[ news_security_news ]
Cavium Networks Introduces OCTEON
SecurityProNews
Staff Writer
2004-09-13
 Security News RSS Feed
Cavium Networks today introduced OCTEON, the industry's first single-chip Network Services Processor (NSP) family for secure, Layer 3 to Layer 7 networking applications.
Today's implementations of higher layer application processing require a myriad of chips including control plane processors, data-plane processors and coprocessors for Internet services and security. OCTEON NSPs introduce a revolutionary new system-on-chip (SoC) architecture that integrates functionality of these multiple types of processors to deliver up to 5x benefit in price, performance and power over existing solutions for Internet Services, Content and Security processing in networking applications.
OCTEON processors include 2 to 16 cnMIPS cores, Cavium Networks' implementation of MIPS64, with Release2 enhancements and additional built-in hardware acceleration for content and security processing, along with on-chip coprocessor blocks for Internet Services acceleration and multiple Gigabit Ethernet, SPI-4.2 and PCI-X interfaces. OCTEON NSPs provides full compatibility with the large base of developed application software and development tools available for the industry standard MIPS instruction set architecture (ISA) licensed from MIPS Technologies. The products are targeted for use in a wide variety of OEM networking equipment including routers, switches, network-edge appliances with Firewall, VPN, IDS, Anti-Virus and Anti-Spam functionality, secure intelligent switches with SSL and content switching, XML switches, intelligent NICs, storage and wireless network applications.
"As networking equipment has progressed from delivering raw bandwidth to intelligent services, there is a need for highly integrated devices that can deliver rich functionality at high packet throughputs with a standard C-based programming model," said Linley Gwennap, Principal Analyst at The Linley Group. "Using its world-class processor design team, which delivered GHz-plus Alpha processors at DEC, Cavium Networks has developed an innovative, integrated, MIPS64-based processor that fills this need."
Network Services Processor for Content-Aware Networks
The next phase in the evolution of the Internet is the deployment of application-aware networks upon which secure, content-aware services can be provided at mass-market cost points. Integrated networking application aware systems need to process, filter and switch a range of L3 to L7 Internet service protocols such as HTTP, TCP, XML, SMTP and simultaneously secure these protocols with access and content based security through Firewall, VPN, SSL, IDS, IPS, Anti-Virus and Anti-Spam functionality at wire-speed. General purpose CPUs that are currently used in these applications have been designed for control plane applications and therefore have limited data plane throughput and require multiple application specific coprocessors. On the other hand, Network Processors are designed primarily for L2-L3 processing and burdened with complex and proprietary software development models. The Network Services Processor (NSP) is a new class of processor that offers the ease of use of standard OS based programmability, along with high data-plane throughput with built-in hardware acceleration for both intelligent Internet services applications and security processing in a seamless and balanced manner providing up to 5x benefit in cost, power and performance for integrated network services.
"The evolving needs of intelligent networks have outpaced the current generation of processor technologies, which are falling short of addressing the multilayer nature of network services at increasing data speeds," said Kevin Krewell, Editor in Chief, Microprocessor Report, In-Stat/MDR. "Cavium Networks initiative to combine multiple processor technologies in an innovative, easy to use architecture represents the beginning of the next wave of highly integrated, multi-core processors that will serve as the heart of next-generation intelligent networking equipment."
OCTEON Network Services Processor Family
The OCTEON family's scalable architecture combines 2 to 16 cnMIPS cores with integrated HW acceleration, along with dedicated programmable coprocessor blocks that deliver up to 10Gbps of application performance at conservative 600MHz chip clock rates. Each cnMIPS core in OCTEON NSP is a dual-issue, superscalar processor with L1 instruction and data caches, write buffer, local-scratch pad, full memory management unit for virtual memory support and built-in hardware acceleration for cryptography algorithms including 3DES, AES (all modes), SHA-1, MD-5, RSA, DH. OCTEON NSP has a fully coherent ECC protected 1MB L2 cache and incorporates special cache locking and partitioning functionality to ensure high data plane throughput.
OCTEON NSP's main memory interface supports ECC-protected DDR I / DDR II DRAM up to 400MHz, with capacity of up to 16GB. Additionally, there are up to two channels for ECC or parity-protected low-latency RLDRAM/FCRAM with up to 1GB memory support. OCTEON's Hyperaccess memory subsystem has been architected for multi-core support and tuned to deliver both high-throughput and low-latency required by memory intensive content networking applications. Hyperaccess uses extensive buffering and intelligent bank management to provide efficient cache and system bus utilization. Using Hyperaccess, the cnMIPS core has a unique low-latency direct-access path to RLDRAM/FCRAM that bypasses caches and allows fast access to state information, such as signatures for anti-virus and IDS applications and TCP context.
