the development of network processor technology adviser: dr.gaj co-adviser: dr.mark

THE DEVELOPMENT OF NETWORK PROCESSOR

TECHNOLOGY

Adviser: Dr.Gaj

Co-Adviser: Dr.Mark

Scope of Presentation

1. Introduction to NP

2. Evolution of NP development

3. IXP 1200 network processor

4. Adding security functionality of network processor

5. Conclusion

Introduction

• Why Network Processor?– widespread of internet technology– data explosion– need to send huge data over networks at high

speed– CPU based => ASIC based =>NP based

CPU Based Router

• A computer with multiple NIC installed

• Running software dedicated to routing

• PC + Linux => small router

• Packet flow:

• NIC1,buffer->memory->CPU, register, processing->memory->NIC2,buffer

CPU Based Router

• Good: flexibility to program the instructionsupdate & upgrade thru software

CPU Based Router - Drawback

• Cannot keep up with line speed:In 1994~2000, network bandwidth growing622Mbps -> 10Gbps

• CPU speed: 100MHz -> 2GHz• approx 1GHz CPU handle 1Gbps data rate

CPU Based Router – Drawback

• Demand of Quality of Service– Internet banking, E-commerce requires instant

interactions v.s. E-mail, WWW– Rich user v.s. poor user– Vedio on demand v.s. Vedio conference– Each traffic type has each priority level– Traffic management task needs more complic

ated algorithm & higher processing speed

CPU Based Router – Drawback

• PC is not optimized for network traffic– PC is suitable for big chunk of data:

DMA, loading file, do I/O once in a while.Network traffic is I/O bound traffic

– Voice stream use small 64-byte packets– Not good for large number of small packets– Spend much time idling while memory access

(single thread)– Not good for bit-level operations (using shift)

ASIC Based Router (Faster)

• Burdens are distributed to each NIC

• Embed instructions to perform forwarding operations

ASIC Based Router – Drawback

• No Re-Programmability, not flexible– Instructions are hardwired – difficult & costly t

o change for DiffServe, IPSec, IPv6

• Long Development Time– 12~18 months– faster & complicated application need longer– more complex design=> fabrication & verificati

on– longer time to market, less competitive

ASIC Based Router – Drawback

• Layer 2 protocol is in flux– Ethernet (LAN) standard is OK– LAN=> VLAN (802.1Q)– WAN: vendor need to integrate them to single

“Multi-service” product=> HDLC, Frame Relay, ATM, etc.

Network Processor

• What is NP?– A software programmable device that is

designed to process data packets at wire-speed

– As flexible as CPU– As fast as ASIC at wire –speed– provide all packet processing function as

previous technology can provide

NP Architecture• PPEs, Network Interface, Dedicated Hardware Unit, Control Processor, Me

mory Interface

NP Architecture (PPEs)

• Multiple Programmable Processing Engines (PPEs)– More flexible over ASIC(hard-wired)– Parallel processing, better than CPU– Most adopted technology in vendors

ex: micro-engines in Intel IXP 1200channel processor in Motorola C-5pico-engines in IBM NP4GS3

NP Architecture (PPEs)

• Usually use RISC, pipeline architecture

• Simplified instruction sets to reduce chip area

• Adding bit manipulation functionality

• Topologies can be parallel, pipeline, and pool (see next page)

fig.topologies

NP Architecture (PPEs)

• Multiple hardware thread to hide memory access delay, achieve more tasks

• Instant context-swap (program counter, separated register sets for each context)

• Small internal program memory – reduce instruction fetch timegood: fastbad: program cannot be too long, too complicated

NP Architecture – Network Interface

• Network Interface– Connecting external framer or MAC– Framer: converting bit stream to packet data– MAC: Ethernet Framer– Framer or MAC can be built internal in NP

good: save overall chip areabad: limit product flexibility

– Standard: UTOPIA level 2 and 3, SPI-3, SPI 4.2

NP Architecture – Dedicated Unit

• Dedicated Hardware Unit– Offload the burden of computational intensive

operations from PPEs• Lookup Engines• Queue Management• CRC Calculation• Security function

– Trade-off: More dedicated units, more chip area, more costy

NP Architecture- Control Processor

• Control Processor– Time-insensitive task, ex, routing table

update, control and traffic management packet

– (How about time-sensitive task?)– Exceptional packet processing, ex, unknown

type packet– System bring-up, reboot, system management

NP Architecture–Memory Interface

• SRAM:– small and frequently accessed data: ex.

