Amazon EC2 performance evolution and implementation
AWS has evolved its Amazon EC2 platform from the early days of cc2
instances,
which used the Xen hypervisor and paravirtualization with up to 10 Gbps of throughput, to the
current Nitro-based family, which scale up to 400 Gbps (and millions of pps) for the largest
instance types, such as c5n
.
In order to improve performance in a virtualized environment, SR-IOV technology was used
to bypass the hypervisor, resulting in the first version of enhanced networking, which provided
improved performance, and lowered jitter and latency. The C3
instance family was
the first to introduce the Enhanced Networking concept, and more than halved the latency of its
predecessor, CC2
. The first release of Enhanced Networking used Intel-based
chipsets (ixgbevf
); the later release was based on an in-house based solution
called Enhanced Network Adapter (ENA). This is the reason why the references are made to two
variants of enhanced networking:
-
Enhanced networking using Intel-based chipsets.
-
Enhanced networking using AWS ENA, fully in-house developed Network Interface Card (NIC).
The C4
generation saw the introduction of the Annapurna Labs-based chipset,
which replaced Intel. This instance family provides both networking and storage-optimized
performance. The overall performance limit is 10 Gbps; however, workloads requiring both storage
and network optimized performance were able to take advantage of this type of optimization and
architecture.
AWS Nitro-powered C5
instances was another major step to improve the
performance further. The AWS Nitro System delivers high-speed networking with hardware
offload, high-speed EBS storage with hardware offload, NVMe local storage, hardware
protection/firmware verification for bare metal instances, and all business logic required to
control EC2 instances. In more simplified terms, the Nitro System is a lightweight hypervisor
combined with the Nitro Security Chip, and Nitro Card for storage and networking. The switch
from Intel to ENA has allowed us to deliver much better performance due to increased number of
queues (8 instead of 6 with Intel-based chipsets). C5 family delivers performance of up to 25
Gbps and this limit goes to millions of pps and ~100 Gbps with the largest C5n, network
optimized instances.
The AWS Graviton2 processor-based C6g
family of instances deliver 40%
better price performance than C5
instances. C6G
provides up to 38 Gbps
EBS bandwidth, which is more than two times more compared to C5n
instances Graviton2 processor
provides enhanced security through features like always-on 256-bit DRAM encryption and by
supporting encrypted EBS storage volumes by default. It supports 50% faster per core encryption
performance compared to first-generation AWS Graviton. It is important to note that chipsets
are future proof to deliver performance of up to 400 Gbps.
Finally, the culmination of the performance evolution resulted in release of AWS
Graviton3-powered C7
instances. C7
instances deliver the best price
performance in Amazon EC2 for compute-intensive applications, and are the first in the cloud to
feature DDR5 memory, which provides 50% higher memory bandwidth compared to DDR4 memory to
enable high-speed access to data in memory. C7g
instances deliver 20% higher
enhanced networking bandwidth compared to C6g
instances for network intensive
applications, such as network appliances. These instances are ideal for high-compute telecom
workloads like video encoding, machine learning, and distributed analytics.
AWS Nitro Enclaves enables customers to create isolated compute environments to further protect and securely process highly sensitive data such as personally identifiable information (PII), financial, and intellectual property data within their Amazon EC2 instances. Nitro Enclaves uses the same Nitro Hypervisor technology that provides CPU and memory isolation for EC2 instances. Enclaves offers an isolated, hardened, and highly constrained environment to host security-critical applications. Nitro Enclaves can help telecom customer address their confidential computing requirement as it includes cryptographic attestation for customer software, so that customer can be sure that only authorized code is running, as well as integration with the AWS Key Management Service (AWS KMS), so that only your enclaves can access sensitive material.