Multicore network security processor targets integrated devices
Sep 13, 2004 — by LinuxDevices Staff — from the LinuxDevices Archive — 10 viewsCavium will sample a line of single-chip, multi-core “network services processors” (NSPs) in Q1, 2005. The Octeon line will have two to 16 MIPS64 cores, and target highly integrated networking devices capable of examining traffic at the application level (OSI Layers 3 to 7) to perform content and security processing.
According to Cavium VP of Marketing Rajiv Khemani, the multicore Octeon line responds to a trend toward integration and convergence in the network device market. “Firewalls, VPNs, IPSec, etc., are converging into a single network appliance. And that appliance is becoming more application-aware. It's making decisions based on applications that are flowing through it, with services such as filtering, load balancing, and QoS (quality of service).”
The Octeon aims to simplify network processing devices through an integrated system-on-chip (SoC) architecture that Cavium says can replace separate control plane processors, data-plane processors, and coprocessors for Internet services and security. In addition to between two and 16 cnMIPS (“cavium networks MIPS”) cores, the Octeon SoCs will integrate:
- hardware acceleration for content and security processing
- on-chip coprocessor blocks for Internet Services acceleration and multiple Gigabit Ethernet interfaces
- SPI-4.2 and PCI-X interfaces
 
Octeon architcture includes Packet I/O processors that offload CPU
(Click to enlarge)
According to Khemani, Cavium licensed the MIPS ISA (instruction set architecture) and implemented its own core from the ground up. “We have an amazing processor team, all of whom came from DEC's legendary Alpha team,” Khemani notes.
Each cnMIPS core is a dual-issue, superscalar processor with L1 instruction and data caches, write buffer, local-scratch pad, full memory management unit for virtual memory support, and built-in hardware acceleration for cryptography algorithms including 3DES, AES (all modes), SHA-1, MD-5, RSA, and DH. Each Octeon chip has a 1MB L2 cache. The chips will support up to 16GB of DDR DRAM clocked up to 400MHz.
Khemani claims Octeon will offer a five-times benefit in cost, power, and real estate savings versus designs that use separate chips. Unused portions of the chip shut down to save power, he says, and packet I/O processors offload significant CPU load. “Octeon allows the integration of features and performance that you can't implement in today's architectures,” Khemani said.
Khemani says Cavium will supply an open source MIPS64 Linux with the chips. Cavium additionally has a contract with MontaVista, which will offer commercial embedded Linux support. Additionally, Khemani says, the Octeon ecosystem will include optimized TCP/IP and IPSec stacks from Intoto and others, JTAG debugging tools from a number of vendors, and a variety of commercial and non-commercial reference software. Additionally, an instruction set simulator is currently available.
Early customers include SonicWall, which plans to base its next-generation “Pro-Series” line on Octeon, Khemani says.
Octeon will support existing MIPS applications, Cavium says, without modifications except those desirable for multiprocessing. Typical applications will include routers, switches, network-edge appliances with firewall, VPN, IDS, anti-virus and anti-spam functionality, secure intelligent switches with SSL and content switching, XML switches, intelligent NICs, storage, and wireless network applications, Cavium says.
“As networking equipment has progressed from delivering raw bandwidth to intelligent services, there is a need for highly integrated devices that can deliver rich functionality at high packet throughputs with a standard C-based programming model,” said Linley Gwennap, Principal Analyst at The Linley Group.
“The evolving needs of intelligent networks have outpaced the current generation of processor technologies, which are falling short of addressing the multilayer nature of network services at increasing data speeds. Cavium Networks initiative to combine multiple processor technologies in an innovative, easy to use architecture represents the beginning of the next wave of highly integrated, multi-core processors that will serve as the heart of next-generation intelligent networking equipment,” said Microprocessor Report Editor-in-Chief Kevin Krewell.
Two families, four models
The Octeon will be available in two families with two models each. The CN34xx will have two or four cnMIPS cores with 4x GE, 64-bit DDR1/DDR2 DRAM, 9-bit RLDRAM/FCRAM and a 64-bit/133MHz PCI-X interface. They will support throughput of up to 4Gbps, when clocked at 600MHz.
The CN38xx offers eight or 16 cnMIPS cores with 8x GEs or 2x SPI4.2, 128-bit DDR1/DDR2 DRAM, 2x 18-bit RLDRAM/FCRAM, and a 64-bit/133MHz PCI-X interface. They will support throughputs of up to 10Gbps, when clocked at 600MHz.
Production pricing for the OCTEON family ranges from $125 for the two-core version, to $750 for the 16-core version in 10K unit quantities. The OCTEON Development Kit including Simulator, tool-chain, and reference applications, is available today to partner companies.
 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for  up-to-date news and articles about Linux and open source.