面向數(shù)據(jù)中心的巨大突破NVIDIADPU集數(shù)據(jù)中心于芯片（中英）

1、2數(shù)據(jù)中心的處理器 演進(jìn)與挑戰(zhàn)數(shù)據(jù)中心的變革 以數(shù)據(jù)為中心21st Century Unit of ComputingDPUGPUCPU3Accelerated Disaggregated Infrastructure (ADI)數(shù)據(jù)中心變成了新的計(jì)算單元NVIDIA NetworkingSoftware defined, Hardware-accelerated DPU (data processing unit)DPU essential to disaggregate resources & make composable ADIAccelerated ComputingGPU: AI

2、& machine learningGPU critical for AI & machine learning Every workload will become AI Accelerated4軟件定義和硬件加速成為數(shù)據(jù)中心的核心Software Defined SecurityDistributed IDS/IPS NG FirewallSoftware Defined StoragevRoutervSwitchVMs & ContainersSoftware Defined NetworkingNVMe-oFData Storage Direct EncryptionMicroDDOS

3、 Segmentation PreventionTelco/NFVElastic StorageRoot of TrustCompression DeDupNAT/Load Balancer5DPU 成為大勢所趨Software Defined Data Center Infrastructure-on-a-Chip軟件定義的數(shù)據(jù)中心架構(gòu)級芯片To Software Defined Infrastructure on CPUTo Software Defined Infrastructure on DPUFrom Hardware AppliancesManagementStorageSecu

4、rityNetworkingNVIDIA NICSoftware-defined SecuritySoftware-defined NetworkingSoftware-defined StorageInfrastructure ManagementAcceleration EnginesNVIDIA DPU with Arm Cores & AcceleratorsSoftware-defined NetworkingSoftware-defined SecuritySoftware-defined StorageInfrastructure ManagementAcceleration E

5、ngines67NVIDIA DPU數(shù)據(jù)中心級處理器架構(gòu)總覽8BLUEFIELD-2 DPU數(shù)據(jù)處理單元Data Center Infrastructure-on-a-Chip數(shù)據(jù)中心架構(gòu)級芯片69 億 Transistors8 個 64-bit Arm CPUs Cores 雙 16-way VLIW Engine 100 Gbps 的 IPsec 性能50 Gbps 的 RegEx 性能 100 Gbps Video Streaming 5 百萬 NVMe IOPs相當(dāng)于 125 個 x86 CPU Cores 的工作BLUEFIELD-2 DPU 功能示意圖200 Gbps Ethern

6、et & InfiniBand, NRZ & PAM4 modulationPowered by ConnectX-6 Dx8 ARM A72 CPUs subsystem in a Tile architecture8MB L2 cache, 6MB L3 cache in 4 TilesARM Frequency up-to 2.5GHzFully integrated PCIe switch, 16 bi-furcated Gen4.0Root Complex or End Point modes1GbE Out-of-Band management port16 lanes PCIe

7、Gen3/49BLUEFIELD-2 全面提升應(yīng)用效率單一 DPU 硬件加速和 CPU 軟件執(zhí)行效率對照一覽10X15X30X50XMALWARE PATTERN MATCHINGVIDEO STREAMINGIPSEC ENCRYPTIONELASTIC BLOCK STORAGE2.5XCLOUD OVERLAY NETWORKING150X10NG STATEFUL FIREWALL11DPU 在安全、存儲和云 場景的應(yīng)用12SECURED HARDWARESecure FW upgrade Root-of-Trust Arm trust zoneDPU 數(shù)據(jù)中心的安全保障Integra

8、ted Security for modern data center needsADVANCED L4-L7 SECURITYCRYPTO ACCELERATIONPROGRAMMABILTY & ISOLATIONNG stateful firewall Deep Packet Inspection Host introspectionData-in-motion enc.Data-at-rest enc.Public Key AccelerationHardened Isolation Micro-Segmentation Programmable algo.13數(shù)據(jù)中心的安全防護(hù)正在由

9、外圍向內(nèi)部轉(zhuǎn)移Software Defined Networking (SDN)Encryption (Software)L4-L7 InspectionWorkloadSoftwaredefinedStorage (SDS)WorkloadFirewall / Micro-segmentationNICOptionalDPUL4-L7 InspectionU-SegmentationNGFW / CryptoSDN & SDSIDSNGFWAnti- Malware核心數(shù)據(jù)中心邊緣 IsolationIT OpsCloud ServerCloud ServerDevOpsWITHOUT DP

10、UWITH DPUIT OpsDevOpsWorkloadWorkloadWorkloadWorkloadWorkloadWorkload最安全的 DPU - BLUEFIELD-2Trust Shifts to the DPURoot-of-TrustStateful FirewallInline Crypto AcceleratorsDeep Packet InspectionIsolated Security Control PlaneFull Isolation from the HostCPUGPUNetwork TrafficDistributed NG FirewallIDS/I

