This document discusses proposed IPsec functionality for securing VXLAN traffic in a datacenter. It describes using IPsec in transport mode with AES-CBC and HMAC-SHA1-96 to provide confidentiality, integrity and authentication. A new "vxlanipsec" interface type is proposed to handle VXLAN encapsulation/decap and ESP encapsulation/decap using DPDK cryptodev for hardware acceleration. Performance metrics show encap rates of 2.7-7.1 million packets per second for a single PMD instance on Intel hardware. Future work includes supporting GCM mode, IPsec tunnels, dynamic key re-keying and integrating with OVS and RTE_Security.
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Michelle Holley
Abstract: Intel® QuickAssist Technology improves performance and efficiency across the data center and other computing platforms by handling the compute-intensive operations of bulk cryptography, public key cryptography, and data compression. In this course, we will give an overview of the technology along with the summary of resources to get started with integrating Intel® QAT into your platform solutions. We will also demonstrate using Intel® QAT with applications such as OpenSSL, NGINX, and HAProxy, with a hands-on lab.
Speaker Bios:
Joel Auernheimer, a Platform Application Engineer at Intel, has been focused on enabling customers to integrate Intel® QuickAssist Technology in their platform solutions. Joel is a native of Phoenix, Arizona and enjoys hiking, basketball, soccer, singing, and spending time with friends and family.
Joel Schuetze has been with Intel since 1996. For the last 9+ years he has worked as Platform Application Engineer supporting customers with Intel QuickAssist Technology.
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Michelle Holley
Abstract: Intel® QuickAssist Technology improves performance and efficiency across the data center and other computing platforms by handling the compute-intensive operations of bulk cryptography, public key cryptography, and data compression. In this course, we will give an overview of the technology along with the summary of resources to get started with integrating Intel® QAT into your platform solutions. We will also demonstrate using Intel® QAT with applications such as OpenSSL, NGINX, and HAProxy, with a hands-on lab.
Speaker Bios:
Joel Auernheimer, a Platform Application Engineer at Intel, has been focused on enabling customers to integrate Intel® QuickAssist Technology in their platform solutions. Joel is a native of Phoenix, Arizona and enjoys hiking, basketball, soccer, singing, and spending time with friends and family.
Joel Schuetze has been with Intel since 1996. For the last 9+ years he has worked as Platform Application Engineer supporting customers with Intel QuickAssist Technology.
Quieting noisy neighbor with Intel® Resource Director TechnologyMichelle Holley
A typical computer server on the cloud hosted multiple VMs. Each VM hosted an independent application. The operation of a mixture of applications in cloud requires proper resource management and it's critical to QoS, this session is to study the impact of different neighbors on an application’s performance and to show how Intel® RDT can help to detect and mitigate a noisy-neighbor situation.
About the authors: Sunil is senior cloud performance engineer at Intel working on cloud performance and optimization for Oracle cloud. Prior to this he worked on service assurance and orchestration products for Openstack cloud. Sunil has 10+ years of experience working on different software products for server management. He holds Masters in Computer Science from IIT Chicago.
Khun Ban is a cloud performance engineer manager leading a team to optimize cloud performance and TCO. He has over twenty years of enterprise software development experience. His current focus is on providing customer with best cloud experience. He received his B.S. degree in Computer Science and Engineering from the University of Washington in 1995.
Intel développe une "ONP" (Open Network Platform) dit autrement un switch ouvert offrant les fonctions de base nécessaires au SDN. Si vous souhaitez connaitre le matériel utilisé, les stack logicielle exploitée et les compatibilité avec notamment les orchestrateurs, ce doc est fait pour vous.
Packet processing in the fast path involves looking up bit patterns and deciding on an actions at line rate. The complexity of these functions at Line Rate, have been traditionally handled by ASICs and NPUs. However with the availability of faster and cheaper CPUs and hardware/software accelerations, it is possible to move these functions onto commodity hardware. This tutorial will talk about the various building blocks available to speed up packet processing both hardware based e.g. SR-IOV, RDT, QAT, VMDq, VTD and software based e.g. DPDK, Fd.io/VPP, OVS etc and give hands on lab experience on DPDK and fd.io fast path look up with following sessions. 1: Introduction to Building blocks: Sujata Tibrewala
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel ArchitectureJim St. Leger
Venky Venkatesan presents information on the Data Plane Development Kit (DPDK) including an overview, background, methodology, and future direction and developments.
Paper describes optimization of bandwidth using dynamic creation and deletion of MPLS LSPs all managed by the router.
