SlideShare une entreprise Scribd logo

Optimized Packet Processing Software Impact on Multicore Platforms

Paul Stevens
Paul Stevens

The document discusses how optimized packet processing software from 6WIND can help multicore platforms from Advantech achieve high performance deep packet inspection (DPI) and network security. It describes how 6WIND's software utilizes the multicore hardware to provide wire-speed DPI, support a comprehensive set of networking protocols, and accelerate application processing through a fast path architecture. The solution aims to meet the challenges of high throughput and complex networking protocols required for DPI and network security applications.

Technologie
1  sur  20
Télécharger pour lire hors ligne
The Impact of Optimized Packet Processing Software on Multicore Platforms for DPI and Network Security
Agenda Optimizing the Hardware Optimizing the Software  Paul Stevens, Advantech  Eric Carmes, 6WIND  paul.stevens@advantech.com  eric.carmes@6wind.com  www.advantech.com/nc  www.6wind.com
Multicore Network Platform Design Goals
Meeting OEM Requirements  Need a clear path to sustainable business growth through differentiated products and services  Preserve existing investments while meeting new performance requirements  Reduce time to revenue to beat competition  Need to deploy a flexible architecture and a scalable technology  Develop a range of products with a limited number of technologies  Ensure hardware independency  Need to meet dynamic market requirements  Manage performance growth  Reduce cost and power consumption  Must ship a working product on time  Integrate and validate new and complex technologies faster
Anatomy of a Network Appliance (today) SMB (1-10 Gbps) Data Center >80Gbps 10 GbE 10 GbE GbE GbE PCIe x1 10 GbE GbE 10 GbE GbE IA chipset (e.g., XAUI 10 Intel® Core™ i7 Intel® GbE 10 GbE PCIe x8 XAUI Processor or GbE Xeon® GbE Intel ® Atom) processor 5600 series + NPU XAUI 10 GbE GbE 10 GbE I/O Hub XAUI GbE Switch XAUI 10 Enterprise(10-80Gbps) Intel® XAUI GbE 10 Xeon® PCIe x8 GbE Intel® PCIe x8 10 GbE 10 processor NPU XAUI 10 Xeon® PCIe x8 5600 series + GbE 10 GbE XAUI processor I/O Hub GbE PCIe x8 10 5600 series + 10 GbE 10 I/O Hub PCIe x8 GbE 10 GbE GbE PCIe x8 10 10 Intel® Control Plane Data Plane GbE 10 GbE 10 Xeon® PCIe x8 GbE Processing Processing GbE processor PCIe x8 10 5600 series + GbE 10 I/O Hub PCIe x8 GbE Variety of Security and Encryption coprocessor options
Translating to a Scalable Blade Topology (today) Switch connect 40G IA packet processing IA IA IA and load balancing to the IA Node payloads Switch 40G Node Node Node 2x10G 2 x10G 2 x 10G Dual Star 10G NPU + Switch Connect NPU does front end 40G packet processing NPU IA IA IA IA Node Node Node and load balancing to NPU + 40G Noe the IA Node payloads Switch Hub 2x10G 2x10G 2x10G Dual Star 10G
Performance Scaling to full 40G Interconnects Fast path packet processing and load balancing to the IA Node payloads 100G+ IA IA IA Switch NPU NPU 100G+ Node Node Node 2x 20G 2x 20G 2x 20G 2x 40G 2x 40G Dual Star 40G Dual Star 20G 100G+ IA IA IA IA IA Switch 100G+ Node Node Node Node Node 2x 40G 2x 40G 2x 40G 2x 40G 2x 40G Dual Star 40G
High-end DPI Example 40GE Additional Additional 40GE Switching switching High Level Low Level switching Switching rule based load capacity using Flow Pro. Flow capacity using rule based load balancing dual dual star and DPI Processing dual dual star balancing General Hub blade Hub blade purpose CPU NPU blade Hub blade Hub blade (prim.) (sec.) blade (sec.) (prim.) Switch NPU NPU Switch Switch Switch THUB2 Management THUB2 Management Next CPU Gen CPU ATCA-7410 THUB2 Management THUB2 Management (LMP) 40GE Hub 40GE Hub (LMP) 40GE Dual Dual NPU LMP 40GE Hub (LMP) 40GE Hub (LMP) Blade Blade Xeon GbE Blade Blade xGE Blade GbE Blade xGE GbE xGE GbE xGE xGE xGE GbE xGE GbE SW SW SW MAC SW SW SW SW SW SW MAC MAC SW 6WINDGate gate Slow / Fast Path Partitioning across iA/NPU ShMC ShMC GbE Secondardy 40GE GbE used as Base Interface for 40GE fabric used as fabric interface for data Management and control plane and user plane. Dual star topology Dual star topology Primary 40GE IPMB 40GE used as fabric interface for data and user plane Low level management interface based on2 redundant IPMB busses. Dual star topology Bussed or radial (star) topology
Creating a Virtuous Cycle with Multicore for cost-optimized DPI More Cores, New Higher Technology Throughput Introduction & Capacity
80G Packetarium™ – “ATCA rewrapped” Shrink & Cost-down for non-HA DPI  Packetarium is a cost-optimized, modular system architecture for multicore packet processing.  Scalable and upgradable to meet bandwidth demand, it’s also a cost effective alternative to 1, 2 or 4 x 10GbE (XAUI) per board ATCA. 8 boards per system  Trade-off on availability (system level) QorIQ up to 128 cores MIPS64 up to 256 cores  The all-IP design simplifies customization and TI DSP up to 480 cores X86 in design the identical system management design preserves ATCA S/W investment.  The Mainboard’s topology is similar to ATCA backplane + switch with transition modules + chassis management modules  Each network processing board connects to mainboard’s switch via 2 or 4 x 10GE (XAUI)
