New Feature: DualNet

DualNet's suite of options actually brings a few enterprise type network technologies to the general desktop such as teaming, load balancing, and fail-over along with hardware based TCP/IP acceleration. Teaming will double the network link by combining the two integrated nForce5 Gigabit Ethernet ports into a single 2-Gigabit Ethernet connection. This brings the user improved link speeds while providing fail-over redundancy. TCP/IP acceleration reduces CPU utilization rates by offloading CPU-intensive packet processing tasks to hardware using a dedicated processor for accelerating traffic processing combined with optimized driver support.

While all of this sounds impressive, the actual impact for the general computer user is minimal. On the other hand, a user setting up a game server/client for a LAN party or implementing a home gateway machine will find these options valuable. Overall, features like DualNet are better suited for the server and workstation market and we suspect these options are being provided since the NVIDIA professional workstation/server chipsets are typically based upon the same core logic.



NVIDIA now integrates dual Gigabit Ethernet MACs using the same physical chip. This allows the two Gigabit Ethernet ports to be used individually or combined depending on the needs of the user. The previous NF4 boards offered the single Gigabit Ethernet MAC interface with motherboard suppliers having the option to add an additional Gigabit port via an external controller chip. This too often resulted in two different driver sets, with various controller chips residing on either the PCI Express or PCI bus with typically worse performance than well-implemented dual-PCIe Gigabit Ethernet.

New Feature: Teaming



Teaming allows both of the Gigabit Ethernet ports in NVIDIA DualNet configurations to be used in parallel to set up a 2-Gigabit Ethernet backbone. Multiple computers can be connected simultaneously at full gigabit speeds while load balancing the resulting traffic. When Teaming is enabled, the gigabit links within the team maintain their own dedicated MAC address while the combined team shares a single IP address.

Transmit load balancing uses the destination (client) IP address to assign outbound traffic to a particular gigabit connection within a team. When data transmission is required, the network driver uses this assignment to determine which gigabit connection will act as the transmission medium. This ensures that all connections are balanced across all the gigabit links in the team. If at any point one of the links is not being utilized, the algorithm dynamically adjusts the connections to ensure optimal or formance. Receive load balancing uses a connection steering method to distribute inbound traffic between the two gigabit links in the team. When the gigabit ports are connected to different servers, the inbound traffic is distributed between the links in the team.

The integrated fail-over technology ensures that if one link goes down, traffic is instantly and automatically redirected to the remaining link. As an example, if a file is being downloaded, the download will continue without loss of packet or corruption of data. Once the lost link has been restored, the grouping is re-established and traffic begins to transmit on the restored link.

NVIDIA quotes on average a 40% performance improvement in throughput can be realized when using teaming, although this number can go higher. In a multi-client demonstration, NVIDIA was able to achieve a 70% improvement in throughput utilizing six client machines. In our own internal test we realized about a 45% improvement in throughput utilizing our video streaming benchmark while playing Serious Sam II across four client machines. For those without a Gigabit network, DualNet has the capability to team two 10/100 Fast Ethernet connections. Once again, this is a feature set that few desktop users will truly be able to exploit currently, but we commend NVIDIA for some forward thinking in this area.

Improved Feature: TCP/IP Acceleration

NVIDIA TCP/IP Acceleration is a networking solution that includes both a dedicated processor for accelerating networking traffic processing and optimized drivers. The current nForce500 MCPs have TCP/IP acceleration and hardware offload capability built in to both native Gigabit Ethernet Controllers. This typically will lower the CPU utilization rate when processing network data at gigabit speeds.



In software solutions, the CPU is responsible for processing all aspects of the TCP protocol: calculating checksums, ACK processing, and connection lookup. Depending upon network traffic and the types of data packets being transmitted, this can place a significant load upon the CPU. In the above example all packet data is processed and then checksummed inside the MCP instead of being moved to the CPU for software-based processing, and this improves overall throughout and reduces CPU utilization.

NVIDIA has dropped the ActiveArmor slogan for the nForce 500 release. The ActiveArmor firewall application has been jettisoned to deep space as NVIDIA pointed out that the features provided by ActiveArmor will be a part of the upcoming Microsoft Vista. No doubt NVIDIA was also influenced to drop ActiveArmor due to the reported data corruption issues with the nForce4 caused in part by overly aggressive CPU utilization settings, and quite possibly in part due to hardware "flaws" in the original nForce design.

We have not been able to replicate all of the reported data corruption errors with nForce4, but many of our readers reported errors with the nForce4 ActiveArmor even after the latest driver release. With nForce5 that is no longer a concern. This stability comes at a price though. If TCP/IP acceleration is enabled via the new control panel, then third party firewall applications (including Windows XP firewall) must be switched off in order to use the feature. We noticed CPU utilization rates near 14% with the TCP/IP offload engine enabled and rates above 30% without it.

LinkBoost and FirstPacket MediaShield and HDA
POST A COMMENT

64 Comments

View All Comments

  • nullpointerus - Wednesday, May 24, 2006 - link

    TCP/IP CPU utilization scales with increased transfer rates. Online gaming is hardly designed to stress a 1Gb Ethernet. So this TCP/IP acceleration is primarily intended for LAN gaming. You don't really need a firewall on your LAN (unless perhaps you are hosting a LAN party on that machine?). It's acceptable to use your router's firewall if you really know how to configure your LAN properly:

    Modem
    |
    Router
    |
    +--A (game server)
    +--B (game client)
    +--C (game client)
    +--D (game client)

    In this situation, TCP/IP acceleration might be useful. Of course, if you leave yourself open to your LAN and one of the other computers on your LAN is compromised, you could very well be compromised, too.

