QuickAssist Technology Acceleration Use Cases

avatar April 12, 2016

QuickAssist Technology Acceleration Use Cases

ABSTRACT
Several drivers that evolved and operated during the last couple of years have been pushing a trend of ever growing percentage of encrypted traffic [1]. It is believed that close to 80% of Google’d traffic is encrypted [2].

This increase of encrypted web traffic finds network engineering decision makers in a cross road. Question arises such as what is the strategy to follow in order to be able to scale the web based service, in such a manner that it would uphold the increase in encrypted traffic. Provisioning of larger number of servers comes to mind, along with the use of external means to load balance traffic. Other direction can be the incorporation of application delivery controller to sustain the hit of encrypted traffic.

However, the challenge in whatever strategy taken is scalability and cost effectiveness, without compromising the overall performance.

Adding a crypto PCIe adapter either to a standard commodity server or to a network appliance empowers the setup with unmatched ability to uphold encrypted traffic, while keeping the network topology and the investments related thereof intact. As this is done through PCIe adapter insertion into servers, a scale up plan can be devised to gradually enhance servers or appliance, according to actual performance requirements, thus optimizing costs and spending. For example, empowering 60 web servers with unmatched cryptography offload capabilities, would cost less than half the price of a load balancer that would handle a fraction of the traffic.

1. INDUSTRIES
Due to the dramatic increase of SSL encrypted web traffic over the last couple of years, and the projected future further increase, it can be identified that the following industries would gain and produce clear benefit from the use of encryption acceleration.

1.1. eCommerce
Online shopping is based on secure and authenticated access of the customer to the favorite shop or seller. A reliable trust scheme forms the basis of such relationship, luckily enough, SSL is able to provide this. However, the overhead of SSL processing, especially at the beginning of SSL session (handshake phase) is getting considerable, mainly due to stronger keying [3] and ciphers. A crypto work offload engine that is specifically built for that purpose, serves better and cheaper than general purpose CPU.
Compelling events for offload engine incorporation:

• Peak times – Holidays, end of year closeouts, November 11th, all are examples peak times, where the service deployment is facing ten folds of customers’ access than usual. Sellers’ reputation and profits are built at these peak times. SSL offload engines are small and scalable investment, leveraging dramatically the capacity to uphold SSL traffic.

• Scaling Up Flexibly and Protecting Investments – As opposed to web traffic load balancers, that byte deep into CAPEX and require high climb in sales and operations for reasonable ROI, Silicom PCIe adapter cost the fraction of the price, is able to empower existing server, and can be purchased according to exact growth projection at any stage.

1.2 Web Content Distributors
Web content distributors are sell intangible rights and assets, but from value proposition point of view, the case for web content distributors resembles to that of the eCommerce sellers, but on steroids.

Gaming

Two of the world major gaming distributors issue new releases at least three times a year. This means peak times of thousands and thousands of gamers swirling to get hold on the latest and greatest game release. This translates to hundreds of thousands transactions requests per second, in a very short time frame. And again, this is when the reputation of the vendor is built.

VoD

Subscribers, SLA, provisioning, bandwidth, redundancy and many other different aspects keep the VoD operators awake at night. SSL encrypted web traffic only adds to the above. Using PCIe offload engine enable the provider to design network deployment without caring about the SSL encryption setting yet another obstacle. To the contrary. No need for reverse proxies to encapsulate the traffic into SSL. With PCIe offload engines, a streaming server is able to perform all the required SSL task by itself.

1.3 Video
Whether it is a video caching service, or video sourcing, ever growing amount of traffic is sent encrypted, for several reasons (subscribers, confidentiality requirements, etc.). Encrypted streaming video often use current bulk crypto algorithms, such as AES.

2. SUMMARY
Enhancing the capability of application server to uphold ever growing encrypted traffic, has major advantages: (1) not changing exiting network topology and engineering; (2) Granular scale up; (3) Cost effectiveness; and perhaps most importantly (4) Up to date technology, supporting the latest SSL standards.

REFERENCES
[1] Increasing encrypted network traffic: 

http://www.intel.com/content/dam/www/public/us/en/documents/white- papers/cost-efficient-ssl- application-delivery-paper.pdf

https://techradar.cisco.com/

[2] Google as a driver for encryption use:

http://mashable.com/2016/03/16/a- quarter-of-google-s-internet- traffic-still-isn-t- encrypted/#iPmVuYKQJuqQ

[3] Moving To A 2048-bit Certificate:

https://www.thawte.com/resources/20 48-bit-compliance/