Scalable Hardware Platforms for DPI • Processor-independent • Main architectures supported today • More to follow >256 cores x8 x2 x1 256 cores 64 cores 32 cores
Challenges for DPI Software  Unprecedented performance stress on network equipment (cloud and mobile infrastructure)  40G throughput now with 100G on the horizon  Complex networking protocols.  Accurate user packet identification and QoS classification.  Efficient packet steering decisions for optimized application-level processing  Advanced content inspection functions  Application-aware firewall, video compression.
Introducing the 6WIND Solution  High-performance packet processing engine. DPI Application Processing  Optimized for DPI acceleration and protocol termination. Linux  Includes comprehensive set of networking protocols with High ……. Availability support.  Fast path architecture maximizes Multicore Processor system throughput. Advantech Platform  Used by tier-1 OEMs worldwide.
Packet Detection Challenges  Wire-speed performance.  Packets may be fragmented and need re-construction.  Packet always hidden by combination of encapsulation techniques  VLAN, GTP, IP in IP, GRE, L2TP, MPLS…  Packet is often encrypted (IPsec).  Integrated firewall required.  Latency for each packet has to be minimized.  Solution requires high-performance packet processing for packet identification, classification, steering and termination.
Flexible Mapping to Cores, Processors and Blades Dynamically allocate functions Linux across processor cores. Cores Application Processing DPI Packet Processing Control Plane Transparent scaling across homogeneous or heterogeneous Networking Stack blades Data Plane Fast Path Fast Path Cores
Includes a Full Set of Networking Protocols Control Plane Modules Fast Path Modules Static RIP (IPv4, IPv6), RIPng, OSPFv2, OSPFv3, BGP-4, IPv4-v6 forwarding RSTP Routing BGP-4+, ECMP (IPv4, IPv6), Protocols VRRP, PIMv4-SM, PIMv6-SM, IGMP/MLD snooping & proxy, IPsec, IPsec SVTI ROHC static route monitoring & BFD Networking Stack IKE, IKEv2, EAP, VPN Layer 2 VLAN, GRE, Security Optimized stack for multicore including: Flow inspection monitoring link aggregation PPP, Multi-link PPP, PPPoE, • All Linux networking features CHDLC, VLAN, GRE, 6in6, (TCP/IP, filtering, NAT, IPsec…) QoS Multicast Connectivity 4in4, L2TP, DHCPv4/v6, DNS proxy, RADIUS client • Optimized SMP, 2K VR for forwarding, firewalling, NAT and IPsec IPv4-v6 reassembly GTP-u encapsulation Switching LACP • Integrated crypto engine management Home agent, FMIP, SCTP TCP termination for IPsec and SSL corresponding node, mobile Mobility node, IPsec integration, • VNB framework for fast Layer 2 IPv4-v6 filtering, NEMO, proxy MIP MPLS encapsulation through Layer 4 protocol integration NAT Virtual Routing Routing protocols, IKE • Network system calls optimization IPv6 tunneling and (UDP, SCTP, RAW). PPP / L2TP (VRF) transition Monitoring system, High • Graceful Restart extensions for High synchronization daemons for High Availability Extended Fast Path availability Availability. ARP-NDP, routing and IPsec
6WINDGate in DPI Application flow identification and Policy enforcement, video compression, analysis security etc. DPI Application Processing 6WINDGate APIs 6WINDGate APIs Flow table Protocol termination Unknown flow or Update TCP, HTTP etc. flow to be flow and monitored flow event Flow to be 40G / processed by Apply 40G / Flow 100G Decryption application policy Encryption 100G identification traffic (QoS) traffic No application Packet Processing processing  Architecture optimized for managing very large flow tables (millions of flows)  Efficient APIs maximize system throughput (packet cloning, zero-copy architecture etc.)  Scalable architecture for simultaneous support of multiple application instances.
Example: Mobile Video Compression • Detection of flows that could include video. Video compression • Detection of events to locate video in flow. DPI 6WINDGate APIs 6WINDGate APIs Flow table HTTP Unknown flow or Update termination Compressed flow event flow and video flow event Flow with 40G / video Apply 40G / GTP flow 100G Decryption policy Encryption 100G identification traffic (QoS) traffic Flow without video Packet Processing
Example: Application-Aware Firewall + UTM Detection of flows that could contain Anti-virus UTM viruses. DPI 6WINDGate APIs 6WINDGate APIs Flow table Transparent proxy Unknown flow or Update Scanned TCP, UDP etc. flow to be flow and flow monitored flow event Flow to be 40G / scanned Apply 40G / L2 / L3 flow 100G Decryption policy Encryption 100G identification Firewall traffic (QoS) traffic Packet Processing
Summary  6WIND-Advantech solution addresses critical requirements for DPI equipment:  Wire-speed DPI DPI Application Processing  Comprehensive protocol support for advanced services  Fast path environment optimized for acceleration of DPI and application Linux processing.  Zero downtime reliability via integrated High Availability support …….  Portable solution available on industry- Multicore Processor leading processor platforms  Deployed today in cloud infrastructure and mobile networks. Advantech Platform

