Posts by Nate Amsden

Atlanta

As a QTS Atlanta customer I heard on the grapevine years ago(perhaps as much as 8+ years ago) that Twitter has/had a large presence in QTS Atlanta, which is the facility I have used for a decade. If they are lucky they are still in that facility. It's spit up into many sections I never saw their equipment.

Fantastic facility and staff. I don't think there's much chance of it ever going down. It's relatively new too, there was still a lot of construction going on when I first got there, I recall walking through a huge open area with tons of construction equipment to get to the data center, and it was several years later that they built out the official front entrance area in another part of the building. And then on top of that they added another 250k sq foot data center on the same site? So I think ~750k sq feet raised floor between the two. Just massive.

Am assuming the Twitter Sacramento facility was perhaps dedicated to them, since I haven't noticed(not that I have looked hard) of reports or articles indicating an outage affecting other companies in that area(I live 1 hour from Sacramento).

I was surprised at the hit

Not for this but for the original Spectre/Meltdown performance hits on Linux. For both work and personal I have been actively avoiding the fixes for years whether it be firmware updates or microcode updates(and using "spectre_v2=off nopti" as kernel boot options), and forcing my ESXi hosts to use an older microcode package. I have always felt these are super over hyped scenarios especially if you are running your own infrastructure(I have confidence in what I do managing internet facing infrastructure for the past 25 years). Of course I can't avoid the updates forever, especially since newer systems come with newer firmware at a minimum. Really wish/hope there can be UEFI/BIOS settings to disable these fixes in firmware while maintaining any other fixes that would be useful.

Anyway, for personal use I was given a couple of Lenovo T450s laptops(I think from 2016 time frame) a few months ago and I put Linux Mint 20 on them. They both had 12G of ram and SSDs, but both felt so slow they were practically unusable for me(I didn't use them for anything yet other than just installing Linux). For a while I was suspecting the SSDs, which are Intel, things like software installs were taking a long time, and reviews of these particular Intel SSDs said they were quite slow compared to the competition. So I was ready to buy new SSDs when I realized I hadn't put those "spectre_v2=off nopti" settings in the kernel yet.

I put them in and it was amazing the improvement in performance. Didn't need new SSDs after all. From what I've read the performance overhead for these fixes can vary quite a bit depending on what the CPU is doing, so it's not likely a generic CPU benchmark would register the full effects(or maybe new CPU benchmarks can/do I am not sure).

I really couldn't believe the improvement in performance for just basic desktop tasks it blows my mind. I'm unsure of a good way(in Linux, even though been using Linux on the desktop since 1998) to accurately measure such performance differences(using a stopwatch manually isn't sufficient). I recall back in the 90s on the Windows side I played around a lot with the Ziff Davis benchmarks which were widely used, one of them at least was for desktop apps.

$20,000 server

My vmware servers were ~$30,000 (with enterprise+ licensing for 2 sockets) back in 2011, newer servers kept with about that same price point up until the last big round of purchases maybe 5 years ago(~44 real cores 384GB memory with 4x10G and 2x8G FC). I'd assume a good vmware server today with plenty of cores would be at least $50,000 today with the new license fees etc (64+ real cores, 768GB of memory).

In fact I just priced out a "PowerEdge R7525 Rack Server" (normally I do HP but Dell's site is easier to quote with), and the cost without VMware licensing came to $41,557 then add in $10k for vSphere and you're above $50k. Wow that was a better guess than I expected.

And that doesn't even take into account NSX licensing, which I assume the customer would require if they wanted to use DPUs. Have never priced that but believe it's a non trivial expense.

Even now it seems on VMware's site a simple enterprise+ license with 1 year of production support is $5k/socket still(about what it was 10 years ago?).

DPUs sound like a more natural fit for vSAN (for dedupe and compression etc) than networking, it seems the overhead of storage for HCI is pretty huge. Though it seems VMware hasn't figured out how to do that yet. vSAN customers are(I am not one) certainly much more plentiful than customers driving so much network traffic that they need/want DPUs.

