Cloud applications need network data encryption to isolate from other tenants and protect their data from potential eavesdroppers in the network infrastructure. This paper presents SDP, a protocol design for emerging datacenter transport protocols, such as pHost, NDP, and Homa, to integrate data encryption with the use of existing NIC offloading of cryptographic operations designed for TLS over TCP. Therefore, SDP could enable a deployment path of new transport protocols in datacenters without giving up hardware offloading support, which would otherwise make encryption on those protocols even slower than TLS over TCP. SDP is based on Homa, and outperforms TLS over TCP by up to 29 % in throughput. SDP currently supports two real-world applications, Redis, improving throughput by up to 24 %, and in-kernel NVMe-oF, cutting P99 latency by up to 21 %.

翻译：云应用需要网络数据加密以与其他租户隔离，并保护其数据免受网络基础设施中潜在窃听者的侵害。本文提出SDP协议设计，用于新兴数据中心传输协议（如pHost、NDP和Homa），将数据加密与现有为TCP上的TLS设计的加密操作NIC卸载技术相结合。因此，SDP能够为数据中心新传输协议提供部署路径，同时不放弃硬件卸载支持——否则这些协议的加密性能将比TCP上的TLS更慢。SDP基于Homa协议实现，其吞吐量最高可超过TCP上的TLS达29%。目前SDP支持两种实际应用：Redis的吞吐量最高提升24%，内核态NVMe-oF的P99延迟最高降低21%。