Coupling multiple standard 10 Gigabit Ethernet interfaces with NetLogic Microsystems’ third-generation Intelligent Fabric for Automata (IFA), which provides deterministic and ultra-low latency inspection performance for hundreds of thousands of rules, the NLS2008 processor architecture is ideally suited for implementing distributed Layer 7 functions on high-performance enterprise, data center and carrier-class switch and router line cards.
The exponential growth of converged voice, video, and data traffic over IP-based networks, coupled with the trend toward managing critical infrastructure such as smart grids over these same networks, is quickly making content aware processing a critical technology to adequately secure networks through applications such as intrusion and malware prevention, as well as to more intelligently manage network utilization through enhanced content and application quality-of-service (QoS). The need to battle cyber threats and optimize network performance given ever increasing reliance on these networks by governments, utilities, healthcare, corporations and consumers is driving networking original equipment manufacturers (OEMs) to incorporate Layer 7 functions throughout their product portfolios.
Networking switches and routers are designed for deterministic and uncompromised packet performance and superior network latency under a wide variety of Internet traffic scenarios. However, currently available competitive and conventional content aware processing silicon and software solutions are inherently non-deterministic and exhibit high latency. As a result, networking OEMs have been forced to compromise performance by utilizing the technology on specialized services cards and dedicated security appliances which inspect only a fraction of the traffic, which represent the “slow-path.” This causes many packets to travel through the network without actually being inspected. The NLS2008 processor’s breakthrough architecture enables networking equipment that performs Layer 7 functions deterministically on the data plane “fast-path” of switch and router line cards, resulting in inspection of every bit of every packet at wire speed.
Additionally, given the constantly changing nature of cyber threats, OEMs desire line card designs to be easily upgraded to support new features, services and applications. The NLS2008 processor’s 6-way superscalar architecture is able to support deep packet inspection operations for up to six independent applications or services to be processed in parallel, thereby providing a means for OEMs to upgrade existing line cards with new features and services.
In addition to providing increased security for mission critical internet operation, the NL2008 processor also enables a new category of wire-speed application-aware routing, whereby service providers can apply a new level of intelligence based on the applications to routing decisions such as QoS and access control. Such content-aware networking solutions using wire-speed Layer 7 solutions will be critical in addressing the explosion of web-based and mobile-delivered applications, which threatens to overwhelm the current communications infrastructure.
NetLogic Microsystems’ third-generation Intelligent Fabric for Automata (3GIFA) silicon architecture includes a number of innovations that deliver deterministic, high-speed Layer 7 content aware processing performance for the most demanding networks. Like its predecessors, the 3GIFA architecture integrates processing elements together with on-chip database memory to eliminate the memory bandwidth and latency bottleneck from which competing architectures suffer. The 3GIFA will improve upon previous generations of IFA by using full-custom circuit techniques to pack hundreds of thousands of processing elements onto the chip. This truly massively parallel implementation enables the 3GIFA to perform deep packet inspection deterministically and at line rate, independent of the complexity or size of the signature database or packet traffic. In addition, the 3GIFA supports wider and richer rule syntax than Perl Compatible Regular Expressions (PCRE), such as “negative” regular expressions, which cannot be supported by competing solutions using standard DFA or NFA techniques.
The 3GIFA architecture of the NLS2008 processor also provides significantly higher per-flow throughput; switch and router line cards using the NLS2008 processor to implement Layer 7 functions can process individual flows of packets at up to 2.5Gbps with latency measured in microseconds, up to a factor of ten better than competing solutions. These characteristics are especially important for networking equipment designed for data center or storage environments, where applications requiring high flow bandwidth are common.
“The third-generation IFA of the NLS2008 Layer 7 knowledge-based processor redefines standard definitions of ‘massive parallelism’,” said Bob Wheeler, senior analyst at The Linley Group. “By integrating rule memory and 10 Gigabit Ethernet interfaces, NetLogic Microsystems is addressing the needs of switch and router OEMs for deterministic and low latency deep packet inspection on the line card.”
“The new NLS2008 processor architecture raises the bar of innovation for the industry, and is truly game-changing for switching and routing OEMs who require uncompromised content aware processing performance in the fast-path of their next generation switches and routers,” said Mike Ichiriu, senior director of Layer 7 products at NetLogic Microsystems. “We pride ourselves in using advanced circuit techniques and full custom IC design to deliver products and technologies that solve exceptionally difficult problems for our customers.”
