Solution Design
The logical design includes the following components:
1 x Hypervisor node (KVM-based) with ConnectX-7:
1 x Firewall VM
1 x Jump Node VM
1 x MaaS VM
3 x K8s Master VMs running all K8s management components
2 x Worker nodes (PCI Gen5), each with a 1 x BlueField-3 NIC
Single High-Speed (HS) switch
1 Gb Host Management network

The pfSense firewall in this solution serves a dual purpose:
Firewall—provides an isolated environment for the DPF system, ensuring secure operations
Router—enables Internet access for the management network
Port-forwarding rules for SSH and RDP are configured on the firewall to route traffic to the jump node’s IP address in the host management network. From the jump node, administrators can manage and access various devices in the setup, as well as handle the deployment of the Kubernetes (K8s) cluster and DPF components.
The following diagram illustrates the firewall design used in this solution:
