The popular xPU webcast series hosted by the SNIA Networking Storage Forum’s continued last month with an in-depth look at accelerator offload functions of the xPU. Our experts discussed the problems the xPUs solve, where in the system they live, and the functions they implement. If you missed the session, you can watch it on-demand and access the presentation slides at the SNIA Educational Library. The Q&A here offers additional insights into the role of the xPU.
Q. Since xPUs can see traffic on the host doesn’t that widen the surface area for exposure if it were to be compromised?
A. There is another aspect of this question: It depends on who owns control of the device and who’s allowed to run software there. If the organization that runs the infrastructure owns the xPU and controls the software that goes on there, then it can act as a security boundary to the rest of the host which might be running user software or other kinds of software. So, you can use the xPU as a security check in a security boundary and it actually could reduce the total attack surface or provide better security isolation. If you open up the xPU to be just another general-purpose micro server, then it has effectively the same attack surface as the hosting system, but you could run it in a mode or control it in a mode where it actually reduced the total attack service and make that a security boundary. That’s one of the interesting notions that’s come out in the industry on how xPUs can provide value.
Q. Before, the host internal-only traffic was only exposed if the host was compromised, but now if the xPU is compromised it might exfiltrate information without the host being aware. Cuts both ways – I get that it is a hardened domain…. but everything gets compromised eventually.
A. Any programmable offload engine or hypervisor in a deployment has this same consideration. The xPU is most similar to a hypervisor that is providing common services such as storage or packet forwarding (vswitch) to its VMs. See the previous answer for additional discussion.
Q. What are the specific offloads and functions that xPUs offer that NICs and HBAs don’t provide today?
A. From a storage offloads point of view, in addition to the data path offloads, the xPU has the integrated SOC CPU cores. Portions of the storage stack or the whole storage application and the control plane could be moved to the xPU.
The addition of accessible CPU cores, programmable pipelines, and directly usable offload engines, coupled to a general-purpose operating system, make the xPU fundamentally different from previous standard NIC- or HBA-based offloads. For the xPU, we’re now talking about the infrastructure services offloads with storage applications as one of the key use cases. For that reason, we have this new xPU terminology which describes this new type of device that offloads infrastructure services of the hypervisor functionality. With xPUs, the host CPU cores can be completely freed up for hosting customer applications, containers, and VMs. NICs and HBAs typically offload only specific network or storage functions. xPUs can run an expanded set of agents, data services or applications.
To summarize at a high-level, you have local switching both on the PCIe side and on the network side, together with general purpose processors, plus the degree of programmability of the accelerators and the flexibility in the ways you can use an xPU.
Q. When security offload is enabled, do we still need single flow 100G rate? Can you talk about use cases and where it may be needed?
A. If the application or workload needs 100G line rate (or any other single flow specific rate) encryption and integrity, you need to find a specific xPU model that supports the desired security offload rate. xPU models will have varying capabilities. Typical workloads which might require this scale of single flow rate include storage access across a local network, AI workloads, technical computing, video processing, and large-scale streaming.
Q. When will you be hosting the next xPU webcast?
A. We’re glad you asked! The third presentation in this series will be “xPU Deployment and Solutions Deep Dive” on August 24, 2022 where we will explain key considerations on when, where and how to deploy xPUs. You can register here.