2.1. DOCA App Shield / DOCA 应用程序屏蔽
DOCA App Shield library API offers intrusion detection capabilities using the built-in hardware services of the DPU to collect data from the host's memory space. App Shield makes it possible to detect attacks on critical services in the host system. This library leverages the DPU's direct memory access (DMA) capability to monitor the host's memory space directly without involving the host's operating system nor CPU.
DOCA App Shield 库 API 提供入侵检测功能,使用 DPU 的内置硬件服务从主机的内存空间收集数据。 App Shield 可以检测对主机系统中关键服务的攻击。 该库利用 DPU 的直接内存访问 (DMA) 功能直接监控主机的内存空间,而不涉及主机的操作系统或 CPU。
2.2. DOCA Arg Parser
DOCA Arg Parser library offers DOCA-based programs an easy and simple command-line interface. Arg Parser supports both regular command-line arguments and a JSON mode that accepts a JSON file containing the required arguments.
DOCA Arg Parser 库为基于 DOCA 的程序提供了一个简单易用的命令行界面。 Arg Parser 支持常规命令行参数和接受包含所需参数的 JSON 文件的 JSON 模式。
2.3. DOCA Comm Channel
DOCA Comm Channel library creates a secure, network-independent communication channel between the host and the DPU. Comm Channel provides a client-server API.
Comm Channel is reliable and message-based. It offers a notification mechanism that can be used by Linux system calls (e.g., epoll, poll, select) and support for multiple connections on the server-side.
DOCA Comm Channel 库在主机和 DPU 之间创建了一个安全的、独立于网络的通信通道。 Comm Channel 提供客户端-服务器 API。
Comm Channel 可靠且基于消息。 它提供了一种可供 Linux 系统调用(例如 epoll、poll、select)使用的通知机制,并支持服务器端的多个连接。
2.5. DOCA Core
The DOCA Core library provides a unified interface to construct standardized DOCA workflows that other libraries and applications can build upon.
DOCA 核心库提供了一个统一的接口来构建其他库和应用程序可以构建的标准化 DOCA 工作流。
2.6. DOCA DMA
The DOCA Direct Memory Access (DMA) library offers an API for copying data buffers between the host and the DPU using hardware acceleration, supporting both local and remote copy. DMA allows the execution of complex memory operations in an optimized, hardware-accelerated manner.
DOCA 直接内存访问 (DMA) 库提供了一个 API,用于使用硬件加速在主机和 DPU 之间复制数据缓冲区,同时支持本地和远程复制。 DMA 允许以优化的硬件加速方式执行复杂的内存操作。
2.7. DOCA DPA
The DOCA DPA library offers a programming model for offloading communication-centric user code to run on the DPA processor on NVIDIA® BlueField®-3 DPU.
DOCA DPA provides a high-level programming interface to the DPA processor.
DOCA DPA 库提供了一个编程模型,用于卸载以通信为中心的用户代码,以便在 NVIDIA® BlueField®-3 DPU 上的 DPA 处理器上运行。
DOCA DPA 为 DPA 处理器提供高级编程接口。
2.8. DOCA DPI
DOCA Deep Packet Inspection (DPI) library offers a deep examination of data packets as they traverse a monitored network checkpoint. DPI provides a robust mechanism for enforcing network packet filtering, as it can be used to identify or block a range of complex threats due to efficient data stream inspection.
DPI leverages the RegEx engine on the DPU which can very efficiently parse regular expressions found in packets.
DOCA DPI has built-in gRPC support.
DOCA 深度包检测 (DPI) 库在数据包穿过受监控的网络检查点时提供对数据包的深度检查。 DPI 提供了一种强大的机制来执行网络数据包过滤,因为它可以用于识别或阻止由于有效的数据流检查而产生的一系列复杂威胁。
DPI 利用 DPU 上的 RegEx 引擎,它可以非常有效地解析数据包中的正则表达式。
DOCA DPI 具有内置的 gRPC 支持。
2.9. DOCA Erasure Coding
The DOCA Erasure Coding library provides an API to encode and decode data using hardware acceleration, supporting both the host and NVIDIA® BlueField® DPU memory regions.
DOCA Erasure Coding recovers lost data fragments by creating generic redundancy fragments (backup). Each redundancy block that the library creates can help recover any block in the original data should total loss of a fragment occur.
DOCA Erasure Coding increases data redundancy and reduces data overhead.
DOCA 纠删码库提供了一个 API,用于使用硬件加速对数据进行编码和解码,同时支持主机和 NVIDIA® BlueField® DPU 内存区域。
DOCA 纠删码通过创建通用冗余片段(备份)来恢复丢失的数据片段。 如果片段完全丢失,库创建的每个冗余块都可以帮助恢复原始数据中的任何块。
DOCA 纠删码增加了数据冗余并减少了数据开销。
2.10. DOCA Ethernet
The DOCA Ethernet library provides two APIs for receiving Ethernet packets on an RX queue and for sending Ethernet packets on a TX queue respectively.
The library collects the user configuration data on the host CPU side, creates TX/RX objects, and exports them to the GPU side for execution in the data-path.
