News
2/25/2011
11:03 AM
George Crump
George Crump
Commentary
50%
50%

The Downsides Of OpenFCoE

A few weeks ago I wrote an entry about software based Fibre Channel over Ethernet (FCoE) called Open FCoE being offered by Intel. The immediate responses were questions asking if this is a sign of the end for the hardware based HBA providers? Open FCoE has a lot of promise but the downsides of OpenFCoE prove that it may not be for everyone.

A few weeks ago I wrote an entry about software based Fibre Channel over Ethernet (FCoE) called Open FCoE being offered by Intel. The immediate responses were questions asking if this is a sign of the end for the hardware based HBA providers? Open FCoE has a lot of promise but the downsides of OpenFCoE prove that it may not be for everyone.The advantage that Open FCoE should bring to the storage world is extremely cost effective block storage by leveraging 10GbE LAN on Motherboard (LOM) chips instead of expensive Converged Network Adapters (CNA). As I stated in the prior entry, this would allow a broader range of servers to participate in the fibre channel experience. Open FCoE is not nirvana though, we need to know what its limitations are.

The big problem that I think Open FCoE is going to have is providing consistent performance. While for the most part performance is still an unknown, we can make some assumptions. Open FCoE is going to almost certainly consume some of the server's CPU resources. The question is how much and whether or not that will be enough that you care. If you have powerful processors that are not being heavily utilized it probably will not matter. However if you have processors that will be taxed even occasionally software based FCoE may not be for you. This is especially important if you need a level of consistency in that performance. That is the challenge with a software based deliverable, it is counting on processor resources that it is sharing with other software on that server. As a result one of those other software components (operating system, hypervisor, application) can have a sudden spike in the processing resources it needs and with that you loose the predictability that is required for making service level commitments to application owners.

A hardware based Converged Network Adapter (CNA) is going to give you that predictability. Its performance will not be as impacted by a busy server whose CPU is off doing other things. In environments where predicable performance is needed CNAs are still going to be the best practice. As application performance becomes increasingly important and server virtualization continues its rapid growth the number of cases where predicable performance is going to be required will be a significant percentage of the HBA population.

A second challenge is that we are seeing an increasing number of cards provide special capabilities. In some cases that is an advanced Quality of Services (QoS) for bandwidth optimization or internal virtual switching on the card. In these cases not only does the card increase predictability by offloading the protocol from the main CPU, it also offloads another function (QoS or switching) from the CPU. As a result it increases predicability in two areas.

There are also some tactical potential downsides. First, somewhat obviously this is going to be an Ethernet only deliverable. This means that if you have an existing infrastructure with mostly fibre channel cards and switches or if you need 16GB fibre channel performance, Open FCoE is not going to be for you either. Also, you have to wait for the Operating System or Hypervisor that you use to actually pick up support for the standard.

What will happen in most data centers is that a mix of Open FCoE and CNAs will be deployed. Underutilized servers with minimal concern about applications suddenly spiking will be well served by Open FCoE. For applications that need consistent, predictable performance go with a CNA or a Fibre HBA card.

Track us on Twitter: http://twitter.com/storageswiss

Subscribe to our RSS feed.

George Crump is lead analyst of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. Find Storage Switzerland's disclosure statement here.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I don't think that's how Augmented Reality works."
Current Issue
The Changing Face of Identity Management
Mobility and cloud services are altering the concept of user identity. Here are some ways to keep up.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.