Firmware Defines the NIC
Firmware is the name given to the software that is loaded directly into a network interface card (NIC). Firmware executes in place within the XtremeScale X1 processor, and unlike normal NIC card Firmware, Solarflare’s Firmware has several built-in execution modes. These modes enable a Solarflare NIC to be far more flexible than competing products.
Over a half dozen different firmwares can be loaded into the NIC enabling features like ultra low latency, precision time stamping, hardware fire walling, and packet capture
Most NIC cards come with a single pre-loaded firmware often called the network driver. Perhaps once or twice during the life of that card the network driver might be updated to fix bugs in the initial software shipped with the NIC. Solarflare’s XtremeScale X1 family of NICs supports the capability to both activate or load new digitally signed and encrypted firmware products that can provide features and capabilities that may not have even been originally conceived of when the NIC was initially designed. For example, high performance kernel bypass packet capture loads two separate firmware products into the XtremeScale X1’s memory, one that doubles the XtremeScale X1’s default receive packet rate while a second which doubles its transmit packet rate. The XtremeScale X1 comes with three of these enhanced capabilities, in addition to the network driver, which are activated with the addition of a license keys or additional software are: ultra-low latency (ULL), and Precision Time Protocol (PTP), and ServerLock. The first two are activated with the PLUS version of Solarflare’s XtremeScale X1 adapters, and ServerLock is enabled when the XtremeScale X1 is bound to a Domain Fortress.
Solarflare has spent over a decade tightening up its standard Network Driver. While most network drivers move packets through the kernel with a half round trip latency of roughly 7,000 nanoseconds, Solarflare’s is tuned to roughly 5,000 nanoseconds. The most recent release includes support for a new packet handling method called eXpress Data Path (XDP). With XDP access security applications can hook packets very early in the driver chain to execute significantly more efficient decisions around dropping or bridge a packets to a second interface. This will become hugely important as new versions of open source proxy servers, firewalls, security applications, and Software Defined Networking begin to leverage this new access layer.
Ultra Low Latency (ULL)
Over the past decade Solarflare has carved out a niche in the performance networking market by providing the lowest possible latency for POSIX compliant UDP/TCP sockets acceleration. While Ethernet and TCP/IP have been around for decades the primary focus of both has always been on delivering data reliably. Solarflare was one of the initial companies that designed silicon and wrote software for 10GbE. They’ve researched the server side of Ethernet and UDP/TCP performance from all the possible angles, and annually delivery new NIC silicon and software. Towards this end Solarflare has crafted the XtremeScale X1 NIC, and tightly coupled that with their precision tuned ULL firmware to deliver the lowest latency possible.
Precision Time Protocol (PTP)
A billionth of a second is called a nanosecond. Solarflare XtremeScale X1 NICs contain specialized clock circuitry which is far more accurate than that of the servers they are installed in. The clock on the XtremeScale X1 can be set from an external master atomic clock over a dedicated precision cut fiber link with an accuracy of six nanoseconds. It turns out that due to how the clock signal is then converted locally within the server to the “time of day” Solarflare advertises a precision of 50 nanoseconds. Solarflare XtremeScale X1 NICs can then use this high precision clock to time stamp network packets so application developers can see exactly what’s going on.
Today servers are secured internally with software based firewalls that often execute as an extension of the operating system. If an application, or user, escalates their privilege to root, these firewalls can easily be compromised. Once an XtremeScale X1 NIC is bound to a Domain Fortress then ServerLock is engaged. ServerLock is a firewall that executes entirely on the NIC. It utilizes unique filter tables for every IP address hosted on the server. Furthermore, local management access to these filter tables is disabled as part of the binding process that activates ServerLock.
If you decide to use an XtremeScale X1 NIC for high performance kernel bypass packet capture, then part of the installation process will require updating the NIC firmware. This update will download Packed Stream and TX Stripping. Solarflare XtremeScale X1 NICs have a raw packet rate per physical interface of 16 Million packets per second (Mpps). While this is sufficient for a 10GbE link which can peaks at 14.9 Mpps, it can fall short when capturing packets at faster link speeds. Towards this end Solarflare developed Packed Stream which places multiple captured packets into a single PCIe bus transfer effectively doubling the capture packet rate per link to over 30Mpps.
As mentioned above in Packed Stream the XtremeScale X1 downloads new firmware as part of the installation process prior to doing kernel bypass performance packet capture. The second of these new firmwares is TX Stripping. When TX Stripping is enabled multiple network packets can be sent over single PCIe bus transfers then unpacked on the NIC side. Once unpacked these network packets can then be transmitted. This moves the effective transmit rate of the XtremeScale X1 from 16Mpps per interface to over 30Mpps.