Don't Panic.
There has been a great deal of press surrounding the Spectre and Meltdown vulnerabilities. This is increasing the number of questions we receive about our readiness to handle bug mitigation while the general-purpose processor companies address the flaws in their next generation chips and OS companies present us with patches.
Netronome’s products are not vulnerable to these attacks. Our Network Flow Processors (NFPs) are pure Harvard architecture processors that do neither out-of-order execution nor speculative execution. Our code and datapaths are separated and our caches are explicitly programmed. We are optimized to operate on network packets and are second to none at that task.
Some NIC offload companies are claiming that they mitigate the cost of Spectre and Meltdown operating system patches by bypassing the kernel on specific tasks like offloading reliable transport processing in a storage application. Indeed, if you are already using offload, you will reap the benefits of offload whether or not the host operating system has been patched. In a few cases, you might reclaim some lost performance incurred by the current set of fixes.
The full story is more nuanced because, comparatively, very few applications achieve full reliable transport offload. Our advice is to consider your application carefully to know when offload will help with these bugs and when it is used as a FUD-driven sales tactic.
Our OVS and eBPF/XDP offload solutions can also help mitigate the effects of these bug patches by removing kernel/user space transitions when delivering packets directly to user space, but offload and acceleration have very solid use cases on their own. So, if your application demands blindingly fast packet switching and security policy, we encourage you to consider Netronome.
Netronome
Subscribe
Categories
Recent Blogs
- What We Do
- Optimizing BPF: Smaller Programs for Greater Performance
- Open-Sourcing the CoreNIC Firmware
- Libkefir: All Your Rules in One Bottle
- Overcoming Tail Latency with Netronome SmartNICs
Archives
- February 2020
- January 2020
- September 2019
- July 2019
- June 2019
- February 2019
- January 2019
- November 2018
- October 2018
- September 2018
- August 2018
- May 2018
- April 2018
- March 2018
- February 2018
- November 2017
- September 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
Featured Author
Quentin Monnet
Quentin Monnet is a senior software engineer at Netronome, where he works on advanced technologies at the driver level, such as the software pieces of eBPF offload, and modestly contributes to several open source projects. Before joining Netronome, he was part of the Research & Development team at 6WIND, and was involved in European research projects that focused on fast, flexible and stateful packet processing for SDNs. Quentin holds a Ph.D. in Computer Science from Université Paris-Est, France.