Eric Rydzkowski

The basic definition of a SmartNIC is simply a NIC that has intelligence and can be programmed. A good working definition is that a SmartNIC is a NIC that includes additional onboard computational resources accessible to the customer, along with the tools to program and utilize those resources.

With data center networking today at 25 GbE and moving to 50 GbE and 100 GbE, additional computational resources on a SmartNIC are becoming necessary to offload the server’s CPU for other tasks. Data center NICs today handle millions, and potentially more than one hundred million, network packets per second. Server CPU cores, even those clocked at or above 3 GHz, aren’t up to the task of inspecting and acting upon millions, much less tens of millions, of packets per second each. There aren’t enough instructions per second to keep up with these volumes.

Offloading

CPU offload is a significant value proposition for a SmartNIC. Computationally intensive tasks like hashing for blockchains and transcoding video can be handled by the SmartNIC itself, freeing up precious server CPU resources.

Blockchains rely on solving proof of work. The first node on a network that reaches a solution is provided a reward, and then permitted to bundle up and publish the next block on the chain. SmartNICs can hold the blockchain and pending transactions in memory while computing the next solution. If they win, then the SmartNIC publishes the block and moves on to the next block.

Video transcoding is another popular host CPU offload that lends itself well to SmartNICs. Transcoding video using adaptive-bitrate (ABR) compression to support mobile devices is another CPU-intensive task, particularly for live video applications. These compression tasks are extremely linear and have been ported to Field Programmable Gate Array (FPGA) based accelerators where they’ve proven to be 10X to 20X more efficient than general-purpose CPUs.

A SmartNIC could also include a basic Netfilter firewall, offloading the host CPU from filtering all inbound and outbound packets. Offloading this firewall to a SmartNIC could save the host CPU millions of instructions per second that could then be applied to the applications running on that server.

An excellent example of an FPGA-based SmartNIC that includes an Arm complex and a network processor is the Xilinx Alveo SN1000 SmartNIC.

SmartNICs are just recently appearing on the market but as datacenter networking speeds approach 50 and 100GbE, the need to offload server CPU exists more and more. Probably one of the biggest drivers toward this technology is going to be blockchain compute requirements followed by Video adaptive bitrate compression. Albeit a very niche use-case now, these cards will possibly become the norm in servers in the next 5 years.

What is DMARC?

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol.

What does DMARC actually do?

DMARC is a protocol that protects your organization from emails sent by fraudulent imposters. The most simplistic analogy is you can very easily send a nasty post mail to Prime Minister Trudeau but put your next door neighbor’s full name and return address on the envelope making the letter completely appear as if it was sent by your innocent neighbor. The exact same applies to email and DMARC is a method to prevent this from happening.

Why would you need it?

Lanworks has several customers in which their internal email address books have been compromised and used by fraudulent imposters to send phishing emails to their own customers. You can imagine the embarrassment and damage control required to convince your best customer that the well-crafted phishing email they just received with your president’s name in the “From” field is in fact fraudulent. This is reality and it happens all the time.   

How Does DMARC prevent this?

Now this is the complicated part of this Blog.

DMARC builds on the widely deployed SPF and DKIM protocols, adding ties to the author’s (“From:”) domain name. The SPF and DKIM fields are typically set in your DNS records  

SPF: allows senders to define which IP addresses are allowed to send mail for a particular domain.

DKIM: provides an encryption key and digital signature that verifies that an email message was not faked or altered.

DMARC: unifies the SPF and DKIM authentication mechanisms into a common framework and allows domain owners to declare how they would like email from that domain to be handled if it fails an authorization test.

The options for a failed email authorization are:

None: treat the mail the same as it would be without any DMARC validation

Quarantine: accept the mail but place it somewhere other than the recipient’s inbox (typically the spam folder)

Reject: reject the message outright and discard it

What Does a Simplistic DMARC enabled Email Flow Look Like?

Summary

DMARC is a very important and effect mechanism to prevent fraudulent or spoofed email and every company should implement it. That being said, DMARC is not that straight forward to correctly setup. Lanworks has the experience to properly deploy DMARC/SFP/DKIM and our professional team would be glad to provide the required consulting to perform the work.