Today Mellanox announced its new Innova IPsec Ethernet adapter. The Innova IPsec network adapters offload and accelerate security protocols and advanced network functions, enabling the ubiquitous use of encryption across the data center with low CPU utilization and without compromising application performance.
Our customers are looking for a highly integrated server adapter that solves their pressing need for network performance, efficiency and security,” said Gilad Shainer, vice president of marketing, Mellanox Technologies. “The Innova adapter provides IPsec offload to deliver complete end-to-end security for traffic moving within the data center. Combined with the intelligent network offload and acceleration engines, Innova IPsec is the ideal solution for cloud, telecommunication, Web 2.0, high-performance compute and storage infrastructures.”
Security concerns continue to escalate in the data center, given the increase in threats, “from the inside” enabled by trends such as virtualization, micro-segmentation and cloud-hosted infrastructure. As a result, the percentage of encrypted traffic continues to rise, now representing 60 percent or more of worldwide network traffic. This puts a significant strain on server CPU resources while fueling the demand for more cost-effective solutions that allow data center operators to scale security while maintaining server performance.
The Innova adapters deliver seamless encryption for every server port by combining the network adapter function together with the crypto protocol offload in a single small PCIe adapter form-factor. Innova integrates the Mellanox ConnectX advanced network controller together with flexible FPGA-based IPsec protocol processing to enable an end-to-end data protection and acceleration solution. The adapters support multiple encryption and security protocols and perform the encryption/decryption operations independently from the server’s CPU, thus increasing both performance and security.
By terminating the network security protocols in-line before traffic is processed by the ConnectX-4 Lx intelligent network controller, Innova unleashes all of the adapters’ offload capabilities, since many offload functions must operate on the plaintext innermost content. This approach results in lower latency and additional savings of CPU resources compared to other IPsec protocol implementations, whether through software or alternative accelerators.
Innova IPsec key features:
- QSFP Ethernet network port and PCIe Gen3 x8 to host
- 40Gbps IPsec offload for Linux and Windows
- Small form factor (Half-height, half-length)
- Significant reduction in host server CPU loading
- Supports the most common IPsec cipher suites:
- AES-GCM, AES-CBC (128/256 bit keys)
- SHA-1, SHA-2 with HMAC authentication
- Comprehensive networking offloads:
- VXLAN, NVGRE, GENEVE overlay networks encapsulation
- RSS, TSS, HDS, LRO, LSO
- Open vSwitch (OVS)
- RDMA and RoCE
- Erasure coding
- Support for NVIDIA GPUDirect technology
- High-bandwidth PCIe 3.0 x8 controller with SR-IOV support
The Innova IPsec solution is facilitated by the Mellanox OFED driver suite as well as Open Source IPsec stack solutions such as LibreSwan. Support for both Linux and Windows IPsec software interfaces ensures native integration with existing IPsec applications with no changes required in the standard software environment.
Mellanox will debut the Innova IPsec solutions at the Linley Processor Conference at the Santa Clara Hyatt convention center on Sept. 28, 2016. The first Innova security adapters are available now for customer evaluation, and production versions are expected in the fourth quarter of 2016.