Comprehensive performance analysis of security applications on the BlueField-3 SmartNIC

A SmartNIC is a network interface card (NIC) that integrates a CPU, memory, and hardware accelerators to process network functions directly at the NIC level. Compared to traditional NICs, SmartNICs offer greater flexibility and scalability, enabling network task offloading to reduce the load on host CPUs and maximize performance. Due to these advantages, SmartNICs have gained attention as a key solution for enhancing data-center network performance, introducing a new paradigm beyond traditional host-centric architectures. However, there is still a lack of comprehensive analysis on how much SmartNICs improve performance in real-world environments, how effectively they reduce CPU usage, and which offloading strategies are most efficient. To address this gap, this study implements forwarding, firewall, deep packet inspection (DPI), file encryption/decompression, TLS offloading, and web caching applications on an NVIDIA BlueField-3 SmartNIC and evaluates their performance under DPU-only, host-only, and hybrid configurations. Additionally, by measuring performance in a comparable host-based environment, we identify workloads where SmartNICs outperform traditional CPUs and standard NICs, as well as cases where offloading provides limited benefits. Our evaluation reveals that firewall and TLS offloading achieve near line-rate throughput and substantial latency reduction with improved performance-per-watt, whereas compute-intensive workloads such as DPI fail to deliver expected gains due to architectural bottlenecks. These findings provide practical insights into when and how to effectively leverage SmartNICs for high-performance and energy-efficient network security services.