Large-scale AI innovation is driving unprecedented demand for accelerated computing infrastructure. Training trillion-parameter foundation models, serving them with disaggregated architectures, and processing inference workloads at massive throughput all push data center design to the limits. To keep up, service providers need infrastructure that not only scales but also delivers stronger security and better tenant isolation.

This post introduces NVIDIA BlueField Astra running on NVIDIA BlueField-4, a breakthrough innovation that redefines how service providers manage, secure, and scale AI infrastructure.

The rise of bare-metal computing for AI

As accelerated computing demand increases, the industry is prioritizing bare-metal computing to unlock the benefits of GPU acceleration. Unlike virtualized environments, bare-metal provisioning requires strict isolation and trusted control points to ensure that no tenant can interfere with another’s resources. The challenge arises because AI infrastructure spans two distinct networking domains:

North-South (N-S) : The front-end network that connects users and applications to the AI cluster

: The front-end network that connects users and applications to the AI cluster East-West (E-W): The backend AI compute fabric that connects GPUs at massive bandwidth and ultra-low latency

Today, CSPs already manage N-S traffic using NVIDIA BlueField DPUs, running their control software stacks on the embedded Arm cores. This model enables service providers to enforce isolation, provision resources, and secure workloads effectively.

On the E-W domain, the NVIDIA Ethernet SuperNIC is the adapter purpose-built to meet the extreme requirements of AI workloads, delivering the performance, throughput, and congestion management that massive GPU clusters demand.

As AI clusters scale, CSPs are looking for secure and consistent ways to extend provisioning and control into the AI compute fabric, complementing the performance and scalability that SuperNICs already provide.

What is NVIDIA BlueField Astra?

As announced at CES 2026, the NVIDIA Rubin platform features the new BlueField Advanced Secure Trusted Resource Architecture (Astra) running on BlueField-4. BlueField Astra is a breakthrough system-level architecture that combines hardware and software innovations and is deeply integrated into the NVIDIA Vera Rubin NVL72 compute tray.

Through dedicated connections between the BlueField-4 DPU and NVIDIA ConnectX-9 SuperNICs, BlueField Astra extends manageability, provisioning, and policy enforcement into the E-W fabric. For the first time, the DPU controls all network I/O to and from the compute node.

With BlueField Astra, CSPs can extend their trusted software stack running on BlueField-4 DPUs to securely manage tenant isolation and network policies across the AI compute fabric. These policies are programmed through the out-of-band DPU port and enforced directly in SuperNIC hardware, ensuring consistent control throughout the system.

Central to BlueField Astra is a new control plane architecture. Unlike traditional models, where host-based software configures both NICs and fabric, BlueField Astra completely isolates the SuperNIC control plane from the host operating system. This ensures that tenant workloads, even when running bare metal, cannot tamper with or gain visibility into network provisioning.

Figure 1. The Vera Rubin NVL72 compute tray, supporting the BlueField Astra management model

As shown in Figure 1, BlueField Astra establishes a direct path between the BlueField-4 DPU and ConnectX-9 SuperNICs, creating a unified control architecture. This delivers:

Dedicated connectivity: Each NVIDIA ConnectX-9 SuperNIC connects directly to the BlueField-4 DPU, enabling the DPU to program, configure, and monitor the SuperNIC without relying on the host CPU.

Out-of-band control: BlueField Astra routes all provisioning instructions and network policies through the BlueField embedded Arm cores.

Unified control of N-S and E-W: BlueField-4 consolidates both domains under a single trusted control point. The same DPU that manages N-S networking for tenant isolation and security policies now extends those capabilities into the E-W AI compute fabric.

Isolation from the tenant: Tenants use the SuperNIC for AI data movement, but have no access to or control over management functions, which remain fully isolated on the DPU.

Security model consistency: By moving the NVIDIA DOCA stack from the host to the DPU, BlueField Astra ensures the E-W fabric inherits the same cloud-aligned security posture already proven for N-S traffic.

BlueField Astra enables control, consistency, and confidence

BlueField Astra transforms AI infrastructure management by creating a unified control plane across both N-S and E-W domains. With a single point of control anchored in the BlueField-4 DPU, service providers can streamline provisioning, enforce policies consistently, and reduce operational complexity—all without touching the host CPU.

By design, BlueField Astra delivers stronger isolation and security. The SuperNIC control plane is isolated from tenant workloads and fully managed by the DPU, ensuring that tenants cannot bypass or alter policies. This model prevents lateral movement and configuration drift while giving CSPs confidence that bare-metal GPU nodes can be offered securely in multi-tenant environments.

BlueField Astra also brings operational consistency. Service providers can extend the same DOCA-based management tools and workflows they already use on the N-S front end into the E-W compute fabric. Policies are pushed down into SuperNIC hardware for enforcement, enabling fine-grained tenant-aware provisioning while maintaining the performance advantages NVIDIA SuperNICs are known for.

Finally, BlueField Astra supports compliance and auditability. With policies and configurations residing on the DPU rather than the host, CSPs gain clearer audit trails and a security posture aligned with the requirements of regulated industries. This ensures that security isn’t bolted on—it’s embedded into the operating system of AI infrastructure at scale.

Extending operational workflows into bare-metal AI systems

BlueField Astra builds on the DOCA software platform to provide a consistent means of deploying and operating infrastructure services on BlueField-4. By anchoring networking, security, storage, and management functions on the DPU, Astra enables existing DOCA microservices and operational workflows to extend naturally into bare-metal AI systems and the E-W compute fabric.

With Astra, DOCA microservices run directly on BlueField-4 and interface with NVIDIA ConnectX-9 SuperNICs through a DPU-managed control plane. This model preserves compatibility with existing DOCA deployments while enabling the stronger isolation and control required for multitenant, bare-metal AI environments, without introducing new dependencies on the host operating system.

BlueField Astra supports a set of DOCA microservices that together form the infrastructure control layer for AI systems:

Networking N-S: DOCA Host-Based Networking (HBN) provides tenant-aware provisioning, isolation, and policy enforcement at the front-end of the AI cluster. E–W: DOCA-accelerated Open vSwitch (OVS) extends software-defined networking into the AI compute fabric, enabling controlled connectivity between GPU nodes while keeping fabric control isolated from tenant workloads.

Security DOCA Argus delivers infrastructure-level telemetry and runtime visibility from the DPU, supporting monitoring and enforcement outside the tenant trust boundary.

Storage DOCA SNAP offloads storage services through the DPU, enabling secure, isolated data paths that operate independently of host software.

Management DOCA DMS provides device discovery, lifecycle management, and secure provisioning, allowing CSPs to manage AI nodes and SuperNICs through a centralized, DPU-anchored control point.



Together, these DOCA microservices allow BlueField Astra to maintain a consistent, software-defined infrastructure model across both N-S and E-W domains, while preserving the performance characteristics required by large-scale AI workloads.

Securing the future of AI infrastructure

As AI workloads scale to new levels, service providers need to deliver bare-metal performance while maintaining strict multi-tenant security. With BlueField Astra, NVIDIA extends trusted control from the front-end network into the AI compute fabric itself. By combining BlueField DPUs with SuperNICs under a unified, isolated architecture, BlueField Astra empowers CSPs to confidently build, provision, and secure the next generation of AI infrastructure.



To learn more about how NVIDIA Vera Rubin NVL72 and NVIDIA BlueField-4 are shaping the future of AI infrastructure, watch the NVIDIA Live presentation at CES 2026 with NVIDIA CEO Jensen Huang. To dive deeper into BlueField-4 features and capabilities, see the BlueField-4 datasheet.