面向数据中心的巨大突破NVIDIADPU集数据中心于芯片（中英）

1、2数据中心的处理器 演进与挑战数据中心的变革 以数据为中心21st Century Unit of ComputingDPUGPUCPU3Accelerated Disaggregated Infrastructure (ADI)数据中心变成了新的计算单元NVIDIA NetworkingSoftware defined, Hardware-accelerated DPU (data processing unit)DPU essential to disaggregate resources & make composable ADIAccelerated ComputingGPU: AI

2、& machine learningGPU critical for AI & machine learning Every workload will become AI Accelerated4软件定义和硬件加速成为数据中心的核心Software Defined SecurityDistributed IDS/IPS NG FirewallSoftware Defined StoragevRoutervSwitchVMs & ContainersSoftware Defined NetworkingNVMe-oFData Storage Direct EncryptionMicroDDOS

3、 Segmentation PreventionTelco/NFVElastic StorageRoot of TrustCompression DeDupNAT/Load Balancer5DPU 成为大势所趋Software Defined Data Center Infrastructure-on-a-Chip软件定义的数据中心架构级芯片To Software Defined Infrastructure on CPUTo Software Defined Infrastructure on DPUFrom Hardware AppliancesManagementStorageSecu

4、rityNetworkingNVIDIA NICSoftware-defined SecuritySoftware-defined NetworkingSoftware-defined StorageInfrastructure ManagementAcceleration EnginesNVIDIA DPU with Arm Cores & AcceleratorsSoftware-defined NetworkingSoftware-defined SecuritySoftware-defined StorageInfrastructure ManagementAcceleration E

5、ngines67NVIDIA DPU数据中心级处理器架构总览8BLUEFIELD-2 DPU数据处理单元Data Center Infrastructure-on-a-Chip数据中心架构级芯片69 亿 Transistors8 个 64-bit Arm CPUs Cores 双 16-way VLIW Engine 100 Gbps 的 IPsec 性能50 Gbps 的 RegEx 性能 100 Gbps Video Streaming 5 百万 NVMe IOPs相当于 125 个 x86 CPU Cores 的工作BLUEFIELD-2 DPU 功能示意图200 Gbps Ethern

6、et & InfiniBand, NRZ & PAM4 modulationPowered by ConnectX-6 Dx8 ARM A72 CPUs subsystem in a Tile architecture8MB L2 cache, 6MB L3 cache in 4 TilesARM Frequency up-to 2.5GHzFully integrated PCIe switch, 16 bi-furcated Gen4.0Root Complex or End Point modes1GbE Out-of-Band management port16 lanes PCIe

7、Gen3/49BLUEFIELD-2 全面提升应用效率单一 DPU 硬件加速和 CPU 软件执行效率对照一览10X15X30X50XMALWARE PATTERN MATCHINGVIDEO STREAMINGIPSEC ENCRYPTIONELASTIC BLOCK STORAGE2.5XCLOUD OVERLAY NETWORKING150X10NG STATEFUL FIREWALL11DPU 在安全、存储和云 场景的应用12SECURED HARDWARESecure FW upgrade Root-of-Trust Arm trust zoneDPU 数据中心的安全保障Integra

8、ted Security for modern data center needsADVANCED L4-L7 SECURITYCRYPTO ACCELERATIONPROGRAMMABILTY & ISOLATIONNG stateful firewall Deep Packet Inspection Host introspectionData-in-motion enc.Data-at-rest enc.Public Key AccelerationHardened Isolation Micro-Segmentation Programmable algo.13数据中心的安全防护正在由

9、外围向内部转移Software Defined Networking (SDN)Encryption (Software)L4-L7 InspectionWorkloadSoftwaredefinedStorage (SDS)WorkloadFirewall / Micro-segmentationNICOptionalDPUL4-L7 InspectionU-SegmentationNGFW / CryptoSDN & SDSIDSNGFWAnti- Malware核心数据中心边缘 IsolationIT OpsCloud ServerCloud ServerDevOpsWITHOUT DP

10、UWITH DPUIT OpsDevOpsWorkloadWorkloadWorkloadWorkloadWorkloadWorkload最安全的 DPU - BLUEFIELD-2Trust Shifts to the DPURoot-of-TrustStateful FirewallInline Crypto AcceleratorsDeep Packet InspectionIsolated Security Control PlaneFull Isolation from the HostCPUGPUNetwork TrafficDistributed NG FirewallIDS/I

