Abstract:
Control and management plane applications such as serverless function orchestration and 4G/5G control plane functions are offloaded to smartNICs to reduce communication and processing latency. Such applications involve multiple inter-host interactions that were traditionally secured using SSL/TLS gRPC-based communication channels. Offloading the applications to smartNIC implies the security algorithms must also be offloaded. Otherwise, there is a need to send the application messages to the host VM/container for crypto operations, negating offload benefits. This work proposes crypto externs for Netronome Agilio smartNICs that implements authentication and confidentiality (encryption/decryption) using the ChaCha stream cipher algorithm. AES and ChaCha are two popular cipher suites, but ChaCha was chosen since none of the smartNICs have ChaCha-based crypto accelerators. However, smartNICs have restricted instruction set, and limited memory, making it difficult to implement security algorithms. This work identifies and addresses several challenges to implement ChaCha crypto primitives successfully. The evaluations show that the proposed crypto extern implementation satisfies the scalability requirement of popular applications such as serverless management functions and host in-band network telemetry.