RISC-V silicon, programmable eBPF hardware VMs, and hardware-enforced Trusted Execution Environments.
The open RISC-V ISA enables PacketFive to define custom extensions specifically optimised for packet parsing, header manipulation, and flow-table lookups — operations that consume disproportionate CPU cycles on conventional architectures.
Proprietary ISAs lock customers into vendor ecosystems and prevent custom extensions. RISC-V's open, modular specification lets PacketFive add domain-specific instructions without licence fees or NDA constraints — and contribute improvements back to the community.
Each hardware eBPF VM is a full implementation of the eBPF ISA in silicon — not a software JIT compiler, but hardened gates running eBPF bytecode at line rate. Programs can be loaded, verified, and hot-swapped without data-plane downtime.
eBPF has become the de-facto standard for programmable packet processing in Linux. KESTREL-V takes this a step further: instead of running eBPF in software, the ISA is implemented directly in RISC-V hardware VMs.
Hardware-enforced isolation ensures that sensitive network functions cannot be tampered with, even by privileged host software.
Remote attestation proves to a verifier that the correct, unmodified eBPF program is running inside the enclave.
TEE enclaves are hardware-isolated from the host OS and hypervisor — critical for multi-tenant AI cluster deployments.
Cryptographic keys and policy material are sealed to the enclave, inaccessible to privileged host processes or hypervisors.
GPU clusters for CUDA and ROCm workloads demand ultra-low-latency, high-bandwidth networking. KESTREL-V accelerates RDMA, RoCE, and MPI collective operations directly in the data plane.
Hardware-accelerated RDMA over Converged Ethernet for GPU-to-GPU memory transfers.
In-network computing for AllReduce, Broadcast, and Scatter-Gather — offloading collective operations from CPU/GPU.
Per-flow telemetry and congestion signals streamed to HiCAIN for real-time cluster health monitoring.