What problem does this paper attempt to address?

This paper attempts to solve the problem of how to integrate data encryption without giving up the existing hardware offloading capabilities when deploying new transport protocols in data center networks. Specifically, the paper proposes a design named SDT (Secure Datacenter transport Protocol), aiming to enable emerging data center transport protocols to use the existing NIC (Network Interface Card) offloading capabilities to achieve transport - layer encryption. This not only meets the requirement of data encryption, but also ensures that performance will not be sacrificed or energy consumption increased due to the adoption of new protocols, thus providing a feasible path for the large - scale deployment of new transport protocols in data centers. ### Main problems solved by the paper: 1. **Data encryption requirement**: Cloud applications require network data encryption to isolate other tenants and protect their data from potential eavesdroppers in the network infrastructure. 2. **Hardware offloading compatibility**: When implementing data encryption, new transport protocols need to be able to utilize the existing NIC offloading capabilities, which were originally designed for TLS/TCP. This can avoid performance degradation and energy consumption increase caused by encryption operations. 3. **Feasibility of protocol deployment**: In the data center environment, when deploying new transport protocols, the influence of middleboxes and hardware support issues must be considered. By supporting the existing NIC offloading capabilities, SDT reduces the dependence on new hardware and improves the feasibility of new protocol deployment. ### Key technical points: - **Message - passing mechanism**: SDT supports message - level transport protocols, such as Homa, which can send and receive multiple out - of - order messages while preserving message boundaries. - **State management**: SDT ensures the correctness of encryption and decryption by maintaining the TLS context of each flow in the NIC. When a packet not expected by the NIC needs to be sent, SDT inserts a resync packet to adjust the expected sequence number of the NIC. - **Segmentation and reassembly**: SDT segments application messages into TSO (TCP Segmentation Offload) segments and encrypts them using TLS record headers. The receiving end needs to reassemble these segments and decrypt them to recover the original message. ### Design goals: 1. **Avoid Head - of - Line Blocking (HoLB)**: SDT supports message - level transport protocols and can send and receive multiple out - of - order messages within the same 5 - tuple, thereby avoiding head - of - line blocking caused by packet loss or CPU load balancing. 2. **Support non - TCP/UDP protocols**: SDT can utilize the existing TLS hardware offloading capabilities without relying on the TCP protocol number. 3. **Security**: SDT is based on the same threat model as TLS/TCP and protects communications from data leakage, packet injection, and replay attacks. Through these designs, SDT not only meets the data encryption requirements of data center applications, but also ensures high performance and low energy consumption, providing a solid foundation for the wide deployment of new transport protocols.