Pensando: Beyond a Smart NIC
Services at the network edge increase performance and remove the bottleneck of service appliances. Pensando created a sophisticated, high-performance Distributed Services Card (DSC) that provides services for network, storage and security, and gives us telemetry and monitoring that provide a true scale-out solution.
Over 30 years ago, we began to connect computers to networks using standard Network Interface Cards (NICs). These cards have become faster and more feature-rich over the years; the Smart NIC offloads processing tasks that the system CPU would typically handle.
Depending on the type of Smart NIC, it may be programable and capable of encryption/decryption, firewall, TCP/IP and HTTP processing. Scalability can be an issue with Smart NICs — if flow caches are missed, it offloads to software with a high jitter rate.
The team that brought us the Cisco MDS, Catalyst, Nexus and UCS has now created the most sophisticated high-performance NIC platform in the industry. Mario Mazzola, Prem Jain, Luca Cafiero and Soni Jiandani, collectively known as "MPLS" (the letters of their first names), began a company to develop this technology that brings services to the network edge.
An introduction to Pensado
Their start-up Pensando came out of stealth mode in October 2019. This revolutionary platform consists of two parts: the Pensando Distributed Services Card (DSC) and the Pensando Policy and Services Manager (PSM).
Pensando Distributed Services Card (DSC) is an ethernet card that is installed into any server via PCIe. It has four custom programmable P4 processors that provide the wire-rate performance. There are two versions of the DSC card available: one with two 10/25 Gb/s ports and one with two 40/100 Gb/s ports. Services for network, security, storage and monitoring are available on the card, so appliances that provide these services and cause traffic bottlenecks can be eliminated.
The DSC is programmable, allowing a trade-off between feature richness and performance. Host agents are not needed since the card incorporates the control plane and the data plane. Configuration and management of services that run on the DSC can be performed at the host or by a remote controller, such as the Pensando Policy Services Manager (PSM). The DSC has a REST and a gRPC API for integration with other management systems.
Currently, up to 1000 DSCs can be managed via Pensando Policy and Services Manager (PSM). In the future, the maximum number of DSCs will increase to 3000. Three PSMs are required, and they are built on Kubernetes. The PSM is policy-driven and has a user-friendly graphical interface for configuring services and monitoring. Services are available based on three license options:
- Advanced Networking: Switching/routing, L3/L4 load balancing, overlay networking, VXLAN, NAT, SPAN, rich packet telemetry and streaming NetFlow.
- Advanced Security: East-West IPsec encryption, TLS/DTLS termination. For bare metal, containerized or virtualized (Hyper-V/KVM) environments: Stateful L4 firewall with connection tracking, Application Layer Gateway features (ALG), and microsegmentation with whitelist policy.
- Enhanced Storage: NVMe virtualization, NVMe-oF with RDMA or TCP transport, data-at-rest encryption.
DSCs are discovered when a server with the card is plugged in. The DSC talks to the PSM based on information from DHCP or via configuration. Once the DSC is admitted into the cluster, you can view the DSC, the servers, types of workloads, the number of sessions, error and warning messages.
Early adopters have found out-of-the-box insights and monitoring very useful.
There are three prominent use cases for the Pensando platform:
- Highly secure environments, securing the east/west traffic.
- Bare metal public cloud provider for Iaas with network, security and NVMe virtualization acceleration.
- Storage for Remote Direct Memory Access (RDMA) offload, compression, decompression and encryption.