Me, I'm just now getting around to upgrading(very carefully, especially with firmware and driver version matching) to vSphere 7, hoping most of the bugs are worked out, ESXi 6.5 has been rock solid for years not a single issue. I see nothing in vSphere 8 that looks remotely interesting to me personally. DPUs sound cool on paper, it will probably take a while for them to get the bugs out.

PPP

I had to check the CVEs to confirm that Point to Point is actually PPP, and the CVEs state that Windows RAS is vulnerable. I personally haven't seen a Windows RAS in probably 20 years now. I know some folks use Windows server to terminate VPN connections on, am unsure what protocols those use. I'm guessing 99.9% of windows installs out there aren't running the RAS service.

But even back in early 2002 the small company I was at was using Cisco 3000 VPN Concentrator appliances for Windows users(had no mac users), and probably a poor security solution but a open source product called vpnd I think at the time for the limited Linux users who wanted remote access(maybe half dozen including me).

Intel can certainly afford this

They've sort of been here before at least related to AMD(early Opteron era etc), don't forget the years spent pitching Itanium and that funky RDRAM(unrelated to Itanium). Then Intel turned things around(around Xeon 5500 I think?) and not long after AMD made some huge mistakes and they went downhill(not long after Opteron 6000).

Now Intel has done some huge mistakes and AMD has turned things around. Though I think even under the best conditions AMD lacks the fab capacity(yes I know they don't have their own fabs anymore) to consume a large part of the market, they just can't make enough chips to do it. Not that they can't make a bunch of money doing what they are doing already.

Intel has tons of money, and tons of resources and huge market and mind share. Seems a big mistake to dream they are out for good, just another cycle.

impressive but scary

Pretty amazing specs on paper at least. Though the idea of having so much traffic being routed through a complex next generation firewall as a single point of failure (referring to software failure not hardware) is scary. I've read (from Fortinet fans) that Fortinet has a history of questionable firmware versions that can cause big problems(so find a good version and stick to it is the suggestion). They aren't alone here for sure, Cisco has a really bad reputation for Firepower. Sonicwall has a pretty terrible reputation among network folks as well. I'm sure there are others too. I personally have used Sonicwall for the past decade without much issue but all my firewalls are basically layer 4. I assume most of the pain with Sonicwall may be the layer 7 stuff. I recall one stupid mistake on Sonicwall's part earlier this year I think where they pushed a bad signature update out to their Gen7 firewalls and made them go into a crash reboot loop. One of my office edge firewalls was hit by that, what was even more strange to me is that firewall had no layer 7 licensing, so why the hell was it bothering to download a signature update that it didn't have a license to use. Stupid.

Load balancers have a solid history of being able to do Layer 7 well at high speeds, but they too are far less complex than a next generation firewall.

Point being, firewall at layer 4 is pretty well flushed out at this point the systems are simple and reliable probably 98-99% of the time. Layer 7 firewalls and deep packet inspection, SSL inspection reliability seems to be far less (and such reliability hasn't seem to have improved much in recent years as complexity grows ever greater). Having so much complexity at a single point for massive traffic just scares me(probably anything over say 50Gbps).

I'm less concerned about something getting through the firewall (as in firewall not detecting a threat, since no way any firewall can block everything so some stuff will get through regardless) than I am the firewall outright crashing, dropping packets for unknown reasons or otherwise blocking valid traffic because of bug(s).

Maybe I'm wrong though.

worried for a second

Always a bit worried when I see a vmware security thing hitting the news here. Then most of the time it turns out it's not vCenter/ESXi and I feel relieved since those are the only two products that matter to me. (well workstation too but level of risk there is tiny)

as cheap?

"Optane kit is as big and as cheap as disk drives."

Seems to be way off. A quick search indicates 128GB in 2019 was about $695 and 512GB was $7000.

If Optane was as cheap as drives it would of sold a lot more and Intel wouldn't be killing it. Augmenting a few hundred GB in a system obviously won't revolutionize storage in thr way the article implies. If the cost was cheap then all the storage could be replaced and moved to the "new" model of accessing storage.

