TECHNOLOGY IN CONTEXT
Blades and Backplanes
PCIe Card Instantiates the Next Generation Communications Platform from Intel
Intel’s new communication platform, code named Crystal Forest, promises new abilities to handle the vastly increasing amounts of network data. A board-level instantiation now allows OEMs to quickly upgrade existing systems and points the way for future designs.
Page 1 of 1
Data, like the universe, just keeps expanding at an ever greater rate, pushing out from the enterprise and rushing in tsunami-like from customers and a host of other entities. User expectations are that compute resources are limitless in their ability to deliver data. At the same time, the quality and richness of information has increased as broadband data has become more the everyday norm.
The good news is that if we are able to continually scale our networks to deal with the broadband data onslaught, we should soon see a world of holograms, streaming genetic code and automated highways capable of giving us a better tomorrow.
However, scaling networks to meet these challenges is a daunting task. The major reason is that networks are built on complex, heterogeneous microarchitectures. This is in order to accommodate the combination of generalized and specialized networking processes, such as encryption/decryption acceleration, packet scanning, etc. In addition, individual processes typically have their own set of tools and knowledge bases making overall maintenance efforts unwieldy. The benefits of a unified, easily scalable platform that can handle multiple workload types become obvious.
Intel Crystal Forest Platform
The Intel Crystal Forest platform leverages the strong presence of Intel within the communications infrastructure, plus the power of multicore Xeon processors such as Sandy Bridge and Ivy Bridge, additional new technologies, and existing industry standards including PCI Express and 10G fiber-based Ethernet. The platform integrates these technologies to enable the consolidation of three processing workloads—application, control and packet/content.
The platform provides highly efficient content processing and deep security scanning to provide secure network traffic across a variety of environments from cloud computing down to more modest SMB networks.
Three things make Crystal Forest especially significant. First, it is a thoroughly backed Intel strategy for future-proofing data center networks, and it offers high-level security with a focus on deep packet inspection. In addition, it provides a unified platform to consolidate network workloads, categorize data for efficient handling, and offer new service options as well as perform more efficient customer billing.
The System on Network Interface Card (WIN SoNIC) is a board-level instantiation of the Intel Crystal Forest platform from WIN Enterprises (Figure 1). It is a networking expansion board made available to OEMs for the development of next generation network security products and 3G/4G back-haul networking systems. The board combines with new and existing servers through a PCIe slot to deliver Xeon-class preprocessing, dual-10 GbE LAN, crypto acceleration, deep-packet inspection, and the efficient disposition of data types. It also serves as an example of how the new Intel platform could potentially be used in other form factors and designs. The PCIe interface makes it quickly useable for upgrading existing systems.
WIN SoNIC supports 8x PCI Express Gen2.0 connectivity. The form factor is the half-length PCIe card. Three Intel 82599ES chips (code-named Niantic) support dual 10 Gbit/s capability. The preprocessor chip is a Xeon Sandy Bridge/Ivy Bridge processor (code-named Gladden). The Cave Creek chipset features Intel QuickAssist Technology.
The ability to preprocess high-speed data streams opens up new network design possibilities for the data center. This simple, plug-and-play hardware can eliminate today’s processing bottleneck, better secure the data center from threats, and de-duplicate and compress data for greater networking efficiency. A list of features and benefits is shown in Table 1.
Features and benefits of the Intel Crystal Forest platform as instantiated on the WIN SoNIC PCIe board.
The board utilizes the components of the Intel Crystal Forest platform including the Intel 82599 Family 10 Gigabit Ethernet Controller that supports dual 10G Ethernet ports; a Xeon Sandy Bridge/Ivy Bridge preprocessor (code-named Gladden); and next generation communications chipset from Intel, code-named Cave Creek. Cave Creek is significant to network security because it features Intel QuickAssist Technology. Intel QuickAssist Technology accelerates cryptography processes, packet processing and deep-packet inspection.
The WIN SoNIC board is easy to integrate with any server that has an existing PCIe 2.0 slot. Implementation is low-risk and economical because the board can be used with existing products to create higher performance networking solutions. However, like all higher-level hardware, it requires software to fulfill its mission.
To speed a developer’s or OEM’s time-to-market, Intel offers the Data Plane Development Kit (DPDK). The Intel DPDK is important to manufacturers who are developing mid-ware or layered software for Crystal Forest Server platforms or who are porting existing deep-packet inspection solutions to IA-based platforms.
The DPDK is a set of NIC drivers and libraries designed to optimize processor core usage and throughput performance. This important tool is downloadable from Intel and has already been implemented by members of the Intel Intelligent Systems Alliance, including Wind River, 6WIND, Radisys and Tieto Corporation. These Intel Intelligent Systems Alliance members have integrated the Intel DPDK into software solutions that provide an OEM solutions provider with faster time-to-market. These and other members of the Intel Intelligent Systems Alliance can also provide application-level development to OEMs wishing these services.
