Accelerate Deep Packet Inspection with Standard Servers — (Part 3 of 5)

Austin Hipes, NEIby Austin Hipes, Director of Field Engineering for NEI.

The new Intel® Platform for Communications Infrastructure (formerly known as ‘Crystal Forest’) provides OEMs the opportunity to achieve new levels of design flexibility for deep packet inspection and encryption processes compared to their more-expensive Network Processing Unit (NPU) counterparts.  Application developers can spend more time effectively designing software and less time learning the hardware thanks to the single, common architecture specifically designed for workload consolidation.  The platform is capable of performing operations on control plane, data plane, and applications simultaneously with a high throughput rate.

Deep packet inspection, data compression and decompression, and encryption take place at higher throughput rates with the Intel® Platform for Communications Infrastructure because it is made up of multi-core processors in combination with Intel QuickAssist Technology hardware accelerators.  The platform enhances deep packet inspection capabilities by processing over 160 million packets of data per second, compared to the 100 million packets per second typical of NPUs.  The elimination of NPUs in the hardware scheme, combined with the faster processing capacity and reduced development time needed for new applications, often results in substantial cost reductions for the OEM.

Intel E5-2600The advanced performance of the new platform is provided by E5-2600 series Intel® Xeon® processors arranged in a dual-socket configuration which can be configured to provide up to 16 cores, an 80 channel root complex of PCI Express (PCIe) Gen 3.0, and 8 1600 MHz memory controllers.  This combination gives the platform the lowest memory latency and highest I/O throughput of any Intel platform available to date.

Incorporated into this optimized design is the 89xx series Intel® Communications chipset (formerly called ‘Cave Creek’).  This chipset combines communications hardware accelerators with Platform Controller Hub (PCH) compute I/O functions, and can be used as a standalone PCIe device added to a traditional server platform, or as a PCH in an embedded motherboard design. The hardware accelerators remove the encryption and data compression functions from the main CPU load, leaving the CPU free to do other work.  With the cores freed up of encryption duties, they can now perform deep packet inspection and application processing tasks, effectively working on both the control and data planes simultaneously.

Both the platform and chipset are scalable.  Designers can adapt their solutions to suit single-core, low-cost, low-power designs all the way up to 16-core designs.  The chipsets can be configured for a single device with 5 Gbps of encryption capability up to four-device configurations in excess of 80 Gbps of encryption capability.  The total throughput of the system is dependent on the processor and accelerator combination used, as is the level of deep packet inspection that can be performed.

Independent Software VendorRegardless of the configuration of the processor and accelerator, and the resulting performance level, a common code base is used for programming.  Thus, simply by changing the number of cores or accelerators used in a given platform, OEMs and Independent Software Vendors (ISVs) have the flexibility to enter a variety of market segments without a significant reinvestment in new code development.  In addition, existing server platforms can be converted to high-throughput deep packet inspection and encryption machines through the addition of PCIe cards housing 89xx series Intel Communications chipsets.

[Excerpted from the whitepaper entitled “Accelerating Deep Packet Inspection with Latest Intel® Server Technologies.” Download the full white paper.]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>