Recommandé

Netgear ReadyNAS Comparison
Netgear ReadyNAS ComparisonNetgear ReadyNAS Comparison
Netgear ReadyNAS ComparisonAltaware, Inc.
 
GlusterFS座談会テクニカルセッション
GlusterFS座談会テクニカルセッションGlusterFS座談会テクニカルセッション
GlusterFS座談会テクニカルセッションKeisuke Takahashi
 
Qnap company &_product_overview _ Info Tech middle east
Qnap company &_product_overview _ Info Tech middle eastQnap company &_product_overview _ Info Tech middle east
Qnap company &_product_overview _ Info Tech middle eastAli Shoaee
 
Workload consolidation on ATCA with the advantech mic 5333 universal platform
Workload consolidation on ATCA with the advantech mic 5333 universal platformWorkload consolidation on ATCA with the advantech mic 5333 universal platform
Workload consolidation on ATCA with the advantech mic 5333 universal platformPaul Stevens
 
Aida Presentation 6 15 2010
Aida Presentation 6 15 2010Aida Presentation 6 15 2010
Aida Presentation 6 15 2010Aidapf
 
Mi concurso a
Mi concurso aMi concurso a
Mi concurso aARAM2682
 
The technology in the classroom
The technology in the classroomThe technology in the classroom
The technology in the classroomra1v3n
 
Ppt Open Mrs 1
Ppt Open Mrs 1Ppt Open Mrs 1
Ppt Open Mrs 1Shivashankar Subramanian
 

Recommandé

Netgear ReadyNAS Comparison
Netgear ReadyNAS ComparisonNetgear ReadyNAS Comparison
Netgear ReadyNAS ComparisonAltaware, Inc.
 
GlusterFS座談会テクニカルセッション
GlusterFS座談会テクニカルセッションGlusterFS座談会テクニカルセッション
GlusterFS座談会テクニカルセッションKeisuke Takahashi
 
Qnap company &_product_overview _ Info Tech middle east
Qnap company &_product_overview _ Info Tech middle eastQnap company &_product_overview _ Info Tech middle east
Qnap company &_product_overview _ Info Tech middle eastAli Shoaee
 
Workload consolidation on ATCA with the advantech mic 5333 universal platform
Workload consolidation on ATCA with the advantech mic 5333 universal platformWorkload consolidation on ATCA with the advantech mic 5333 universal platform
Workload consolidation on ATCA with the advantech mic 5333 universal platformPaul Stevens
 
Aida Presentation 6 15 2010
Aida Presentation 6 15 2010Aida Presentation 6 15 2010
Aida Presentation 6 15 2010Aidapf
 