What interesting datacenter applications?

The article concludes with the person who wrote this new thing claiming their new protocol will allow interesting data center applications to use networking better. What sorts of applications? How much better and in what scenarios/speeds?

Please don't tell me these applications have anything to do with Web3, or blockchain BS.

Things seem to be working just fine with TCP, and in cases where that may be too much overhead we have UDP too.

One area where TCP may not be so well is tons of tiny connections(I used to manage an app that would sustain about 3000 HTTP requests/sec and it overflowed the # of ports on the linux systems until we got the load balancer to pipeline the requests which dramatically lowered overhead and improved performance), but in that case the solution is to keep a pool of connections open and send requests over them rather than open/close in rapid succession.

mailman upgrade

There doesn't appear to be a way to upgrade mailman, as far as I could tell there was no real migration path from mailman 2(python 2) to mailman 3(python 3). Mailman 3 looked to be an insanely complex beast(compared to 2). I posted a few times to the mailman mailing list looking for advice and saw others in far more serious situations than my personal mail server that sends maybe 50-100 mailman messages a year. One person said they had been down for weeks trying to get the new mailman working with big mailing lists that were offline, and lots of big ugly errors trying to get mailman 3 working.

Mailman 3 looked entirely too complex and not ready for prime time in my opinion(exception being perhaps super large lists with dedicated staff to manage it). So my solution for the meantime was to build a dedicated VM with an older Devuan release with mailman 2 and just have that do the mailman processing. My main system can remain whatever version I want and then I just have postfix route the mailing lists to that dedicated system for processing. Works fine.

I feel I have a good knack(?) in being able to quickly determine if something is more complex than it needs to be and so I usually try to avoid such solutions where possible.

My oldest personal system (upgraded from Debian to Devuan since) looks to date back to what looks to be about 2010, about when I switched to ESXi for my personal public servers. I think all of my servers have work have been rebuilt at least once over the years(first systems fired up early 2012). Running Ubuntu at work and when 20.04 came out I radically restructured how the VMs were configured and rebuilt everything that could run on 20.04(some things still stuck on 16.04).

Was running Debian since 1998 with the release of 2.0. Switched to Devuan in the past couple of years.

I estimate I spent over 100 hours of work dealing with systemd related issues at work going from Ubuntu 12.04 to 16.04 several years ago but for the most part got it all figured out there.

9:1 for me

A company I worked at a long time ago had an outsourced to HCL in India tier 1 ops team. My first and only experience working in an organization that had something like that. At one point the company thought HCL was too expensive so decided to build their own ops team over there(tier 1 only again). They hired away some of the HCL people I think and a manager to build the office/team. I recall one of their new candidates actually never showed up for the position, another candidate was caught doing stuff with malware on the network. Eventually they built a team that was somewhat stable from what I recall.

Fast forward a year or so and I leave for unrelated reasons. Fast forward another year or two and my former manager said(to a mutual friend) they hired 9 people to fill my role (I assume all overseas??). Apparently 9 wasn't enough(since they still struggled). Company went under a couple years after that(went under because they slowly lost all their customers except for their largest, then their largest cut ties as part of a larger change in strategy and they were done then).

(I haven't been tier 1 ops except for a brief stay at a .com back in the year 2000)

Elon loved the bay area lock downs..

I'm sure he's thrilled with China's zero covid policy and the lock downs there.

seems so simple

Elon is asking for more time for due diligence(find spam info), yet he apparently signed a merger agreement waiving that right months ago. Seems like they could just decide on the spot.

Windows NFS was so terrible

Maybe it's better now but am not holding my breath. Several years ago I tried to deploy a pair of "appliances" from HPE that ran Windows 2012 Storage server specifically for NFSv3 for Linux clients (and maybe 1% SMB). I chose this because it was supported by HPE, it could leverage existing back end SAN for storage, and it was highly available. Add to that I only needed maybe at most 3TB of space so buying a full blown enterprise NAS was super overkill as nobody made such small systems. SMB NAS units(Synology etc) I didn't deem acceptable levels of high availability.

