The NVIDIA® BlueField® DPU is a data center infrastructure on a chip that combines a high-speed networking interface with powerful, software-programmable Arm cores, enabling breakthrough networking, storage, and security performance. Many of the world's top server manufacturers offer, or are building, systems powered by BlueField DPUs. The BlueField DPU offloads, accelerates, and isolates a broad range of software-defined infrastructure services which used to previously run on the host's CPU, overcoming performance and scalability bottlenecks and eliminating security threats in modern data centers.
BlueField DPUs transform traditional computing environments into secure and accelerated data centers, allowing organizations to efficiently run data-driven, cloud-native applications alongside legacy applications. By decoupling the data center infrastructure from business applications, BlueField DPUs enhance data center security, streamline operations, and reduce total cost of ownership.
To read more about the BlueField-3 DPU's features and benefits, refer to this page.
To read more about the BlueField-2 DPU's features and benefits, refer to this page.
The BlueField DPU contains a programmable CPU based on Arm cores, a state-of-the-art NVIDIA® ConnectX®, and an enhanced set of security, storage, and networking accelerators that can be configured to perform multiple software-defined, hardware-accelerated functions. With a BlueField DPU, a software-defined network, and/or software-defined storage solution can be deployed and offloaded from the main host CPU in the server. Similarly, other dedicated services (e.g., distributed firewall, deep packet inspection, malware detection) can run on the BlueField DPU and can be accelerated with zero CPU overheads.
The BlueField DPU resembles a server embedded within the server itself, creating a secure environment where an infrastructure stack can operate independently from the primary (i.e., host) CPU, effectively isolating it from the untrusted tenant applications.
This is the recommended mode for utilizing the DPU in which software running on the host CPU has no direct access to the DPU. For instance, in a scenario where a cloud service provider is responsible for managing both networking and storage in a cloud infrastructure stack, it can establish an isolated environment within the DPU.
By default, the DPU boots in trusted mode. Therefore, users must change the mode to zero-trust mode.
The following subsections detail the available modes of operation.
NIC Mode
DPU behaves exactly like a network adapter (NIC)
Host is in full control of NIC functionality
All NIC offloads (as in NVIDIA® ConnectX® offloads) enabled and available for the host
DPU Arm cores are halted and Arm OS stops running
DPU Mode
Default mode
Host-trusted mode
Arm OS has embedded function (ECPF) ownership and controls the NIC's resources and data path
DPU controls and enforces network policies with the option of enforcing storage and security policies
DPU is the trusted function managed by the data center and host administrator
Zero-trust Mode
Arm OS has embedded function (ECPF) ownership and controls the NIC's resources and data path
DPU controls and enforces network policies with the option of enforcing storage and security policies
Host is isolated; management from the host via PCIe edge connector is blocked
Desired, safest state
