On Tue, 7 Apr 2009 19:04:00 +0300 Jussi Peltola <pe...@pelzi.net> wrote:
> On Tue, Apr 07, 2009 at 11:23:59AM -0400, Steve Shockley wrote:
> > On 4/7/2009 9:08 AM, Declan Ingram wrote:
> >>> How does that help if you're encrypting the connection to the
> >>> ExpEther server/device? I mostly trust that nobody is sniffing my
> >>> PCI bus, I'm less trusting when data goes over the network.
> >>
> >> Just tunnel it over SSH
> >
> > That's fine, but then how do I offload the load from the ssh
> > tunnel? That's probably going to be the same load as the original
> > ssl I'm offloading.
>
> not necessarily, ssh is one session, https is a stream of tiny ones.
> still, the point stands, encrypting bus data sounds pretty slow
> especially since it's latency sensitive
>
It seems the three of you, Jussi, Declan, and Steve, are thinking on
the wrong OSI level. ExpEther runs at Layer 2, raw ethernet frames,
and is used with a Layer 2 mesh switch. Though it is theoretically
possible to put a device on the other side of the globe and use a VLAN
(IEEE 802.1Q) to make it appear "local" to the switch, doing so would
obviously increase your latency considerably.
The typical mesh network configuration (in this sense) is limited to
4096 node topology, but it is possible to extend past this limitation by
combining/bridging them together. The partitioning within the network,
or better said assignment of PCIe devices from producers to consumers,
is done through VLANs.
If you've ever worked with low-latency, high-speed shared *memory*
interconnects in the HPC space ("High Performance Computing" - i.e.
Super Computing Clusters), such as Myrinet, you'd know maintaining
low latency within the cluster (i.e. datacenter) is very important, but
this problem was solved a long time ago.
Unlike Myrinet which is only a shared memory interconnect, ExpEther
gives you the ability to supposedly share any PCIe device. Even though I
just started working with this stuff, I'm currently unconvinced of the
claim of "any" PCIe device, but then again, I tend to be very skeptical
until I've got actual proof.
As for the mentioned issue of encrypting the bus data, since you've got
the VLAN it is feasible, but if you've got an attacker inside the
switches of your datacenter, then you obviously have more important
problems. Also, there are a number of applications where the "switch"
is actually an isolated back-plane of sorts built into the device
housing (think blade server), so it is completely cut off from what you
think of as normal network traffic.
--
J.C. Roberts
