订阅内容

Managing a data center can be demanding and costly, and so there's a clear need for high-performance, cost-efficient general compute, networking, and storage solutions. Red Hat, Senao Networks, and Intel have joined forces to bring you the Senao SX904 Next-Gen NetSec Accelerator that tackles these challenges in innovative ways. Of course this solution integrates seamlessly with Red Hat's comprehensive enterprise platform offerings, including Red Hat Enterprise Linux (RHEL)Red Hat Device Edge and Red Hat OpenShift. In this article, we demonstrate how adding the Senao SX904 Next-Gen NetSec Accelerator PCIe card to an OpenShift cluster enables scaling of accelerated containerized workloads.

Red Hat products everywhere on the SX904

 

The Senao SX904 is essentially a data center server packaged in a PCIe form factor built on Intel® NetSec Accelerator Reference Design, as described in the SX904 datasheet. It's powered by the Intel® Xeon® D processor (codenamed Ice Lake), dual-25G Intel® Ethernet Controller E810 (codenamed Columbiaville), and MCIO for quad NVMe storage. Offering compute and security hardware acceleration, the SX904 delivers the processing capabilities required by today’s modern compute and storage intensive workloads.

The SX904 PCIe card

 

Designed to tackle a wide range of use cases for general compute, networking, and storage, the SX904 is certified by Red Hat and available through the Red Hat Ecosystem Catalog, so you get full support and long-term maintenance with RHEL 9.4+ and OpenShift 4.16+.

The benefits of Red Hat platform technologies and the Senao SX904 Next-Gen NetSec Accelerator

The SX904 addresses the challenges of physical space limitations in scaling on-site data centers and reduces the need for purchasing additional rack servers. It integrates smoothly by simply plugging the card in existing servers that run on Red Hat software solutions, adding compute and storage nodes without significant cost or complexity, thereby extending the life of your existing server assets. This powerful PCIe card provides a way to transform how compute resources are deployed in the traditional datacenter and in external edge compute locations, thanks to:

  • Total cost of ownership: The old adage that "more is better" isn't always true in computing. Adding another server to your cluster isn't always the right answer, and the SX904 highlights this. Instead of investing in more of what you already have, adding an SX904 card into an existing server enables a powerful and independently managed co-processor. The 10 Core SX904 has a cost of approximately $2,300 (USD). A comparable server platform with similar compute capacity (for instance, an Intel® Xeon® Silver 4309Y processor with 8 cores, 32 GB RDIMM, 480 GB SSD, and a Dual Port 10/25 GbE Network Adapter) retails for approximately $7,000 (USD)
  • Greater efficiency to help minimize costs: A complete server system on a PCIe card mitigates the need for expensive hardware overhauls or long lead times for various components
  • A design primed for the rigors of edge computing: The SX904 supports local data processing, security, AI Inferencing at the edge, and helps applications to run smoothly, whether they’re in-house or third-party. Plus, with native compatibility for x86 architecture, porting existing applications to the SX904 is a breeze
  • Powerful Intel architecture: The SX904 is driven by the Intel Xeon D processor. It can handle compute-intensive tasks and AI applications, while also leaning on the advanced AI instruction sets of the processor cores to help get your operations ready for intelligent workloads
  • Smooth optimization for Red Hat Enterprise Linux and Red Hat OpenShift: With the SX904, it's easy to deploy hybrid cloud strategies that build on the world’s leading enterprise Linux platform and the industry’s leading hybrid cloud application platform powered by Kubernetes

Making workload offloading less of a load

By combining the Senao SX904 Next-Gen NetSec Accelerator and RHEL, you can migrate workloads that you were running on x86 servers to the dedicated Intel Xeon D processor on the PCIe card. With the SX904 taking the workload, you can better optimize the performance of and offload security-based applications, including advanced firewall solutions.

Running network security applications on SX904 running RHEL

 

OpenShift and the SX904

You can deploy the SX904 as a bare-metal node in OpenShift to more readily unleash the full potential of your containerized workloads. This allows you to benefit from OpenShift’s application ecosystem, portability, efficient resource utilization, and automated scaling. The SX904 with OpenShift provides for high availability with self-healing and rolling updates, while helping to simplify microservices management and security through advanced isolation features. Backed by OpenShift’s robust support and ecosystem, the SX904 provides a streamlined, ready-to-go hardware solution for deploying and managing modern applications at scale.