I figured my use case is super simple(file storage, not transactional storage), my data set is very small, my I/O workload is pretty tiny, it's fully supported so how hard could it be for Windows to fill this role?

Anyway, aside from the 9 hour phone support call I had to sit on while HPE support tried to get through their own quickstart guide (I was expecting a ~10 minute self setup process) due to bugs or whatever(they ended up doing manual registry entries to get the two nodes to see each other which were connected directly via ethernet cable), the system had endless problems from a software perspective. 99% of the software was Microsoft, the only HPE stuff was just some basic utilities which for the most part I don't think I even used outside of the initial setup.

I filed so many support issues, at one point HPE got Microsoft to make a custom patch for me for one of the issues. I never deployed the patch purely out of fear that I was the only one in the world to have the issue in question(that and it wasn't my most pressing concern of all the problems I was having). I should of returned the systems right away but I was confident I could work through the problems given time. I had no idea what I was in for when I made that decision. I was also in periodic contact with HPE back end engineering for this product though their resources were limited as the software was all Microsoft.

The systems never made it past testing, maybe 6 months of usage with many problems and support cases and workarounds and blah blah.. I designed the file system layout similar to our past NAS offerings from Nexenta(VM based), and FreeNAS (also VM based). There were 5 different drive letters, one for production, one for staging, one for nonproduction, one for backups(with dedupe enabled) and one for admin/operations data. The idea is if there is a problem on one of those it doesn't impact the others.

The nail in the coffin for this solution for me, was at one point the backups volume (which had dedupe enabled) gave an error saying it was out of space(when it had plenty of space according to the drive letter and according to the SAN). When this happened the entire cluster went down(including the other 4 drive letters!). The system tried to fail over but the same condition existed on the other node. I had expected that just that one drive letter/volume to fail, that is fine let the others continue to operate. But that's not what really happened, all data went offline. I worked around the issue by expanding the volume on the SAN and it cured it for a while, until it happened again, all volumes down because one got full. WTF.

I tried to figure out a way to configure the cluster so that it would continue to operate the other 4 drive letters while this one was down. Could not figure it out(and didn't want to/couldn't wait hours for support to try to figure it out). So I nuked the cluster. Went single node, from that point on if that drive letter failed(if I recall right anyway this was years ago) the other drives remained online. I assume the source of the "out of space" error was some bug or integration issue with thin provisioning on the SAN, but was never able to figure it out. I do recall getting a similar error from our FreeNAS from the same array, there was plenty of space but FreeNAS said there was not(filesystem was 50% full). This issue ONLY appeared on volumes with dedupe enabled (Windows side dedupe, and FreeNAS side dedupe). I've never seen that error before or since. It was an old array so maybe the array's fault. I don't mind that particular volume going offline (it only stored backups), but the final straw was that volume being offline should not of taken the rest of the system down(in the case of Windows cluster) with it.

But I had so many other annoying issues with NFS on Windows, I'm a Linux person so I didn't have high expectations for awesome NFS from Windows but again my use case was really light and trivial(biggest requirement was high availability).

In the end I migrated off of that Windows NFS back to FreeNAS again(had replication but no HA, so I never applied any OS updates to the system while it was in use, fortunately no failures either), before later migrating to Isilon. Makes me feel strange having 8U of Isilon equipment for ~12TB of written data(probably be closer to 7TB after Isilon overhead, more data than original because years have passed and we have since grown). But I was unable(at the time) to find a viable supportable HA NAS head unit offering to leverage shared back end storage. I was planning on going NetApp V-series before I realized the cost of Isilon was a lot less than I expected(and much less than V-Series for me at the time especially if you consider NetApp licensing for both NFS and SMB).

