Accelerating VTAP Performance in Hyperscale Clouds with AMD Pensando™ DPUs

Traffic mirroring using VTAP for virtual machines (VMs) in a multi-tenant hyperscale cloud environment, such as those operated by providers like AWS, Azure, or OCI, is essential for enabling security, compliance, troubleshooting, and performance optimization without compromising isolation. Using DPU-based appliances makes this process even faster and more secure. At RSA this year, Microsoft Azure announced an upgrade to its VTAP solution, now built with AMD Pensando™ DPU technology. DPUs offloads the heavy lifting of traffic mirroring and analysis from the main server, handling tasks like filtering, encryption, and telemetry at high speeds. This not only improves performance and security but also lowers the workload on CPUs and GPUs, making the whole system more efficient and cost-effective than software-only solutions.

Traffic mirroring and analysis is required for organizations running their operations in virtual machines in the public cloud to help secure traffic through the solutions like Intrusion Detection Systems (IDS), Data loss prevention, Data Loss Prevention (DLP) and packet capture for security breaches and traffic analysis. VTAPs monitors the VM traffic out-of-band by copying and delivering mirrored traffic to a target without affecting production traffic or attackers able to detect or turn off the traffic monitoring.

DPU-based network appliances in a multi-tenant cloud can offer optimized high performance virtual network Terminal Access Point (VTAP) implementation using programmable, and efficient traffic processing. Virtual network TAP implementation appliance implements copying traffic from a source (VNIC, load-balancer, VMs) and sending it for analytics in software to help optimization of traffic. AMD Pensando ™ Salina DPU offers programmable offloads for the following offloads of VTAP functionality:

• VXLAN termination (encapsulation and decapsulation) from source and target virtual machines for traffic mirroring.
• Implementation of traffic filter rules based on layer-2, layer-3 and layer-4 packet parameters which include IP address, VLANs and TCP, UDP etc. 
• Packet processing on the DPU enables the NVAs to simultaneously process traffic from multiple virtual machines at line rate performance.
• Implementation of telemetry data such as flow logs, packet drops, latency and traffic rates which can allow real time configuration which is particularly useful in case of AI workloads.
• Applying priority flow control (PFC) and traffic management functions to ensure lossless delivery of mirrored data.
• Adding the encryption on VTAP data for a more secure exchange of mirrored traffic. 

Appliances powered by AMD Pensando DPUs accelerate mirroring with TSO, PFC, VXLAN offload, and telemetry, optimizing performance and TCO in high-throughput environments by lowering host compute (CPU/GPU) usage and improve the security as compared to non-accelerated software only solutions.

DISCLAIMER: The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale. GD-18u.

© 2025 Advanced Micro Devices, Inc. All rights reserved. AMD, the AMD Arrow logo, AMD Pensando and combinations thereof are trademarks of Advanced Micro Devices, Inc. Amazon Web Services (AWS) and the associated logos are trademarked by Amazon.com, Inc. OCI is a registered trademark of Oracle Corporation. Azure, Microsoft Azure are trademarks of Microsoft Corporation. Other product names used in this publication are for identification purposes only and may be trademarks of their respective owners. Certain AMD technologies may require third-party enablement or activation. Supported features may vary by operating system. Please confirm with the system manufacturer for specific features. No technology or product can be completely secure.