Offloading of crypto functions to smartNICS in cloud-native environments

Abstract

Microservices are a software architecture approach that allows to divide applications into smaller, independent services, making system maintenance and scalability easier. With the growth of cloud-native environments, microservices have become a fundamental part of distributed applications and their efficiency and scalability are even more critical for the operation of cloud infrastructures. In addition, we have recently observed a growing adoption of the concept related to offloading. Offloading is a technique used to lighten the processing load, allowing other processing units to be used. Network offloading has been widely used to ease the CPU load on network servers, allowing the CPU to perform other critical tasks. With the growing number of microservices, offloading has become an even greater necessity to ensure the efficiency of these distributed applications. In this sense, and still in line with offloading, TLS (Transport Layer Security) is a security protocol used to protect network communications and is especially important in Web applications. With the evolution of web applications, the use of the TLS protocol has become even more important, being an integral part of HTTP/2. Offloading via kTLS is a technique that allows hardware acceleration to process secure TLS communications, allowing to alleviate the CPU. This technique can be especially beneficial in cloud-native environments, where the demand for secure communications is high and efficiency is crucial in handling large amounts of traffic. There are academic works proposing what would become the kTLS kernel module, but in the academic scenario, so far, there are no comparisons of real use of the technology, although it is possible to find ta few echnical works for this purpose. Some works document the proposal of a kernel module capable of abstracting the cryptographic functions and allowing the offload via software and hardware. The purpose of this master's project is precisely to demonstrate the benefits of this module from the perspective of Web applications with microservices architecture. Observing the academic and commercial panorama available in the literature, it is possible to notice that there is an effort focused on the communication of microservices. However, current revised references do not focus on microservices environments with kTLS. Therefore, in this master's project, a solution capable of offloading encryption to NICs using kTLS will be developed.