By way of example, WIN SoNIC supports Wind River Intelligent Network Platform 3.0. This software optimizes the Intel multicore architecture to perform packet processing. Using the software, different layers of the networking protocol stack are processed in parallel on different processing cores. This provides high overall throughput and efficiency.
Most software optimized for multicore processing uses a symmetric multiprocessing (SMP) approach where each processing core is used in the same way. However, the Wind River Network Acceleration Platform uses an Asymmetrical Multiprocessing (AMP) model that establishes a management plane and separate acceleration plane. These use different operating systems resulting in faster processing and throughput.
The features of the Wind River Intelligent Network Platform include:
- IP Routing/Forwarding
Layer 4 Acceleration
Custom Layer 2 and 3 Processing
IP Sec acceleration/termination
1 and 10 Gbit/s drivers
OEMs wishing fast time-to-market for a solution-level Crystal Forest product have a ready path with WIN SoNIC and Wind River Intelligent Network Platform, as well as software from other Intel Intelligent Systems Alliance partners.
The layout of the WIN SoNIC board and, by extension, the use of the Intel Crystal Forest platform, is shown in Figure 2. Dual, 10 Gigabit LAN capabilities are delivered through the use of the Intel 82599ES Controller chip (code-named Niantic). Future Ethernet performance will be scalable to support 20, 40 and 100 Gbit/s. The forward compatibility of Ethernet enables easy upgrade of networks based on Crystal Forest platform technology.
The WIN SoNIC card utilizes the Intel Xeon BGA 2 and 4 Core processors with up to 2.6 GHz clock speed and 8 Mbyte L3 Cache (code-named Gladden). Although the standard boards have preprocessors with two and four cores, the design offers forward compatibility to support even more powerful processors as they become available. This means intense communication applications such as security and busy data center operations are supported with even more capability to come. The Intel Gladden preprocessors support HyperThreading, Trusted Execution and Virtualization technologies.
Next Generation Communication Chipset from Intel
The chipset currently code-named Cave Creek serves as the chipset to the Gladden preprocessor on the WIN SoNIC board. A major feature of the next-generation communications chipset is Intel QuickAssist 1.5. QuickAssist provides an array of impressive security features. These include encryption/decryption using AES, 3DES or (A)RC4 algorithms, hashing using MD5, SHA-1/2 or HMAC algorithms, Deflate and LZS high-speed data compression. According to Intel, the chipset handles up to 160 million packets per second on server-grade Intel dual-core processors.
In addition, Intel QuickAssist Technology provides support for wireless security protocol and pattern matching to identify malicious code and anomalies. It supports VT-d and VT-c virtualization to enable flexible configuration with downstream devices and databases. QuickAssist Technology enables high-speed, secure data compression, storage and data loss prevention.
This latest version of QuickAssist (1.5) supports a range of preprocessing services that include Secure Socket Layer (SSL) acceleration, deep packet inspection and flow classification. In SSL communications the processing budget weighs toward the initialization and termination of crypto services. These are initialized through public and private security keys. These processor-intensive tasks are now offloaded to the Cave Creek chipset to unburden the system.
Given today’s trend toward security attacks originating from organized malicious entities, deep packet inspection can be considered one of the most important features required by data centers of all types, including high-end financial, military and governmental agencies.
In deep packet inspection data frames are reviewed at the field level to detect protocol irregularities. Protocol non-compliance can mean the presence of viruses, spam or malicious intrusions. Deep-packet inspection can also be used to identify predefined conditions that require special handling such as an automated response. Shallow packet inspection is also supported by QuickAssist. This is a less resource intensive function that scans packet headers for irregularities that might indicate attempted intrusions. Shallow packet inspection is an important feature that can also be used to optimize packet routing or to collect data for statistical analysis.
Flow Classification examines aggregated data flows at the packet level to determine their best handling and disposition. After data is classified it may be routed to storage or other network segments, reviewed for access control, flagged for differentiated qualities of service (QoS) or monitored for automated billing. For instance, customers with more expensive payment schedules can be given throughput privileges for video downloads or similar services.
Despite a general perception to the contrary, financial services are subject to considerable regulation. For instance, the Gramm-Leach-Bliley (Federal Modernization Act of 1999) requires the use of authentication and encryption to protect nonpublic personal information found in email. In addition, email solutions are required to provide policy-based filtering and blocking, logging and reporting. These and similar tasks can be automated by implementing WIN SoNIC and layered software from a member of the Intel Intelligent Systems Alliance or developed in-house using the Intel DPDK.
In other examples, a National Association of Securities Dealers regulation states that communications with the public may not predict security performance; and yet another regulation requires email messages to be filtered based on header information such as sender and recipient fields, as well as message content. Regulations like these and others cause system bottlenecks and reductions in organizational efficiency. These processing speed bumps can be flattened out through preprocessing using this new generation of cards. Specific vertical applications can be designed for the platform by Wind River or one of the software ecosystem members of the Intel Intelligent Systems Alliance.
North Andover, MA.