Solution Design

The logical design includes the following components:

• 1 x Hypervisor node (KVM based) with ConnectX-7

  • 1 x Firewall VM

  • 1 x Jump VM

  • 1 x MaaS VM

  • 3 x K8s Master VMs running all K8s management components

• 2 x Worker nodes (PCI Gen5), each with a 1 x BlueField-3 NIC

• Single High-Speed (HS) switch, 1 x L3 HS underlay network

• 1 Gb Host Management network

The following K8s logical design illustration demonstrates the main components of the DPF system, among them:

• 3 x K8s Master VMs running all K8s management components

• 2 x K8s Worker nodes (x86)

• 2 x K8s DPU Workers running DOCA services (OVN-K8s, HBN, DTS, BlueMan)

• 1 x Kamaji (K8s Control-Plane Manager)

• 1 x DPU Control Plane (Tenant Cluster)

• Connectivity to High-Speed/1Gb networks

The pfSense firewall in this solution serves a dual purpose:

• Firewall – provides an isolated environment for the DPF system, ensuring secure operations

• Router – enables internet access and connectivity between the host management network and the high-speed network

Port-forwarding rules for SSH and RDP are configured on the firewall to route traffic to the jump node’s IP address in the host management network. From the jump node, administrators can manage and access various devices in the setup, as well as handle the deployment of the Kubernetes (K8s) cluster and DPF components.

The following diagram illustrates the firewall design used in this solution: