1、SmartNIC Architecture for Distributed Services at the Network EdgeMario BaldiFellowPensando Systems,Inc.San Jose,CA April 26-28,2022�����San Jose,CA April 26-28,2022Data Center ServicesNetworkNAT,load balancing,overlay(VxLAN,GENEVE)SecurityFirewall,IDS,IPSStorageShared disks,disaggregated storageObs�������ervab
2、ilityTelemetry,packet captureSan Jose,CA April 26-28,2022The Traditional Approach(Virtual)appliancesPossibly embedded in switchesPossibly executed in hostsNetwork Function Virtualization(NFV)Topology design implicationsTraff�������ic routing and stitchingSan Jose,CA April 26-28,2022N-S TrafficSingle point
3、of entrance/exitFits well to appliance solution InternetSan Jose,CA April 26-28,2������022E-W Traffic90%of data center traffic according to some estimatesDoes not fit well to appliance solutionTraffic tromboningSan Jose,CA April 26-28����,2022Distributed Services ApproachOptimal,unchanged routingNo additional
4、 traffic loadSan Jose,CA April 26-28,2022Where can Services be Implemented?Network nodesSwitchesRoutersEnd systemsSan Jose,CA April 26-28,2022Challenges Network NodesDeal with very large volumes of trafficShort time to execute processingDesigned for forwarding packetsSimple,fixed������� processing(ASIC)Do
5、P4-based switches offer an opportunity?ProgrammableHardware performanceSan Jose,CA April 26-28,2022Challenges-HostsAgents consume host CP���UProblematic to support many operating systemsProblematic to handle updates and agent versionsSan Jose,CA April 26-28,2022Where should distribu��������ted services run?The
6、 network edge(hosts)is a good candidate Consistent scale out modelSoftware execution takes resources from paying workloadsProgrammable hardware on a card11 Network interface card ����and ToR are good candidates Needed anyway By nature on the path of trafficSan Jose,CA April 26-28,2022P4 Programmable Pro
7、cessorPensandoDistributed Services PlatformTelemetryNetworkingMicro SegmentationStateful FirewallLoad BalancerEncryption&TLS OffloadStorage ServicesCentrally ManagedREST APIAutomationObservabilityTroubleshooting&SecurityOrchestration&������ProvisioningPolicyEcosystemCompute,Analytics,IT OpsPolicy and Serv
8、ices Manager(PSM)ControllerPensando Distributed Services CardsDSCDSCDSCDSCDSCDSCDSCDSCSan Jose,CA April 26-28,2022Pensando SoC ArchitectureHost adaptorCan perform NIC���� functionsCan add significant value running servicesHost InterfacePCIeARMCoresP4Packet Processing DataplaneServiceProcessingOffloadsMe
9、moryCoherent InterconnectPacket BufferTraffic ManagerEthernet PortEthernet PortNetwork InterfaceNetwork InterfaceHost adaptor(or������� ToR)Can perform NIC functionsCan add significant valuerunning servicesSan Jose,CA April 26-28,2022Did it hit the sweet spot?Hosts see less trafficMore time to execute soph
10、isticated processingA hardware assisted approachNo load on the host CPUSpecialized,pro��������grammablePerformance and flexibilityScale out modelSample Use �������CasesSan Jose,CA April 26-28,2022TLS OffloadHTTPSTCP port 80TCP port 443Proxy running on DSCSan Jose,CA April 26-28,2022TLS Offloading Support17Ethernet
11、 PortHost InterfaceMemoryPCIeCoherent InterconnectARMC������oresPacket BufferTraffic Manage�������rP4Packet Processing DataplaneServiceProcessingOffloadsEthernet PortNetwork InterfaceNetwork Interface(2)TCP connection and TLS session initiation packets are forwarded to the ARM cores for software processing(1)pac
12、kets are ������generally processed by the pipelineHandle connection establishmentInstall state in pipeline tables(3)subsequent packets are processed in the pipeline(3.1)encryption/decryption performed by service processing offloadArm involved only in connection/session setup/tear downPipeline ensuresWire
13、speed throughout Minimal delayMinimal jitterSan Jose,CA April 26-28,2022NVMe-oFAccess a remote disk as if localThrough a regular NVMe driverMultiple transports includingRDMATCP18OSNVMEoF InitiatorRDMATCP/IPNICRemote Storage ManagementNVMEoF Initia������tor E����mulated Local StorageNVME Initiator*VMNVME Emula
14、tionHypervisorRDMA DriverTCP/IP StackNICRemote Storage ManagementNVMEoF TargetNon-Volatile Memory Express Over FabricSan Jose,CA April 26-28,2022NVMe������-oF Offload19NVMEoF TargetNVMEo�������F Initiator DSCRemote Storage ManagementEmulated Local StorageNVME EmulationNVMEoF Initiator DSCRemote Storage Managemen
15、tEmulated Local StorageNVME EmulationHypervisorNVME Initiator*VMNVME Initiator*VMNVME Initiator*OS/ContainerRDMA TCPRDMA������ TCPSan Jose,CA April 26-28,2022NVMEoF Offloading Support20Ethernet PortHost InterfaceMemoryPCIeCoherent InterconnectARMCoresPacket BufferTraffic ManagerP4Packet Processing Datapla
16、neServiceProcessingOffloadsEthernet PortNetwork InterfaceNetwork Interface(1)NVMe commandsLoad balance across remote controllersEncapsulationTCP segmentation(2)NVMe commands translated into NV��������MEoF capsules(2.�����1)encryption/decryption;data digest generation/verification(3)encryption/decryption;of data
17、at restSan Jose,CA April 26-28,2022Distributed Stateful E-W FirewallFirewalling E-W traffic is particularly challengingLarge vo����lume compared to N-SApplications expect small latency21Appliances are not suitable as they would create“traffic tromboni������ng”Increased loadIncreased latencyIncreased jitterSan
18、 Jose,CA April 26-28,2022The DSC is the perfect spot where to implement thisIt is on the path of each packetFlow cac����hing to reduce latencyEvaluate rules on first packetInstall entry in flow cache table for handling following packets22San Jose,CA April 26-28,2022Distributed Stateful Firewall Support2
1����9、3Ethernet PortHost InterfaceMemoryPCIeCoherent InterconnectARMCoresPacket BufferTraffic ManagerP4Packet Processing DataplaneServiceProcessingOffloadsEthernet PortNetwork InterfaceNetwork Interface(3)packet and corresponding action are passed to ARM cores(�����1)packets belonging to a known flow are forwa
20、rded directly(flow cache table)(2)packets of new flows are further processed in the pipeline to evaluate rulesSoftware creates forward and rev���erse flow entries in the flow cache table(4)packet is passed to pipeline for processing based on newly installed flow cache entryMemory shared b�����y ARM cores an
21、d pipeline ensures that entry is up-to-dateSan Jose,CA April 26-28,2022Conc������lusionsDistributing services in data centers is beneficialDistributing them to the edge has advantagesUsing a host adaptor or ToR is idealThe right hardware architecture is keyAdditional off-load is possibleThank you!pensando.iobaldi.info
sgpjbg002
工作日 9:30 - 18:00
会员动态:
报告分类
新质生产力
ChatGPT
新能源汽车
大模型
Sora
机器人
微短剧
芯片
薪酬
白皮书
低空经济
数据要素
创新药
人工智能
AI产业
信息科技
互联网
消费经济
汽车交通
电商零售
传媒娱乐
医药健康
投资金融
能源环境
地产建筑
传统产业
英文报告
其它
扫码登录
手机快捷登录
账号登录
