Silicom IAONIC (Intel® architecture on NIC)

Built to increase processing power where compute density matters, to strengthen security where application separation or encryption performance matters, and to enhance deployment options where flexibility matters, Silicom IAONIC is an innovative solution to empower network and security applications.


Silicom IAONIC: Introduction

Silicom IAONIC (Intel® architecture on NIC) is an Intel®-based solution consisting of x86-powered NICs. It uses Intel® P5000 series system-on-a-chip (SoC). As an x86-based device, Silicom IAONIC is a SmartNIC capable of running any x86-based application, making it an Application NIC. IAONIC cards come in two scales, with 8 and 16 CPU cores, and 2 x 25GbE and 1 x 100GbE, respectively. Together with its x86 CPU cores, IAONIC features a Network Acceleration Complex (NAC) for network processing, a QuickAssist (QAT) engine for encryption acceleration, and a Hardware Queue Manager (HQM) for efficient data queues processing. As an Intel x86 device, IAONIC enables seamless integration of security or network applications, including firewalls, IPSec gateways, Application Delivery Controllers (ADCs), SD-WANs, and many others.


IAONIC Silicom figure 1 IAONIC Silicom figure 2
IAONIC Silicom figure 3 IAONIC Silicom figure 4



Silicom IAONIC: Use Cases

API security and WAF are proven use cases to benefit tremendously when deployed on IAONIC. When separated from the main host, the API security probe relieves CPU cycles for enhanced analysis performance. WAF on NIC brings new flexibility and performance potential to the deployment. Further security use cases include firewalls, Application Delivery Controllers (ADCs), SD-WANs, and many others.

IPSec gateway/Tunneling and De-Tunneling – In cases where 50Gbps or even 100Gbps true IPSec termination is required, with support for both legacy modes such as AES CBC and more modern modes such as AES GCM, ChaCha20/Poly1035, IAONIC is the perfect solution. It can be added as a drop-in replacement to a standard NIC on virtually any type of server and instantly provide IPSec termination and any other tunneling termination facility on behalf of the main application running on the main host.

Flow-Based Load Balancing – Modern cloud native deployments feature pod-based deployment models, where applications consist of bundled microservices, are bundled into a pod, and deployed in that manner. Application scaling often requires the use of another type of microservice that is not necessarily built into the original pod, such as flow steering/load balancer type of functionality. IAONIC offers the perfect solution for that, where it integrates seamlessly into the overall x86-based cloud native environment and is deployed with the additional microservice in a separate container or even a pod to fulfill the scaling requirement through load balancing and traffic steering.



The embedded QuickAssist (QAT) engine brings tremendous power to the IAONIC architecture. Not only can the IAONIC run comprehensively any application that is running on the main host, it can perform at server-grade level. This section focuses specifically on IPSec QAT performance, presenting the maximum throughput achieved over a varying number of IPSec tunnels. It is clear from these results that QAT outperforms software-based cryptography significantly. Overall, throughput increases significantly as the tunnel handling is managed across multiple cores. Finally, the tests are executed with seven RX queues.


IAONIC Silicom figure 5


Silicom IAONIC: Specifications

KU Silicom P425G2SN1-XR Silicom P4CG1SN2-XR
CPU Intel® Atom® SNR-NX P5721
8c Tremont x86 @2.2GHz
Intel® Atom® SNR-NX P5742
16c Tremont x86 @2.2GHz
Memory 16GB 32GB
Two Channels, 4x DDR4 Memory Down, 1xECC Support, 2666 MT/s per channel
Cache L1 (32KB), L3 (shared 4MB)
L2 (9MB) L2 (18MB)
Network 2 x 25GbE
2 x SFP28
1 x 100GbE or 4 x 25GbE
1 x QSFP28
1 x RJ45 1GbE management port
NAC 180Gbps backbone 440Gbps backbone
eMMC 128GB 256GB
QAT 50Gbps 100Gpbs
AES, SHA, RSA, DSA, Elliptic Curve and Diffie-Hellman
USB 1 x USB3/2 type C port
PCIe host interface Intel® E810-XXVAM2 50Gbps
8 lanes PCIe 3.0/4.0, 2 Physical functions (PF)
128 SRIOV (VF)
Intel® E810-CAM1 100Gbps
16 lanes PCIe 3.0/4.0, 1-4 PF
256 SRIOV (VF)
RSS, Flow Director, iWARP, RoCEv2, Stateless offload: TSO, LSO, checksum, VXLAN, GENEVE, GRE
Form Factor Full Height, Half Length PCIe CEM Card
167 mm x 111.15 mm (6.6’’ x 4.37’’)
Op. Temp. 0°C – 50°C (32°F – 122°F) ambient temperature, passive heatsink
Power Cons. 72W 110W
Software support KVM/Linux, K8, Docker, DPDK, OVS, Ceph, OpenSSL, NGINX, tengine, VPP, Intel IAVF, EUFI H2O, CentOS, Ubuntu, Rocky Linux, LUA, GCC, LLVM