EmbedWay Targets Network Security in Its FPGA-Based Accelerator Card Optimized for DPI and RDMA Network Acceleration

EmbedWay leverages the latest Intel Agilex® 7 FPGA and Open FPGA Stack (OFS) infrastructure to accelerate the performance of traditional network security applications.

Overview

  • EmbedWay develops the PA8921 FPGA acceleration card – a cutting-edge acceleration card utilizing the Intel Agilex® 7 FPGA F-Series and the open-source OFS infrastructure.

  • The PA8921 FPGA acceleration card is shipping today. It implements special features and functions to accelerate network security applications, particularly deep packet inspection (DPI) and remote direct memory access (RDMA) network acceleration.

  • DPI acceleration tests show that using PA8921, approximately 70% of network traffic is transferred from the host to the FPGA, improving system performance by about 3X.

  • RDMA acceleration tests show that the effective utilization rate of PA8921 at 100 GB bandwidth is more than 90%, nearly 50X the efficiency of traditional Transmission Control Protocol (TCP) transmissions, and 88X higher than the existing RDMA long-distance transmission capacity.

author-image

By

Embedway logoExecutive Summary

EmbedWay, a leading network solution provider in China, has developed and shipped their PA8921 acceleration card based on the latest Intel Agilex 7 FPGA F-Series to address the demand for network security solutions. The PA8921 acceleration card is available today and includes two 100GbE ports and up to 64 GB of memory, with special functionality intended to accelerate applications such as load balancing, network security, traffic monitoring, service gateway, and other data center services.

To expedite the delivery of their solution, EmbedWay leveraged the OFS hardware and software infrastructure. Using this open-source infrastructure, alongside accompanying technical documentation, EmbedWay was able to leverage OFS as a starting point of their custom board design to reduce their time to market.

Background and Challenges

EmbedWay is a leading network infrastructure and platform provider addressing the demand for high-performance networking solutions. Headquartered in China, EmbedWay services the wireless networking, communications, and cloud computing sectors in the PRC region and globally. Their products provide network acceleration, protection, and equipment, including hardware modules and related software required to manage traffic on multiple network interfaces.

Networking technology has enabled the exchange of huge amounts of data between information systems in business and educational systems. These networks consist of interconnected devices such as computers, servers, and edge devices. As these networks grow in complexity, network security becomes even more important as institutions and corporations rely more and more on their networks to conduct business.

Network security protects the entire networking infrastructure from unauthorized access, misuse, or theft. It includes many layers of software and hardware to protect the network and the network’s data.

DPI is a basic function in network security applications. DPI is a network packet identification and filtering form used to examine and manage network traffic. Unlike conventional packet inspection, which only examines the packet headers, DPI examines the packet’s content moving through an inspection point within the network. Using DPI, network packets can be properly blocked or re-routed if any non-compliant protocol, spam, or viruses are detected.

The techniques commonly used to conduct DPI include IP address matching, host and URL matching, and floating string matching. Running these complex network security operations on the CPU traditionally requires many compute cycles. These compute-intensive matching tasks can be transferred and unloaded to an FPGA-based acceleration card to improve the overall system and application performance.

Solution

EmbedWay created the PA8921 FPGA-based network acceleration card to address industry demands for a data center acceleration platform that could efficiently improve the performance of DPI and other network security applications.

The PA8921 FPGA acceleration card is based on the Intel Agilex 7 FPGA F-Series, which uses the industry’s leading SuperFin technology to deliver up to 2X better performance per watt when compared to 7 nm node competitors1 and up to 40% less total power consumption when compared to the previous generation of Intel® Stratix® 10 FPGAs. Alongside the Intel Agilex FPGA, PA8921 provides two 100GbE ports to accelerate high-performance passive and inline application deployment, a flexible and effective acceleration solution for load balancing, network security, traffic monitoring, service gateway, and other data center services.

Embedway board image

PA8921 FPGA Acceleration Card

FPGA Intel Agilex 7 FPGA F-Series, P Tile and E Tile
Networking 100GbE; 4x25G NRZ or 2x50G PAM4
Memory 4x DDR4 dual inline memory module (DIMM) (total 64 GB)
PCIe* 4.0 x16
oneAPI Enabled Yes
Power Consuption 70 W depending on FPGA resource usage

Figure 1: PA8921 Acceleration Card Technical Specifications

PA8921 was optimized to perform complex matching tasks that could be unloaded and optimized on an FPGA to improve the performance of DPI and these other network security applications. EmbedWay provides developers with the optimized board and the DPI intellectual property core.