(When I first started out we used Nexenta's VM based system, and they officially supported high availability running on VMs. Initially this worked fine, however in production it was a disaster as the Nexenta systems went split brain on several occasions corrupting data in ZFS(support's only response was "restore from backups"), things were fine after destroying the cluster and going single node but of course no HA anymore)

fully manual

I learned the central AC in my apartment should only be run fully manually. Allowing the thermostat to keep temperature increases the chances the AC will fail. A few years ago I had a lot of problems with it and maintenance couldn't find the cause(they replaced some parts to no avail, I gave up trying to get it fixed). The AC compressor would fail to kick in(not an expert just going by the lack of noise), and instead ice would build up inside. It would then take many hours(sometimes waited 24h) for the ice to melt before the AC would work again. I'd estimate there is a 5% chance of this failure happening on any given startup. Turning it on manually every time I can tell when this failure happens(if the compressor doesn't kick on within 20 seconds), then I turn it off, wait a bit and try again. When the temp gets to a level I'm comfortable with(I have many temperature sensors in different places) I turn the AC off again. I never use the heat function. I think this year I have caught it fail to start 3-5 times.

But to these smart thermostats, I suspect it's likely if there were no defaults the customers would set them similar to what they are set to now. It's clear the $$ savings isn't worth it to them, otherwise they'd change it themselves. Some power providers have incentive based electricity plans where the price can vary depending on time of day or whatever but I think most people just have the more basic plan that charges based on overall usage (probably in tiers) for the billing period.

worry more about the fixes than the problems

The risk involved with any of these side channel attacks are so tiny for 98% of the systems out there. I suppose the one place where one might need to be more concerned is if you are a service provider with multiple customers on the same systems. Otherwise if you have control of your workloads there really isn't much to worry about, there's far bigger threats out there than side channel and will be forever, and there will always be some new side channel attack about to be discovered because security folks want to be famous regardless of how limited in scope the issue is. Meanwhile the fixes for these problems cause their own problems whether it's performance or stability issues.

I would like it if there was a simple bios setting to disable these side channel fixes so you could install new microcode for OTHER fixes but keep the side channel stuff disabled. I run all my linux systems with "spectre_v2=off nopti" kernel settings(which may or may not be enough), and most of my systems are quite old at this point(Xeon E5-2699 v4 are my newest) and I have intentionally not updated firmware in many cases to avoid these fixes. Have read too many horror stories about them. I also have gone the extra mile (so far anyway) to exclude microcode updates from vSphere 6.5 (yes still running that) updates.

It's nice to have the fixes for people who are super paranoid and really want them, but also nice to have easy to use options for folks to opt out of them if they desire.

never knew

Been using vi since early 90s not sure when I switched to vim assuming ~20 years ago for the most part. Certainly not an expert with it though I use it daily(am mostly comfortable with regular vim too). Never knew it had a scripting language. Unsure as to the purpose, I browsed the linked man page for vim 9 which talks about the scripting language but no indication as to what the purpose of it is. Searching for the text "why" on the manual page indicates perhaps the scripting language may be used for vim plugins? (am unsure if I use any, don't know what might be a plugin vs built in I don't use anything but the defaults). Curious if anyone else can clarify, is it just for plugins or something else too.

On that note want to mention how much I hate the newer vim mouse interfaces, first encountered for me on Ubuntu 20 (which has vim 8), not sure if it is just new to vim 8 or perhaps older, but to disable that crap I always have to put ":set mouse-=a" in my ~/.vimrc (which is the first time I can recall ever using ~/.vimrc). Those new things were driving me insane before I figured out how to turn them off.

support was removed by AMD

I believe I recall(perhaps incorrectly) that the AMD64(?) instruction set disabled 16-bit support when operating in 64-bit mode(if that makes sense). So for example if you wanted to run 16-bit natively you could but your OS would have to be 32-bit. Perhaps it had something to do with making the system with less registers or something?

Just doing a quick web search turns up one comment(#13) from 2004 which claims this, though I'm confident I recall seeing more official source(s) over the years:

https://forums.anandtech.com/threads/amd64-and-16-bit-compatibility.1292075/

Since Intel licensed the instructions from AMD (I think I recall that?) then the same would be true for 16-bit code running on 64-bit Intel x86-64 chips.