Builds on a unique concept to automatically manage and elastically grow and contract LSPs
About the author: Priya Autee is software engineer at Intel working on various leading edge IA features and Intel(R) RDT expert. She is focused on prototyping and researching open source APIs like DPDK, Intel(R) RDT etc. to support NFV/compute sensitive requirements on Intel Architecture. She holds Masters in Computer Science from Arizona State University, Arizona.
Quieting noisy neighbor with Intel® Resource Director TechnologyMichelle Holley
A typical computer server on the cloud hosted multiple VMs. Each VM hosted an independent application. The operation of a mixture of applications in cloud requires proper resource management and it's critical to QoS, this session is to study the impact of different neighbors on an application’s performance and to show how Intel® RDT can help to detect and mitigate a noisy-neighbor situation.
About the authors: Sunil is senior cloud performance engineer at Intel working on cloud performance and optimization for Oracle cloud. Prior to this he worked on service assurance and orchestration products for Openstack cloud. Sunil has 10+ years of experience working on different software products for server management. He holds Masters in Computer Science from IIT Chicago.
Khun Ban is a cloud performance engineer manager leading a team to optimize cloud performance and TCO. He has over twenty years of enterprise software development experience. His current focus is on providing customer with best cloud experience. He received his B.S. degree in Computer Science and Engineering from the University of Washington in 1995.
Intel développe une "ONP" (Open Network Platform) dit autrement un switch ouvert offrant les fonctions de base nécessaires au SDN. Si vous souhaitez connaitre le matériel utilisé, les stack logicielle exploitée et les compatibilité avec notamment les orchestrateurs, ce doc est fait pour vous.
Packet processing in the fast path involves looking up bit patterns and deciding on an actions at line rate. The complexity of these functions at Line Rate, have been traditionally handled by ASICs and NPUs. However with the availability of faster and cheaper CPUs and hardware/software accelerations, it is possible to move these functions onto commodity hardware. This tutorial will talk about the various building blocks available to speed up packet processing both hardware based e.g. SR-IOV, RDT, QAT, VMDq, VTD and software based e.g. DPDK, Fd.io/VPP, OVS etc and give hands on lab experience on DPDK and fd.io fast path look up with following sessions. 1: Introduction to Building blocks: Sujata Tibrewala
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel ArchitectureJim St. Leger
Venky Venkatesan presents information on the Data Plane Development Kit (DPDK) including an overview, background, methodology, and future direction and developments.
Paper describes optimization of bandwidth using dynamic creation and deletion of MPLS LSPs all managed by the router.
Builds on a unique concept to automatically manage and elastically grow and contract LSPs
About the author: Priya Autee is software engineer at Intel working on various leading edge IA features and Intel(R) RDT expert. She is focused on prototyping and researching open source APIs like DPDK, Intel(R) RDT etc. to support NFV/compute sensitive requirements on Intel Architecture. She holds Masters in Computer Science from Arizona State University, Arizona.
Abstract: Explore the packet I/O data path from a NIC across PCI-Express to cache/memory and understand how to build efficient CPU code for networked applications.
Speaker: Venky Venkatesan, Intel Fellow, Chief Architect – Packet Processing and Networking Applications
Extend HPC Workloads to Amazon EC2 Instances with Intel and Rescale (CMP373-S...Amazon Web Services
Cloud services built on compute-optimized EC2 instances can serve as your next-generation HPC platform. Learn how to utilize the Rescale platform on AWS to meet the ever-increasing demands on compute resources while avoiding costly capex investments. Custom Intel Xeon processors enable you to meet your HPC needs by taking advantage of the newest technologies in the cloud. This session is brought to you by AWS partner, Intel.
Intel® Select Solutions for the Network provide a faster means to address these challenges as we transition to 5G with pre-validated, optimized building blocks to help drive scale. Hear the what, why, when and where around Intel® Select Solutions for the Network.
HPC DAY 2017 | Accelerating tomorrow's HPC and AI workflows with Intel Archit...HPC DAY
HPC DAY 2017 - http://www.hpcday.eu/
Accelerating tomorrow's HPC and AI workflows with Intel Architecture
Atanas Atanasov | HPC solution architect, EMEA region at Intel
Intel® Xeon® Scalable Processors Enabled Applications Marketing GuideIntel IT Center
The Future-Ready Data Center platform is here. Whether you navigate in the High Performance Computing, Enterprise, Cloud, or Communications spheres, you will find an Intel® Xeon® processor that is ready to power your data center now and well into the future. An innovative approach to platform design in the Intel® Xeon® Scalable processor platform unlocks the power of scalable performance for today’s data centers—from the smallest workloads to your most mission-critical applications. Powerful convergence and capabilities across compute, storage, memory, network and security deliver unprecedented scale and highly optimized performance across a broad range of workloads—from high performance computing (HPC) and network functions virtualization, to advanced analytics and artificial intelligence (AI). Many examples here show how our software partner ecosystem has optimized their applications and/or taken advantage of inherent platform enhancements to deliver dramatic performance gains, that can translate into tangible business benefits.
