One of the key tenants of network virtualization is the decoupling of hardware from software. This allows network operators to deploy less-costly, more generic hardware. In many cases, software-defined networks (SDNs) use servers that run x86 chips from Intel. But with all the news about the Meltdown and Spectre security bugs affecting Intel chips, what might this mean for SDN?
As a refresher, x86 chips use complex instruction set computing (CISC) architecture. Intel has dominated the x86 chip market, but AMD plays in this space as well. Conversely, ARM chips use reduced instruction set computing (RISC).
“The argument’s been going around for generations about which is better: RISC or CISC?” said Gopal Hegde, vice president and general manager of Cavium’s data center processor group. Cavium’s ThunderX processors use ARM instruction sets. Hegde said ARM chips are less complex than x86 chips and use less power. But x86 proponents will argue that their chips are so much more efficient that users require less chips, overall.
One of the things that has made x86 chips more efficient is the use of speculative execution. It’s an optimization technique where the processor makes assumptions about work that may need to be done, and it performs the instructions for that work in anticipation. If it turns out the work was not needed, most changes made by the work are reverted.
The Meltdown and Spectre flaws stem from this speculative execution technique. Hegde said that cloud architectures have some layers that are very secure for critical workloads and some layers that are less secure for web applications, for instance. The speculative execution technique allowed a level of permeability between secure and non-secure boundaries.
The Meltdown and Spectre flaws have hit Intel hard. It now seems that the performance gains from speculative execution will be heavily negated by the patches necessary to fix the security flaws.
While Intel x86 chips are affected by both Meltdown and Spectre, ARM chips are affected to a much lesser extent. Cavium, for example, which has been positioning its ThunderX line of processors as an alternative to Intel server processors for several years, said its ThunderX line is not impacted by Meltdown or Spectre. “It doesn’t do this speculative execution like x86 does,” said Hegde.
However, Cavium’s ThunderX2 line could be impacted by the Spectre flaw because it does do some speculative execution. “We are not impacted by Meltdown,” said Hegde. “But on Spectre there is a Linux operating system patch that ARM has done because it is applicable to us as well. We are protected with that patch.”
In any event, companies such as Cavium that used ARM-based microprocessors are likely to try and seize the day and capitalize on Intel’s problems. We could potentially see more ARM-based servers in SDN networks in the future.
For its part, Intel has spent the better part of a week refining its public relations strategy. Today, Intel CEO Brian Krzanich published an open letter titled “Security-First Pledge.”
“By Jan. 15, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January,” he writes.
But Krzanich got dinged in news reports last week when it was revealed that he sold off a large stake of his Intel stock after the company learned of the security flaws and before the news was widely known.