In last week’s blog I mentioned a few of the interesting new products featured at RSA Conference and discussed one of the common threads from conversations with attendees, which was the need for increased performance and scalability in the low-level packet processing functions that are a critical part of many of these products.
From a system architecture perspective, we also heard consistent comments about the need for efficient implementations of hybrid systems based on multicore architectures.
In this context the term “hybrid system” refers to one comprising multiple (typically, two) processor architectures. Generally, one architecture (generally x86) is used for the control plane and another for the data plane. The data plane architecture can be either a standard multicore platform such as Cavium or NetLogic/Broadcom, or in some cases a specialized Network Processor from a company such as Netronome.
It’s interesting to talk to system designers about the tradeoffs that they consider when choosing a hybrid system architecture as opposed to a unified approach (where both the control plane and data plane are implemented on the same architecture and, often, on the same processor).
One the one hand, a unified system brings compelling advantages in terms of a single software development environment, a more straightforward hardware design and the ability to work with a single processor supplier.
A hybrid system approach creates the challenges of dealing with two (generally very different) software development environments, two Operating Systems, software integration issues and a more complex hardware design. Also, the overall project schedule is now subject to the delivery dates for two multicore processors rather than one.
The message that we received from attendees at RSA Conference is that, in specific cases, the increased complexity and risk of a hybrid design is still outweighed by the overall system-level advantages that can be achieved. Generally, these advantages are reduced system cost, higher overall system throughput and increased performance on specific security-related functions which typically are performed in dedicated offload engines in a hybrid system.
Within 6WIND’s software, we have recognized this need and provide highly-efficient support for hybrid system architectures. All the 6WINDGate control plane code and most of our data plane code is architecture-independent. Architecture-specific abstractions and optimizations are performed within a data plane module called the “Fast Path Networking SDK” or “FPN-SDK”.
From our customers’ point of view, they license from us the 6WINDGate stack including the protocols that they need, along with the appropriate FPN-SDK modules for the processors that they select. In terms of our development process, this architecture enables us to work on both new protocols and new architecture support as parallel activities, bringing a high degree of efficiency to our new product development process.
What do you see as the trends and tradeoffs in terms of hybrid vs. unified multicore systems in networking and security applications? Will there always be a market segment where hybrid systems are the optimum solution?