540 likes | 828 Views
THE DEVELOPMENT OF NETWORK PROCESSOR TECHNOLOGY. Adviser: Dr.Gaj Co-Adviser: Dr.Mark. Scope of Presentation. 1. Introduction to NP 2. Evolution of NP development 3. IXP 1200 network processor 4. Adding security functionality of network processor 5. Conclusion. Introduction.
E N D
THE DEVELOPMENT OF NETWORK PROCESSOR TECHNOLOGY Adviser: Dr.Gaj Co-Adviser: Dr.Mark
Scope of Presentation 1. Introduction to NP 2. Evolution of NP development 3. IXP 1200 network processor 4. Adding security functionality of network processor 5. Conclusion
Introduction • Why Network Processor? • widespread of internet technology • data explosion • need to send huge data over networks at high speed • CPU based => ASIC based =>NP based
CPU Based Router • A computer with multiple NIC installed • Running software dedicated to routing • PC + Linux => small router • Packet flow: • NIC1,buffer->memory->CPU, register, processing->memory->NIC2,buffer
CPU Based Router • Good: flexibility to program the instructionsupdate & upgrade thru software
CPU Based Router - Drawback • Cannot keep up with line speed:In 1994~2000, network bandwidth growing622Mbps -> 10Gbps • CPU speed: 100MHz -> 2GHz • approx 1GHz CPU handle 1Gbps data rate
CPU Based Router – Drawback • Demand of Quality of Service • Internet banking, E-commerce requires instant interactions v.s. E-mail, WWW • Rich user v.s. poor user • Vedio on demand v.s. Vedio conference • Each traffic type has each priority level • Traffic management task needs more complicated algorithm & higher processing speed
CPU Based Router – Drawback • PC is not optimized for network traffic • PC is suitable for big chunk of data: DMA, loading file, do I/O once in a while.Network traffic is I/O bound traffic • Voice stream use small 64-byte packets • Not good for large number of small packets • Spend much time idling while memory access (single thread) • Not good for bit-level operations (using shift)
ASIC Based Router (Faster) • Burdens are distributed to each NIC • Embed instructions to perform forwarding operations
ASIC Based Router – Drawback • No Re-Programmability, not flexible • Instructions are hardwired – difficult & costly to change for DiffServe, IPSec, IPv6 • Long Development Time • 12~18 months • faster & complicated application need longer • more complex design=> fabrication & verification • longer time to market, less competitive
ASIC Based Router – Drawback • Layer 2 protocol is in flux • Ethernet (LAN) standard is OK • LAN=> VLAN (802.1Q) • WAN: vendor need to integrate them to single “Multi-service” product=> HDLC, Frame Relay, ATM, etc.
Network Processor • What is NP? • A software programmable device that is designed to process data packets at wire-speed • As flexible as CPU • As fast as ASIC at wire –speed • provide all packet processing function as previous technology can provide
NP Architecture • PPEs, Network Interface, Dedicated Hardware Unit, Control Processor, Memory Interface
NP Architecture (PPEs) • Multiple Programmable Processing Engines (PPEs) • More flexible over ASIC(hard-wired) • Parallel processing, better than CPU • Most adopted technology in vendorsex: micro-engines in Intel IXP 1200channel processor in Motorola C-5pico-engines in IBM NP4GS3
NP Architecture (PPEs) • Usually use RISC, pipeline architecture • Simplified instruction sets to reduce chip area • Adding bit manipulation functionality • Topologies can be parallel, pipeline, and pool (see next page)
NP Architecture (PPEs) • Multiple hardware thread to hide memory access delay, achieve more tasks • Instant context-swap (program counter, separated register sets for each context) • Small internal program memory – reduce instruction fetch timegood: fastbad: program cannot be too long, too complicated
NP Architecture – Network Interface • Network Interface • Connecting external framer or MAC • Framer: converting bit stream to packet data • MAC: Ethernet Framer • Framer or MAC can be built internal in NPgood: save overall chip areabad: limit product flexibility • Standard: UTOPIA level 2 and 3, SPI-3, SPI 4.2
NP Architecture – Dedicated Unit • Dedicated Hardware Unit • Offload the burden of computational intensive operations from PPEs • Lookup Engines • Queue Management • CRC Calculation • Security function • Trade-off: More dedicated units, more chip area, more costy
NP Architecture- Control Processor • Control Processor • Time-insensitive task, ex, routing table update, control and traffic management packet • (How about time-sensitive task?) • Exceptional packet processing, ex, unknown type packet • System bring-up, reboot, system management
