Configure Host Based Firewall with NVIDIA BlueField DPU

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] firewall is one of the most critical cyber security elements in data centers on top of the main gateway network firewall information security professionals also implement a host-based firewall which is a software running on a single host classifying incoming and outgoing network activity only for that specific post host-based firewall prevents incoming network infections and the expansion of malware sent by already infected hosts distributed host firewall comes with a set of distinctive challenges a host-based firewall requires the use of cpu and memory slowing down network speeds and onloading security processes on the cpu the firewall is inefficient when it comes to bare metal usage limiting the user's available server resources when using host-based firewall the user is subject to trusting the host nvidia's bluefield dpu can run layer 4 firewall functions of the host inside the dpu this approach resolves these issues and yields the following benefits the host's cpu and memory are not occupied with firewall security processes allowing higher speeds and capacity bare metal use cases can be supported providing functional benefits the dpu is isolated from the host allowing the trust to fully shift onto the dpu the dpu provides line rate using its hardware engines let's go over the doka sdk documentation in nvidia's developer zone [Music] go to level four open v switch also known as ovs firewall here you will find all the information you need to get the system up and running head over to guide number five to view the configuration process in our demo we use one dpu server connected to a peer device we will show how applying a drop rule on the dpu only allows for initiated connections from within the server to be established here we have the dpu host physical interface configuration this is the pure host physical interface configuration and this is the dpu ovs bridge now let's ping the pure host from the dpu host now we will ping the dpu host from pierhost now we will show the default rule created by the ovs we will now apply the firewall rules using the openflow command this rule enables incoming traffic to the server only if it is in response to traffic originating from it our ping from the dpu host is still working as it originates from the server now we will see the current active rules drop rules is activated there is no answer to ping from the peer host to the dpu host so we will now stop the ping we can see that drop rule statistics do not progress because we stopped the ping we have seen how we can use the dpu as layer 4 firewall while leveraging multiple advantages thank you for watching

Info

Channel: NVIDIA Developer

Views: 21,048

Rating: 4.019608 out of 5

Keywords: #DPU, #DPU NVIDIA, #CPU, #DataCenter, DPU Architecture, #API, #cybersecurity, #firewall, #malware, #infosec, #AI, #ioT

Id: uXbpac7jkiE

Channel Id: undefined

Length: 3min 32sec (212 seconds)

Published: Mon Oct 04 2021