11、PSDDOSPreventionMicro SegmentationRoot of Trust14Better SecuritySmaller attack surfaceReal-time reaction to threats Security in every host & workload Transparent cryptography在云上提升安全性能 让云更安全Shifting the trust to NVIDIA DPUBetter TCOOpex savings Capex savingsBetter PerformanceHardware acceleratedInlin

12、e networking & storage acceleration Seamless integrative securityFull visibility15UNPARALLELED PERFORMANCESTORAGE SECURITYSECRET SAUCEDual 100Gbps or single 200Gbps Up to 5.4M IOPs 4KBLowest latency NVMe-oF accelerationDPU 让存储更安全高效Storage Agility Meets Best-in-Class Hardware AccelerationData-at-rest

13、 AES-XTS encryption Authentication services Protection between usersNVMe SNAP / Virtio-blk SNAP Integrated data & control planes Data (De)Compression Deduplication16BLUEFIELD 面向弹性块存储的 SNAP 技术支持各种存储应用场景 : DAS, Scale-UP, Scale-OUT, Hyperconverged 等Remote Storage Access NVMe-oF & RDMA offload iSCSI, iS

14、ER, NFS, CEPHHyperconverged Local Storage Access Direct/IndirectIndirectDirectNVME SNAPEmulated Interfaces on PCIeNVMe SNAP / virtio-blk SNAP1718DPU 让存储更灵活、易重构Emulates remote storage to appear as local to the host OSDynamically assigned storage, not bound by physical capacityVirtualized or Bare Meta

15、l CloudOver-provisioning, scaled to rack/cluster Inbox standard driversOS agnostic - supports legacy OSs重塑企业云的效益Compute PlatformsHOST OSRemote StorageVirtio-blkDPU SNAP FrameworkNVMe19越来越多的应用需要更先进的网络技术Kubernetes typically runs modern workloads: data-driven, real-time and highly distributedMicroservi

16、ces run on multiple, arbitrary serversEach microservice runs multiple timesMicroservices generate intensive east-west data movements High-throughput, low-latency is imperativeMonolithic ArchitectureMicroservice ArchitectureLimited CommunicationUIData Access Layer Business LogicUIMicroserviceMicroser

17、viceMicroserviceMicroserviceMassive Communication20Accelerating all pod-to-pod, ClusterIP service communicationFull upstream solution, integrated into Linux kernel, OVS and OVN communitiesFlexible solution for accelerating the primary network (Kubernetes API) or secondary network with meta CNI (Mult

18、us)Leverage advanced offloads including overlay network encap/decap, connection tracking and NATDPU 赋能 OVN SDNOVS 操作和 OVN 控制被卸载到 BlueField-2 DPUsHostHostPodPodOVS PipelineOVN ControllerOVN K8S CNINICOVN K8S CNIDPUOVN ControllerOVS Pipeline从数据平面和控制平面加速 GPUDIRECT RDMAAccelerating GPU-to-GPU communicat

19、ions by employing RDMA to offload the CPU and host memory Highest throughput and lowest communication latency for GPUs commsGPUMemoryPCIeNode 1NetworkCPUGPUCPUMemoryGPUMemoryPCIeNode 2CPUGPUCPUMemoryDPUDPU21将管理云一样管理 BARE-METAL 系统Software-defined NetworkingBare-Metal Cloud SecurityStorage-Defined Sto

20、rageFull-featured SDN capabilitiesFull orchestration through upstream OpenStack Neutron APIsComplete host isolation for the tenants workloadNo security agents running on servers with impact on performanceVirtualized storage flexibility with local storage performance Dynamically allocates cloud stora

21、ge and back-ups in the storage cloud22Limited to network security with ACLsNo visibility to the hosts workloads, failing to implement effective security strategiesIncreased surface for east-west attacksSecurity Policy in TOR SwitchTenants DomainProviders DomainNICBare-Metal HostSecurity Policy BlueF

22、ield-2 DPUComplete isolation of the security enforcement from the tenants workloadEnabling diverse cyber security solutions, enhancing data-center securityNo need to install agents on serversNo impact on server performanceBLUEFIELD 保障 BARE-METAL KUBERNETES 的安全Applying Security Policies on BlueField-

23、2 Arm, Fully Isolated from the Hosts CPU and OSTOR SwitchApplying Security Policies on TOR SwitchCPUGPUTOR SwitchCPUBare-Metal Host23Limited to no SDN capabilitiesOrchestration through proprietary TOR switch vendor pluginsMandates proprietary network driver installation in bare-metal hostNetworking

