To keep pace with the rapid development of network technology, what is facing us is a confusing problem. Equipment suppliers are faced with the need to provide flexible, scalable solutions that meet their customer requirements while improving processing performance. Program. In recent years, due to the versatility of task execution, network processors (NPUs) have become very popular.
However, services such as routing, security, access control, and content identification data distribution require extensive computational packet searches, which will quickly consume the network processor's processing power. System builders have realized that more performance must be added through new devices. For example, in next-generation network devices, there is a need for dedicated coprocessors to accelerate deep packet classification and content inspection.
Just as PCs and other design-based microprocessors reduce the computational load through the graphics processor, network processor-based designs can also benefit from the co-processors in the network devices, greatly reducing computational tasks.
Packet processing
Many factors make the packet processing subsystem more difficult to meet current requirements, including the need to adjust Internet bandwidth, support increasing processing workloads, and increase application layer security. The two areas of the packet processing function package search and content inspection require more and more calculations, and can meet the line speed requirements in the network nodes. Packet search is ubiquitous in network systems. At the most basic level, one or more databases need to be searched to determine the destination of packet transmission. However, today's network nodes must be able to intelligently decide how and when to send these packets. These higher processing requirements can consume a lot of resources. For example, differentiated subscription-level value-added services require that a subscription application meet many standards before it can be implemented. Confirming the security of a package title even requires searching 8 databases. Another determinant—content inspection—needs to analyze the classification information against an established rule and perform a package search.
Checking only header-based packets is not sufficient. In applications such as intrusion detection, system protection, and firewall deep inspection, more data tasks need to be performed more carefully to search the contents of the package verbatim to discover viruses, worms, and other malicious content-based and application-layer-based applications. attack.
Network processor design barriers. Three resources must be considered in the design of the network system—period, waiting time, and external storage bus. The periodic resource or network processor instruction resources can determine the number of instructions that can be executed by each packet.
All idle micro-engine accesses hidden in multi-threaded requests require latency resources or accumulative cycles, which are determined by the total thread and the interval between packet arrivals. The third network processor resource is the I/O bandwidth of the external memory bus.
As functions become more complex and the bus becomes a bottleneck, higher bandwidth is needed. If the network processor uses a standard bus interface, there are more choices when managing these bottlenecks. Designers using Opus must consider both traditional limits such as pin count and price. The number of pins available will limit memory and I/O bandwidth. The price target determines many parameters, from chip size to number of chips and packaging.
normal method
In order to improve processing capabilities under these design constraints, you need to choose different methods to perform package search. Designers can choose to implement a highly integrated network processor where packet search capabilities are embedded in the processor, or use static random access memory (SRAM) to assist a network processor in searching.
For a long time, the ingrained concept in integrated circuit design is "the higher the integration, the better." However, to integrate packet processing and search functions on a single chip, its performance is bound to be affected because the most advanced network processors are breaking the limits of chip size in practical applications.
Therefore, the single-chip network processor solution is mainly customized for a single purpose, thus limiting its market application space. Although it may be suitable for low-end or profitable target markets, single-chip solutions lack flexibility, cost competitiveness, and the depth and breadth of processing that are useful for most applications.
Another option is to use memory, in most cases using SRAM. It helps the processor to search for packages. The use of SRAM varies from system to system, using the fourth generation of Internet Protocol (IPv4) lookups for tree algorithms, or access control list (ACL) searches using heuristics.
However, the analysis shows that an SRAM-based design is sufficient for relatively independent execution layers and tables, such as TCP flow and Ipv4 route lookup, but when the search string is extended to sixth-generation Internet Protocol (IPv6) or if needed With more complex ACL tables, SRAM can't handle it quickly.
Although the cost of the network processor can be minimized, the disadvantage is that it requires more chips, the demand for circuit board space increases, the complexity and cost of the circuit board layout will also increase.
In addition, packet search using SRAM consumes a lot of micro-engine resources of the network processor and its external memory bus bandwidth.
Coprocessor
Faced with the requirements of the network processing subsystem to handle high-level services, data speeds, and complex data types, both single-chip and SRAM-based solutions are powerless. Fortunately, we can find solutions on dedicated coprocessors including Network Search Engine (NSE) and Content Inspection Engine (CIE). It is designed to offload large amounts of data and classification functions from network processors.
These solutions are key to providing the required functionality based on established cost and performance requirements. Based on Triple Content Addressable Memory (TCAM) and high-performance logic, the NSE supports network processors and ASICs to accelerate packet classification and forwarding in core networks, metropolitan area networks, and access networks. The content inspection engine is a programmable device that can simultaneously uninstall character classification functions from a package processing element of the network security device and the content recognition network device.
A content inspection engine parses the package headers and categorizes incoming content payload-based packets, and uses a web search engine to replace the SRAM management packet headers. The network search engine can perform search functions including IPv4, IPv6, Multiprotocol Label Switching Protocol (MPLS), Media Access Control (MAC), Quality of Service, and ACL.
Reducing most of the expensive storage elements and associated board space can significantly reduce system costs. A full-featured, dedicated coprocessor handles complex lookups on its own and returns results within a fixed time frame, reducing latency and bus load, and saving resources for additional features and upgrades to the network processor.
Utilizing non-custom coprocessors can greatly reduce development time, and many software development tools can also easily support the design of web search engines and content inspection engines.
The ever-increasing demand for bandwidth and data access cycles has caused fundamental changes in the network system architecture.
The more specialized and complex system components in the form of network coprocessors provide the first feasible solution for solving increasingly complex search management problems.
The coprocessor is not a traditional technology. It is an indispensable part of today's more successful network processing subsystem.
Traditional Reflector,Aluminium Street Reflector,Street Lamp Reflector,Safety Lamp Reflector
Yangzhou Huadong Can Illuminations Mould Manufactory Co., Ltd. , https://www.light-reflectors.com