Mi concurso a
Mi concurso aMi concurso a
Mi concurso aARAM2682
 
The technology in the classroom
The technology in the classroomThe technology in the classroom
The technology in the classroomra1v3n
 
Ppt Open Mrs 1
Ppt Open Mrs 1Ppt Open Mrs 1
Ppt Open Mrs 1Shivashankar Subramanian
 
Next Generation Storage Networking for Next Generation Data Centers
Next Generation Storage Networking for Next Generation Data CentersNext Generation Storage Networking for Next Generation Data Centers
Next Generation Storage Networking for Next Generation Data CentersTheFibreChannel
 
Big Ip Platforms Customer Slides
Big Ip Platforms Customer SlidesBig Ip Platforms Customer Slides
Big Ip Platforms Customer Slidesadutto
 
Mutating IP Network Model Ethernet-InfiniBand Interconnect
Mutating IP Network Model Ethernet-InfiniBand InterconnectMutating IP Network Model Ethernet-InfiniBand Interconnect
Mutating IP Network Model Ethernet-InfiniBand InterconnectNaoto MATSUMOTO
 
Dell power edge r310_spec_sheet
Dell power edge r310_spec_sheetDell power edge r310_spec_sheet
Dell power edge r310_spec_sheetEUROMARITS, La Solution Pro Pour Tous
 
Hds brcd solutions_tech_summit
Hds brcd solutions_tech_summitHds brcd solutions_tech_summit
Hds brcd solutions_tech_summitSteve Lee
 
Storage Performance Takes Off
Storage Performance Takes OffStorage Performance Takes Off
Storage Performance Takes OffIT Brand Pulse
 
mpls CNNA.pdf
mpls CNNA.pdfmpls CNNA.pdf
mpls CNNA.pdfJamiUllah1
 
Qnap nas TS 1679 introduction_info tech Middle east
Qnap nas TS 1679 introduction_info tech Middle eastQnap nas TS 1679 introduction_info tech Middle east
Qnap nas TS 1679 introduction_info tech Middle eastAli Shoaee
 
Qnap nas ts 1679 introduction-02
Qnap nas ts 1679 introduction-02Qnap nas ts 1679 introduction-02
Qnap nas ts 1679 introduction-02CarrierDigit
 
MS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize PerformanceMS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize PerformanceSpiffy
 
Shuttle Highlights 2011 (EN)
Shuttle Highlights 2011 (EN)Shuttle Highlights 2011 (EN)
Shuttle Highlights 2011 (EN)Shuttle Computer Handels GmbH
 
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalitàWebinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalitàNetgear Italia
 
10 gb ethernet
10 gb ethernet10 gb ethernet
10 gb ethernetronpoul
 
Avb pov 2017 v2
Avb pov 2017 v2Avb pov 2017 v2
Avb pov 2017 v2Jeff Green
 
Analyst Perspective - Next Generation Storage Networking for Next Generation ...
Analyst Perspective - Next Generation Storage Networking for Next Generation ...Analyst Perspective - Next Generation Storage Networking for Next Generation ...
Analyst Perspective - Next Generation Storage Networking for Next Generation ...Dennis Martin
 
ハードウェアメーカーならでは(笑)実機あり! Azure IoT Edgeデバイス / Edge Server Update
ハードウェアメーカーならでは(笑)実機あり! Azure IoT Edgeデバイス / Edge Server Updateハードウェアメーカーならでは(笑)実機あり! Azure IoT Edgeデバイス / Edge Server Update
ハードウェアメーカーならでは(笑)実機あり! Azure IoT Edgeデバイス / Edge Server UpdateNaoki Yonezu
 
10GbE Plugfest 2014 参考資料
10GbE Plugfest 2014 参考資料10GbE Plugfest 2014 参考資料
10GbE Plugfest 2014 参考資料Naoto MATSUMOTO
 
Technical overview of new cisco catalyst multigigabit switches
Technical overview of new cisco catalyst multigigabit switchesTechnical overview of new cisco catalyst multigigabit switches
Technical overview of new cisco catalyst multigigabit switchesCisco Mobility
 
Cisco's compact switch –the time of multigigabit is here
Cisco's compact switch –the time of multigigabit is hereCisco's compact switch –the time of multigigabit is here
Cisco's compact switch –the time of multigigabit is hereIT Tech
 
Fujitsu PRIMERGY RX200 S7
Fujitsu PRIMERGY RX200 S7Fujitsu PRIMERGY RX200 S7
Fujitsu PRIMERGY RX200 S7Kingfin Enterprises Limited
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 