SX904 deployed as a single node OpenShift instance.

 

Provisioning Red Hat OpenShift on the host with SX904

With the SX904 installed as the single node Openshift (SNO) node, a few modifications to the SX904 node are needed to allow for connectivity between the host and the SX904. By default, there is no network connection between the host and the SX904.

By adding a Linux bridge between the backplane and external 25G interfaces as a Day-2 Operation on the SX904, the host shares the same Layer 2 network as the SX904. This allows both the host and the SX904 to access the Openshift control plane hosted on the SX904 as part of SNO. This can be done by adding the following network manager configuration through machine configuration:

Firstly we need to define the Linux bridge network manager connection as shown here:

# cat br0.nmconnection
[connection]
id=br0
uuid=86f88cbc-5fb5-458a-976c-c95ab33021b8
type=bridge
autoconnect-priority=-100
autoconnect-retries=1
interface-name=br0
multi-connect=1

[ethernet]

[bridge]
stp=false

[ipv4]
method=auto

[ipv6]
method=auto

Then for each of the external and host-facing interfaces, we need to define the network manager connection that references the Linux bridge connection we created above. The following network manager connection is for the external interface.

# cat enp244s0f0.nmconnection
[connection]
id=enp244s0f0
uuid=9671d7e8-354f-4977-a77a-3a36242d7d00
type=ethernet
autoconnect-priority=-100
autoconnect-retries=1
controller=86f88cbc-5fb5-458a-976c-c95ab33021b8
interface-name=enp244s0f0
master=86f88cbc-5fb5-458a-976c-c95ab33021b8
multi-connect=1
port-type=bridge 
slave-type=bridge

[ethernet]
 
[bridge-port] 

The following is the network manager configuration for the host-facing network connection. The configuration is similar to the external interface.

#cat enp244s0f2.nmconnection
[connection]
id=enp244s0f2
uuid=f3c0f4ab-5a42-4ed1-9271-56046d7ffb2e
type=ethernet
autoconnect-priority=-100
autoconnect-retries=1
controller=86f88cbc-5fb5-458a-976c-c95ab33021b8
interface-name=enp244s0f2
master=86f88cbc-5fb5-458a-976c-c95ab33021b8
multi-connect=1
port-type=bridge
slave-type=bridge

[ethernet]

[bridge-port]

These files can be then encoded to base64 with the following command:

cat <interface_name>.nmconnection | base64

These base64 encoded values would be used to store the file contents for the OpenShift machine configuration as shown below:

# cat 11-master-linux-bridge.yaml
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
 labels:
   machineconfiguration.openshift.io/role: master
 name: 11-master-linux-bridge
spec:
 config:
   ignition:
     version: 3.2.0
   storage:
     files:
     - contents:
         source: data:;base64,W2Nvbm5lY3Rpb25dCmlkPWVucDI0NHMwZjAKdXVpZD05NjcxZDdlOC0zNTRmLTQ5NzctYTc3YS0zYTM2MjQyZDdkMDAKdHlwZT1ldGhlcm5ldAphdXRvY29ubmVjdC1wcmlvcml0eT0tMTAwCmF1dG9jb25uZWN0LXJldHJpZXM9MQpjb250cm9sbGVyPTg2Zjg4Y2JjLTVmYjUtNDU4YS05NzZjLWM5NWFiMzMwMjFiOAppbnRlcmZhY2UtbmFtZT1lbnAyNDRzMGYwCm1hc3Rlcj04NmY4OGNiYy01ZmI1LTQ1OGEtOTc2Yy1jOTVhYjMzMDIxYjgKbXVsdGktY29ubmVjdD0xCnBvcnQtdHlwZT1icmlkZ2UKc2xhdmUtdHlwZT1icmlkZ2UKCltldGhlcm5ldF0KClticmlkZ2UtcG9ydF0K
       path: /etc/NetworkManager/system-connections/enp244s0f0.nmconnection
       filesystem: root
       mode: 0600
     - contents:
         source: data:;base64,W2Nvbm5lY3Rpb25dCmlkPWVucDI0NHMwZjIKdXVpZD1mM2MwZjRhYi01YTQyLTRlZDEtOTI3MS01NjA0NmQ3ZmZiMmUKdHlwZT1ldGhlcm5ldAphdXRvY29ubmVjdC1wcmlvcml0eT0tMTAwCmF1dG9jb25uZWN0LXJldHJpZXM9MQpjb250cm9sbGVyPTg2Zjg4Y2JjLTVmYjUtNDU4YS05NzZjLWM5NWFiMzMwMjFiOAppbnRlcmZhY2UtbmFtZT1lbnAyNDRzMGYyCm1hc3Rlcj04NmY4OGNiYy01ZmI1LTQ1OGEtOTc2Yy1jOTVhYjMzMDIxYjgKbXVsdGktY29ubmVjdD0xCnBvcnQtdHlwZT1icmlkZ2UKc2xhdmUtdHlwZT1icmlkZ2UKCltldGhlcm5ldF0KClticmlkZ2UtcG9ydF0KCg==
       path: /etc/NetworkManager/system-connections/enp244s0f2.nmconnection
       filesystem: root
       mode: 0600
     - contents:
         source: data:;base64,W2Nvbm5lY3Rpb25dCmlkPWJyMAp1dWlkPTg2Zjg4Y2JjLTVmYjUtNDU4YS05NzZjLWM5NWFiMzMwMjFiOAp0eXBlPWJyaWRnZQphdXRvY29ubmVjdC1wcmlvcml0eT0tMTAwCmF1dG9jb25uZWN0LXJldHJpZXM9MQppbnRlcmZhY2UtbmFtZT1icjAKbXVsdGktY29ubmVjdD0xCgpbZXRoZXJuZXRdCgpbYnJpZGdlXQpzdHA9ZmFsc2UKCltpcHY0XQptZXRob2Q9YXV0bwoKW2lwdjZdCm1ldGhvZD1hdXRvCgo=
       path: /etc/NetworkManager/system-connections/br0.nmconnection
       filesystem: root
       mode: 0600

