain schedule
►
Net effect is to reduce product quality and performance
Typical problems that occur at integration time are typically related
to performance, memory corruption and process starvation
All content copyright QNX Software Systems
33
Conclusion
QNX remains committed to the markets
that made it successful and is
aggressively expanding into new markets
to fuel future growth.
Our technology roadmap will continue to
show clear leadership and will address
the needs of our markets.
All content copyright QNX Software Systems
34