Contenu connexe

Similaire à Optimized Packet Processing Software Impact on Multicore Platforms

Next Generation Storage Networking for Next Generation Data Centers
Next Generation Storage Networking for Next Generation Data CentersNext Generation Storage Networking for Next Generation Data Centers
Next Generation Storage Networking for Next Generation Data CentersTheFibreChannel
 
Big Ip Platforms Customer Slides
Big Ip Platforms Customer SlidesBig Ip Platforms Customer Slides
Big Ip Platforms Customer Slidesadutto
 
Mutating IP Network Model Ethernet-InfiniBand Interconnect
Mutating IP Network Model Ethernet-InfiniBand InterconnectMutating IP Network Model Ethernet-InfiniBand Interconnect
Mutating IP Network Model Ethernet-InfiniBand InterconnectNaoto MATSUMOTO
 
Hds brcd solutions_tech_summit
Hds brcd solutions_tech_summitHds brcd solutions_tech_summit
Hds brcd solutions_tech_summitSteve Lee
 
Storage Performance Takes Off
Storage Performance Takes OffStorage Performance Takes Off
Storage Performance Takes OffIT Brand Pulse
 
Qnap nas TS 1679 introduction_info tech Middle east
Qnap nas TS 1679 introduction_info tech Middle eastQnap nas TS 1679 introduction_info tech Middle east
Qnap nas TS 1679 introduction_info tech Middle eastAli Shoaee
 
Qnap nas ts 1679 introduction-02
Qnap nas ts 1679 introduction-02Qnap nas ts 1679 introduction-02
Qnap nas ts 1679 introduction-02CarrierDigit
 
MS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize PerformanceMS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize PerformanceSpiffy
 
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalitàWebinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalitàNetgear Italia
 
10 gb ethernet
10 gb ethernet10 gb ethernet
10 gb ethernetronpoul
 
Avb pov 2017 v2
Avb pov 2017 v2Avb pov 2017 v2
Avb pov 2017 v2Jeff Green
 
Analyst Perspective - Next Generation Storage Networking for Next Generation ...
Analyst Perspective - Next Generation Storage Networking for Next Generation ...Analyst Perspective - Next Generation Storage Networking for Next Generation ...
Analyst Perspective - Next Generation Storage Networking for Next Generation ...Dennis Martin
 
ハードウェアメーカーならでは(笑)実機あり! Azure IoT Edgeデバイス / Edge Server Update
ハードウェアメーカーならでは(笑)実機あり! Azure IoT Edgeデバイス / Edge Server Updateハードウェアメーカーならでは(笑)実機あり! Azure IoT Edgeデバイス / Edge Server Update
ハードウェアメーカーならでは(笑)実機あり! Azure IoT Edgeデバイス / Edge Server UpdateNaoki Yonezu
 
10GbE Plugfest 2014 参考資料
10GbE Plugfest 2014 参考資料10GbE Plugfest 2014 参考資料
10GbE Plugfest 2014 参考資料Naoto MATSUMOTO
 
Technical overview of new cisco catalyst multigigabit switches
Technical overview of new cisco catalyst multigigabit switchesTechnical overview of new cisco catalyst multigigabit switches
Technical overview of new cisco catalyst multigigabit switchesCisco Mobility
 
Cisco's compact switch –the time of multigigabit is here
Cisco's compact switch –the time of multigigabit is hereCisco's compact switch –the time of multigigabit is here
Cisco's compact switch –the time of multigigabit is hereIT Tech
 

Similaire à Optimized Packet Processing Software Impact on Multicore Platforms (20)

Next Generation Storage Networking for Next Generation Data Centers
Next Generation Storage Networking for Next Generation Data CentersNext Generation Storage Networking for Next Generation Data Centers
Next Generation Storage Networking for Next Generation Data Centers
 
Big Ip Platforms Customer Slides
Big Ip Platforms Customer SlidesBig Ip Platforms Customer Slides
Big Ip Platforms Customer Slides
 
Mutating IP Network Model Ethernet-InfiniBand Interconnect
Mutating IP Network Model Ethernet-InfiniBand InterconnectMutating IP Network Model Ethernet-InfiniBand Interconnect
Mutating IP Network Model Ethernet-InfiniBand Interconnect
 
Dell power edge r310_spec_sheet
Dell power edge r310_spec_sheetDell power edge r310_spec_sheet
Dell power edge r310_spec_sheet
 
Hds brcd solutions_tech_summit
Hds brcd solutions_tech_summitHds brcd solutions_tech_summit
Hds brcd solutions_tech_summit
 