Lastly, apply the machine configuration file to have the Linux bridge created on the SX904 (please note that the SX904 will reboot to apply these changes):

# oc apply -f 11-master-linux-bridge.yaml                                                                                                                 
machineconfig.machineconfiguration.openshift.io/11-master-linux-bridge created

After the SX904 reboots with the Linux bridge created, the host can be provisioned with any method of adding hosts with the Assisted Installer.

)

 

Scaling pods with SX904

After the host gets added to the cluster, applications are able to scale horizontally between the host and the SX904.

# oc get nodes
NAME        STATUS   ROLES                         AGE   VERSION
sx904       Ready    control-plane,master,worker   20d   v1.29.6+aba1e8d
host.server Ready    worker                        20d   v1.29.6+aba1e8d

For example, a simple NGINX web server can be scaled across host and SX904 nodes:

# oc get pods
NAME                READY STATUS   IP           NODE
nginx-deploy-6f7d... 1/1  Running  10.129.0.98  host.server
nginx-deploy-6f7d... 1/1  Running  10.129.0.96  host.server
nginx-deploy-6f7d... 1/1  Running  10.129.0.97  host.server
nginx-deploy-6f7d... 1/1  Running  10.128.0.201 sx904
nginx-deploy-6f7d... 1/1  Running  10.128.0.200 sx904
nginx-deploy-6f7d... 1/1  Running  10.128.0.202 sx904

Accessing these NGINX pods shows that OpenShift load balances requests across pods running on the host or SX904:

# oc logs nginx-deployment-6f7d5c8f7f-jbgh6 | grep GET
100.64.0.2 - - [22/Aug/2024:18:23:22 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.76.1" "-"
# oc logs nginx-deployment-6f7d5c8f7f-vd76h | grep GET
100.64.0.2 - - [22/Aug/2024:18:23:23 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.76.1" "-"

This simple example of scaling web microservices is just the tip of the iceberg of what can be done for offloading workloads on the SX904.

Better streamline your datacenter with Senao SX904 and Red Hat

The Senao SX904 Next-Gen NetSec Accelerator features a baseboard management controller (BMC) that leverages the DMTF Redfish standard, enabling automated, highly scalable deployments with minimal effort. Its robust web interface is integrated with the processor's serial console through iKVM, and offers easy debugging for a hassle-free experience.

With the SX904, powerful provisioning is just a few clicks away. Administrators can more easily manage RHEL and OpenShift installations through user-friendly graphical web interfaces and Redfish HTTP/REST APIs. The result is a streamlined deployment process with greater reliability that empowers your datacenter to operate at a higher efficiency.

