《20230614_A-103_Michels.PDF》由会员分享,可在线阅读,更多相关《20230614_A-103_Michels.PDF(14页珍藏版)》请在三个皮匠报告上搜索。
1、High-Speed Secure Virtual Application Delivery Using FPGA-Based SmartNICsPresented by Geetha Jayagopi and Tim Michels 2Intel Infrastructure Processing Unit(IPU)Providing new data center intelligent infrastructure accelerationCommon software frameworksHW and SW programmable,built to customer needsSys
2、tem-level security,control,and isolationProcessor ComplexNetworkInfrastructure Acceleration&Management(ASIC and/or FPGA)Processor complex enables control plane offload and isolationIntel IPU Value Proposition3Infrastructure OffloadIPUs Reduce Host Compute Cycles Doing Infrastructure WorkLower Server
3、 OverheadIntel Xeon processorRealWorkInfra.&ServicesIntel IPUIPUs Can Accelerate Some ApplicationsInfrastructure AccelerationIntel Xeon processorIntel IPUHW CryptoSW CryptoHardware Accelerated InfrastructureFeatureVelocityIPUs Provide Reconfigurability and ProgrammabilityIntel Xeon processorIntel IP
4、UCustom IPCustomizations at the Speed of SoftwareSecurityApplication&Tenant Isolation from InfrastructureIntel Xeon processorIntel IPUAirgapIncreased Infrastructure SecurityAppsInfra.&ServicesIsolation of workload and infrastructure improves integrity and efficiency of the gridAccelerating Applicati
5、on ServicesTim MichelsDistinguishedEngineer,F5 IncF5is a Leading ADC Systems Company5 Custom built BIG IP appliances and Chassis Integrated CPUs,ASICs,and FPGAs Hardware acceleration Flow Aware Packet Transforms PKI and Bulk Cryptography DDOS FiltersBut F5 Product Deployments have Evolved.6Appliance
6、s Traditional 3-Tier architecture friendly Scale up capacity with hardware accelerators Difficult to integrate with Cloud architecturesVirtualized Services VMs initially and now Containers and Micro-services Scale out capacity by clustering many instances Easily integrated in cloud deployments But t
7、here is a problem.!201020152020AppliancesVMsContainersThe Single Node Bottle Neck7Single node performance matters!Common Occurrences Session or Subscriber State Pinning Security Policy Chokepoints DoS attack against scale out algorithm8The Single Node Bottle Neck Fixed!Single node performance matter
8、s!Common Occurrences Session or Subscriber State Pinning Security Policy Chokepoints DoS attack against scale out algorithm Hardware acceleration in the node is the answerWhy F5 Chose an FPGA SmartNIC?9F5s Acceleration History Existing IP Library Easy lift for F5 softwareFPGA cards are a natural fit
9、 PCIe and Ethernet in the right layout External memory supportVery Capable High density and high-performance logic Familiarity with tooling and devicesExample:DDOS Protection10Example:Carrier Grade NAT11BIG IP VE with SmartNIC12N5013(100Gbps TP w/2x100GE ports)https:/ Enabled Architectures Move F5 software onto the IPU card Whole cloth infrastructure services on card Powerful model for Edge and Service Provider use cases F5 is active in the Open Programable Infrastructure(OPI)projectAcceleration FuturesThank You