Accelerating Virtual Machine Access with the Storage Performance Development ...Michelle Holley
Abstract: Although new non-volatile media inherently offers very low latency, remote access
using protocols such as NVMe-oF and presenting the data to VMs via virtualized interfaces such as virtio
adds considerable software overhead. One way to reduce the overhead is to use the Storage
Performance Development Kit (SPDK), an open-source software project that provides building blocks for
scalable and efficient storage applications with breakthrough performance. Comparing the software
paths for virtualizing block storage I/O illustrates the advantages of the SPDK-based approach. Empirical
data shows that using SPDK can improve CPU efficiency by up to 10 x and reduce latency up to 50% over
existing methods. Future enhancements for SPDK will make its advantages even greater.
Speaker Bio: Anu Rao is Product line manager for storage software in Data center Group. She helps
customer ease into and adopt open source Storage software like Storage Performance Development Kit
(SPDK) and Intelligent Software Acceleration-Library (ISA-L).
ONS 2018 LA - Intel Tutorial: Cloud Native to NFV - Alon Bernstein, Cisco & K...Kuralamudhan Ramakrishnan
The first wave of NFV was about taking a network function and running it as-is in a virtual environment. The web giants follow a different approach called Cloud Native. Cloud Native views the cloud as a huge distributed compute platform, applications are broken into micro-services and deployed in a container based environment using DevOps.
Communication Service Providers are looking to adopt Cloud Native, yet the existing Cloud Native principles are not sufficient to meet their business and NFV use case needs. In this session, Intel and Cisco will explore and share experiences addressing challenges, technology gaps and migration path to Cloud Native for NFV.
Join us to alleviate your concerns around data plane performance, control, and DevOps deployment when using micro-services, Containers, and Kubernetes implementations.
E5 Intel Xeon Processor E5 Family Making the Business Case Intel IT Center
This presentation highlights cloud computing advantages of the Intel® Xeon® processor E5 family and helps you make the business case for investing. Includes access to an ROI calculator.
Optimizing Apache Spark Throughput Using Intel Optane and Intel Memory Drive...Databricks
Apache Spark is a popular data processing engine designed to execute advanced analytics on very large data sets which are common in today’s enterprise use cases. To enable Spark’s high performance for different workloads (e.g. machine-learning applications), in-memory data storage capabilities are built right in.
However, Spark’s in-memory capabilities are limited by the memory available in the server; it is common for computing resources to be idle during the execution of a Spark job, even though the system’s memory is saturated. To mitigate this limitation, Spark’s distributed architecture can run on a cluster of nodes, thus taking advantage of the memory available across all nodes. While employing additional nodes would solve the server DRAM capacity problem, it does so at an increased cost. Intel(R) Memory Drive Technology is a software-defned memory (SDM) technology, which combined with an Intel(R) Optane(TM) SSD, expands the system’s memory.
This combination of Intel(R) Optane(TM) SSD with Intel Memory Drive Technology alleviates those memory limitations that are inherent to Spark, by making more memory available to the operating system and to Spark jobs, transparently.
Accelerating Apache Spark with Intel QuickAssist TechnologyDatabricks
Enterprise and cloud data centers are under pressure to continuously expand revenue-generating and value-added services, such as compute intensive and I/O-demanding Big Data solutions, which moves large amounts of data into and out of storage, and sends it across the networked clusters.
A significant amount of time and network bandwidth can be saved when the data is compressed before it is passed between servers, as long as the compression/decompression operations are efficient and require negligible CPU cycles. Intel QuickAssist Technology allows compute-intensive workloads, specifically compression, to be offloaded from the CPU core onto dedicated hardware accelerators. Intel Quick Assist Technology enables developers to create software solutions that leverage compression/decompression acceleration, accessing the technology through APIs in the Intel QuickAssist Software.
This talk provides developers with information on Intel QuickAssist Technology and presents some key use cases to provide background for them to understand how they can take advantage of the hardware-based compression acceleration and performance improvements available with Intel QuickAssist Technology in their Spark applications.
Intel's Data Center & Connected Systems Group and Diane Bryant shares the latest news on the latest Intel Xeon E5v2 family of processors and technologies like Intel Network Builders to enable the re-architecture of the Data Center.
