News
2/25/2011
11:03 AM
George Crump
George Crump
Commentary
50%
50%

The Downsides Of OpenFCoE

A few weeks ago I wrote an entry about software based Fibre Channel over Ethernet (FCoE) called Open FCoE being offered by Intel. The immediate responses were questions asking if this is a sign of the end for the hardware based HBA providers? Open FCoE has a lot of promise but the downsides of OpenFCoE prove that it may not be for everyone.

A few weeks ago I wrote an entry about software based Fibre Channel over Ethernet (FCoE) called Open FCoE being offered by Intel. The immediate responses were questions asking if this is a sign of the end for the hardware based HBA providers? Open FCoE has a lot of promise but the downsides of OpenFCoE prove that it may not be for everyone.The advantage that Open FCoE should bring to the storage world is extremely cost effective block storage by leveraging 10GbE LAN on Motherboard (LOM) chips instead of expensive Converged Network Adapters (CNA). As I stated in the prior entry, this would allow a broader range of servers to participate in the fibre channel experience. Open FCoE is not nirvana though, we need to know what its limitations are.

The big problem that I think Open FCoE is going to have is providing consistent performance. While for the most part performance is still an unknown, we can make some assumptions. Open FCoE is going to almost certainly consume some of the server's CPU resources. The question is how much and whether or not that will be enough that you care. If you have powerful processors that are not being heavily utilized it probably will not matter. However if you have processors that will be taxed even occasionally software based FCoE may not be for you. This is especially important if you need a level of consistency in that performance. That is the challenge with a software based deliverable, it is counting on processor resources that it is sharing with other software on that server. As a result one of those other software components (operating system, hypervisor, application) can have a sudden spike in the processing resources it needs and with that you loose the predictability that is required for making service level commitments to application owners.

A hardware based Converged Network Adapter (CNA) is going to give you that predictability. Its performance will not be as impacted by a busy server whose CPU is off doing other things. In environments where predicable performance is needed CNAs are still going to be the best practice. As application performance becomes increasingly important and server virtualization continues its rapid growth the number of cases where predicable performance is going to be required will be a significant percentage of the HBA population.

A second challenge is that we are seeing an increasing number of cards provide special capabilities. In some cases that is an advanced Quality of Services (QoS) for bandwidth optimization or internal virtual switching on the card. In these cases not only does the card increase predictability by offloading the protocol from the main CPU, it also offloads another function (QoS or switching) from the CPU. As a result it increases predicability in two areas.

There are also some tactical potential downsides. First, somewhat obviously this is going to be an Ethernet only deliverable. This means that if you have an existing infrastructure with mostly fibre channel cards and switches or if you need 16GB fibre channel performance, Open FCoE is not going to be for you either. Also, you have to wait for the Operating System or Hypervisor that you use to actually pick up support for the standard.

What will happen in most data centers is that a mix of Open FCoE and CNAs will be deployed. Underutilized servers with minimal concern about applications suddenly spiking will be well served by Open FCoE. For applications that need consistent, predictable performance go with a CNA or a Fibre HBA card.

Track us on Twitter: http://twitter.com/storageswiss

Subscribe to our RSS feed.

George Crump is lead analyst of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. Find Storage Switzerland's disclosure statement here.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.