24、in TOR SwitchTenants DomainProviders DomainNICBare-Metal HostSDN Integration with BlueField-2 DPUFull-featured SDN hardware-accelerated capabilitiesFull orchestration through upstream OpenStackNo installation of network driver in bare-metal hostBLUEFIELD 在 BARE-METAL 云上实现了 SDNApplying Neutron OVS L2

25、 Agent on BlueField-2 ArmTOR SwitchOpenStack Policies on TOR SwitchCPUGPUTOR SwitchCPUBare-Metal Host24Bound by physical storage capacityNo backup service or limited local RAID No option to manage storage resources No migration of resourcesLocal Physical Drive in BM HostTenants DomainProviders Domai

26、nNICBare-Metal HostNVMe SNAP on BlueField-2 DPUSame flexibility as virtualized storageBacked-up in the storage cloudDynamically allocated cloud storageOS agnostic, only NVMe driver neededTOR SwitchBare-Metal HostBLUEFIELD 在 BARE-METAL 云上实现了 SDSRemote StorageTOR SwitchOpenStack Policies on TOR Switch

27、CPUCPU2526DPU 的应用案例分享27云 ：NVIDIA & VMWARE 在混合云上强强联手Run Modern Workloads Efficiently Over New Composable, Disaggregated InfrastructureBare Metal Linux &WindowsIsolationNetwork and Security: NSX SvcsCompute HypervisorStorage: VSAN DataESXiHost ManagementDPUProject Monterey28Todays EnvironmentNetwork &

28、 Security: NSX SvcsCompute HypervisorStorage: VSAN DataESXiHost Management新一代的 VMware cloud foundation 架构Bare Metal Linux & WindowsIsolation LayerCompute HypervisorESXiToPdraoyjescEt nMvoirnotnemreeyntORNICDPUNetwork & Security NSXStorage VSAN DataHost Management云：构建新一代的 VMWARE CLOUD FOUNDATION 架构存储

29、：全自动运维、横向可扩展的 NVME-OF 存储Automated provisioning of networked storage to servers without using any host resourcesData analytics, ML/AI on any OS or hypervisor can now take advantage of scale-out NVMe storageInstantly attach/detach data sets and storage, and replace failed components in secondsHigh per

30、formance, continuously adaptable infrastructure for data-intensive applicationsDriveScale Blog29安全：主机无需安全代理的 (AGENTLESS) SEGMENTATIONGuardicore introduces complete network level visibility. Tracks connections and reports network events and their verdictGuardicore enforcement policy is accelerate by

31、the DPU hardware by offloading the segmentation rulesGuardicore agents running on BlueField cores in a separated trusted domain, enforce policies even on a compromised hostGuardicore CentraBlueField-2 DPULINUX OSGUARDICORE AGENTBare-Metal HostOVSBare-Metal ServerGuardicore Blog30安全： DPU 加速 CHECK POI

32、NT INFINITY CLOUDCheck Point Infinity Nano-agents are deployed on the NVIDIA DPU to protect, isolate and accelerate the cloud and edgeThe DPU & the Nano-agents enforce the distributed security policy created by the Infinity centralized managementCheckPoint Tech & Nvidia are working together to accel

33、erate security services with AI on every compute nodeProtect, isolate and accelerate the cloud and edgeHostWorkloadWorkloadNano-Agent31WorkloadDPUCheckPoint Blog32基于 DOCA SDK 的应用 开发指南33SDK for BlueField DPUsOpen source APIs DPDK, SPDK, P4Certified reference apps & 3rd party solutionsSupport for mult

34、iple OSNVIDIA DOCA 介绍Data Center Infrastructure-on-a-Chip Architecture 数据中心级架构芯片的 软件架构StorageSPDKSecurityDPDKNetworkingDPDK / P4DOCA SDKINFRASTRUCTURE APPLICATIONSASAP2CRYPTORoTRDMASNAPManagementTelemetryInfrastructure ManagementSoftware-defined StorageSoftware-defined SecuritySoftware-defined Netwo

35、rking一个 DPU 方案满足所有客户的需求Open PlatformVMWare based SolutionFull Solution & EcosystemToday20212021BlueField-2 DPUDOCA SDKCustomer AppsVMwareDOCA SDK3rd Party AppsBlueField-2 DPUBlueField-2 DPU34与合作伙伴共建 DPU 生态系统Storage ISVs | Security ISVs | Infrastructure35完善的 NVIDIA 认证体系Servers Designed and Optimized for Accelerated ComputingPerformance OptimizedAccelerated Compute and I/O