Storage Performance Takes Off
Storage Performance Takes OffStorage Performance Takes Off
Storage Performance Takes Off
 
mpls CNNA.pdf
mpls CNNA.pdfmpls CNNA.pdf
mpls CNNA.pdf
 
Qnap nas TS 1679 introduction_info tech Middle east
Qnap nas TS 1679 introduction_info tech Middle eastQnap nas TS 1679 introduction_info tech Middle east
Qnap nas TS 1679 introduction_info tech Middle east
 
Qnap nas ts 1679 introduction-02
Qnap nas ts 1679 introduction-02Qnap nas ts 1679 introduction-02
Qnap nas ts 1679 introduction-02
 
MS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize PerformanceMS TechDays 2011 - Virtualization Solutions to Optimize Performance
MS TechDays 2011 - Virtualization Solutions to Optimize Performance
 
Shuttle Highlights 2011 (EN)
Shuttle Highlights 2011 (EN)Shuttle Highlights 2011 (EN)
Shuttle Highlights 2011 (EN)
 
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalitàWebinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
Webinar NETGEAR - Prosafe Smart Switch, caratteristiche e funzionalità
 
10 gb ethernet
10 gb ethernet10 gb ethernet
10 gb ethernet
 
Avb pov 2017 v2
Avb pov 2017 v2Avb pov 2017 v2
Avb pov 2017 v2
 
Analyst Perspective - Next Generation Storage Networking for Next Generation ...
Analyst Perspective - Next Generation Storage Networking for Next Generation ...Analyst Perspective - Next Generation Storage Networking for Next Generation ...
Analyst Perspective - Next Generation Storage Networking for Next Generation ...
 
ハードウェアメーカーならでは(笑)実機あり! Azure IoT Edgeデバイス / Edge Server Update
ハードウェアメーカーならでは(笑)実機あり! Azure IoT Edgeデバイス / Edge Server Updateハードウェアメーカーならでは(笑)実機あり! Azure IoT Edgeデバイス / Edge Server Update
ハードウェアメーカーならでは(笑)実機あり! Azure IoT Edgeデバイス / Edge Server Update
 
10GbE Plugfest 2014 参考資料
10GbE Plugfest 2014 参考資料10GbE Plugfest 2014 参考資料
10GbE Plugfest 2014 参考資料
 
Technical overview of new cisco catalyst multigigabit switches
Technical overview of new cisco catalyst multigigabit switchesTechnical overview of new cisco catalyst multigigabit switches
Technical overview of new cisco catalyst multigigabit switches
 
Cisco's compact switch –the time of multigigabit is here
Cisco's compact switch –the time of multigigabit is hereCisco's compact switch –the time of multigigabit is here
Cisco's compact switch –the time of multigigabit is here
 
Fujitsu PRIMERGY RX200 S7
Fujitsu PRIMERGY RX200 S7Fujitsu PRIMERGY RX200 S7
Fujitsu PRIMERGY RX200 S7
 

Dernier

Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 

Dernier (20)

Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 

Optimized Packet Processing Software Impact on Multicore Platforms

  • 1. The Impact of Optimized Packet Processing Software on Multicore Platforms for DPI and Network Security
  • 2. Agenda Optimizing the Hardware Optimizing the Software  Paul Stevens, Advantech  Eric Carmes, 6WIND  paul.stevens@advantech.com  eric.carmes@6wind.com  www.advantech.com/nc  www.6wind.com
  • 4. Meeting OEM Requirements  Need a clear path to sustainable business growth through differentiated products and services  Preserve existing investments while meeting new performance requirements  Reduce time to revenue to beat competition  Need to deploy a flexible architecture and a scalable technology  Develop a range of products with a limited number of technologies  Ensure hardware independency  Need to meet dynamic market requirements  Manage performance growth  Reduce cost and power consumption  Must ship a working product on time  Integrate and validate new and complex technologies faster
  • 5. Anatomy of a Network Appliance (today) SMB (1-10 Gbps) Data Center >80Gbps 10 GbE 10 GbE GbE GbE PCIe x1 10 GbE GbE 10 GbE GbE IA chipset (e.g., XAUI 10 Intel® Core™ i7 Intel® GbE 10 GbE PCIe x8 XAUI Processor or GbE Xeon® GbE Intel ® Atom) processor 5600 series + NPU XAUI 10 GbE GbE 10 GbE I/O Hub XAUI GbE Switch XAUI 10 Enterprise(10-80Gbps) Intel® XAUI GbE 10 Xeon® PCIe x8 GbE Intel® PCIe x8 10 GbE 10 processor NPU XAUI 10 Xeon® PCIe x8 5600 series + GbE 10 GbE XAUI processor I/O Hub GbE PCIe x8 10 5600 series + 10 GbE 10 I/O Hub PCIe x8 GbE 10 GbE GbE PCIe x8 10 10 Intel® Control Plane Data Plane GbE 10 GbE 10 Xeon® PCIe x8 GbE Processing Processing GbE processor PCIe x8 10 5600 series + GbE 10 I/O Hub PCIe x8 GbE Variety of Security and Encryption coprocessor options
  • 6. Translating to a Scalable Blade Topology (today) Switch connect 40G IA packet processing IA IA IA and load balancing to the IA Node payloads Switch 40G Node Node Node 2x10G 2 x10G 2 x 10G Dual Star 10G NPU + Switch Connect NPU does front end 40G packet processing NPU IA IA IA IA Node Node Node and load balancing to NPU + 40G Noe the IA Node payloads Switch Hub 2x10G 2x10G 2x10G Dual Star 10G
  • 7. Performance Scaling to full 40G Interconnects Fast path packet processing and load balancing to the IA Node payloads 100G+ IA IA IA Switch NPU NPU 100G+ Node Node Node 2x 20G 2x 20G 2x 20G 2x 40G 2x 40G Dual Star 40G Dual Star 20G 100G+ IA IA IA IA IA Switch 100G+ Node Node Node Node Node 2x 40G 2x 40G 2x 40G 2x 40G 2x 40G Dual Star 40G
  • 8. High-end DPI Example 40GE Additional Additional 40GE Switching switching High Level Low Level switching Switching rule based load capacity using Flow Pro. Flow capacity using rule based load balancing dual dual star and DPI Processing dual dual star balancing General Hub blade Hub blade purpose CPU NPU blade Hub blade Hub blade (prim.) (sec.) blade (sec.) (prim.) Switch NPU NPU Switch Switch Switch THUB2 Management THUB2 Management Next CPU Gen CPU ATCA-7410 THUB2 Management THUB2 Management (LMP) 40GE Hub 40GE Hub (LMP) 40GE Dual Dual NPU LMP 40GE Hub (LMP) 40GE Hub (LMP) Blade Blade Xeon GbE Blade Blade xGE Blade GbE Blade xGE GbE xGE GbE xGE xGE xGE GbE xGE GbE SW SW SW MAC SW SW SW SW SW SW MAC MAC SW 6WINDGate gate Slow / Fast Path Partitioning across iA/NPU ShMC ShMC GbE Secondardy 40GE GbE used as Base Interface for 40GE fabric used as fabric interface for data Management and control plane and user plane. Dual star topology Dual star topology Primary 40GE IPMB 40GE used as fabric interface for data and user plane Low level management interface based on2 redundant IPMB busses. Dual star topology Bussed or radial (star) topology
  • 9. Creating a Virtuous Cycle with Multicore for cost-optimized DPI More Cores, New Higher Technology Throughput Introduction & Capacity
  • 10. 80G Packetarium™ – “ATCA rewrapped” Shrink & Cost-down for non-HA DPI  Packetarium is a cost-optimized, modular system architecture for multicore packet processing.  Scalable and upgradable to meet bandwidth demand, it’s also a cost effective alternative to 1, 2 or 4 x 10GbE (XAUI) per board ATCA. 8 boards per system  Trade-off on availability (system level) QorIQ up to 128 cores MIPS64 up to 256 cores  The all-IP design simplifies customization and TI DSP up to 480 cores X86 in design the identical system management design preserves ATCA S/W investment.  The Mainboard’s topology is similar to ATCA backplane + switch with transition modules + chassis management modules  Each network processing board connects to mainboard’s switch via 2 or 4 x 10GE (XAUI)
  • 11. Scalable Hardware Platforms for DPI • Processor-independent • Main architectures supported today • More to follow >256 cores x8 x2 x1 256 cores 64 cores 32 cores