Spring Hill (NNP-I 1000): Intel's Data Center Inference Chipinside-BigData.com
Today at Hot Chips 2019, Intel revealed new details of upcoming high-performance AI accelerators: Intel Nervana neural network processors, with the NNP-T for training and the NNP-I for inference. Intel engineers also presented technical details on hybrid chip packaging technology, Intel Optane DC persistent memory and chiplet technology for optical I/O.
"To get to a future state of ‘AI everywhere,’ we’ll need to address the crush of data being generated and ensure enterprises are empowered to make efficient use of their data, processing it where it’s collected when it makes sense and making smarter use of their upstream resources," said Naveen Rao, Intel vice president and GM, Artificial Intelligence Products Group. "Data centers and the cloud need to have access to performant and scalable general purpose computing and specialized acceleration for complex AI applications. In this future vision of AI everywhere, a holistic approach is needed—from hardware to software to applications.”
Learn more: https://www.intel.ai/accelerating-for-ai/?elq_cid=1192980
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
NFF-GO (YANFF) - Yet Another Network Function FrameworkMichelle Holley
NFF-Go is a framework allows developers to deploy performant cloud-native network functions much faster. NFF-Go internally implements low-level optimizations and can auto-scale to multicores using built-in capabilities to take advantage of Intel® architecture. NFF uses Data Plane Development Kit (DPDK) for efficient input/output (I/O) and Go programming language as a high-level, safe, productive language.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
10. Proposed IPsec functionality: Vxlanipsec Encap
Hypervisor 1
VM 1
Br-int
Vxlan
ipsec
0
Br0
dpdk0
Vhu-0
Payload
L4
Header
IP
Header
Ethernet
Header
• Packet Arrives at ‘vhu-0’ as follows
• Packet arrives at ‘vxlan-ipsec0’
Outer
IP
Header
Outer
Ethernet
Header
ESP
Header
IV
UDP
Header
VXLAN
Header
VXLAN ETH/IP UDP/VXLAN Headers
ESP Header/Initialization Vector
Original
packet
• Encap packet trailer built as follows
Original
packet
Cipher
Padding
ESP
Trailer
ESP
Digest
• Encap packet header built as follows
Padding/ESP trailer/Digest
11. Proposed IPsec functionality: Vxlanipsec Decap
Hypervisor 2
VM 2
Br-int
Vxlan
ipsec
1
Br1
dpdk1
Vhu-1
• Packet arrives at dpdk1 as follows:
ESP
Header
Encrypted Payload
ESP
Digest
Outer
IP
Header
Outer
Ethernet
Header
IV
UDP
Header
VXLAN
Header
Original
packet
Cipher
Padding
ESP
Trailer
• Encrypted Payload consists of:
• Packet routed to ‘vxlanipsec1’ for decap
• Use crypto dev to:
Payload
L4
Header
IP
Header
Ethernet
Header
• Validate Digest ü
• Decrypt payload ü
• Extract tunnel metadata.
• Pop vxlan/ESP headers and trailers for
recirculation.
12. Design Considerations
Intel ® QAT VDEV Crypto PMDCrypto Dev Creation
• Virtual Function attached
by user to userspace
driver prior to Open
vSwitch launch.
• Created at runtime via
VDEV init API.
RX Queue Pair Capabilities
• 2 queue pairs max per VF. • 8 queue pairs max by default
DPDK PMD requirements
• Intel ® QAT device.
• CONFIG_RTE_LIBRTE_PMD_QAT
• Intel ® Multi-Buffer Crypto for IPSec.
• CONFIG_RTE_LIBRTE_PMD_AESNI_MB
• CONFIG_RTE_LIBRTE_PMD_AESNI_GCM
13. Design Considerations cont.
Asynchronous Operations
• Cryptodev Operations are asynchronous regardless of HW/SW device i.e.
DPDK Cryptodev
• User configures 6 crypto ops and enqueues them to crypto device
• User requests to dequeue the 6 crypto ops from the crypto device
• May not receive 6 crypto ops on dequeue.
rte_cryptodev_enqueue_burst() rte_cryptodev_dequeue_burst()
16. Future Work
• Add GCM combined mode support.
• Add IPsec Tunnel support
• IKEv2: Support for dynamic re-keying
• Integrating with StrongSwan userspace plugin
• Community opinion on 3rd party support for feature.
• OVS architecture changes
• Packet batching with tunnels to replace single encap/decap.
• Integration with RTE_Security
• Enables HW acceleration for inline crypto.
