This technology frees up computing resources on the application host, enabling you to improve workload density and focus on revenue generating applications.
Running networking and security functions on the data processing units improves the performance of network services such as switching, routing, load balancing, distributed firewalling, IDS/IPS, and network observability and provides granular networking and security close to the workloads.
A Data Processing Unit (i.e., DPU or SmartNIC) has its own CPU, Memory, I/O and various hardware accelerators. Virtualized networking and security solutions such as NSX run on the CPU complex in the DPU and make use of hardware accelerators and flow caches whenever they can for various computations.
In DPU-based Acceleration for NSX, the data plane functions are completely offloaded to the DPU. This enables accelerated performance in terms of network throughput and latency as the overall network stack does not have to go through numerous context switches to process the data.
DPU-based Acceleration for NSX offers high performance networking and security implemented on DPUs connected to the hosts. Offloading from the host frees up application resources while providing:
- Accelerated Networking: offloading network processing to the DPU improves network bandwidth, reduces latency, and frees up core CPU cycles for top application performance
- Enhanced Observability: enhanced topology views and flow and packet level analysis simplify capacity planning, anomaly detection, troubleshooting, and compliance without complex network TAP and SPAN infrastructure devices
- Performant Security at Scale: offloading network security functions to the DPU provides comprehensive security capabilities such as distributed firewalling and IDS/IPS with no impact on application and host performance
- Networking and security performance: offloading networking and security functions to the DPU enables line rate performance with no core CPU overhead and delivers a distributed firewall with L4-7 security without impacting network performance.
- Granular Security and Observability: DPU-based Acceleration leverages granular network segmentation to isolate devices and applications and prevent attacks from communicating with other parts of the network. Comprehensive observability across all network traffic flows makes it simpler to establish monitoring and incident response procedures to identify breaches in real time.
- Zero Trust Security: DPU-based Acceleration provides the building blocks for a performant zero-trust solution, providing workload-infrastructure isolation, complete stateful L7 controls, advanced threat prevention, strong perimeter defenses, and granular micro-segmentation with a single solution that provides consistent policy and automation across virtualized, containerized, and bare metal workloads.