Home SecurityNetwork Security SmartNICs set to infiltrate enterprise network, security worlds

SmartNICs set to infiltrate enterprise network, security worlds

by

Enterprise infrastructure that supports data center, cloud and edge networks could someday be dominated by one of its tiniest components–the smartNIC or data processing unit (DPU).

Use of smartNICs in the enterprise is still evolvinging, but the idea behind them–offloading server CPU duties onto a separate device to free up server cycles–is not new. Specialized hardware accelerators such as graphics processing units (GPU), field-programmable gate arrays (FPGA), and focused NICs have offloaded CPU workloads in telco, financial, and scientific application processing. 

Looking ahead, users and vendors see a way to reduce enterprise costs, improve performance and increase security with smartNICs.

Why smartNICs?

“There are a mix of things going on to make the smartNIC attractive to enterprise customers. For one, the processor technology has gotten to the point where we can make some pretty beefy NICs,” said Paul Turner, vice president of product management with VMware.

“Many data-center applications need lots of resources to run properly, and smartNICs can help with that. Customers also are looking to bring down the cost of infrastructure by running more and more virtual machines while supporting denser traffic from ever-dense servers–all use-cases smartNICs can handle.”

While the potential is huge for enterprise-class users, it’s still a little early, experts say. 

“At this point in time, smartNICs have not been proven to be a truly viable solution for enterprise customers yet, due to the high cost of product (compared to regular NICs), and the high engineering costs. Enterprises would need resources to program the smartNICs,” said Baron Fung, research director with the Dell’Oro Group.

The cost of deploying smartNICs may be hard to justify unless they are deployed at scale, and that is particularly true in the case of enterprise data centers, most of which are smaller than cloud data centers, he said. “SmartNIC deployments generally make sense with large cloud data centers in which the development cost can be amortized over a greater number of servers, along with an architecture designed with smartNICs in mind.”

How do smartNICs work?

To understand how and why smartNIC usage is growing, it helps to understand how they work.

First up is the nomenclature. A smartNIC is also known as a DPU or Functional Accelerator Card (FAC)–as well as a number of other things.

“FAC is Gartner’s term, which basically means it is a NIC with a high-powered chip on it. While all FACs are essentially NICs, not all NICs/smartNICs are FACs,” said Andrew Lerner, vice president at research firm Gartner covering enterprise networking.

By Dell’Oro’s definition, a smartNIC is a networking adapter card with a programmable processor, Fung said.

“A smartNIC is almost like a server inside a server, given that it has a processor, network fabric, storage, memory, etc. This programmable processor can be either a FPGA, ARM or some [system on a chip] that is intended to offload certain workloads from the main CPU. These workloads are often overhead to operate the data center infrastructure, such as networking, storage, security, etc. By offloading these overhead workloads, the CPU could be freed up and better monetized to run customer applications,” Fung said.

A DPU can offload functions like physical and virtual switching or packet processing using its built-in network operating system and, in some cases, its on-board acceleration engine, according to VMware’s Turner.

Different vendors refer to this type of device using different terms. DPU is used by vendors including Nvidia, Marvell, Fungible, and Xilinx. Pensando calls their product a distributed server card or DSC. Intel calls theirs an infrastructure processing unit (IPU).

Vendors layer different software and applications on their products, and use different terms to emphasize this. But fundamentally, all these devices achieve a similar function, according to Fung: freeing up server CPUs for application processing.

“The FAC (because it has a chip) can deliver all kinds of interesting software, including software that can improve performance and security of applications,” Lerner said. “Organizations can use the FAC to offload processing from the x86 host or replace ‘middleboxes’ like firewalls and load-balancers. So the potential is huge. FACs alone could start eating into a lot of existing network stuff like load-balancers, firewalls etc, and even start to eat away the top-of-rack switch itself.”

SmartNIC use cases

Reduce need for single-function appliances

Load-balancers and firewalls were state-of-the-art 25 years ago and have become complex and expensive, said Soni Jiandani, co-founder and chief business office for Pensando

Pensando is a startup lead by a crew of ex-Cisco stars, including its chairmen of the board, former Cisco CEO John Chambers, Mario Mazzola, Prem Jain, Luca Cafiero and Jiandani.

Pensando is building a DPU-based architecture that includes intelligent, programmable software to support software-defined cloud, compute, networking, storage, and security services that ideally could be rolled out quickly to edge, colocation, or service-provider networks.