NP Architecture–Memory Interface • SRAM: • small and frequently accessed data: ex. routing table, queuing information, packet pointer • DRAM: • large and rare accessed data: ex. packet data
NP Advantages • Less Time to Market (TTM) • Software programmability: Easy to implement, model, sample product • Flexibility: Easy to adapt to newer protocol, easy to add new functionality to exist design
NP Advantages • Longer Time in Market (TIM) • new and critical functions can be added by re-programming the network within the device • can be upgraded via a software download to add new features and protocol support
NP Advantages • Leverage 3rd-party development of applications • 3rd-party vendor provide software packet and module for common used application • software reuse without the need to re-invent the wheel • create a new industry
Bit-level Operations • How to set 5th bit to one? • CPU: Y & (1<<5)two instructions • NPU: with the help of extra shifter, can be done in one instructions
Microengine • 6 ME * 4 Thread = 24 Thread • ALU: addition, subtraction, logical operations. No multiplication.save chip area. • 32-bit register • The power of extra shifter. ex. TTL field, FF-1=FE(FFFFFFFF) >> 24 == FFFF-1==FE
Microengine • Multiple Threading • 4 Program counters • register sets can divided to 4 parts for 4 threads, swap contexts in a single cycle • context-swap can hide memory access latency • each thread share same instruction store, each thread can perform same of different program, but instructions store is limited (2048 instructions) • program in the instruction store is loaded by StrongARM
Microengine • Separated Register Sets • 3 types of 32 bit registers:128 general-purpose registers64 SRAM transfer registers64 SDRAM transfer registers • read bus & write bus are separated, so does the register sets: 32 for read, 32 for write, no addressing mode • can be addressed by globe mode or thread-local mode • globe mode=>shared variable, non-preemptive,
Security functionality of network processor • why? more and more business/corporate, personal e-commerce transactions over Internet • need data confidentiality and data integrity for information transmitted and received over internet and networks
Security processor architecture • for existing NP and network systems • a. security co-processor architecture • b. security accelerator architecture • c. security in-line processor architecture • for new design and development of NP & networks: • a. network processor architecture with security functionality • (on-chip core)
Security co-processor architecture • co-processor performs all security function and protocol processing and encryption function
Security accelerator architecture • use in conjunction with host NPU • host NPU performs protocol processor, eg, handshake, protocol header processing • security accelerator performs encryption of payload
In-line security processor architecture • architecture is referred to an “bump in the wire” • place before the NP to receive data packets on one side • encrypt data packets and send on the other side to NP • Hence, duplicate most of the same functions of the NP
on-chip security core architecture • include security functionality in the NP architecture • eg. encryption of payload, protocol processing • implementation of ixp2850 has 2 cryptography core • more efficient due to reduce transfer of data packets back and forth different memories • secure traffic on the fly with cryptographic engine embedded on the NP • reduce real estate power and memory requirements • on-chip core architecture is the future design for NP
Considerations for security functionality in network system • 1. for existing NP and networksco-pro, acc, in-line more suitable and cost effective • 2. for relative low volume of data and moderate speed, co-processor is cost-effective • 3. for high traffic and data volume, in-line architecture would be the most efficient and ease of integration. however, cost will be high due to duplication of NP functionality
Considerations for security functionality in network system • for new NP and network design • 1.on chip security core architecture gives best efficiency, power consumption and small footprint • 2.depending on the demand for such performance, the cost of on-chip security core NP should be affordable.
Conclusion • the need for flexibility and speed resulted in design shift to NP architecture • the implementation of ixp1200 demonstrated that NP architecture is efficient and can meet the demand for networking at wired speed. • the design of NP architecture is still evolving. With the need for security functionality, on-chip security core seems to be the way to future NP architecture, given the advantage of data efficiency, footprint, and minimum power consumption.