云原生世界中的實時媒體.pdf

1、#CiscoLive#CiscoLiveGiles Heron Principal EngineergilesheronBRKETI-2006in a Cloud-Native WorldReal-Time MediaChris Lapp Technical Solutions ArchitectLappHdtv 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App Questions?Use Cisco W

2、ebex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12343https:/

3、 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKETI-2006 3Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicMotivationBenefitsUse-CasesArchitectureDemoCall to ActionBRKETI-2006 4 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive“Do

4、nt text me before I see the GOAL!BRKETI-2006 5 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThis is Hard!BRKETI-2006 6 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMedia Industry Transitions7BRKETI-2006 Common HardwareRemove the need for de

5、dicated FPGA based appliances and leverage COTS HardwareCommon InfrastructureThe move of traditional media like SDI and analog audio to IP transportCloud Native ApplicationsMove away from traditional monolithic applications towards cloud native applicationsVirtualizationVirtualize critical broadcast

6、 applications 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveA(fuzzy)Application TaxonomyNon RealNon Real-TimeTimeRealReal-TimeTimeInteractiveInteractive(request/response)(request/response)Web ApplicationsOnline GamesStreamingStreaming(publish/subscribe)(publish/subscribe

7、)Message BusesLive MediaBRKETI-2006 8 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow does Internet“streaming”work today?Client gets media playlist from serverClient gets media segments from server Repeat.HTTP-TCP dest port 80BRKETI-2006 9 2023 Cisco and/or its affilia

8、tes.All rights reserved.Cisco Public#CiscoLiveHow does live video over IP work?Client gets media streams for URL from serverRTP e.g.:UDP source port 45388/dest port 50950 for audioUDP source port 37574/dest port 57566 for video Client and Server negotiate UDP ports for each streamServer streams medi

9、a to client over UDPRTSP TCP dest port 554BRKETI-2006 10 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow does multicast video over IP work?RTP:IP dest 239.1.2.3,UDP dest port 50000Controller connects to sender and gets media informationController connects to receiver a

10、nd sends media informationReceiver joins sender IP multicast groupTraffic flows to receiverBRKETI-2006 11 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMedia Industry TransitionsCommon InfrastructureThe move of traditional media like SDI and analog audio to IP transportC

11、loud Native ApplicationsMove away from traditional monolithic applications towards cloud native applicationsVirtualizationVirtualize critical broadcast applicationsCommon HardwareRemove the need for dedicated FPGA based appliances and leverage COTS HardwareBRKETI-2006 12Big Cloud 2023 Cisco and/or i

12、ts affiliates.All rights reserved.Cisco Public#CiscoLiveKubernetes Media Connectivity OptionsTCPHTTPUDPRTP-based media(RTSP,SIP,etc.)kube-proxy&NodePortService Mesh&Load BalancersHost NetworkingMedia Streaming MeshOne Pod Per Node!BRKETI-2006 14 2023 Cisco and/or its affiliates.All rights reserved.C

13、isco Public#CiscoLiveCamera feeds sent to studioMixing(generating a broadcast quality feed)Encoding into multiple formats(resolutions,bitrates,content protection)“Distribution”to CDN caches(and/or cable head-ends,broadcast towers)Delivery to End users(over HLS,DASH etc.for”live”Internet video)The li

14、ve media“chain”CacheDistribution NetworkSourceMixerEncoderContributionNetworkClientAccess Network 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveContribution(camera to studio and in-studio mixing)MSM opportunity limited by the fact that cameras and in-studio devices are d

15、edicated hardware platformsMixers are moving to softwareNewer cameras may support running docker containersSub-titling,graphics,add insertion etc.are all pure computeProfessional Media and Media Streaming MeshCacheDistribution NetworkSourceMixerEncoderContributionNetworkClientAccess NetworkBRKETI-20

16、06 16 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEncoding is fundamentally a compute taskOften co-located at studio todayMay require massive selection of resolutions,bitrates,protocols,content protection etc.Move to cloud-or at the very least use cloud-native technolo