    I don't understand the comments about a third-party firewall. Perhaps only XP and Vista's firewalls will be supported initially?
    Reply
  • Trisped - Wednesday, May 24, 2006 - link

    A true router can configure a firewall on all ports, both incoming and out going. In this way you can set what ports can be sent and what ports can be received through a router, in the LAN or out side as the case may be. Of course, software firewalls are usually a little more powerful in that they check who sends what. I think hardware firewalls can do this too, but they don't on any of the Linksys, Netgear, or AirLink routers I have used lately.

    It is also important to note that the typical home router is not a true router. It is a 2 port router (1 port for the WAN and 1 for the LAN) and the rest of the ports are connected via a switch or hub. Switches can also have firewall, but most home solutions don't seem to.
    Reply
  • mino - Wednesday, May 24, 2006 - link

    The info WHO sends teh data is the most crucial. Enabling http(80) just for Opera and 993+25 for Thundebird is a huge difference to allow al kinds of malware/spyware go out on 80.

    And NO, no HW (or second machine be it linux router or cisco router) can detect (reliably) which application is sending the data.
    Reply
  • Gary Key - Wednesday, May 24, 2006 - link

    quote:

    I don't understand the comments about a third-party firewall. Perhaps only XP and Vista's firewalls will be supported initially?


    I will clarify this in the article. Windows XP firewall is not supported. Vista should be but that decision is not final at this time due to continuing changes from Microsoft.
    Reply
  • Tanclearas - Wednesday, May 24, 2006 - link

    So does this mean Nvidia has abandoned AA in NF4? I know that is my impression, based upon my experience with them (http://forums.anandtech.com/messageview.aspx?catid...">http://forums.anandtech.com/messageview...mp;threa..., but just wondering what the official word is.

    Honestly, the idea behind Nvidia's chipset-based firewall was a good one, especially for universities/colleges with literally thousands of computers on the inside of the corporate firewall. Protection at every level is worthwhile.

    As for the Vista firewall working with NF5, I definitely would not count on Nvidia making it happen.
    Reply
  • Gary Key - Wednesday, May 24, 2006 - link

    quote:

    So does this mean Nvidia has abandoned AA in NF4?


    Once the new 9.x platform drivers are released with support for chipsets prior to nF5, then yes, Active Armor firewall will be dropped. The new driver set will also have further changes in them to reduce the possibility of data corruption on the nF4, whether the CPU utilization goes up or down, I do not know at this point. I do not have a "stable" set of new platform drivers for the nF4 yet, cannot verify this myself. I will be speaking with the program manager tomorrow. ;-)

    We did find out that NVIDIA expected Microsoft to accomplish a few tasks in the Windows Firewall program, it did not happen, so they are pulling support as Microsoft decided to go a different direction in Vista. I have beta 2 on the way so there will be some test runs with the new driver set to see what happens. I will have a full statement on this subject by the end of the week. Apparently, there were several promises made, not kept, or not communicated properly about 18 months ago between the two parties about the Firewall program, OS hooks, and its future.
    Reply
  • mbf - Monday, June 12, 2006 - link

    Is the nVidia firewall truly gone? I've just downloaded (but not installed) the 9.34 driver pack from the nVidia FTP site. The pack still contains a NAM setup (v60.16).

    What exactly constitutes the ActiveArmour part of the firewall? The hardware firewall was introduced with the nForce3 250gb chipset and the AA functionality was added in nForce4. I've never figured out what precisely AA does, though.

    If it's true that nVidia has pulled the firewall from the feature set I'd say it's a truly bad choice. For me, the hardware firewall was one of *the* most important features on the nForce chipset. Well, not having to wonder losing this feature will make my switch back to an Intel chipset-based Core 2 rig much easier. It's a shame.
    Reply
  • Stele - Wednesday, May 24, 2006 - link

    I was actually wondering if XP and Vista's firewalls would even be supported, since they're arguably 'third-party' from nVidia's viewpoint. While the argument for using hardware-based solutions in routers etc is cogent, imho there is a case for protecting individual PCs against compromise from within the network. For example, there may be laptops in the LAN that are used on several other (and potentially unsafe) networks as well. Besides that, software firewalls have the advantage of being able to potentially alert users to and stop malware from making unauthorised outbound connections from an infected PC (or unauthorised inbound connections from an infected LAN peer). I wonder if it's possible to get around the issue in future versions of firewall software - then at least it's not a lost cause, just that we would have to wait for newer versions of the software to be released.

    As for the actual usefulness of the TCP/IP offload engine, perhaps the folks at Anandtech can design a specific test that would stress such an engine's capability to the limit, to provide clear and objective assessment of its effect on performance. After all, Anandtech developed a good custom test suite for server benchmarks that targets specific application types, so I figure this would be well within their considerable programming skills as well ;)

    Meanwhile, I wonder how nVidia's SATA controllers have improved if at all over the generations, and it would be great to eventually see an ULi 1575/SB600/MCP comparison in the future.
    Reply
  • nullpointerus - Wednesday, May 24, 2006 - link

    Correction:

    You don't really need a firewall on your LAN clients...
    Reply
  • Gigahertz19 - Wednesday, May 24, 2006 - link

    quote:

    While the performance of the nForce5 board was very good and stability was excellent at all times, we kept looking for the "wow" factor. With such a tantalizing list of new nF5 features, surely something was going to show up and put the smack down on the nForce4, nothing did. NVIDIA has certainly thrown the kitchen sink at us with this release; but it's mostly just a new sink. The plumbing is still the same and so is everything else, and we were really hoping for a new kitchen.


    Expect the new kitchen when Conroe is launched :)
    Reply

Log in

Don't have an account? Sign up now