Whether you’re scaling workloads, compute offloading, or enhancing security, the SX904 with Red Hat’s platform of hybrid cloud technologies empowers your data center to operate more efficiently, more smoothly and at scale.


关于作者

William Zhao joined Red Hat in 2021. William Zhao is a Senior Software Engineer working on enabling Data Processing Units (DPUs) and SmartNICs within the Red Hat ecosystem including OpenShift. He is currently an individual contributor in the Network Hardware Enablement (NHE) team.

Read full bio

Rashid Khan is a seasoned technology leader with over 25 years of engineering expertise, currently serving as the Senior Director of Core Platforms at Red Hat. In this role, he oversees the development and strategic direction of networking technologies, focusing on innovation in cloud and bare metal networking. His work extends to significant contributions in hardware enablement for the edge, cloud and AI. Rashid is also actively involved in the open source communities, holding esteemed positions such as Chairman of the Board of Governors at DPDK (Data Plane Development Kit) under the Linux Foundation. Furthermore, he is a member of the Board of Governors at OPI (Open Platform Initiative) within the Linux Foundation, where he plays a pivotal role in shaping the future of open source technologies and their applications across various industries. Rashid's commitment to advancing technology and fostering a collaborative ecosystem reflect his deep dedication to both innovation and community building.

Read full bio

Dirk Blevins is a Senior Platform Architect, Senior Principal Engineer for Intel Corporation’s Networking and EDGE division for the last 24 years. Dirk's particular expertise is in networking solutions and Edge architecture such as SASE, vRAN, AI, and SD-WAN utilizing virtualized networks to allow greater flexibility in applications and solutions deployed closer to the customer.

Read full bio

Jean Chen is a Business Development and Product Marketing Manager in Senao Networks’ Computing Network Business Unit. Jean is passionate about advancing data center computing capabilities particularly via developing next generation x86 based products.

Read full bio

Jay has over 30 years of experience devoted to Information Systems development, implementation, and operations. The last 10 Years has been devoted to optimization of networking for Network Function Virtualization and Software Defined Networking. Jay leads the implementation of new TCO optimized platforms for scaling security and analytics on Edge Computing utilizing high performance silicon and optimized software for complete edge computing solutions.

Read full bio

John is the Director of Engineering for the Platform Solution Architecture team within the Network and Edge group at Intel. John leads a dynamic, world-class team of engineers dedicated to pioneering the next generation of Open Modular Network and Edge systems with a focus on driving innovation through open platform and SW architecture standards delivering fully dimensioned, integrated, and benchmarked workload-optimized solution blueprints in collaboration with OxM, OSV, and ISV partners.

Read full bio

Accomplished Software Engineering Manager with 20+ years of experience driving innovation, collaboration, and growth. Expertise in Linux networking development, cross-functional team leadership, and strategic partnerships.
Since May 2021, I have spearheaded Red Hat's network hardware enablement team, pioneering joint solutions with Intel, NVIDIA, and other industry leaders. Our groundbreaking work integrates Infrastructure Processing Units (IPUs) and Data Processing Units (DPUs) with Red Hat Enterprise Linux (RHEL) and OpenShift Container Platform (OCP), unlocking cloud and edge computing capabilities.

Read full bio

Franck Baudin is responsible for the CNF technical strategy within Red Hat’s product management team. He currently focuses on providing high performance network connectivity to VNFs: SR-IOV, OVS-DPDK, SmartNICs.

He’s been working as a Software Architect in the Telecom and router industry for more than 25 years, on FreeBSD, Linux, IPSec, Deep-Packet-Inspection. He has also been involved in DPDK since its initial development.

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

按频道浏览

automation icon

自动化

有关技术、团队和环境 IT 自动化的最新信息

AI icon

人工智能

平台更新使客户可以在任何地方运行人工智能工作负载

open hybrid cloud icon

开放混合云

了解我们如何利用混合云构建更灵活的未来

security icon

安全防护

有关我们如何跨环境和技术减少风险的最新信息

edge icon

边缘计算

简化边缘运维的平台更新

Infrastructure icon

基础架构

全球领先企业 Linux 平台的最新动态

application development icon

应用领域

我们针对最严峻的应用挑战的解决方案

Original series icon

原创节目

关于企业技术领域的创客和领导者们有趣的故事