BIOS IT Blog
Mitigate the Performance Penalty of Spectre and Meltdown with Mellanox
In early January 2018, major chip manufacturers announced that two vulnerabilities would affect processors currently deployed in millions of devices. Commonly referred to as ‘Meltdown’ and ‘Spectre’, these open the door for hackers to access sensitive user data. The flaw is the result of a common design practice employed by most modern processors, which has been publicly described as allowing an unprivileged attacker to bypass memory security restrictions and gain read access to privileged memory. These vulnerabilities allow an unprivileged local attacker to read privileged memory belonging to other processes or memory allocated to the kernel.
Patches were instantly made available by major chip and OS vendors, and BIOS IT recommended a BIOS microcode and OS update. A comprehensive list of devices affected along with associated patches issued by vendors can be found under https://meltdownattack.com/ or under the Vulnerability Note VU#584653.
Unfortunately, these patches can have a major impact on system performance – in some cases by up to -47% and those affected are strongly advised to evaluate the risk of patching versus the performance trade-off. Mellanox, a leading provider of high performance networking solutions, measured the impact on networking workloads. See before and after benchmark analysis results in figures 1-3.
There is some light at the end of the tunnel – in the form of SmartNICs from Mellanox. The widely reported performance impact can be avoided by deploying technologies that offload processing from the CPU by shouldering the burden of processing the TCP/IP and storage network stacks. Networking offload technologies such as RDMA and DPDK have demonstrated minimal to no degradation of performance
BIOS IT can present a more compelling case than ever to utilise server offload technologies that are available with Mellanox network adapters and switches.
With a 40 percent reduction in CPU cycles based on Meltdown our customers would have to double their hardware footprint to implement, a customer with 60 servers today would need to increase to 100 to 120 servers, at a cost of $1 million to $3.5 million to compensate for the application workload hit that would come with implementing the patch. As a result, many BIOS IT’s customers have put a freeze on the patch because they just don't have the capital budget to acquire the hardware to implement it.
Or simply put, our customers can instead invest in 60 dual port 100GbE NICs at an estimated cost of $50k, to alleviate the performance impact without having to double their hardware footprint!
In summary, reported workload performance degradation as a result of the Spectre and Meltdown security patches will have a huge impact on large data centers in both OpEx and CapEx, as servers will need to be replaced, or additional servers added to compensate for the performance losses. Mellanox ConnectX adapters with offload technologies, bypass the kernel and have a proven track record of accelerating performance.
Contact your BIOS IT representative today to discuss how Mellanox SmartNIC solutions such as ConnectX can mitigate Meltdown mess, and stop Spectre security slowdown.
Not what you're looking for? Check out our archives for more content