Open AccessSecuring InfiniBand Networks with the Bluefield-2 Data Processing Unit
Author(s) -
Noah Diamond`,
Steve Graham,
Gilbert Clark
Publication year - 2022
Publication title -
proceedings of the ... international conference on information warfare and security/the proceedings of the ... international conference on information warfare and security
Language(s) - English
Resource type - Journals
eISSN - 2048-9889
pISSN - 2048-9870
DOI - 10.34190/iccws.17.1.58
Subject(s) - infiniband , computer science , encryption , ipsec , operating system , embedded system , computer network , aes implementations , computer hardware , advanced encryption standard , the internet
Interest in securing InfiniBand networks with encryption is growing. However, the performance benefit realized by InfiniBand’s use of Direct Memory Access (DMA) to bypass the kernel and avoid intervention from host Central Processing Units (CPUs) is at odds with IP datagram encryption techniques. Encryption forces data through the CPU before transmission and decryption, incurring multiple clock cycles. The Bluefield-2 Data Processing Unit (DPU) is Nvidia-Mellanox’s latest system on chip that combines a high-performance, programmable processor, network interface card (NIC), and flexible hardware accelerators. This research characterizes the Bluefield-2’s capability to accelerate IPsec encryption in hardware. Results show that the Bluefield-2’s hardware accelerators are capable of supporting a secure IPsec tunnel with a throughput of nearly 16 Gb/s. Offloading IPsec encryption operations to the hardware accelerators on the Bluefield-2 is a promising method for adding confidentiality, integrity, and authentication to InfiniBand networks.