Optimising Network Packet Processing using the Silicom IAONIC SmartNIC
Technology
Introduction
At Netadvia, we believe that in today’s digital age, the volume of data transmitted and processed worldwide is increasing at an unprecedented rate. With the advent of technologies such as the Internet of Things (IoT), cloud computing and Artificial Intelligence (AI), the sheer volume of data being produced is growing exponentially. This presents new challenges for businesses and organizations that need to process and analyse this data. As a result, solutions for offloading network packet processing are becoming increasingly important to ensure that these tasks can be handled efficiently and effectively. In this article, we explore a technology that allows for the offload of existing network functions and applications, freeing up server CPU resources for other critical tasks. The Silicom IAONIC SmartNIC has the benefit of being both cost effective and not requiring additional physical space.
Silicom IAONIC SmartNIC Series
The Silicom IAONIC (Intel® architecture on NIC) SmartNIC (Intel codename Phantom Lake), based on the Intel® NetSec Accelerator reference design, is the latest innovation in SmartNIC technology that enables the easy offload of x86-based network applications. The significant advantage of the Silicom IAONIC SmartNIC, over an FPGA-based or ASIC-based SmartNIC, is that any x86-based application can be deployed directly to the NIC. This means that network applications that have already been developed to execute on x86-based servers can be easily migrated to this SmartNIC. The Silicom IAONIC SmartNIC also includes support for the Data Plane Development Kit (DPDK) and the Vectorized Packet Processor (VPP).
The Silicom IAONIC SmartNIC comes packed with the Intel® P5000 series Atom processor and is available with either 8 or 16 cores. The 8-core model (P425G2SN1-XR) includes 2x25GbE network ports whilst the 16-core model (P4CG1SN2-XR) includes a single 100GbE network port. A Flexible Packet Processor (FPP) is available as an optional component. This is essentially a built-in Ethernet switch that sits between the physical network ports and the network application. The Silicom IAONIC SmartNIC also includes an integrated Intel® QuickAssist (QAT) engine for hardware acceleration of encryption and compression. Overall, this SmartNIC includes a range of features built for optimising and accelerating network processing functions.
Application Deployment
The primary benefit of the Silicom IAONIC SmartNIC is that it provides additional processing power without consuming extra physical space. It achieves this whilst presenting as a standard DPDK compatible Intel® E810 NIC to the host server on which it is installed. This is extremely useful as it means additional packet processing can be applied to network traffic transparently, without the need to modify the existing software architecture on the host server. In addition, network applications that were initially deployed on the host server, can be migrated to execute directly on the SmartNIC.
As an example, the following figures depict the before and after scenario when moving network application preprocessing from a host server to a Silicom IAONIC SmartNIC. Network application preprocessing may include IPsec/VPN, load balancing, TLS termination, encapsulation/decapsulation or compression/decompression, among others. Before the installation of the IAONIC, all preprocessing is carried out on the host server, consuming significant CPU resources.
In this scenario, the more preprocessing that is required, the less CPU resources available for the network application(s). As network data loads increase, this becomes a significant issue as further preprocessing is needed.
The figure below outlines the scenario where a Silicom IAONIC SmartNIC is installed in the host server. In this case, as the network preprocessing application was developed for an x86-based server, it can be easily migrated and deployed to the SmartNIC.
This is an extremely efficient and cost-effective solution. In this scenario, the network application has full availability of the host servers’ resources. The network preprocessing is effectively carried out transparently from the perspective of the host server. By deploying the network preprocessing directly to the SmartNIC, the server can handle more data and therefore the costs of scaling are reduced.
Use Cases
The following are some typical use cases that are ideal candidates for deployment on the Silicom IAONIC SmartNIC.
Enhancing Network Security
A powerful application of the Silicom IAONIC SmartNIC is the introduction of network security into existing network infrastructure. For example, an organization with many locations worldwide may be interested in enhancing their network security between locations using IPsec (Internet Protocol Security) tunnels. By replacing the standard NICs within the organization’s servers with the Silicom IAONIC SmartNICs, IPsec can be enabled transparently without modifying the configuration of the host server. This can be achieved by deploying the IPsec implementation directly to the SmartNICs either through the VPP, DPDK or Linux Kernel IPsec implementations. The IPsec tunnel performance is enhanced through the use of the Intel® P5000 series Atom processor as well as the onboard Intel® QAT engine.
Accelerating Load Balancing with TLS Termination
A beneficial application of the Silicom IAONIC SmartNIC is to deploy a load balancing server to the Silicom IAONIC SmartNIC. For example, Nginx can be deployed directly to the NIC instead of deploying the application within the host server, freeing up valuable CPU resources on the server itself. As well as the load balancing aspect, Nginx can act as a TLS termination point for HTTPS traffic, encrypting and decrypting network traffic as required. This feature can be accelerated using the Intel® QAT engine onboard the Silicom IAONIC SmartNIC.
Optimising Network Firewall
A network firewall application can be easily deployed to the Silicom IAONIC SmartNIC, freeing up either CPU resources on the host server, or physical space assuming the existing firewall is deployed on a separate network element. The onboard flexible packet processor ethernet switch, coupled with the firewall application of choice, can provide a very powerful and efficient firewall solution.
Enabling Network Monitoring
Network monitoring is becoming increasingly important in order to monitor network traffic characteristics, identify issues within the network, or analyse network traffic following a security breach. The CPU resources required to monitor network traffic would have a significant impact on a server’ performance where CPU resources are required for general packet processing. By installing the Silicom IAONIC SmartNIC on such servers, the network monitoring element can be deployed on the SmartNIC directly, and transparently from the host server. This means that the CPU resources on the host server remain available for critical tasks and applications.
Our Experience
Netadvia were contracted by Silicom to develop an accelerated IPsec networking reference application using the Silicom IAONIC. This reference application is used by Silicom customers to understand how to integrate similar acceleration capability into their custom applications. We developed a top-to-bottom solution that enables Silicom clients to configure and deploy applications to the SmartNIC through an easy-to-use user interface. This includes the capability to benchmark the deployed applications, in this case highlighting the impressive IPsec performance of the SmartNIC, particularly when utilising the onboard Intel® QAT engine.
We have also deployed and tested a range of use cases using technologies such as DPDK and VPP. We were very impressed with the overall performance and stability of the Silicom IAONIC SmartNIC when executing the use cases over extended periods. As this series of SmartNICs are x86-based, our performance and power optimisation techniques applied as they would on any x86-based application. In our experience, this is one of the primary benefits of this solution.
If you believe that you can benefit from Netadvia’s expertise in the integration and application of the Silicom IAONIC series of SmartNICs, please contact us.