Silicom IAONIC (Intel® architecture on NIC)

Built to increase processing power where compute density matters, to strengthen security where application separation or encryption performance matters, and to enhance deployment options where flexibility matters, Silicom IAONIC is an innovative solution to empower network and security applications.

Silicom IAONIC: Introduction

Silicom IAONIC (Intel® architecture on NIC) is an Intel®-based solution consisting of x86-powered NICs. It uses Intel® P5000 series system-on-a-chip (SoC). As an x86-based device, Silicom IAONIC is a SmartNIC capable of running any x86-based application, making it an Application NIC. IAONIC cards come in two scales, with 8 and 16 CPU cores, and 2 x 25GbE and 1 x 100GbE, respectively. Together with its x86 CPU cores, IAONIC features a Network Acceleration Complex (NAC) for network processing, a QuickAssist (QAT) engine for encryption acceleration, and a Hardware Queue Manager (HQM) for efficient data queues processing. As an Intel x86 device, IAONIC enables seamless integration of security or network applications, including firewalls, IPSec gateways, Application Delivery Controllers (ADCs), SD-WANs, and many others.

Silicom IAONIC: Use Cases

API security and WAF are proven use cases to benefit tremendously when deployed on IAONIC. When separated from the main host, the API security probe relieves CPU cycles for enhanced analysis performance. WAF on NIC brings new flexibility and performance potential to the deployment. Further security use cases include firewalls, Application Delivery Controllers (ADCs), SD-WANs, and many others.

IPSec gateway/Tunneling and De-Tunneling – In cases where 50Gbps or even 100Gbps true IPSec termination is required, with support for both legacy modes such as AES CBC and more modern modes such as AES GCM, ChaCha20/Poly1035, IAONIC is the perfect solution. It can be added as a drop-in replacement to a standard NIC on virtually any type of server and instantly provide IPSec termination and any other tunneling termination facility on behalf of the main application running on the main host.

Flow-Based Load Balancing – Modern cloud native deployments feature pod-based deployment models, where applications consist of bundled microservices, are bundled into a pod, and deployed in that manner. Application scaling often requires the use of another type of microservice that is not necessarily built into the original pod, such as flow steering/load balancer type of functionality. IAONIC offers the perfect solution for that, where it integrates seamlessly into the overall x86-based cloud native environment and is deployed with the additional microservice in a separate container or even a pod to fulfill the scaling requirement through load balancing and traffic steering.

Benchmarks:

The embedded QuickAssist (QAT) engine brings tremendous power to the IAONIC architecture. Not only can the IAONIC run comprehensively any application that is running on the main host, it can perform at server-grade level. This section focuses specifically on IPSec QAT performance, presenting the maximum throughput achieved over a varying number of IPSec tunnels. It is clear from these results that QAT outperforms software-based cryptography significantly. Overall, throughput increases significantly as the tunnel handling is managed across multiple cores. Finally, the tests are executed with seven RX queues.

Silicom IAONIC: Specifications