Good example

Just because you are hosted in cloud doesn't mean you can leverage it if your app sucks(which it seems so many people don't understand, and probably never will). I can't count the number of times over the past 20 years of managing web applications where the performance limits were in the app and adding more servers/cpu/whatever wasn't going to do anything. Add to that most places don't properly performance test(I've actually only seen one valid performance test in 20 years and that was a very unique situation that really can't be replicated with another type of application). I have seen countless ATTEMPTS at performance testing all of which fell far from reality.

The org I work for did tons of performance tests(I wasn't involved in any of them, but my co-worker and manager were) before we launched our app stack in public cloud in late 2011, only to have all of those numbers tossed out within weeks and the knobs turned to 11 because the tests did not do a good enough job at simulating production workloads and cloud costs skyrocketed as a result. Of course moving out of public cloud months later (early 2012) helped a huge amount, and every day since just better performance, latency and availability across the board, and saved $10-15M in the process (over the past decade) for a small org.

I'll always remember a quote from a QA director probably 17 years ago he had a whole room of server equipment they used to do performance tests on for that company (the only company I've worked at that had dedicated hardware for performance testing), his words were "if I had to sign off on performance for any given release we wouldn't release anything". That company there was a handful of occasions immediately following a massive software update we had to literally double the server capacity in production for the same level of traffic vs the day before. I ordered a lot(for us anyway) HP DL360s back then shipped overnight to get the capacity in place on many occasions.

Another company I was at(the one with the good performance test), had the fastest running app I've ever seen, over 3,000 requests per second per 1U server sustained, made possible by no external dependencies, everything the app needed was on local disk (app ran in Tomcat). One particular release we started noticing brownouts in our facilities from hitting traffic limits that we should not of been hitting. We hadn't run a performance test in a while and when we did we saw app throughput dropped by 30% vs an earlier release. Developer investigation determined that new code introduced new required serialization stuff in the code which reduced the performance, they suspected they could get back some of that decrease but far from all of it.

Then there's the DB contention issues, Oracle latch contention at a couple different jobs, and massive MySQL row lock times (60-120+ seconds at times) at other places due to bad app design. Another quote I'll forever remember from that company 17 years ago during a massive Oracle outage due to latch contention "Guys, is there anything I can buy to make this problem go away?" (I wasn't responsible for the DBs, but the people that were told him no).

maybe a new feature...

But I have been filtering and dropping data before it gets into Splunk for many years by sending it to the nullQueue via regular expressions in transforms.conf, a very well documented ability of Splunk.

Not only did it reduce the license costs but it also dramatically cut down on the amount of sheer crap that was going into the indexes introducing a lot more noise making it harder to find things. Simply removing the HTTP logs from our load balancer health checks that returned success per my notes back in 2018 saved nearly 7 million events per day. Overall at that time I removed roughly 22 million events per day for our small indexers that at the time were licensed for 100GB/day. Included in that was 1.5 million of useless windows event logs(these were more painful to write expressions for, one of which is almost 1,500 bytes for the expression). We had only a handful of windows systems, so absurd they generated so many events! 95%+ linux shop.

The developers for our main app stack also liked to log raw SQL to the log files which got picked up by Splunk. I killed that right away of course(with the same method) when they introduced that feature. I also documented in the config the exact log entries that matched the expressions to make it useful for future maintenance.

Don't get me wrong it wasn't a fast process it took many hours of work and spending time with regex101.com to work out the right expressions. Would be nice (maybe fixed now not holding my breath) to be able to make Splunk config changes to the config files and not have to restart splunk (instead perhaps just tell it to reload the configuration).

VMware esxi syslogs are the worst though, I have 59 regexes for those, which match 200+ different kinds of esxi events, at least with ESXi 6 the amount of noise in the log files is probably in excess of 90%. vCenter has a few useful events though I'd guesstimate noise ratio there at least 60-75%.

