Making Good, Informed Choices in a Meltdown/Spectre World

By Netronome | Mar 19, 2018
Don't Panic.

There has been a great deal of press surrounding the Spectre and Meltdown vulnerabilities. This is increasing the number of questions we receive about our readiness to handle bug mitigation while the general-purpose processor companies address the flaws in their next generation chips and OS companies present us with patches.

Netronome’s products are not vulnerable to these attacks. Our Network Flow Processors (NFPs) are pure Harvard architecture processors that do neither out-of-order execution nor speculative execution. Our code and datapaths are separated and our caches are explicitly programmed. We are optimized to operate on network packets and are second to none at that task.

Some NIC offload companies are claiming that they mitigate the cost of Spectre and Meltdown operating system patches by bypassing the kernel on specific tasks like offloading reliable transport processing in a storage application. Indeed, if you are already using offload, you will reap the benefits of offload whether or not the host operating system has been patched. In a few cases, you might reclaim some lost performance incurred by the current set of fixes.

The full story is more nuanced because, comparatively, very few applications achieve full reliable transport offload. Our advice is to consider your application carefully to know when offload will help with these bugs and when it is used as a FUD-driven sales tactic.

Our OVS and eBPF/XDP offload solutions can also help mitigate the effects of these bug patches by removing kernel/user space transitions when delivering packets directly to user space, but offload and acceleration have very solid use cases on their own. So, if your application demands blindingly fast packet switching and security policy, we encourage you to consider Netronome.