Accelerated Networking for Azure Virtual Machines Now 'Generally Available'
Microsoft today announced the "general availability" of its Accelerated Networking technology for Azure virtual machines, which is available for use with both Linux- and Windows-based VMs.
General availability means it's deemed ready for production use. Microsoft is promising that the use of Accelerated Networking with Azure VMs will "provide up to 30Gbps in networking throughput, free of charge!" The Accelerated Networking capability is available from Azure datacenters worldwide and supported on "D/DSv2, D/DSv3, E/ESv3, F/FS, FSv2, and Ms/Mms" VM sizes.
Coincidentally, this Accelerated Networking capability is arriving just in time to alleviate some potential performance hits that may occur when operating system updates are applied that aim to address Meltdown and Spectre CPU problems.
Meltdown and Spectre are two information-disclosure attack mechanisms that use traditional functions performed by CPUs. They can be used to surface password and encryption key information from Linux and Windows machines. Meltdown primarily affects Intel-based machines, while Spectre affects machines with Intel-, AMD- and ARM-based processors. Right now, OS updates are being provided that offer a remediation fix, but the fixes also will slow overall system performance.
On Jan. 3, Microsoft released Windows security patches in advance of its "update Tuesday" schedule that are designed to mitigate the attack possibilities associated with Meltdown and Spectre, which are said to be capable of tapping the CPUs cache side channel to access OS kernel information. Microsoft also started rebooting its Azure VMs in its datacenters after adding these updates to protect users of its Azure services from the CPU-associated security problems.
These Linux and Windows OS updates for Meltdown and Spectre will downgrade system performance, as Intel and other chipmakers have acknowledged. An early report estimated a 30 percent maximum slowdown possibility for the Meltdown mitigation, but performance is thought to depend on the type of workloads being run.
Peter Czanik, a system engineer at privileged access management provider Balabit, indicated in a Twitter post that the Intel mitigation (for Meltdown) will slow compile times. On Fedora Linux workloads, compile time slowed to 21 minutes (vs. 4 minutes), he reported. "As far as I can see, compiling Java is affected the most," he wrote.
Microsoft has claimed that most Azure customers "should not see a noticeable performance impact" from its Windows patch mitigations. However, Azure customers that do notice a slowdown can use Microsoft's Accelerated Networking technology to speed things up.
Here's how Microsoft characterized it in an "Accelerated Maintenance FAQ" article:
The majority of Azure customers have not seen a noticeable performance impact with this [Jan. 3 security] update. We've worked to optimize the CPU and disk I/O path and are not seeing noticeable performance impact after the fix has been applied. A small set of customers may experience some networking performance impact. This can be addressed by using Azure Accelerated Networking, for Windows or Linux, which is a free capability available to all Azure customers.
Accelerated Networking bypasses Azure's host and virtual switch to speed up network traffic for VMs (see diagram).
There are a few catches to using Accelerated Networking, though. For instance, it can't be applied to existing Azure VMs. Organizations have to start with a new VM and attach a new network interface card at the time of creation, according to Microsoft's Azure Windows documentation and Linux documentation. In addition, organizations wanting to use Accelerated Networking have to use Azure Resource Manager management portal to deploy it. It can't be deployed using the older "classic" portal.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.