Commex Technologies debuts 10-GbE virtualization NIC

The company's Vulcan SPV HT6210 Content Aware Virtualization NIC is now available on the HP ProLiant DL785 G5 server. The dual-channel, HTX-based 10GbE NIC is designed to bring significant system performance improvements by allowing more virtual machines (VMs) to work on the same physical network infrastructure.

September 11, 2009 -- Commex Technologies Ltd. (Tel Aviv, Israel) has introduced what it bills as "the industry's first virtualized HTX-based 10GbE network interface card (NIC)." The company's Vulcan SPV HT6210 Content Aware Virtualization NIC is now available on the HP ProLiant DL785 G5 server. Commex says the dual-channel, HTX-based 10GbE NIC brings significant system performance improvements by allowing more virtual machines (VMs) to work on the same physical network infrastructure.

"Commex content-aware virtualization technology enables more secure, scalable performance on virtualized multicore x86 systems in today's datacenters," says Erez Schwartz, CEO at Commex Technologies. "Because content-aware virtualization allows this NIC to intelligently improve the efficiency of servers, it's an ideal and creative solution in today's economic environment where everyone wants better cost/performance ratios and ROI."

Virtualization is one of the fastest growing developments in today's data center, notes Commex. Along with the benefits of server consolidation, more dynamic use of physical resources, and facilitated bring-up of new applications, virtualization also brings new challenges to servers in the data center including the need for: port-scalable, high bandwidth (e.g., 10 GbE) network interfaces; multicore scalable performance accommodating multiple workloads; support for new security scenarios, e.g. virtual security appliances.

Commex says its Content Aware Virtualization (CAV) technology addresses the above issues by enabling a highly scalable, more secure virtualized NIC solution. The CAV technology delivers the ability to classify incoming network traffic based on its content and send it to the correct destination (e.g., virtual machine). Classification includes L7 protocol and application format identification as well as a pattern match engine that identifies text patterns in the packet header and payload. Customers utilizing the Vulcan SPV HT6210 10GbE with Commex CAV can expect a more secure server environment with scalable performance leading to reduced TCO in the data center, contends the company.

Commex says that its CAV brings the following features into the virtualization world:

-- VPorts: Commex VPorts technology enables Commex NICs to present a single physical port as multiple virtual ports (network interfaces). These ports are perceived by the Hypervisor as multiple NICs allowing efficient network interface sharing. For example, each VM can have its own dedicated network interface. Additionally, VPorts provides a security benefit by allowing for finer separation of data flows for different applications previously running on separate servers, now co-residing.

-- MAC Classification Hardware Assist: In a virtualized environment, in order to able to share a NIC amongst multiple VMs, MAC switching is needed for sending a packet to its proper destination according to its MAC address. MAC switching consumes significant CPU resources thus limiting the system's overall performance and inhibiting scalability. MAC classification is an integral part of MAC switching. Commex uses an internal Content Addressable Memory (CAM) that classifies incoming MAC addresses and directs data packets to a designated interface of a guest O/S according to a "self learning" mechanism. The classification needed for MAC switching is done in hardware, thus offloading the host CPUs and improving performance scalability.

-- Selective Security Flow: With the fast uptake of virtualization, security appliance vendors are now offering "virtual security appliances" which run on a virtualized server (as opposed to a separate H/W appliance). To support this new scenario, there's a need to classify packets and decide which one of them should be sent to the security front-end. Commex content awareness can be leveraged to inspect packets and identify those that should be filtered through the security front-end.

-- Secure MAC Filtering: Currently, NICs in virtualized environments typically run in promiscuous mode. This mode of operation enables non-designated network traffic packets to reach the operating system imposing a potential security threat. Commex Secure MAC Filtering enables the server to deflect any data packets with unknown MAC address, data that could be malicious in nature.

The Vulcan SPV HT6210 Virtualization dual-channel 10GbE NIC uses AMD's Direct Connect Architecture by connecting directly to a multicore AMD Opteron processor via a 16-lane HyperTransport interface. The result is true multicore scalability of network traffic performance.

"The Commex Vulcan SPV HT6210 Virtualization NIC special features combined with the HTX connectivity for lower latency and higher performance bring extra value to customers," comments Mario Cavalli, General Manager of the HyperTransport Consortium. "Commex has succeeded in leveraging the key strengths of HyperTransport technology for virtualized environments."

Commex Vulcan SPV HT6210 Content Aware Virtualization NIC is currently available for evaluation on the HP ProLiant DL785 G5 server in an HTX form factor. The Commex Vulcan PCV G1210 NIC will be available for evaluation in a PCIe form factor in Q4 of this year.

On the Web:
www.commextech.com
www.hypertransport.org


More in IP Security & AV