Hardware acceleration co processor blocks
OCTEON NSP integrates a number of application specific co-processors that completely offload the cnMIPS cores and achieve high-throughput:
-- Packet I/O Processors support IPv4 and IPv6 traffic up to 10Gbps and perform L2-L4 parsing, error checks and tagging, queuing and work scheduling to keep all cnMIPS cores optimally loaded.
-- Regular Expression Processor block integrates up to 16 dedicated programmable hardware engines to accelerate pattern and signature match necessary for anti-virus, IDS and content processing applications at up to 4Gbps.
-- TCP acceleration engine performs hardware based packet synchronization, timer support and buffer management to deliver up to 10Gbps full TCP termination.
-- Compression/Decompression Processor is a programmable processor for GZIP, PKZIP and their variant protocols for performance of up to 4Gbps of compressed stream.
The OCTEON NSP family offers highly flexible external networking interfaces with 4 to 8 integrated Gigabit Ethernet ports (RGMII) or dual SPI-4.2 interfaces with a host/slave PCI-X 64bit 133MHz interface that can be used as both a data and control interface. OCTEON NSP also offers auxiliary interfaces such as GPIO, Flash, MDIO, dual UARTs and 2wire serial interfaces.
"We have validated this new innovative architecture over the last two years with industry-leading tier-one customers," said Syed Ali, President and CEO of Cavium Networks. "The tremendous enthusiasm and commitment we have received from customers is a testament to OCTEON's value-proposition. OCTEON promises to revolutionize the landscape of networking services by enabling ubiquitous deployment of intelligent, content aware networks."
Standard OS, C-Code Based Software Development
OCTEON NSP supports standard operating systems including Linux and VxWorks along with a thin executive for data-plane applications. OCTEON can host a variety of popular software architectures, including support for separate operating systems on separate cores, flexibly grouping cores into Data-plane and Control-plane processors and ability to implement run-to-completion or pipelined software models. Cavium Networks provides a complete GNU tool-chain and popular third party tool-chain support that enables thousands of MIPS32, MIPS64 and other C/C++ applications and code to be easily ported to OCTEON. Additionally, Cavium Networks provides APIs and reference software for Firewall, VPN/IPsec TCP, IDS and Anti-virus applications. No special micro-coding or proprietary tool-chains are required.
OCTEON Delivers Unmatched Application Performance
The OCTEON NSP enables a whole new class of functionally integrated appliances and services blades. For example, the 16-core OCTEON processor enables an integrated security appliance with Firewall, VPN/SSL, IDS, Anti- virus and Spam-filtering at performance of up to 4Gbps or a single application Firewall, VPN or SSL appliance at line rates of up to 10 Gbps. The OCTEON processor also enables content-aware switches with SSL, application firewall, load-balancing and content filtering and processing at performance of up to 4Gbps. With OCTEON processors, Storage HBAs and switches can achieve up to 10 Gbps of TCP, iSCSI and IPsec performance. Leveraging the same software, a scalable family of products can be designed from 500Mbps to 10Gbps at multiple price points. The OCTEON processor can also be used in network-interface-card (NIC) or co-processor applications.
Product Family, Pricing and Availability
There are 4 different parts available in the OCTEON NSP family. The CN34xx offers 2 or 4 cnMIPS cores with 4x GE, 64-bit DDR1/DDR2 DRAM, 9-bit RLDRAM/FCRAM and a 64-bit/133MHz PCI-X interface. The CN38xx offers 8 or 16 cnMIPS cores with 8x GEs or 2x SPI4.2, 128-bit DDR1/DDR2 DRAM, 2x 18-bit RLDRAM/FCRAM and a 64-bit/133MHz PCI-X interface. Production pricing for the OCTEON family ranges from $125 for the 2-core version to $750 for the 16-core version in 10K unit quantities. The OCTEON Development Kit including Simulator, tool-chain and reference applications are available today to partner companies. The OCTEON NSP family processors and evaluation boards will be available in sample quantities in Q1, 2005.
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More news_security_news Articles
Security News RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
