VMware vSphere has the capability to run on DPUs, which allows it to offload networking and NSX services to a DPU like NVIDIA BlueField. In a previous VROOM blog post, we discussed the advantages of using NVIDIA’s BlueField DPU with VMware vSphere 8. In this iteration, we take a closer look at offloading security tasks to the DPU.
In a technical white paper, BWI GmbH, VMware, and NVIDIA jointly tested how offloading security features like distributed firewalling to the DPU enhances network performance in highly secure environments, even those with hundreds or thousands of firewall rules. Our results show that we can achieve close to line-rate network throughput when using an NVIDIA BlueField-2 DPU with vSphere to accelerate networking and firewall functions, even in the presence of thousands of firewall rules.
We show how the fully accelerated DPU mode almost completely frees up the CPU cores on the host from network and firewall tasks. This will enable these cores to process applications in isolation for maximum performance without much interference from sharing the CPU resources with other tasks. We also conduct tests with a high CPU load on the host platform to demonstrate how it does not impact the DPU’s performance while still maintaining close to line-rate network throughput in the accelerated mode.
Enterprise cloud deployments require virtualization and flexibility with high levels of granular security and performance. This paper shows how using VMware vSphere with NSX and the NVIDIA DPU delivers network microsegmentation with thousands of firewall rules, all without slowing down network throughput or consuming too much of the host CPU resources for security tasks.
To learn more, download the white paper: Optimizing Networking and Security Performance Using VMware vSphere and NVIDIA BlueField DPU with BWI.
About the authors
Karthik Ganesan is a staff 2 performance architect at VMware R&D with a focus on vSphere performance. Before joining VMware, he was a principal performance engineer at Oracle where he led many successful cross-stack performance projects. He has broad experience in cloud systems performance with special interests in machine learning, hardware acceleration, resource management, operating systems, middleware (K8s and Java) and virtualization. He obtained his PhD in computer engineering from the University of Texas at Austin. He holds multiple US patents, has given talks, and published book chapters and numerous papers at reputed computer science conferences.
Motti Beck is Sr. Dir. Enterprise Market Dev. at NVIDIA Networking Mellanox. Prior to that, he was a VP&GM at DuPont Photomask and a founder and CEO of BindKey Technologies that provided deep submicron semiconductors verification solutions and was acquired by DuPont Photomask and a COO of Butterfly Communications, a pioneering startup provider of Bluetooth solutions that was acquired by Texas Instrument. Motti holds B.Sc in computer engineering from the Technion–Israel Institute of Technology.