  • 12. Challenges for DPI Software  Unprecedented performance stress on network equipment (cloud and mobile infrastructure)  40G throughput now with 100G on the horizon  Complex networking protocols.  Accurate user packet identification and QoS classification.  Efficient packet steering decisions for optimized application-level processing  Advanced content inspection functions  Application-aware firewall, video compression.
  • 13. Introducing the 6WIND Solution  High-performance packet processing engine. DPI Application Processing  Optimized for DPI acceleration and protocol termination. Linux  Includes comprehensive set of networking protocols with High ……. Availability support.  Fast path architecture maximizes Multicore Processor system throughput. Advantech Platform  Used by tier-1 OEMs worldwide.
  • 14. Packet Detection Challenges  Wire-speed performance.  Packets may be fragmented and need re-construction.  Packet always hidden by combination of encapsulation techniques  VLAN, GTP, IP in IP, GRE, L2TP, MPLS…  Packet is often encrypted (IPsec).  Integrated firewall required.  Latency for each packet has to be minimized.  Solution requires high-performance packet processing for packet identification, classification, steering and termination.
  • 15. Flexible Mapping to Cores, Processors and Blades Dynamically allocate functions Linux across processor cores. Cores Application Processing DPI Packet Processing Control Plane Transparent scaling across homogeneous or heterogeneous Networking Stack blades Data Plane Fast Path Fast Path Cores
  • 16. Includes a Full Set of Networking Protocols Control Plane Modules Fast Path Modules Static RIP (IPv4, IPv6), RIPng, OSPFv2, OSPFv3, BGP-4, IPv4-v6 forwarding RSTP Routing BGP-4+, ECMP (IPv4, IPv6), Protocols VRRP, PIMv4-SM, PIMv6-SM, IGMP/MLD snooping & proxy, IPsec, IPsec SVTI ROHC static route monitoring & BFD Networking Stack IKE, IKEv2, EAP, VPN Layer 2 VLAN, GRE, Security Optimized stack for multicore including: Flow inspection monitoring link aggregation PPP, Multi-link PPP, PPPoE, • All Linux networking features CHDLC, VLAN, GRE, 6in6, (TCP/IP, filtering, NAT, IPsec…) QoS Multicast Connectivity 4in4, L2TP, DHCPv4/v6, DNS proxy, RADIUS client • Optimized SMP, 2K VR for forwarding, firewalling, NAT and IPsec IPv4-v6 reassembly GTP-u encapsulation Switching LACP • Integrated crypto engine management Home agent, FMIP, SCTP TCP termination for IPsec and SSL corresponding node, mobile Mobility node, IPsec integration, • VNB framework for fast Layer 2 IPv4-v6 filtering, NEMO, proxy MIP MPLS encapsulation through Layer 4 protocol integration NAT Virtual Routing Routing protocols, IKE • Network system calls optimization IPv6 tunneling and (UDP, SCTP, RAW). PPP / L2TP (VRF) transition Monitoring system, High • Graceful Restart extensions for High synchronization daemons for High Availability Extended Fast Path availability Availability. ARP-NDP, routing and IPsec
  • 17. 6WINDGate in DPI Application flow identification and Policy enforcement, video compression, analysis security etc. DPI Application Processing 6WINDGate APIs 6WINDGate APIs Flow table Protocol termination Unknown flow or Update TCP, HTTP etc. flow to be flow and monitored flow event Flow to be 40G / processed by Apply 40G / Flow 100G Decryption application policy Encryption 100G identification traffic (QoS) traffic No application Packet Processing processing  Architecture optimized for managing very large flow tables (millions of flows)  Efficient APIs maximize system throughput (packet cloning, zero-copy architecture etc.)  Scalable architecture for simultaneous support of multiple application instances.
  • 18. Example: Mobile Video Compression • Detection of flows that could include video. Video compression • Detection of events to locate video in flow. DPI 6WINDGate APIs 6WINDGate APIs Flow table HTTP Unknown flow or Update termination Compressed flow event flow and video flow event Flow with 40G / video Apply 40G / GTP flow 100G Decryption policy Encryption 100G identification traffic (QoS) traffic Flow without video Packet Processing
  • 19. Example: Application-Aware Firewall + UTM Detection of flows that could contain Anti-virus UTM viruses. DPI 6WINDGate APIs 6WINDGate APIs Flow table Transparent proxy Unknown flow or Update Scanned TCP, UDP etc. flow to be flow and flow monitored flow event Flow to be 40G / scanned Apply 40G / L2 / L3 flow 100G Decryption policy Encryption 100G identification Firewall traffic (QoS) traffic Packet Processing
  • 20. Summary  6WIND-Advantech solution addresses critical requirements for DPI equipment:  Wire-speed DPI DPI Application Processing  Comprehensive protocol support for advanced services  Fast path environment optimized for acceleration of DPI and application Linux processing.  Zero downtime reliability via integrated High Availability support …….  Portable solution available on industry- Multicore Processor leading processor platforms  Deployed today in cloud infrastructure and mobile networks. Advantech Platform