A few weeks ago at the Light Reading NFV and Carrier SDN event, I was privileged to participate in a panel discussion about security in the virtualization era. Elizabeth Miller Coyne’s write up about the panel can be found here.
As is common in most of these situations, I was the only server infrastructure participant on the panel. Most people are solution providers, security solution providers or come from software application vendors. That makes sense – most NFV activity is centered around solution providers, and it’s a software-centric world. Maybe I’m a bit biased, but I like being the token infrastructure guy on the panel.
Why? Because no matter how server-based networking, NFV, heck, even virtualization, progress, every processed bit still needs to hit a server, and for those bits to hit a server they need to be transported over a network and through a network adapter.
We may not be front and center in everyone’s mind, but we are a critical element in the network, and we are becoming more and more important as server-based networking drives deeper and deeper into the edge of the data center.
One of the comments made was the standard challenge that data centers are running out of room and some simply do not have the space to add more servers. While we often talk about being “CPU-bound” or “memory-bound,” this is about being “real estate-bound.” Moore’s Law definitely does not say that data centers will expand 2X every 18 months.
My reply to being “real estate-bound” is to be more efficient. Using smart offloads and acceleration wherever possible instead of having to add more and more compute capacity is a great way to go. Deploying SmartNICs that can offload CPU cycles dedicated to server-based networking and accelerate network performance just makes sense. Not to mention, deploying zero-trust security, or security policies at every VM, is becoming more and more critical in today’s cloud environments. Today’s network adapters are simply not capable of running at full network speeds when security policies for every packet have to be processed by the CPU. 25GbE adapters can run as slow as 6Gb/s in this scenario while consuming half the server compute processing the security policies. That is not efficient, and you cannot scale dedicated firewall appliances or virtual appliances when it comes to securing every single VM.
“But there are companies creating firewalls that can be deployed in front of every VM, ” was said by one panelist.
Yes, there are some really interesting solutions available that do exactly that, but the question remains. “Where do these firewalls reside?” The answer is simple. They run on the x86 and steal precious CPU cycles from paying tenants and applications.
Server-based networking provides myriad benefits for service providers, clouds and enterprises. The challenge is in deploying software-based solutions that don’t eat up CPU cycles and impact datacenter performance. With our Agilio CX family of SmartNICs, Netronome is here to help.