11、PSDDOSPreventionMicro SegmentationRoot of Trust14Better SecuritySmaller attack surfaceReal-time reaction to threats Security in every host & workload Transparent cryptography在云上提升安全性能 讓云更安全Shifting the trust to NVIDIA DPUBetter TCOOpex savings Capex savingsBetter PerformanceHardware acceleratedInlin

12、e networking & storage acceleration Seamless integrative securityFull visibility15UNPARALLELED PERFORMANCESTORAGE SECURITYSECRET SAUCEDual 100Gbps or single 200Gbps Up to 5.4M IOPs 4KBLowest latency NVMe-oF accelerationDPU 讓存儲更安全高效Storage Agility Meets Best-in-Class Hardware AccelerationData-at-rest

13、 AES-XTS encryption Authentication services Protection between usersNVMe SNAP / Virtio-blk SNAP Integrated data & control planes Data (De)Compression Deduplication16BLUEFIELD 面向彈性塊存儲的 SNAP 技術(shù)支持各種存儲應(yīng)用場景 : DAS, Scale-UP, Scale-OUT, Hyperconverged 等Remote Storage Access NVMe-oF & RDMA offload iSCSI, iS

14、ER, NFS, CEPHHyperconverged Local Storage Access Direct/IndirectIndirectDirectNVME SNAPEmulated Interfaces on PCIeNVMe SNAP / virtio-blk SNAP1718DPU 讓存儲更靈活、易重構(gòu)Emulates remote storage to appear as local to the host OSDynamically assigned storage, not bound by physical capacityVirtualized or Bare Meta

15、l CloudOver-provisioning, scaled to rack/cluster Inbox standard driversOS agnostic - supports legacy OSs重塑企業(yè)云的效益Compute PlatformsHOST OSRemote StorageVirtio-blkDPU SNAP FrameworkNVMe19越來越多的應(yīng)用需要更先進(jìn)的網(wǎng)絡(luò)技術(shù)Kubernetes typically runs modern workloads: data-driven, real-time and highly distributedMicroservi

16、ces run on multiple, arbitrary serversEach microservice runs multiple timesMicroservices generate intensive east-west data movements High-throughput, low-latency is imperativeMonolithic ArchitectureMicroservice ArchitectureLimited CommunicationUIData Access Layer Business LogicUIMicroserviceMicroser

17、viceMicroserviceMicroserviceMassive Communication20Accelerating all pod-to-pod, ClusterIP service communicationFull upstream solution, integrated into Linux kernel, OVS and OVN communitiesFlexible solution for accelerating the primary network (Kubernetes API) or secondary network with meta CNI (Mult

18、us)Leverage advanced offloads including overlay network encap/decap, connection tracking and NATDPU 賦能 OVN SDNOVS 操作和 OVN 控制被卸載到 BlueField-2 DPUsHostHostPodPodOVS PipelineOVN ControllerOVN K8S CNINICOVN K8S CNIDPUOVN ControllerOVS Pipeline從數(shù)據(jù)平面和控制平面加速 GPUDIRECT RDMAAccelerating GPU-to-GPU communicat

19、ions by employing RDMA to offload the CPU and host memory Highest throughput and lowest communication latency for GPUs commsGPUMemoryPCIeNode 1NetworkCPUGPUCPUMemoryGPUMemoryPCIeNode 2CPUGPUCPUMemoryDPUDPU21將管理云一樣管理 BARE-METAL 系統(tǒng)Software-defined NetworkingBare-Metal Cloud SecurityStorage-Defined Sto

20、rageFull-featured SDN capabilitiesFull orchestration through upstream OpenStack Neutron APIsComplete host isolation for the tenants workloadNo security agents running on servers with impact on performanceVirtualized storage flexibility with local storage performance Dynamically allocates cloud stora

21、ge and back-ups in the storage cloud22Limited to network security with ACLsNo visibility to the hosts workloads, failing to implement effective security strategiesIncreased surface for east-west attacksSecurity Policy in TOR SwitchTenants DomainProviders DomainNICBare-Metal HostSecurity Policy BlueF

22、ield-2 DPUComplete isolation of the security enforcement from the tenants workloadEnabling diverse cyber security solutions, enhancing data-center securityNo need to install agents on serversNo impact on server performanceBLUEFIELD 保障 BARE-METAL KUBERNETES 的安全Applying Security Policies on BlueField-

23、2 Arm, Fully Isolated from the Hosts CPU and OSTOR SwitchApplying Security Policies on TOR SwitchCPUGPUTOR SwitchCPUBare-Metal Host23Limited to no SDN capabilitiesOrchestration through proprietary TOR switch vendor pluginsMandates proprietary network driver installation in bare-metal hostNetworking

