Software Architecture
vKAE consists of the guest OS, host OS, and KAE hardware.
The vKAE acceleration process is similar to the process of using KAE on a physical machine to perform hardware acceleration for the RSA encryption and decryption algorithm. The High Performance RSA Engine (HPRE) device of the physical machine is used to create virtual functions (VFs). These VFs are then passed through to the VM, for the VM to use vKAE to perform hardware acceleration for the RSA encryption and decryption algorithm. All these are applicable in Nginx scenarios to improve network forwarding performance.
Figure 1 shows the vKAE feature architecture. Table 1 describes the functions of each module.
|
Name |
Function |
|---|---|
|
Host OS |
OS of the physical machine |
|
Guest OS |
OS of a VM |
|
KAE hardware |
Hardware implementation of the accelerator integrated in the Kunpeng 920 processor, which is not directly open to users |
|
KAE Kernel Space Driver (HPRE) |
Driver of the KAE accelerator card in kernel mode. HPRE is used in encryption and decryption scenarios to directly interact with the KAE accelerator card. Each HPRE device provides 1,024 queues for a Kunpeng 920 server. |
|
Physical function (PF) |
Supports the Peripheral Component Interconnect (PCI) function of Single Root I/O Virtualization (SR-IOV) and fully configures or controls Peripheral Component Interconnect express (PCIe) device resources. By default, a single PF uses 256 queues in an HPRE device. |
|
Virtual function (VF) |
A lightweight PCIe function that is associated with a PF. A VF can share one or more physical resources with the PF and other VFs associated with the same PF. 768 queues are reserved for VFs in one HPRE device. Number of VF queues = (1024 – Number of PF queues)/Number of VFs. The remainder queues are added to the last VF. You are advised to virtualize one PF into eight VFs. |
|
Warpdriver (WD) |
Acceleration driver, unified driver API in user mode |
|
UADK Driver |
The User-space Accelerator Development Kit (UADK) is a general accelerator solution based on the Unified/User-space-access-intended Accelerator Framework (UACCE) kernel module and Linux Shared Virtual Addressing (SVA). This solution provides a user-space library, and users need to call related APIs to implement required functions for hardware acceleration. |
|
KAE engine |
Intermediate layer between applications and hardware, which is responsible for the data input and output during encryption and decryption operations. The main operations include I/O read and write between user applications and the KAE hardware device. |
|
OpenSSL engine API |
Engine loading framework that is provided by OpenSSL for the third party, allowing users to use proprietary hardware to complete cryptographic algorithms |
|
EVP API |
EVP APIs are implemented by libcrypto to enable applications to perform cryptographic operations. The Core and Provider components are used to implement EVP APIs. |
|
OpenSSL API |
Open source application suite consisting of OpenSSL libcrypto, OpenSSL libssl, and OpenSSL CLI |
|
OpenSSL libcrypto |
OpenSSL cryptography library, which provides general cryptographic functions and contains a variety of encryption and decryption algorithms |
|
OpenSSL libssl |
Library in OpenSSL that supports TLS (SSL and TLS protocols) and depends on libcrypto |
|
Nginx |
Nginx application |