News
2/25/2011
11:03 AM
George Crump
George Crump
Commentary
50%
50%

The Downsides Of OpenFCoE

A few weeks ago I wrote an entry about software based Fibre Channel over Ethernet (FCoE) called Open FCoE being offered by Intel. The immediate responses were questions asking if this is a sign of the end for the hardware based HBA providers? Open FCoE has a lot of promise but the downsides of OpenFCoE prove that it may not be for everyone.

A few weeks ago I wrote an entry about software based Fibre Channel over Ethernet (FCoE) called Open FCoE being offered by Intel. The immediate responses were questions asking if this is a sign of the end for the hardware based HBA providers? Open FCoE has a lot of promise but the downsides of OpenFCoE prove that it may not be for everyone.The advantage that Open FCoE should bring to the storage world is extremely cost effective block storage by leveraging 10GbE LAN on Motherboard (LOM) chips instead of expensive Converged Network Adapters (CNA). As I stated in the prior entry, this would allow a broader range of servers to participate in the fibre channel experience. Open FCoE is not nirvana though, we need to know what its limitations are.

The big problem that I think Open FCoE is going to have is providing consistent performance. While for the most part performance is still an unknown, we can make some assumptions. Open FCoE is going to almost certainly consume some of the server's CPU resources. The question is how much and whether or not that will be enough that you care. If you have powerful processors that are not being heavily utilized it probably will not matter. However if you have processors that will be taxed even occasionally software based FCoE may not be for you. This is especially important if you need a level of consistency in that performance. That is the challenge with a software based deliverable, it is counting on processor resources that it is sharing with other software on that server. As a result one of those other software components (operating system, hypervisor, application) can have a sudden spike in the processing resources it needs and with that you loose the predictability that is required for making service level commitments to application owners.

A hardware based Converged Network Adapter (CNA) is going to give you that predictability. Its performance will not be as impacted by a busy server whose CPU is off doing other things. In environments where predicable performance is needed CNAs are still going to be the best practice. As application performance becomes increasingly important and server virtualization continues its rapid growth the number of cases where predicable performance is going to be required will be a significant percentage of the HBA population.

A second challenge is that we are seeing an increasing number of cards provide special capabilities. In some cases that is an advanced Quality of Services (QoS) for bandwidth optimization or internal virtual switching on the card. In these cases not only does the card increase predictability by offloading the protocol from the main CPU, it also offloads another function (QoS or switching) from the CPU. As a result it increases predicability in two areas.

There are also some tactical potential downsides. First, somewhat obviously this is going to be an Ethernet only deliverable. This means that if you have an existing infrastructure with mostly fibre channel cards and switches or if you need 16GB fibre channel performance, Open FCoE is not going to be for you either. Also, you have to wait for the Operating System or Hypervisor that you use to actually pick up support for the standard.

What will happen in most data centers is that a mix of Open FCoE and CNAs will be deployed. Underutilized servers with minimal concern about applications suddenly spiking will be well served by Open FCoE. For applications that need consistent, predictable performance go with a CNA or a Fibre HBA card.

Track us on Twitter: http://twitter.com/storageswiss

Subscribe to our RSS feed.

George Crump is lead analyst of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. Find Storage Switzerland's disclosure statement here.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4692
Published: 2015-07-27
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.

CVE-2015-1840
Published: 2015-07-26
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space cha...

CVE-2015-1872
Published: 2015-07-26
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via craft...

CVE-2015-2847
Published: 2015-07-26
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.

CVE-2015-2848
Published: 2015-07-26
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!