I had been using nullQueue for the past decade but really ramped up usage in 2017/2018.

Can the new one use ECC RAM?

I still use a P50, and I regret not getting it with the Xeon so I could have ECC memory. Currently with 48GB (max 64GB). Not that I have (m)any issues without ECC just would like it with this much memory. I don't know what I was thinking when I opted for the regular i7.

IMO anything with more than say 4GB should be on ECC where possible, and IMO again beyond say 64GB regular ECC isn't adequate anymore (feel free to do web searches on HP Advanced ECC, IBM ChipKill, and Intel Lockstep mode(Introduced with Xeon 5500), though I like HP's implementation the best by far(as it offers better than regular ECC protection and has zero memory overhead).

Note that HP's Advanced ECC was first introduced in 1996, it's not new technology. Shocking that so many are still relying on regular ECC these days.

another issue..

is these things will bring more bugs with them. Take for example iSCSI offload HBAs. They're quite common, perhaps almost universal on storage arrays, but on servers themselves they are rarely used(even if the capability is present, often is on recent systems regardless). While my systems primarily run on fibre channel storage(so I don't have a whole lot of recent iSCSI experience), I have read almost universally over the years the iSCSI offload HBAs are bug ridden and the general suggestion when using iSCSI is to use a software initiator(which by contrast gives far better results in most cases).

I remember my first experience with hardware iSCSI on a 3PAR E200 storage array in 2006. The NIC on the array (Qlogic dual port 1Gbps) had an issue where it would lock up under high load. I managed to mitigate the problem for a long time by manually balancing paths with MPIO (this was before ESX had round robin). Then maybe a month before I quit that job I rebooted the ESX hosts for software updates, and forgot to re balance the paths again. Major issues after a couple of weeks. I remember my last day at the company I had to hand the support case off to a co-worker as the issue was not yet resolved(and was pretty critical impacting production). A couple of weeks later that company replaced all the iSCSI with fibre channel to solve the issue(a patch ended up being made available a few weeks after that). Felt bad to leave them hanging but my next job started pretty quick I couldn't stick around.

I have read several complaints over the years about network cards with TCP offload enabled causing other unexpected issues as well and in many cases the suggestion is to disable the offload. It makes it more difficult to diagnose when you run a packet capture on the VM or on the host and the data differs from what is actually going over the wire because the NIC is doing stuff to the packets before it goes over the wire.

So beyond cost, these Smart NIC people need to be sure their stuff is really robust for enterprises to consider adopting them. Hyperscalers have the staff and knowledge to deal with that extra complexity. Given history I am not really holding my breath that these vendors will be up to the task. But they could find use cases in tightly vertically integrated solutions that are sold to enterprises, rather than a generic component that you can put in your average server.

offloading storage better

I would think offloading of storage would be better, especially given their vSAN stack. Remove the need for CPU, memory etc overhead from the host and put it on the DPU (similar to Simplivity except I assume that only offloaded CPU, also similar to what Nebulon does(I think), in fact perhaps VMware should just acquire Nebulon(I have no experience with it)).

I assume they haven't gone that route yet because storage is more complex than networking(hence my comment about acquiring Nebulon). With these Smart NICs I haven't seen mention of abilities to offload SSL for example (perhaps they do and the news articles just haven't mentioned it). With commercial load balancers like BigIP and Netscaler for example they all have SSL offload chips(at least the hardware appliances). I could see a new type of virtual hardware you could attach to a VM to map a SSL offload "virtual DPU" or something to the VM to provide the hardware acceleration (similar to virtual GPU), so a VM running intensive SSL stuff could leverage that(provided the SSL code supported leveraging the offload).

maybe should be other way around

facebook paying for/subsizing half of all metaworld purchases to encourage people to make things worth purchasing.

(never have had a facebook account, well maybe they have a shadow account for me I don't care either way)

HDDs too?

is this an issue with HDDs too?(I assume it would be?) I've never noticed anyone complaining with lots of hard disks(assuming they are not abstracted by a RAID controller) complaining about slow reboot over the years.