17、gyProfessional Media and Media Streaming MeshCacheDistribution NetworkSourceMixerEncoderContributionNetworkClientAccess NetworkBRKETI-2006 17 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDistribution to caches/head-endsRequires fan-out,transport optimisation(e.g.”live-l

18、ive”,FEC,etc.)In some cases will send different set of formats to different caches or head-endsProfessional Media and Media Streaming MeshCacheDistribution NetworkSourceMixerEncoderContributionNetworkClientAccess NetworkBRKETI-2006 18 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public

19、#CiscoLiveLarge number of camerasfew per site in many small sites(e.g.retail)or thousands in each of a few sites(e.g.airports)Multiple consumers for each streammay be local to camera(edge ML)or at remote site(data center/operations center)One or more proxies per camera site and a proxy at each viewe

20、r site todays approach is typically RTP over UDP multicastIoT Video Use-Cases for Media Streaming MeshBRKETI-2006 19 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBenefits of Media Streaming MeshObservabilityObservabilityMeasureMeasure jitter and packet lossTrackTrack se

21、nders and receiversVisualiseVisualise stream topologySecuritySecurityAuthenticateAuthenticate with SPIFFE/SPIREAuthoriseAuthorise with OPAEncryptEncrypt with SRTP or RTPoQUICDistributionDistributionReplicateReplicate streams optimallyInterworkInterwork network domainsMinimiseMinimise latency and jit

22、terDeployabilityDeployabilityScaleScale transparentlyOptimiseOptimise cluster footprintRecoverRecover smoothly from failuresBRKETI-2006 20 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMSM Software Architecture Worker NodesMSM StubMedia AppRTP ProxyControl PlaneMSM CNI P

23、luginMSMAdmission WebhookMSM StubeBPF/iptablesRulesDaemonSetsMedia PodsK8s ServicesKubernetes ClusterBRKETI-2006 21 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMSM Admission WebhookAdmission Webhooks are HTTP callbacks that receive admission requests and do something w

24、ith them MSM implementation uses mutating admission webhooks to automatically inject the MSM stub(sidecar proxy)into an application podImplemented an Admission Controller that listens for Pod/Deployment events and modifies the pod spec on runtimeController is triggered if the pod or deployment speci

25、fication is annotated with a custom label:sidecar.mediastreamingmesh.io/inject:trueMSM StubMedia AppMSM Admission WebhookKubernetes APIPod/Deployment EventMedia PodKubernetes ClusterBRKETI-2006 22 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMSM CNI PluginAny MSM enable

26、d pod will need to redirect incoming traffic to the injected MSM stubWorks as a chained plugin,meaning that it appends to the existing CNI configuration of a cluster,and its task is to install the appropriate iptables or eBPF rulesAs with the MSM Admission Webhook,it only acts on pods annotated with

27、 our custom label:sidecar.mediastreamingmesh.io/inject:true”Uses netns commands to insert iptables rules in an MSM enabled pod and runs on every worker node in the clusterMSM StubMedia AppMSM CNI PluginKubernetes APIPod/Deployment EventIptables(or eBPF)rulesMedia PodKubernetes ClusterWorker NodeBRKE

28、TI-2006 23 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePer-Cluster Control PlaneMSM StubMedia AppRTP ProxyControl PlaneCPgRPCDPUses gRPC SouthboundSend/receive commands to/from the MSM StubsProgram the RTP ProxiesUses K8s API and DNS NorthboundMap URLs/URIs to K8s endp

29、ointsWritten in GolangLeverage existing libraries(e.g.Pion)Protocols implemented as plug-ins:RTSPRISTWebRTCOthers?gRPCWorker NodesMedia PodsK8s APIDNSKubernetes ClusterBRKETI-2006 24 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMSM Control Plane InternalsMSM StubRTP Pro

30、xyCP APIStream Graph is K8s CRD List of active RTP streams Enables control plane and network controller restartControl Plane is K8s servicePlug-in implements specific CP protocolStub handler exchanges CP messages with MSM stubURL handler maps URLs to K8s endpointsStream API writes to stream graphNet

31、work Controller is K8s deployment Stream Mapper creates physical stream topology from stream graph and K8s API Proxy handler writes forwarding rules to RTP proxies(in-cluster or remote)DP APIProxyHandlerStream MapperStub HandlerMSMControlPlaneMSM Network ControllerURLHandlerRTP ProxyKubernetes Clust

