HPE's Aruba adopts DPUs, but in a switch, not a server

Decides switches need help performing network functions, just like servers need their CPUs free for core workloads

HPE's networking subsidiary Aruba has added data processing units to a switch.

Data processing units (DPUs) – aka SmartNICs or "infrastructure processing units" (IPUs) – are small computers integrated into a network adapter. Hyperscale operators adopted the devices to relieve servers of chores ranging from handling I/O to external storage or running network services under software-defined networks. DPUs/IPUs/SmartNICs are also valued for adding isolation to components in a data centre, which helps for security purposes.

VMware, Nvidia, and Intel have backed the devices as a new and vital tier of enterprise data centres, and are endeavouring to make them work in mainstream servers any month now with the suggestion that they are a splendid place to spin up network-centric workloads as needed.

A common scenario for the devices imagines a server spawning a container that's part of a microservice, at which point a firewall and load balancer run on the DPU to secure the resulting traffic alongside the NIC's other packet-schlepping tasks. The server just runs the container and – because it's not also firewalling or load-balancing – has expensive Intel Xeon or AMD EPYC cores available for more important work.

Aruba likes that idea so much it has added DPUs from Pensando – to a switch.

As explained to The Register by Aruba veep William Choe, the company feels that switches can use a hand from a DPU both because East-West traffic in the data centre is growing (thanks to microservices and microsegmentation) and because switches are an ideal place to inspect traffic before it reaches other, more sensitive parts of a network.

The company's new offering therefore allows the creation and application of port-level security policies that are tuned to the needs of each application, or even each microsegment. Those policies run inline on the DPU.

Aruba already sells a firewall and load balancer as part of its edge services offering. That software now runs on the DPU. Choe suggested encryption as another service to run on a DPU.

The Register asked Choe why Aruba chose to use DPUs instead of baking this functionality into ASICs that are a core part of the switch – a long-standing practice among makers of networking appliances. He responded that DPUs offer a cheaper and faster route to the desired outcome.

"A switch historically moves packets and that is a static function," Choe said. By putting extra functionality in a switch – but on a DPU – Aruba thinks it has found a happy medium.

Aruba's DPUs come from a company called Pensando that, not coincidentally, has attracted investment from Aruba.

The machine hosting the DPUs is called the CX 10000, and Aruba is billing it as a "Distributed Services Switch" – and an evolution from switching fabrics.

Choe opined that the device will appeal to the DPU-curious because it lets them adopt the devices without having to upgrade or acquire new servers. Switch buyers, he added, are more likely to upgrade as traffic increases place networks under pressure.

The CX 10000 is currently being beta tested by select customers, but is scheduled to go on sale in early 2022. At this stage that looks to be in advance of the timeframe for Intel, VMware, or Nvidia to formally offer a DPU/IPU/SmartNIC product. The tech may therefore first debut in switches, despite over a year of noise about its importance to servers. ®

Similar topics

Other stories you might like

  • Ex-Qualcomm Snapdragon chief turns CEO at AI chip startup MemryX

    Meet the new boss

    A former executive leading Qualcomm's Snapdragon computing platforms has departed the company to become CEO at an AI chip startup.

    Keith Kressin will lead product commercialization for MemryX, which was founded in 2019 and makes memory-intensive AI chiplets.

    The company is now out of stealth mode and will soon commercially ship its AI chips to non-tech customers. The company was testing early generations of its chips with industries including auto and robotics.

    Continue reading
  • Aircraft can't land safely due to interference with upcoming 5G C-band broadband service

    Expect flight delays and diversions, US Federal Aviation Administation warns

    The new 5G C-band wireless broadband service expected to rollout on 5 January 2022 in the US will disrupt local radio signals and make it difficult for airplanes to land safely in harsh weather conditions, according to the Federal Aviation Administration.

    Pilots rely on radio altimeter readings to figure out when and where an aircraft should carry out a series of operations to prepare for touchdown. But the upcoming 5G C-band service beaming from cell towers threatens to interfere with these signals, the FAA warned in two reports.

    Flights may have to be delayed or restricted at certain airports as the new broadband service comes into effect next year. The change could affect some 6,834 airplanes and 1,828 helicopters. The cost to operators is expected to be $580,890.

    Continue reading
  • Canadian charged with running ransomware attack on US state of Alaska

    Cross-border op nabbed our man, boast cops and prosecutors

    A Canadian man is accused of masterminding ransomware attacks that caused "damage" to systems belonging to the US state of Alaska.

    A federal indictment against Matthew Philbert, 31, of Ottawa, was unsealed yesterday, and he was also concurrently charged by the Canadian authorities with a number of other criminal offences at the same time. US prosecutors [PDF] claimed he carried out "cyber related offences" – including a specific 2018 attack on a computer in Alaska.

    The Canadian Broadcasting Corporation reported that Philbert was charged after a 23 month investigation "that also involved the [Royal Canadian Mounted Police, federal enforcers], the FBI and Europol."

    Continue reading

Biting the hand that feeds IT © 1998–2021