HPE’s networking subsidiary Aruba has added data processing units to a switch.
Data processing units (DPUs) – aka SmartNICs or “infrastructure processing units” (IPUs) – are small computers integrated into a network adapter. Hyperscale operators adopted the devices to relieve servers of chores ranging from handling I/O to external storage or running network services under software-defined networks. DPUs/IPUs/SmartNICs are also valued for adding isolation to components in a data centre, which helps for security purposes.
VMware, Nvidia, and Intel have backed the devices as a new and vital tier of enterprise data centres, and are endeavouring to make them work in mainstream servers any month now with the suggestion that they are a splendid place to spin up network-centric workloads as needed.
A common scenario for the devices imagines a server spawning a container that’s part of a microservice, at which point a firewall and load balancer run on the DPU to secure the resulting traffic alongside the NIC’s other packet-schlepping tasks. The server just runs the container and – because it’s not also firewalling or load-balancing – has expensive Intel Xeon or AMD EPYC cores available for more important work.
Aruba likes that idea so much it has added DPUs from Pensando – to a switch.
As explained to The Register by Aruba veep William Choe, the company feels that switches can use a hand from a DPU both because East-West traffic in the data centre is growing (thanks to microservices and microsegmentation) and because switches are an ideal place to inspect traffic before it reaches other, more sensitive parts of a network.
The company’s new offering therefore allows the creation and application of port-level security policies that are tuned to the needs of each application, or even each microsegment. Those policies run inline on the DPU.
Aruba already sells a firewall and load balancer as part of its edge services offering. That software now runs on the DPU. Choe suggested encryption as another service to run on a DPU.
The Register asked Choe why Aruba chose to use DPUs instead of baking this functionality into ASICs that are a core part of the switch – a long-standing practice among makers of networking appliances. He responded that DPUs offer a cheaper and faster route to the desired outcome.
“A switch historically moves packets and that is a static function,” Choe said. By putting extra functionality in a switch – but on a DPU – Aruba thinks it has found a happy medium.
Aruba’s DPUs come from a company called Pensando that, not coincidentally, has attracted investment from Aruba.
The machine hosting the DPUs is called the CX 10000, and Aruba is billing it as a “Distributed Services Switch” – and an evolution from switching fabrics.
Choe opined that the device will appeal to the DPU-curious because it lets them adopt the devices without having to upgrade or acquire new servers. Switch buyers, he added, are more likely to upgrade as traffic increases place networks under pressure.
The CX 10000 is currently being beta tested by select customers, but is scheduled to go on sale in early 2022. At this stage that looks to be in advance of the timeframe for Intel, VMware, or Nvidia to formally offer a DPU/IPU/SmartNIC product. The tech may therefore first debut in switches, despite over a year of noise about its importance to servers. ®