24、in TOR SwitchTenants DomainProviders DomainNICBare-Metal HostSDN Integration with BlueField-2 DPUFull-featured SDN hardware-accelerated capabilitiesFull orchestration through upstream OpenStackNo installation of network driver in bare-metal hostBLUEFIELD 在 BARE-METAL 云上實(shí)現(xiàn)了 SDNApplying Neutron OVS L2

25、 Agent on BlueField-2 ArmTOR SwitchOpenStack Policies on TOR SwitchCPUGPUTOR SwitchCPUBare-Metal Host24Bound by physical storage capacityNo backup service or limited local RAID No option to manage storage resources No migration of resourcesLocal Physical Drive in BM HostTenants DomainProviders Domai

26、nNICBare-Metal HostNVMe SNAP on BlueField-2 DPUSame flexibility as virtualized storageBacked-up in the storage cloudDynamically allocated cloud storageOS agnostic, only NVMe driver neededTOR SwitchBare-Metal HostBLUEFIELD 在 BARE-METAL 云上實(shí)現(xiàn)了 SDSRemote StorageTOR SwitchOpenStack Policies on TOR Switch

27、CPUCPU2526DPU 的應(yīng)用案例分享27云 ：NVIDIA & VMWARE 在混合云上強(qiáng)強(qiáng)聯(lián)手Run Modern Workloads Efficiently Over New Composable, Disaggregated InfrastructureBare Metal Linux &WindowsIsolationNetwork and Security: NSX SvcsCompute HypervisorStorage: VSAN DataESXiHost ManagementDPUProject Monterey28Todays EnvironmentNetwork &

28、 Security: NSX SvcsCompute HypervisorStorage: VSAN DataESXiHost Management新一代的 VMware cloud foundation 架構(gòu)Bare Metal Linux & WindowsIsolation LayerCompute HypervisorESXiToPdraoyjescEt nMvoirnotnemreeyntORNICDPUNetwork & Security NSXStorage VSAN DataHost Management云：構(gòu)建新一代的 VMWARE CLOUD FOUNDATION 架構(gòu)存儲

29、：全自動運(yùn)維、橫向可擴(kuò)展的 NVME-OF 存儲Automated provisioning of networked storage to servers without using any host resourcesData analytics, ML/AI on any OS or hypervisor can now take advantage of scale-out NVMe storageInstantly attach/detach data sets and storage, and replace failed components in secondsHigh per

30、formance, continuously adaptable infrastructure for data-intensive applicationsDriveScale Blog29安全：主機(jī)無需安全代理的 (AGENTLESS) SEGMENTATIONGuardicore introduces complete network level visibility. Tracks connections and reports network events and their verdictGuardicore enforcement policy is accelerate by

31、the DPU hardware by offloading the segmentation rulesGuardicore agents running on BlueField cores in a separated trusted domain, enforce policies even on a compromised hostGuardicore CentraBlueField-2 DPULINUX OSGUARDICORE AGENTBare-Metal HostOVSBare-Metal ServerGuardicore Blog30安全： DPU 加速 CHECK POI

32、NT INFINITY CLOUDCheck Point Infinity Nano-agents are deployed on the NVIDIA DPU to protect, isolate and accelerate the cloud and edgeThe DPU & the Nano-agents enforce the distributed security policy created by the Infinity centralized managementCheckPoint Tech & Nvidia are working together to accel

33、erate security services with AI on every compute nodeProtect, isolate and accelerate the cloud and edgeHostWorkloadWorkloadNano-Agent31WorkloadDPUCheckPoint Blog32基于 DOCA SDK 的應(yīng)用 開發(fā)指南33SDK for BlueField DPUsOpen source APIs DPDK, SPDK, P4Certified reference apps & 3rd party solutionsSupport for mult

34、iple OSNVIDIA DOCA 介紹Data Center Infrastructure-on-a-Chip Architecture 數(shù)據(jù)中心級架構(gòu)芯片的 軟件架構(gòu)StorageSPDKSecurityDPDKNetworkingDPDK / P4DOCA SDKINFRASTRUCTURE APPLICATIONSASAP2CRYPTORoTRDMASNAPManagementTelemetryInfrastructure ManagementSoftware-defined StorageSoftware-defined SecuritySoftware-defined Netwo

35、rking一個 DPU 方案滿足所有客戶的需求Open PlatformVMWare based SolutionFull Solution & EcosystemToday20212021BlueField-2 DPUDOCA SDKCustomer AppsVMwareDOCA SDK3rd Party AppsBlueField-2 DPUBlueField-2 DPU34與合作伙伴共建 DPU 生態(tài)系統(tǒng)Storage ISVs | Security ISVs | Infrastructure35完善的 NVIDIA 認(rèn)證體系Servers Designed and Optimized for Accelerated ComputingPerformance OptimizedAccelerated Compute and I/O