Table of Contents
Advertisement
Feature
GPU Direct
Isolation
Cryptography Accelerations
Securing Workloads
Security Accelerators
Virtualized Cloud
Out-of-Band Management
BMC
NVIDIA BlueField-3 DPU User Guide
Description
GPUDirect RDMA is a technology that provides a direct P2P (Peer-to-Peer) data path between the GPU Memory directly
to/from the NVIDIA HCA devices. This provides a significant decrease in GPU-GPU communication latency and completely
offloads the CPU, removing it from all GPU-GPU communications across the network. NVIDIA DPU uses high-speed DMA
transfers to copy data between P2P devices resulting in more efficient system applications
BlueField-3 DPU functions as a "computer-in-front-of-a-computer," unlocking unlimited opportunities for custom security
applications on its Arm processors, fully isolated from the host's CPU. In the event of a compromised host, BlueField-3 may
detect/block malicious activities in real-time and at wire speed to prevent the attack from spreading further.
From IPsec and TLS data-in-motion inline encryption to AES-XTS block-level data-at-rest encryption and public key
acceleration, BlueField-3 DPU hardware-based accelerations offload the crypto operations and free up the CPU, reducing
latency and enabling scalable crypto solutions. BlueField-3 "host-unaware" solutions may transmit and receive data, while
BlueField-3 acts as a bump-in-the-wire for crypto.
BlueField-3 DPU accelerates connection tracking with its ASAP2 technology to enable stateful filtering on a per-connection
basis. Moreover, BlueField-3 includes a Titan IC regular expression (RXP) acceleration engine supported by IDS/IPS tools to
detect host introspection and Application Recognition (AR) in real-time.
A consolidated compute and network solution based on DPU achieves significant advantages over a centralized security
server solution. Standard encryption protocols and security applications can leverage NVIDIA BlueField-3 compute
capabilities and network offloads for security application solutions such as Layer4 Statefull Firewall.
By leveraging BlueField-3 DPU virtualization offloads, data center administrators can benefit from better server utilization,
allowing more virtual machines and more tenants on the same hardware, while reducing the TCO and power consumption
The NVIDIA BlueField-3 DPU incorporates a 1GbE RJ45 out-of-band port that allows the network operator to establish trust
boundaries in accessing the management function to apply it to network resources. It can also be used to ensure
management connectivity (including the ability to determine the status of any network component) independent of the
status of other in-band network components.
Some BlueField-3 DPUs incorporate local NIC BMC (Baseboard Management Controller) hardware on the board. The BMC
SoC (system on a chip) can utilize either shared or dedicated NICs for remote access. The BMC node enables remote power
cycling, board environment monitoring, BlueField-3 chip temperature monitoring, board power and consumption
monitoring, and individual interface resets. The BMC also supports the ability to push a bootstream to BlueField-3.
Having a trusted on-board BMC that is fully isolated for the host server ensures highest security for the DPU boards.
| 16
Advertisement
Table of Contents
