VMware names virtual firewalls as first workload it will offload to SmartNICs
Stateful L4 and L7 protection coming ... eventually
VMware has revealed that it has firewall vendors in its sights by announcing that the security appliances will be virtualised to run on SmartNICs under its ‘Project Monterey’ plan to relieve CPUs from the chore of running network functions.
SmartNICs, also known as “DPUs”, are network interface cards that perform such devices’ usual functions but add a decent SoC and storage so they can run other workloads. In September 2020 VMware announced its plan to use SmartNICs for work required to drive storage and virtual networking, plus run some security functions. To make that possible VMware ported its flagship ESXi hypervisor to the Arm architecture, as many SmartNICs run Arm SOCs.
And now VMware has revealed that its NSX Services-Defined Firewall will run on SmartNICs and provide a stateful Layer 4 firewall services at line rate. “These same SmartNICs will also be able to run Layer 7 stateful firewall, as well as VMware’s curated IPS signatures,” the company says, making it possible to run firewalls-on-SmartNICs on the hosts that run their core databases.
News of the firewall plan came along with news that Virtzilla thinks it has cracked a “Modern Network Framework for Data Centre and Cloud Networking”.
VMware CEO doesn’t know who will run its hypervisor on SmartNICsREAD MORE
VMware’s schtick here is that current networks are composed of discrete single-function appliances that don’t act in concert and force applications to contend for resources. Virtzilla proposes an infrastructure-as-code alternative in which networks sense what applications need and self-configure accordingly, which means developers don’t have to ask ops for help.
There’s an element of “marketecture” to this because VMware’s NSX network virtualisation product offers a L2-7 virtual networking stack and does the heavy lifting. But VMware is also evolving the product so that it becomes more capable, in this instance by adding its own container-centric Tanzu Service Mesh tool that applies virtual network policy to the myriad components of chained microservices and networks that potentially span multiple clouds. VMware has also added support for Project Antrea, an open source project that secures and links Kubernetes instances wherever they may run.
VMware’s networking aspirations now also include software-defining working from home. New “SD-WAN Work from Home Subscriptions” are priced “lower than the cost of a mobile phone line” and let organisations groom traffic to remote workers while offering bandwidth ranging from 350Mbps to 1Gbps.
Baidu cloud catches up by offloading cloudy networking and storage to SmartNICsREAD MORE
The Register has sought detail on the SD-WAN subscriptions, as while the product has been announced the exact prices and inclusions were not. Nor has a release date for firewalls-on-SmartNICs been discussed. ®