How Intel® QuickAssist Technology Accelerates Network Function Use Cases
Last Updated: 04/13/2017
Intel® QuickAssist Technology (Intel® QAT) accelerates and compresses cryptographic workloads by offloading the data to hardware capable of optimizing those functions. This makes it easier for developers to integrate built-in cryptographic accelerators into network and security applications.
- Symmetric cryptography functions include: Cipher operations (AES, DES, 3DES, ARC4); Wireless (Kasumi, Snow, 3G); Hash/Authenticate operations (SHA-1, MD5, SHA-2 [SHA-224, SHA-256, SHA-384, SHA-512]); Authentication (HMAC, AES-XCBC, AES-CCM); Random number generation.
- Public Key Functions include: RSA operation; Diffie-Hellman operation; Digital signature standard operation; Key derivation operation; Elliptic curve cryptography (ECDSA and ECDH) Random number generation and price number testing.
- Compression/Decompression include: DEFLATE (Lempel-Ziv 77)
There are several benefits to using Intel QAT. For example, it can be scaled by choosing accelerators with different performance characteristics or by employing multiple accelerators in a single platform. Another advantage is the reduction in software development efforts by implementing a consistent set of APIs that can be used across products and over multiple development cycles. The APIs also allow for optional supported features that can be queried at run-time, allowing the same software to run unmodified on different deployed platforms. In addition, the APIs are designed for portability being independent of the operating system and independent of user vs. kernel space. Memory is allocated by the calling application and provided to the API implementation through the API itself. For improved performance the APIs can support both synchronous and asynchronous invocation modes. Flexible memory models are supported for data buffers to allow for zero-copy user space implementations.
The remainder of this document will cover a variety of use cases where Intel QAT can provide improved packet processing performance; SDN/NFV integration, data movement in Hadoop* installations, and performance acceleration where data encryption is required.
Integration with SDN and NFV Solutions
Hardware-based acceleration services for workloads such as encryption and compression supported by Intel QAT are well suited for use with Software Defined Networking (SDN) and Network Function Virtualization (NFV) implementations on Intel® architecture servers. An accelerator abstraction layer provides a uniform means of communication between applications and accelerators, as well as facilitating management of acceleration resources within the OpenStack* architecture. Intel QAT Adapters are available as PCI Express* Gen 3-compliant cards that support functionality such as the following:
- 4G LTE and 5G encryption algorithm offload for mobile gateways and infrastructure.
- VPN traffic acceleration, with up to 50 Gbps crypto throughput and support for IPsec and SSL acceleration1.
- Compression/decompression up to 24 Gbps throughput1.
- I/O virtualization using PCI-SIG Single-Root I/O Virtualization (SR-IOV).For enabling Intel® Virtualization Technology including SR-IOV with Intel QAT see Using Intel® Virtualization Technology (Intel® VT) with Intel® QuickAssist Technology 330689
Big data analytics are commonly performed on large data sets that are moved within a Hadoop cluster containing high-volume, industry-standard servers. A significant amount of time and network bandwidth can be saved when the data is compressed before it is passed between servers, as long as the compression/ decompression operations are efficient and require negligible CPU cycles. This is possible with the hardware-based compression delivered by Intel QAT, which is easy to integrate into existing systems and networks using the available Intel drivers and patches.
Historically, the demand for secure data transmissions over the Internet was driven primarily by institutions conducting e-commerce and banking transactions. Today, the volume of secured communications is skyrocketing, as personal information of all sorts is being encrypted by applications like Gmail*, Twitter*, and Facebook* using the HTTPS protocol. As a result, servers in data centers, telecom networks, and enterprises are expected to handle increasing amounts of traffic using the Secure Sockets Layer (SSL) protocol, increasing compute requirements.
With more and more traffic being encrypted, servers and security appliances will rely more heavily on accelerators to offload cryptography workloads.For this reason, Intel is working with the OpenSSL* Software Foundation to optimize its implementation for use with hardware accelerators, such as those provided by Intel QAT. In addition, the findings from this effort will be used to optimize the performance of proprietary SSL/TLS-based solutions running on Intel QAT enabled platforms.
Useful Links for Developers
Installation and Software Development Tutorials at Intel® Developer Zone
Intel® QuickAssist Technology at 01.org
Intel® QuickAssist Technology API: Programmer’s Guide 330684 (includes sample code for Intel® QuickAssist Technology)
Intel® QuickAssist Technology Cryptographic API Reference Manual 330685
Intel® QuickAssist Technology Data Compression API Reference Manual 330686
Intel® Communications Chipset 8925 to 8955 Series Software Programmer’s Guide 330751
Intel® Communications Chipset 8900 to 8920 Series Software Programmer’s Guide 330753
Using Intel® Virtualization Technology (Intel® VT) with Intel® QuickAssist Technology 330689
Intel® QuickAssist Technology Performance Optimization Guide 330687
Where to get more information about the Use cases described
Scaling Acceleration Capacity from 5 to 50 Gbps and Beyond with Intel® QuickAssist Technology
Accelerating OpenSSL* Using Intel® QuickAssist Technology
Accelerating Hadoop* Applications Using Intel® QuickAssist Technology
About the Author
David Mulnix is a software engineer and has been with Intel Corporation for over 15 years. His areas of focus have included software automation, server power and performance analysis, and cloud security.
1Configuration: [Intel® Communication Chipset DH8955 PCI Express* x16 in an Intel® Xeon processor E5 v2 platform with Intel® QuickAssist Driver/SDK 0.30; Measured by Intel].
Product and Performance Information
Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.