These features were enabled on PA8921 to improve DPI acceleration:

  1. PA8921 implements a virtio backend compatible with the standard virtio-net driver. This reduces the workload of the front-end driver software to make virtual machine migration more convenient.
  2. PA8921 supports Single Root I/O Virtualization (SR-IOV) and can be configured to a custom number of physical functions (PFs) or virtual functions (VFs). The PF/VF configuration can be adjusted according to the number of virtual machines required to achieve the most efficient solution.
  3. PA8921 supports the Data Plane Development Kit (DPDK), which provides a diverse set of platform libraries and enables the card to achieve high-performance network traffic processing requirements.
  4. The PA8921 physical function (PF) multi-queue load balancing function is configured with a flexible 5-tuple configuration and supports VLAN, MPLS, and tunnels. This makes it possible to implement load balancing for the same stream or session, allowing it to run on the same core, thereby achieving localized cache utilization and improving processing efficiency.
  5. PA8921 supports precise IPv4/IPv6 rules, mask IPv4/IPv6 rules, host/URL, fixed offset, and float string rules for full packet capture. Supporting these rules enables the FPGA to unload hit traffic and improve overall system performance accurately.

Additionally, the PA8921 acceleration card surpasses the common limitations of traditional RDMA network cards. Unlike these traditional cards, PA8921 does not need to be less than 2 km from the peer end and does not need to replace the original network switch. Using the existing network infrastructure, RDMA can be replaced by TCP end-to-end transmissions by simply replacing the network card with the PA8921 card while maintaining the full RDMA transfer rate and performance. This enables customers to achieve the best balance of performance and power consumption.

EmbedWay leveraged the open-source OFS infrastructure to reduce the development effort and time to market their PA8921 acceleration card. OFS is a key foundational tool that enables FPGA developers to expedite and standardize the development of FPGA-based boards and workloads. The OFS infrastructure is completely open-source and includes an FPGA Interface Manager (FIM), commonly called a ‘shell,’ and an Accelerator Functional Unit (AFU) region, a designated region for workload development. Using OFS, board – or FIM – developers can leverage the open-source infrastructure – or base FIM – to quickly develop a tailored, customized FIM for their board based on the target application or industries.

Results

After implementing FPGA-based acceleration, EmbedWay found that 70% of the traffic on the host was unloaded to the acceleration card, improving system performance by about 3X. Further tests proved that PA8921 could support high-speed and low-delay data interconnection of data nodes over 500 km apart with an effective utilization rate of more than 90% at 100 GB bandwidth, nearly 50X the efficiency of traditional TCP transmissions, and 88X higher than the existing RDMA long-distance transmission capacity. These performance gains can be applied to broad applications to improve resource consolidation and efficiency.

EmbedWay can seamlessly integrate their functional modules into the OFS framework by utilizing the OFS standard and open framework. This approach enables EmbedWay to offer customers with the corresponding functional extensions conveniently.

Jimmy Huang, Product Manager of PA8921 at EmbedWay

How to Get Started with FPGA Acceleration Using OFS

FPGA developers can leverage EmbedWay’s OFS-enabled PA8921 FPGA acceleration card and use the open-source documentation and source code to get started building their custom workload.

The following table outlines how developers can start FPGA-based workload development using EmbedWay’s acceleration board.

Leverage FPGA Acceleration for Your Workload
Step 1: Choose a board Browse EmbedWay’s OFS-enabled board, the PA8921 acceleration card.
Step 2: Evaluate OFS open-source resources EmbedWay will provide the corresponding version of OFS technical documentation.
Step 3: Access open-source hardware and software code EmbedWay will provide the corresponding OFS software and hardware code. This is EmbedWay’s specific distribution of the OFS base code provided by Intel.
Step 4: Develop workload using RTL or C/C++ (using oneAPI)

Follow the OFS RTL flow

OR

OFS enables the compilation of oneAPI kernels. Utilize the oneAPI development flow and build FPGA workloads in C/C++.