NVIDIA BlueField-3 data processing units (DPUs) are now in full production, and have been selected by Oracle Cloud Infrastructure (OCI) to achieve higher performance, better efficiency, and stronger security, as announced at NVIDIA GTC 2023.
As a 400 Gb/s infrastructure compute platform, BlueField-3 enables organizations to deploy and operate data centers at massive scale. The NVIDIA DOCA software framework now supports BlueField-3, empowering thousands of developers to tap into the power of the third-generation DPU platform to rapidly create accelerated applications and services.
From data centers to AI factories
Data centers are central to the emerging AI-driven economy, where data is the raw material and AI algorithms are the processing engines that turn that data into valuable insights. BlueField-3 is a foundation of the NVIDIA accelerated computing stack powering the world’s data centers. By offloading, accelerating, and isolating the data center control-plane, BlueField-3 DPUs create a secure, accelerated, and sustainable infrastructure for running AI and other modern workloads across a cluster of nodes, now operating as a unified compute platform.
Designed for data center-scale computing, BlueField-3 delivers 400 Gb/s Ethernet and InfiniBand connectivity, 4x more compute power, up to 4x faster crypto acceleration, 2x faster storage processing, and 4x more memory bandwidth than the previous generation—all while delivering full backward compatibility through the NVIDIA DOCA software framework.
NVIDIA DOCA leads the way to accelerated cloud services
NVIDIA DOCA is an SDK and acceleration framework designed specifically for BlueField DPUs. DOCA is designed to unlock data center innovation by enabling rapid creation and deployment of applications and services for BlueField DPUs.
With extensive libraries, drivers and APIs, NVIDIA DOCA is a “one stop shop” for BlueField DPU developers, and is the key to accelerating infrastructure services in the cloud. This makes NVIDIA DOCA a key component in NVIDIA AI cloud services strategy, which seeks to provide a flexible and powerful platform for accelerating data center workloads and deploying AI applications at scale.
With more than 4,700 early access developers already using NVIDIA DOCA to create BlueField applications, NVIDIA is excited to announce NVIDIA DOCA general availability, which opens access to everyone.
NVIDIA DOCA 2.0 enables new BlueField-3 use cases
NVIDIA DOCA 2.0, the most recent release, adds support for the BlueField-3 data path accelerator (DPA) programming subsystem, several security enhancements including the DOCA IPsec encryption/decryption library, device attestation, and YARA rules. Enhancements to the DOCA Flow library are also included.
NVIDIA DOCA programmability for BlueField-3 DPA
NVIDIA DOCA 2.0 adds enhancements to leverage the BlueField-3 DPA programming subsystem. DPA is a highly programmable, embedded processor present in the BlueField-3 DPU. It is purpose-built for networking-intensive, low-compute tasks such as device emulation, congestion control, custom protocols, and more.
NVIDIA DOCA DPA is part of the NVIDIA DOCA SDK package and offers a programming model for offloading network-centric code to run on the DPA processor. DPA helps to both offload more types of traffic from the CPU and increase the performance through the DPU acceleration.
Offloading VirtIO for device emulation to BlueField-3 DPA
NVIDIA DOCA and BlueField-3 with DPA enable significant improvements over previous options when using VirtIO-net for device emulation. In a virtualized environment, virtual machines (VM) need to access the network just like physical machines.
In this example, a VM typically calls on the CPU to handle specific tasks such as accessing a NIC. Offloading this task from the CPU to the purpose-built DPA engine on BlueField-3 enables 2x better performance over BlueField-2, with greater efficiency to help reduce data center power consumption. This effectively removes the data center networking tax that would otherwise take CPU cores/cycles away from the applications.
Secure communication with NVIDIA DOCA IPsec
IPsec is a security protocol that provides encryption, authentication, and integrity services to protect IP packets from unauthorized access, tampering, or eavesdropping. The increasing demand for secure and high-speed communication has put a strain on traditional CPU-based IPsec processing, making offloading an attractive solution.
In an accelerated firewall solution, offloading IPsec to a BlueField-3 DPU can optimize security and accelerate performance. Traffic that traverses through the firewall can be offloaded to the DPU and sent to the receiving host through an IPsec Tunnel, for example, offering 32K concurrent IPsec tunnels with 200 Gbps bidirectional traffic. This reduces CPU utilization, and manages the trusted traffic through a fast, efficient method. The remainder of traffic, which requires threat inspection, is routed through the host and CPU. This process is now optimized: as the CPU is no longer managing the IPsec traffic, the firewall application delivers better performance.
The addition of the DOCA IPsec library offers significant benefits for Next Generation Firewall (NGFW) applications. The pool of resources contained within the library—including message templates, prewritten code, and subroutines—help to simplify the overall development process and reduce TTM. The DOCA IPsec library interoperates with the DOCA Flow library, enabling developers to chain together multiple DOCA Flow pipes for various network pipeline designs (DOCA Flow NAT pipe, for example).
Finally, NVIDIA DOCA now enables the ability to program new routes and NAT tables at an increased rate, making IPsec encryption and decryption at near line rate both possible and practical, while removing the burden from the CPU.
Efficient GPU communications for 5G workloads
NVIDIA Aerial is an SDK for building a high-performance, software-defined 5G L1 stack optimized with parallel processing on the GPU. Specifically, the NVIDIA Aerial SDK can be used to build the baseband unit (BBU) software responsible to send (downlink) or receive (uplink) wireless client data frames split into multiple Ethernet packets through radio units (RUs).
In uplink, BBU receives packets, validates them, and rebuilds the original data frame per RU before triggering the signal processing. With the NVIDIA Aerial SDK, this happens in the GPU with a CUDA kernel dedicated to each RU per time slot. As the number of cells increases, however, the CPU functioning between the network card and the GPU becomes the bottleneck.
The NVIDIA DOCA software framework provides a way to remove CPU from the critical path and enable direct communication between the NIC and the CUDA kernel (GPUDirect Async Kernel-Initiated technology). The new DOCA GPUNetIO library provides CUDA device functions the application can invoke within a CUDA kernel to send and receive packets directly from/to the GPU without the need of CPU cores or memory.
In this way, NVIDIA Aerial BBU software can provide a high-parallelized and scalable approach dedicating a CUDA kernel per cell to receive packets.This led to a 4x enhancement in terms of system capacity (from four cells with the CPU-centric approach to 16 cells with the GPU-centric approach through DOCA GPUNetIO).
The CPU no longer needs to communicate with the GPU to provide packet information, enabling the CPU to focus on application processing, rather than managing the networking overhead. Register for NVIDIA DOCA GPUNetIO Early Access.
Accelerate AI services
To realize the full potential of AI, data centers are turning to accelerated computing to meet the ever-increasing demand for computing. BlueField-3 is the third-generation infrastructure compute platform supporting 400 Gb/s connectivity and delivering unprecedented compute and acceleration capabilities. Powered by the NVIDIA DOCA 2.0 release, BlueField-3 is transforming cloud, supercomputing, and enterprise data centers for the AI era.
BlueField-3 is now available in systems including ASUS, Atos, Cisco, Dell Technologies, GIGABYTE, Lenovo, Quanta/QCT, and Supermicro. Its growing ecosystem includes more than two dozen infrastructure partners, such as Aria Cybersecurity Solutions, Canonical, Check Point Software, Cisco, OVHcloud, Red Hat, StackPath, Cloudflare, DataDirect Networks (DDN), F5, Fortinet, Juniper Networks, Nebulon, NetApp, Nutanix, VAST Data, VMware, and WEKA.