32、erMSM StubstreamgraphProtocolPlug-inStrmAPIK8s APIK8s APIDNSBRKETI-2006 25 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMSM Control Plane FutureNew Stream List resource:Lists available media streamsEquivalent to SDP in media protocolsController App creates media workflo

33、ws:Calls K8s APIs to create media appsCalls Subscription Manager APIs to create streamsSubscription Manager replaces MSM Control PlaneAPIs to stream list and stream graphConnects Media Apps to RTP proxiesstreamgraphSubscriptionManagerK8s APIstreamlistControllerAppProxyHandlerStream MapperMSM Network

34、 ControllerRTP ProxyRTP ProxyKubernetes ClusterDP APIMedia App 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMSM Control Plane AMWA NMOSRTP ProxyDP APIRTP ProxyHTTPS(IS-04/05)DNSMSM/NMOS Mapper acts as NMOS node to external registry/controller and maps between NMOS resou

35、rces and MSM resourcesMSM/NMOS Mapper uses MSM Subscription Manager to interface to K8s resourcesNeed an ingress/load-balancer so the NMOS controller can contact the MSM/NMOS Mapper at a known IP/portNeed to resolve how we expose RTP Proxy IPs to NMOSK8s APIstreamgraphProxyHandlerStream MapperMSM Ne

36、twork ControllerMSM/NMOSMapperstreamlistSubscriptionManagerMedia App 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe MSM StubMSM StubAppRTP ProxyControl PlaneCPgRPCDPDeployed:1.With RTP Proxy as“gateway”2.In each media podTerminates application control planePunts to pe

37、r-cluster CP over gRPCMay intercept the Data PlaneRTSP interleaved data caseMonitoring at podWill use SPIFFE/SPIRE&OPARTP Proxy handles encryption but will need end-to-end authentication/authorization“Stub”because footprint is minimalComplexity is in the CP and the RTP ProxyWritten in async Rust for

38、 performance/footprintAppServiceKubernetes ClusterPodWorker NodeBRKETI-2006 28 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe RTP ProxyMSM StubAppRTP ProxyControl PlaneCPgRPCDPServiceKubernetes ClusterMedia PodsWorker NodeDeployed as a K8s DaemonSetIn host network nam

39、espacesupports North/South and East/West flowsRTP Translator(RFC3550)Unicast to multicast,IPv4 to IPv6,RFC1918 to public IP,tunnelling,MTU conversion etc.RTP/UDP,RTP/TCP and RTP/QUIC supportAlso acts as a UDP,TCP and QUIC proxyMinimises attack surfacePrototype Implementation in GolangPerformance lim

40、ited by kernel sockets and GCFuture is Async Rust with WASM filterseBPF to pods and DPDK towards the networkKey is to drive a filter ecosystem e.g.FEC,source validation,encryption,congestion controlBRKETI-2006 29 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRTP Proxy In

41、ternal ArchitectureServerIngressProcessingClientEgress ProcessingServerEgressProcessingClientIngress ProcessingWASM Filter Chains(example)SRTPSRTCPFECUDP,TCP,QUIC to RTP/RTCP PacketsAdd Forward Error Correction to MediaMonitoringRTP/RTCP Packets toUDP,TCP,QUICFan OutEncrypt DataclientsmediaserversSt

42、reamReplicationSDESValidateSSRC ValidSRTCPRTCPAggregateBRKETI-2006 30 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRTP ProxyMSM StubDemo SetupControl PlaneMSM StubRTSP Server3.134.238.254RTP ProxyMSM StubCamera PodK8s APICoreDNSmsm-node-4172.31.8.56msm-node-5172.31.5.86

43、3.130.236.2373.136.135.6msm-node-3172.31.3.124RTSP ClientRTP ProxyMSM StubBRKETI-2006 31Demo 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a m

44、inimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey

45、completed.BRKETI-2006 34 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Li

46、brary for more sessions at www.CiscoL 35Thank you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive37Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123437 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKETI-2006#CiscoLive