routing table, queuing information, packet pointer

• DRAM:– large and rare accessed data: ex. packet data

NP Advantages

• Less Time to Market (TTM)– Software programmability: Easy to implement,

model, sample product– Flexibility: Easy to adapt to newer protocol,

easy to add new functionality to exist design

NP Advantages

• Longer Time in Market (TIM)– new and critical functions can be added by re-

programming the network within the device – can be upgraded via a software download to

add new features and protocol support

NP Advantages

• Leverage 3rd-party development of applications– 3rd-party vendor provide software packet and

module for common used application – software reuse without the need to re-invent

the wheel– create a new industry

Intel IXP1200

Bit-level Operations

• How to set 5th bit to one?– CPU: Y & (1<<5)

two instructions– NPU: with the help of extra shifter, can be

done in one instructions

Microengine

Microengine

• 6 ME * 4 Thread = 24 Thread

• ALU: addition, subtraction, logical operations. No multiplication.save chip area.

• 32-bit register

• The power of extra shifter. ex. TTL field, FF-1=FE(FFFFFFFF) >> 24 == FFFF-1==FE

Microengine

• Multiple Threading– 4 Program counters– register sets can divided to 4 parts for 4 threads, swa

p contexts in a single cycle– context-swap can hide memory access latency– each thread share same instruction store, each thread

can perform same of different program, but instructions store is limited (2048 instructions)

– program in the instruction store is loaded by StrongARM

Microengine

Microengine• Separated Register Sets

– 3 types of 32 bit registers:128 general-purpose registers64 SRAM transfer registers64 SDRAM transfer registers

• read bus & write bus are separated, so does the register sets: 32 for read, 32 for write, no addressing mode

• can be addressed by globe mode or thread-local mode• globe mode=>shared variable, non-preemptive,

Numbers of Register per Micro-engine

General Purpose Register

Transfer Register

SRAM Transfer SDRAM Transfer

Read-only Write-only Read-only Write-only

128 32 32 32 32

per thread 32 8 8 8 8

Memory Interface

Memroy Interface Minimum Addressable Unit (bytes)

Size (bytes) Approx. Latency (clks)

Scratchpad 4 4K(on chip) 12-14

SRAM 4 8M 16-20

SDRAM 8 256M 33-40

Security functionality of network processor

• why? more and more business/corporate, personal e-commerce transactions over Internet

• need data confidentiality and data integrity for information transmitted and received over internet and networks

Security processor architecture

• for existing NP and network systems– a. security co-processor architecture– b. security accelerator architecture – c. security in-line processor architecture

• for new design and development of NP & networks:– a. network processor architecture with

security functionality – (on-chip core)

Security co-processor architecture

• co-processor performs all security function and protocol processing and encryption function

Security accelerator architecture

• use in conjunction with host NPU

• host NPU performs protocol processor, eg, handshake, protocol header processing

• security accelerator performs encryption of payload

In-line security processor architecture

• architecture is referred to an “bump in the wire”

• place before the NP to receive data packets on one side

• encrypt data packets and send on the other side to NP

• Hence, duplicate most of the same functions of the NP

on-chip security core architecture

• include security functionality in the NP architecture• eg. encryption of payload, protocol processing• implementation of ixp2850 has 2 cryptography core • more efficient due to reduce transfer of data packets bac

k and forth different memories• secure traffic on the fly with cryptographic engine embed

ded on the NP• reduce real estate power and memory requirements• on-chip core architecture is the future design for NP

Survey

Architecture Vendor Model IPSec Data Rate

Security Co-Processor

Cavium Nitrox-CN1340

3.2Gbps

Security Accelerator

Broadcom BCM5841 4.8Gbps

In-line Processor Cavium NitroxII-CN2560

10Gbps

On-chip Core Intel IXP2850 10Gbps

Considerations for security functionality in network system

– 1. for existing NP and networksco-pro, acc, in-line more suitable and cost effective

– 2. for relative low volume of data and moderate speed, co-processor is cost-effective

– 3. for high traffic and data volume, in-line architecture would be the most efficient and ease of integration. however, cost will be high due to duplication of NP functionality

Considerations for security functionality in network system

• for new NP and network design– 1.on chip security core architecture gives best

efficiency, power consumption and small footprint

– 2.depending on the demand for such performance, the cost of on-chip security core NP should be affordable.

Conclusion

• the need for flexibility and speed resulted in design shift to NP architecture

• the implementation of ixp1200 demonstrated that NP architecture is efficient and can meet the demand for networking at wired speed.

• the design of NP architecture is still evolving. With the need for security functionality, on-chip security core seems to be the way to future NP architecture, given the advantage of data efficiency, footprint, and minimum power consumption.

Thank You