Wednesday, July 1, 2015

Why 10G?

Today servers are typically installed with more than 16 logical CPUs, and yet many still leverage the same Gigabit Ethernet interface for production which was common when we had single core CPUs. There are three simple reasons you should consider 10GbE in your next server deployment: price, performance, and security.

Price is the easiest attribute to grasp. Dual port 10GbE adapters start at $395, and often because of the advanced silicon they deliver more than 10X the throughput of GbE. In fact in some operational modes that we'll talk about below 10GbE adapters with additional software can actually reduce host CPU load 70% by simply off-loading production networking traffic from having to traverse the Linux kernel. 

Last October in the "Four Reasons Why 10GbE NIC Design Matters" we talked about Ethernet controller advances like vNICs, MSI-X,  RSS, and virtualization support. Two additional articles cover some very simple methods for extracting the best possible performance from your 10GbE NICs and they are: "Network Performance Tuning for Bandwidth on Linux" and "How to achieve low latency with 10Gbps Ethernet." When it comes to improving performance specific to applications like Nginx and Memcached we've found that OS Bypass can often yield anywhere from a 130-300% performance gain. The links attached to these two applications above will take you to articles covering this in more detail.  Back in March we discussed "10G/40G NIC Partitioning Using SR-IOV or PF-IOV Modes" to explain how today's sophisticated Ethernet controller silicon allows you to leverage 1,024 vNICs per physical 10GbE port. Finally, in "Density Comes to 10GbE" we reviewed the latest entry into the quad-port 10GbE adapter market Solarflare's SFN7004F which sells for $645.

The third and last point is security. Only one 10GbE company "Enables Servers to Defend Against a DDoS Attack." Solarflare adapters support a low level kernel device driver called SolarSecure Filter Engine which can fend off a Distributed Denial of Service attack, rate limit traffic by IP address, and leverage both white & black list filtering (by address, and port) to protect the server.  In the near future Solarflare will also deliver a Docker container that will dynamically detect attacks on a server, and in real time create new filter rules and load them into the kernel device driver. Early next year those rules will be loaded directly into the server adapter itself.

To learn more please send us a brief email.

1 comment:

  1. Very nice chip SFN7004F! Could it achieve line rate for network capture?

    ReplyDelete