DPU-based Acceleration for NSX is a result of Project Monterey. VMware began with this project around two years ago. VMware will continue to offer support for hypervisor-based NSX architectures, but the capability of running NSX on a DPU or SmartNIC offers major advantages for customers that require accelerated network performance such as healthcare and financial services.
In this blog I will take you step by step to understand the magnitude of DBU-based Acceleration for NSX.
DPU – SmartNIC
Let me begin to explain what a SmartNIC is. A SmartNIC is a network interface card with a built-in processor (DPU). This DPU can be managed/controlled separately from the CPU in the host. So instead of relying on the host CPU services (networking, security and storage) can now run directly on the NIC. This also means that the host CPU can now be used for other tasks/workloads, this will improve the overall workload performance for the host.
With DBU-based acceleration for NSX, NSX will offload the networking services to the DPU. It is like a GPU offloads graphics, only for data. This means that the NSX tasks are not performed by the hypervisor (vSphere ESXi), but are placed on the DPU. Basically you are installing a lightweight version of ESXi and the NSX component directly on the SmartNIC.
Reading and understanding the above mentioned information you can understand that running network security services on a DPU will enhance performance. The DPU-based implementation will support L2-L7 Firewalling, distributed IDS/IPS and other NSX security features. High-performance security capabilities are available as a tech preview feature in NSX 22.214.171.124. These features are currently not recommended for use in production environments.
Using DPU-based Acceleration will not impact how NSX is managed. You will create your Firewall and or IDS/IPS rules and configure Network Virtualization (Transport Nodes, Overlay Networking) the same way you are doing it today.