How Intel® QuickAssist Technology Accelerates Network Function Use Cases

ID 659541
Updated 4/13/2017
Version Latest
Public

author-image

By

Introduction

Intel® QuickAssist Technology (Intel® QAT) accelerates and compresses cryptographic workloads by offloading the data to hardware capable of optimizing those functions. This makes it easier for developers to integrate built-in cryptographic accelerators into network and security applications.

  • Symmetric cryptography functions include: Cipher operations (AES, DES, 3DES, ARC4); Wireless (Kasumi, Snow, 3G); Hash/Authenticate operations (SHA-1, MD5, SHA-2 [SHA-224, SHA-256, SHA-384, SHA-512]); Authentication (HMAC, AES-XCBC, AES-CCM); Random number generation.
  • Public Key Functions include: RSA operation; Diffie-Hellman operation; Digital signature standard operation; Key derivation operation; Elliptic curve cryptography (ECDSA and ECDH) Random number generation and price number testing.
  • Compression/Decompression include: DEFLATE (Lempel-Ziv 77)

Benefits

There are several benefits to using Intel QAT. For example, it can be scaled by choosing accelerators with different performance characteristics or by employing multiple accelerators in a single platform. Another advantage is the reduction in software development efforts by implementing a consistent set of APIs that can be used across products and over multiple development cycles. The APIs also allow for optional supported features that can be queried at run-time, allowing the same software to run unmodified on different deployed platforms. In addition, the APIs are designed for portability being independent of the operating system and independent of user vs. kernel space. Memory is allocated by the calling application and provided to the API implementation through the API itself. For improved performance the APIs can support both synchronous and asynchronous invocation modes. Flexible memory models are supported for data buffers to allow for zero-copy user space implementations.

The remainder of this document will cover a variety of use cases where Intel QAT can provide improved packet processing performance; SDN/NFV integration, data movement in Hadoop* installations, and performance acceleration where data encryption is required.

Integration with SDN and NFV Solutions

Hardware-based acceleration services for workloads such as encryption and compression supported by Intel QAT are well suited for use with Software Defined Networking (SDN) and Network Function Virtualization (NFV) implementations on Intel® architecture servers. An accelerator abstraction layer provides a uniform means of communication between applications and accelerators, as well as facilitating management of acceleration resources within the OpenStack* architecture. Intel QAT Adapters are available as PCI Express* Gen 3-compliant cards that support functionality such as the following:

  • 4G LTE and 5G encryption algorithm offload for mobile gateways and infrastructure.
  • VPN traffic acceleration, with up to 50 Gbps crypto throughput and support for IPsec and SSL acceleration1.
  • Compression/decompression up to 24 Gbps throughput1.
  • I/O virtualization using PCI-SIG Single-Root I/O Virtualization (SR-IOV).For enabling Intel® Virtualization Technology including SR-IOV with Intel QAT see Using Intel® Virtualization Technology (Intel® VT) with Intel® QuickAssist Technology 330689

Accelerating Hadoop*

Big data analytics are commonly performed on large data sets that are moved within a Hadoop cluster containing high-volume, industry-standard servers. A significant amount of time and network bandwidth can be saved when the data is compressed before it is passed between servers, as long as the compression/ decompression operations are efficient and require negligible CPU cycles. This is possible with the hardware-based compression delivered by Intel QAT, which is easy to integrate into existing systems and networks using the available Intel drivers and patches.

Accelerating OpenSSL*

Historically, the demand for secure data transmissions over the Internet was driven primarily by institutions conducting e-commerce and banking transactions. Today, the volume of secured communications is skyrocketing, as personal information of all sorts is being encrypted by applications like Gmail*, Twitter*, and Facebook* using the HTTPS protocol. As a result, servers in data centers, telecom networks, and enterprises are expected to handle increasing amounts of traffic using the Secure Sockets Layer (SSL) protocol, increasing compute requirements.

With more and more traffic being encrypted, servers and security appliances will rely more heavily on accelerators to offload cryptography workloads.For this reason, Intel is working with the OpenSSL* Software Foundation to optimize its implementation for use with hardware accelerators, such as those provided by Intel QAT. In addition, the findings from this effort will be used to optimize the performance of proprietary SSL/TLS-based solutions running on Intel QAT enabled platforms.

Useful Links for Developers

Installation and Software Development Tutorials at Intel® Developer Zone

Intel® QuickAssist Technology at 01.org

Intel® QuickAssist Technology API: Programmer’s Guide 330684 (includes sample code for Intel® QuickAssist Technology)

Intel® QuickAssist Technology Cryptographic API Reference Manual 330685

Intel® QuickAssist Technology Data Compression API Reference Manual 330686

Intel® Communications Chipset 8925 to 8955 Series Software Programmer’s Guide 330751

Intel® Communications Chipset 8900 to 8920 Series Software Programmer’s Guide 330753

Using Intel® Virtualization Technology (Intel® VT) with Intel® QuickAssist Technology 330689

Intel® QuickAssist Technology Performance Optimization Guide 330687

Where to get more information about the Use cases described

Scaling Acceleration Capacity from 5 to 50 Gbps and Beyond with Intel® QuickAssist Technology

Accelerating OpenSSL* Using Intel® QuickAssist Technology

Accelerating Hadoop* Applications Using Intel® QuickAssist Technology

About the Author

David Mulnix is a software engineer and has been with Intel Corporation for over 15 years. His areas of focus have included software automation, server power and performance analysis, and cloud security.

1Configuration: [Intel® Communication Chipset DH8955 PCI Express* x16 in an Intel® Xeon processor E5 v2 platform with Intel® QuickAssist Driver/SDK 0.30; Measured by Intel].