Most recently the company’s technology became a key component in HPE company Aruba’s new data-center switch, the Aruba CX 10000. That switch includes an integrated Pensando DPU that reduces the need for separate security and load-balancing appliances.

“The idea is that we let enterprises run their infrastructures in the same way that today only a hyperscaler can afford,” Jiandani said. “There are a wide range of use cases – such as 5G and IoT – that need to support lots of low latency traffic. We’ve taken a ground-up approach to giving enterprise customers a fully programmable system with the ability to support multiple infrastructure services without dedicated CPUs.”

Processing security

In virtual environments, putting functions like network-traffic encryption into smartNICs will be a big use case, VMware’s Turner said. “In our case, we’ll also have the NSX firewall and full virtual SDN software or vSphere switch on the smartNIC that will let customers have a fully programmable, distributed security system.”

Processing required to enforce microsegmentation policies that divide networks into firewalled zones can also be handled by smartNICs, Turner said.

A third use case from VMware’s point of view is setting up a security ecosystem that lets others like its partner Pensando set up network traps to monitor network traffic patterns and perform other analytics functions.

Pensando is part of VMware’s Project Monterey, which melds bare-metal servers, GPUs, FPGAs, NICs, and security into a large-scale virtualized environment. A key component is VMware’s SmartNIC, which incorporates a general-purpose CPU, out-of-band management, and virtualized device features.

As part of Monterey, VMware has enabled its ESXi hypervisor to run on SmartNICs, which will provide a single management framework to manage all custoner compute infrastructure whether it be virtualized or bare metal. The DPU  be an infrastructure-fabric control point, on par with the x86 CPU, to scale network, security, storage, and manageability functions.

Earlier this fall, VMware rolled out the Project Monterey Early Access program, which provides customers an opportunity to collaborate with VMware to test and validate their use cases in a lab environment. 

VMware’s rollout was followed by NVIDIA’s own Project Monterey Early Access Program using servers from Dell Technologies and Lenovo.

Network and storage delivery

Other smartNIC applications include offloading networking applications such as DNS processing.

Storage applications could also be destined for smartNICs. For example, NVMe enables faster performance and greater density compared to legacy storage protocols. NVMe is geared for enterprise workloads that require top performance, such as real-time data analytics and online trading. Offloading that control function to a smartNIC could save lots of processing power and offer low-latency networking support.

For cloud and enterprise data centers, there’s the potential to offload network, storage and security functions as well as security isolation for multi-tenant domains and reducing network latency, Dell’Oro’s Fong said. “For the telecom market, Smart NICs can also be used to offload [network voice protocol] and [user plane function] from the server. For the developing edge market, Smart NICs can also be tasked with some AI inferencing tasks.”

SmartNIC for the future

Momentum for smartNIC use in the enterprise is just beginning to build, but analysts are bullish about the growth potential.

“We believe it will take at least five to 10 years to achieve mainstream enterprise adoption,” Gartner’s Lerner said. During 2025, the total number of FAC ports shipped will be 18 times more than the current number of FAC ports shipped in 2021, Lerner said.

The Dell’Oro Group predicts smartNIC revenue to grow from about $150M in 2020 to $1.1B in 2025.

For now, there is no lack of interest in developing products. Aside from VMware, Pensando, Aruba, and Intel, there are many other vendors looking to develop smartNIC architectures. One notable example is AWS and its Nitro service.

AWS Nitro employs dedicated hardware cards that offload networking, storage, and management chores from AWS EC2 host servers. The service offers a variety of compute, storage, memory, and networking options.

Juniper Networks recently touted a new smartNIC project called Juniper Edge Services Platform (JESP), which enables the extension of the network to the smartNIC, wrote Juniper CTO Raj Yavatkar in a blog

“JESP offers life cycle management, observability, and troubleshooting capabilities for smartNIC-accelerated cloud-native applications and network services,” Yavatkar stated. “It also provides enhanced monitoring, telemetry and visibility of application operations over networks. JESP can be applied within and across data centers–basically, wherever the edge of the network is terminated.”

Cloud-native containerized firewalls and Layer 7 proxies can be orchestrated and accelerated using  smartNIC APIs, Yavatkar stated.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2021 IDG Communications, Inc.

Source link

Related Articles

Translate »