RDG for DPF Zero Trust (DPF-ZT) with OVN VPC DPU service Home

Solution Design

The logical design includes the following components:

  • 1 x Hypervisor node (KVM-based) with ConnectX-7:

    • 1 x Firewall VM

    • 1 x Jump Node VM

    • 1 x MaaS VM

    • 3 x K8s Master VMs running all K8s management components

  • 2 x Worker nodes (PCI Gen5), each with a 1 x BlueField-3 NIC

  • Single High-Speed (HS) switch

  • 1 Gb Host Management network

image-2025-7-16_9-44-6-version-1-modificationdate-1752740047267-api-v2.png

The pfSense firewall in this solution serves a dual purpose:

  • Firewall—provides an isolated environment for the DPF system, ensuring secure operations

  • Router—enables Internet access for the management network

Port-forwarding rules for SSH and RDP are configured on the firewall to route traffic to the jump node’s IP address in the host management network. From the jump node, administrators can manage and access various devices in the setup, as well as handle the deployment of the Kubernetes (K8s) cluster and DPF components.

The following diagram illustrates the firewall design used in this solution:

image-2025-5-7_10-44-2-1-version-1-modificationdate-1752740048703-api-v2.png

© Copyright 2025, NVIDIA. Last updated on Jul 17, 2025.