DOCA 以太网库提供了两个 API,分别用于在 RX 队列上接收以太网数据包和在 TX 队列上发送以太网数据包。
该库在主机 CPU 端收集用户配置数据,创建 TX/RX 对象,并将它们导出到 GPU 端以在数据路径中执行。
2.11. DOCA Flow
DOCA Flow library is the most fundamental API for building generic execution pipes in hardware. The main building block of the library is a pipe. Each pipe consists of match criteria, monitoring, and a set of actions. Pipes can be chained to create a set of complex actions to be performed on ingress packets.
This library serves as an abstraction layer API for network acceleration and should be used by applications intended to offload packet processing from the operating system Kernel directly to the user space.
DOCA Flow has a built-in gRPC-support.
DOCA Flow 库是在硬件中构建通用执行管道的最基本的 API。 库的主要构建块是管道。 每个管道都包含匹配条件、监控和一组操作。 可以链接管道以创建一组要对入口数据包执行的复杂操作。
该库用作网络加速的抽象层 API,应由旨在将数据包处理从操作系统内核直接卸载到用户空间的应用程序使用。
2.12. DOCA GPUNetIO
The DOCA GPUNetIO library offers building blocks to create a GPU-centric packet processing network application where CUDA kernels are capable of directly interacting with the network card without involving the CPU in the main critical path.
This library provides CUDA device functions to send and receive packets. Additionally, an object named semaphore is provided to allow message passing across CUDA kernels or a CUDA kernel and a CPU thread.
This library also allow allocating memory on the GPU that would be accessible from the CPU and vice versa.
DOCA GPUNetIO 库提供构建块来创建以 GPU 为中心的数据包处理网络应用程序,其中 CUDA 内核能够直接与网卡交互,而无需在主要关键路径中涉及 CPU。
该库提供 CUDA 设备函数来发送和接收数据包。 此外,还提供了一个名为信号量的对象,以允许跨 CUDA 内核或 CUDA 内核和 CPU 线程传递消息。
该库还允许在 GPU 上分配可从 CPU 访问的内存,反之亦然。
2.13. DOCA IPsec
The DOCA IPsec library provides an API to create the security association (SA) objects required for DOCA Flow's hardware-accelerated encryption and decryption.
2.14. DOCA RDMA
DOCA RDMA enables direct access to the memory of remote machines, without interrupting the processing of their CPUs or operating systems. Avoiding CPU interruptions reduces context switching for I/O operations, leading to lower latency and higher bandwidth compared to traditional network communication methods.
2.15. DOCA RegEx (DOCA正则表达式)
DOCA RegEx library provides regular expression pattern matching to DOCA programs. It provides access to the regular expression processing (RXP) engine, a high-performance hardware-accelerated engine available on the DPU.
RegEx allows the execution of complex regular expression operations in an optimized, hardware-accelerated manner.
DOCA RegEx 库为 DOCA 程序提供正则表达式模式匹配。 它提供对正则表达式处理 (RXP) 引擎的访问,这是 DPU 上可用的高性能硬件加速引擎。
RegEx 允许以优化的硬件加速方式执行复杂的正则表达式操作。
2.16. DOCA Rivermax
The DOCA Rivermax library provides an API for using NVIDIA® Rivermax®, an optimized networking SDK for media and data streaming applications. Rivermax leverages the DPU hardware streaming acceleration technology which allows data to be transferred to and from the GPU to deliver best-in-class throughput and latency.
DOCA Rivermax 库提供了一个 API,用于使用 NVIDIA® Rivermax®,这是一种针对媒体和数据流应用程序优化的网络 SDK。 Rivermax 利用 DPU 硬件流加速技术,允许数据在 GPU 之间传输,以提供一流的吞吐量和延迟。
2.17. DOCA SHA
The DOCA SHA library provides a flexible and unified API to leverage the secure hash algorithm offload engine present in the NVIDIA® BlueField®-2 DPU. The SHA hardware engine supports SHA-1, SHA-256, and SHA-512 algorithms either as "single shot" or stateful calculations.
DOCA SHA 库提供灵活且统一的 API,以利用 NVIDIA® BlueField®-2 DPU 中存在的安全哈希算法卸载引擎。 SHA 硬件引擎支持 SHA-1、SHA-256 和 SHA-512 算法作为“单次”或状态计算。
2.18. DOCA Telemetry
DOCA Telemetry library offers a fast and convenient way to transfer user-defined data to the DOCA Telemetry Service (DTS). Telemetry API provides the user a choice between several different outputs including saving the data directly to storage, NetFlow, Fluent Bit forwarding, or Prometheus endpoint.
2.19. DOCA UCX
Unified Communication X (UCX) is an optimized point-to-point communication framework. UCX exposes a set of abstract communication primitives that makes the best use of available hardware resources and offloads. UCX facilitates rapid development by providing a high-level API, masking the low-level details, while maintaining high performance and scalability.
Unified Communication X (UCX) 是一种优化的点对点通信框架。 UCX 公开了一组抽象通信原语,可充分利用可用的硬件资源和卸载。 UCX 通过提供高级 API 来促进快速开发,掩盖低级细节,同时保持高性能和可扩展性。