What is a SmartNIC and why might you need one?
Originally designed to simply connect compute and storage devices to an ethernet network, Network Interface Cards (or NICs for short) have blessed the networking world for the last few decades. Evolving to keep pace with modern technology they’ve become exponentially more powerful and expanded upon their core functionality. And as cloud-first strategies are increasingly hampered by performance declines and rising costs, the latest generation—SmartNICs—look to play a critical role in revitalizing hyperscale cloud architectures. In this article we’ll detail how F5’s new solution—comprising of BIG-IP Virtual Edition and an Intel SmartNIC together is able to protect cloud environments from DDoS threats much greater in magnitude than a software-only solution—at a significantly lower total cost of ownership.
By hosting onboard programmable components such as FPGAs, NPUs or SoCs, SmartNICs are able to perform user-specified networking functions on behalf of the applications and servers they’re connected to—alleviating strain on CPU resources and significantly improving performance. Unlike some other ‘Smart’ products which may allow you to remotely adjust the temperature of your refrigerator from a taxi, or keep up with the Kardashians as you look for peas in the freezer, SmartNICs actually provide meaningful value. The ability to be re-programmed as needs change helps deliver the architectural flexibility and agility that organizations deploying cloud-native network functions desire.
For service providers and enterprises transitioning to 5G network infrastructure and modern cloud architectures, this is particularly useful—allowing for virtual environments to be hosted on low-cost, standards-based servers while moving specific functions to a SmartNIC and thereby boosting performance and lowering latency in the core and at the network edge.
Speaking to the requirements of Multi-Access Edge Computing (MEC) architectures, industry analyst Zeus Kerravala is positive on the potential for SmartNICs to bolster 5G networks. “Anything that helps deliver edge applications and services to users at scale and with low-latency offers service providers a competitive edge in this fiercely contested market,” said Kerravala. “Augmenting edge VNFs with SmartNICs to strengthen security controls and accelerate traffic management use cases such as NAT or traffic-shaping could make 5G networks more robust and reliable.”
As such, we’re delighted to announce the general availability of F5’s new BIG-IP VE for SmartNICs solution. Comprised of a BIG-IP AFM Virtual Edition integrated with an Intel FPGA Programmable Acceleration Card (PAC) N3000 (an FPGA-based SmartNIC), this joint solution empowers organizations to make the transition from F5 hardware to software without sacrificing the high performance they’re accustomed to.
The first use case for this new solution centers around critical DDoS protection—addressing growing concerns that a new generation of hyper-scale DDoS threats may emerge as 5G networks are rolled out globally. Applying more than 10 years of FPGA programming expertise, F5 has programmed the embedded FPGA within Intel’s PAC N3000 to efficiently block incoming DDoS attacks. Offloading the detection and mitigation of DDoS attacks from AFM VE to the SmartNIC not only frees up VE CPU cycles for other functions, but also dramatically improves overall DDoS mitigation capacity. In fact, early testing comparing the BIG-IP VE for SmartNICs solution to a software-only BIG-IP AFM VE instance showed that the former is able to withstand a DDoS attack up to 300 times greater in magnitude—while reducing total cost of ownership by approximately 47%.
Describing how this joint solution addresses a current gap in the market, Ronnie Vasishta, VP & GM of Intel’s Programmable Solutions Group expressed the following:
“Service Providers transitioning to cloud are doing so to increase architectural flexibility and agility—but struggle to deliver the high SLA’s and ultra-low latency connections expected of them without the use of high-performance, custom hardware. Utilizing Intel’s FPGA PAC N3000 as part of an Intel server platform foundation, this hybrid BIG-IP VE for SmartNICs solution empowers providers to move with speed without sacrificing power and performance—while keeping their carrier-grade network secure and readily available.”
As a pioneer in the multi-cloud application services space, F5 is the first to exploit SmartNIC technology to strengthen its virtual DDoS solution. By applying network threat intelligence, machine learning, packet-based analysis and allow listing within the SmartNIC, this innovative solution can more efficiently block network attacks and keep pace with evolving threat landscapes while accelerating your software-first strategy. And for those concerned about adding another bump-in-the-wire, the inspection and removal of malicious packets within the SmartNIC occurs at line rate—ensuring there’s no detrimental impact on latency or user experience.
During discussions with Clint Huffaker, Technical Solutions Architect at WWT—one of F5’s global channel partners—Clint reinforced the need for a solution of this nature to support customers migrating to cloud, stating:
“The majority of our customers have two main concerns when moving to cloud; security and performance. We’re extremely excited about this new solution and expect it will help us address both of these long-standing customer concerns.”
At this time, the BIG-IP VE for SmartNICs solution is available as an add-on to new, or existing BIG-IP Advanced Firewall Manager VE instances. For more detailed information please watch this Lightboard Lesson, or review this DevCentral article.
Additional Resources
- F5 & Intel Solution Brief – BIG-IP VE for SmartNICs
- BIG-IP VE Datasheet
- BIG-IP AFM Datasheet for Service Providers
- Intel FPGA PAC N3000 SmartNIC Product Brief
- Augmented DDoS Protection for Cloud/NFV Environments with BIG-IP VE for SmartNICs
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...