NVIDIA BlueField-2 User Manual

NVIDIA MELLANOX BLUEFIELD2

DATA PROCESSING UNIT DPU

NVIDIA® Mellanox® BlueField®-2 is a highly-integrated Data Processing Unit (DPU)
delivering advanced functionality, unmatched performance and agility for today’s most
demanding workloads. By combining the industry leading ConnectX
adapter with an array of Arm

®

cores, BlueField-2 delivers a perfect blend of hardware and

®

-6 Dx network

software accelerations.

Whether employed as a SmartNIC or as an embedded Storage Controller, BlueField-2
brings agile and high-performance solutions for security, machine learning, cloud, edge
computing, and storage applications while reducing total cost of ownership (TCO).

BlueField-2 is the second generation in the BlueField family of DPUs. It integrates an array
of eight powerful 64-bit Armv8 A72 cores interconnected by a coherent mesh with a DDR4
memory controller and a dual-port Ethernet or InfiniBand network adapter.

BlueField-2 supports two ports of 10/25/50/100 Gb/s or one port of 200 Gb/s Ethernet or
InfiniBand, one out-of-band management port for the Arm subsystem, and includes an
integrated 16-lane PCIe Gen 3.0/4.0 switch, offering endpoint and root complex capabilities.

At the heart of BlueField-2 is the industry leading ConnectX-6 Dx network adapter with
unprecedented built-in hardware functionality, performance and resiliency. BlueField-2
hardware accelerations include advanced RDMA/RoCE capabilities as well as innovative
cryptography, storage and networking accelerations. Relying on these built-in offloads,
the BlueField-2 powerful array of Arm cores can be programmed for sophisticated custom
accelerations and control path manipulations. BlueField-2 also benefits from the rich Arm
ecosystem to deliver complete solutions to cloud operators and service providers.

Key Applications

> Virtualized and bare metal cloud ser vices
> NVMe storage virtualization
> Network Function Virtualization (NFV)
> Security applications such as DDoS and

Deep Packet Inspection (DPI)

> Microservers built for edge computing

Key Features

> Eight 64-bit Armv8 A72 cores
> Dual ports of 10/25/50/100 Gb/s or

a single port of 200 Gb/s

> Supports Ethernet and InfiniBand protocols
> DDR4 memory controller with

ECC support

> 16-lane PCIe Gen3.0/4.0 switch
> Software programmability
> Hardware offloads including:

> Hardware Root of Trust
> Host isolation
> Zero-Touch RoCE (ZTR)
> Supports up to 4 multi-hosts
> 1GbE out-of-band management port

2

> ASAP

- Accelerated Switch and Packet

Processing

> NVMe SNAP™ storage emulation
> IPsec/TLS data-in-motion and AES-XTS

data-at-rest crypto accelerations

> Regular expression (RegEx) and

DPI accelerations

> SHA 256-bit hardware acceleration

®

NVIDIA MELLANOX BLUEFIELD-2 DPU | PRODUCT BRIEF | AUG20

TURNING ZERO TRUST TO HERO TRUST

BlueField-2 delivers isolation, security and cryptography accelerations, enabling
data center security at the endpoint with best-in-class performance, turning zero­trust to hero-trust.

Isolation – BlueField-2 as a SmartNIC functions as a “computer-in-front-of-a­computer”, unlocking unlimited opportunities for custom security applications on its
Arm processors, fully isolated from the host’s CPU. In the event of a compromised
host, BlueField-2 may detect and block malicious activities in real time and at wire
speed to prevent the attack from spreading further.

Cryptography Accelerations – From IPsec and TLS data-in-motion inline encryption
to AES-XTS block-level data-at-rest encryption and public key acceleration,
BlueField-2 hardware-based accelerations offload the crypto operations and free
up the CPU, reducing latency and enabling scalable crypto solutions. BlueField-2
“host-unaware” solutions may transmit and receive data, while BlueField-2 acts as a
bump-in-the-wire for crypto.

Securing Workloads – BlueField-2 accelerates connection tracking with its ASAP
Accelerated Switch and Packet Processing

®

technology to enable stateful filtering on
a per connection basis. Moreover, BlueField-2 includes a Titan IC regular expression
(Titan RXP

TM

) acceleration engine supported by IDS/IPS tools to detect host

introspection and application recognition in real time (NBAR).

Secure NIC – BlueField-2 hardware leverages Root-of-Trust secured boot and Arm
TrustZone technology to ensure integrity of the firmware and hardware. Using
hardware keys and a trusted execution environment, BlueField-2 can serve as the
keys' safebox providing anti-cloning and zero-trust access solutions.

2

-

EFFICIENT AND HIGHPERFORMANCE
CLOUD DEPLOYMENTS

Virtualized Cloud – By leveraging BlueField-2 virtualization offloads, data center
administrators can benefit from better server utilization, allowing more virtual
machines and more tenants on the same hardware, while reducing the TCO and
power consumption.

BlueField-2 virtualization accelerations include:

> Mellanox ASAP

switching and routing capabilities. OVS accelerations can be further customized
using BlueField-2 Arm processing power to offload the control path.

> Network overlay technology (V XL AN, NVGRE, Geneve) offloads, including

encapsulation and decapsulation, over tunneled protocols and Network Address
Translation (NAT) routing capabilities.

Bare Metal Deployments – BlueField-2 in bare metal deployments presents several
distinct advantages. For instance, it enables cloud providers to provision servers
while retaining the ability to control them and deploy policy rules in an isolated and
secured manner, totally transparent to the tenant.

More Smarts in the Edge – The BlueField-2 broad set of capabilities delivered in a
compact design is perfectly positioned for delivering microserver applications at the
edge of the network.

2

for Open vSwitch (OVS) with flexible, highly-efficient virtual

NVIDIA MELLANOX BLUEFIELD-2 DPU | PRODUCT BRIEF | AUG20