The Intel® Communications Chipset 89xx Series can be used as a highly integrated chipset solution or a dedicated packet processing accelerator for systems based on Intel® Xeon® Processors E5-2600 and E5-2400 Series or Intel® Xeon® and Intel® Core™ Processors for Communications Infrastructure. When used as dedicated packet processing accelerators the Intel® Communications Chipset 89xx Series offers new opportunities to scale system security performance, without the significant investment involved in new software development.

 

In this blog I am going to explore the benefits of using Intel® Xeon® processors and the Intel® Communications Chipset 89xx Series as a dedicated packet processing accelerator. For this blog I am using an implementation example from Portwell, a Premier member of the Intel® Intelligent Systems Alliance. The 200-plus members of the Alliance collaborate closely with Intel® to create hardware, software, tools, and services to help speed intelligent systems to market.

 

Network Security System

 

Figure 1 shows a typical network security system housed in a 2U rackmount case. The CAR-5030 CASwell High Performance Network Security System has two sockets for Intel® Xeon® Processors E5-2600 and E5-2400 Series and sixteen DDR3 1600 DIMM memory modules supporting up to 128GB. The Intel® Xeon® Processors E5-2600 and E5-2400 Series provide 80 PCIe 3.0 lanes to support a range of standard and custom modules. Each module has a PCIe x8 interface to one of the two processor sockets. The Intel®C604 chipset supports SATA, dual USB and other standard interfaces.

 

CAR-5030-side-angle.jpg

Figure 1. CAR-5030 High Performance 2U Rackmount Network Security System

 

Seamless Hardware Acceleration

 

The Intel® Communications Chipset 89xx Series shown in Figure 2 has two interfaces to the system processor; the x4 DMI interface is used to access the standard chipset interfaces shown at the bottom (USB, SATA, GPIO etc.), the PCIe x8/16 interface is used to access the Intel® QuickAssist Technology hardware acceleration and four Gigabit Ethernet interfaces.

 

The Intel® QuickAssist Technology accelerates network security functions such as IPSec and SSL/TLS, as well as hashing functions for data de-duplication, encrypted storage, and other applications. A single Intel® Communications Chipset 89xx Series device can be used to accelerate encryption up to 20 Gbps and compression performance up to 9Gbps; higher performance can be achieved using multiple devices.

 

The Intel® Communications Chipset 89xx Series Block Diagram.png

Figure 2. The Intel® Communications Chipset 89xx Series incorporate communications accelerators, communications I/O, and compute I/O.

 

The Intel® QuickAssist Technology defines a unified set of Application Programming Interfaces (APIs) that include encryption and compression functions. The Intel Communications Chipset 89xx Series device works directly with the Intel® QuickAssist Technology’s Accelerator Abstraction Layer (AAL) to deliver exceptional packet processing performance. The solution takes advantage of the optimised libraries from the Intel data plane development kit (DPDK). This approach can allow users and system developers to scale security performance by adding Intel Communications Chipset 89xx Series devices with no software changes.

 

Scaling Security Performance

 

Figure 3 shows the CASwell network interface module with Intel Communications Chipset 89xx Series and four 1000BASE-T interfaces. The CAR-5030 CASwell High Performance Network Security System will support up to 5 of these modules. Each module adds 4 Gigabit Ethernet interfaces and significant security processing acceleration. Alternative modules can be used with additional Gigabit Ethernet interfaces.

 

NIP-71042.jpg.jpg

Figure 3. CASwell network interface module with Intel Communications Chipset 89xx Series

 

This approach is taking full advantage of the 80 PCIe interfaces available on a dual processor Intel® Xeon® Processors E5-2600 and E5-2400 Series-based system and allows users to install a standard system and add networking I/O and security acceleration as required for a particular application or to meet new requirements.

 

Modular Approach to Scaling System Performance

 

The network security system in this blog demonstrates the modular approach to scaling system performance using Intel® Xeon® Processors E5-2600 and E5-2400 Series and Intel® Communications Chipset 89xx Series. A standard dual processor platform with up to 16 cores and Intel®C604 chipset will support security processing for most applications at data rates up to several gigabits per second.  Software performance can be optimised using the Intel DPDK and associated libraries. Security performance can be scaled by adding modules with Intel® Communications Chipset 89xx Series devices. Each module can add up to 20Gbps security performance when used with additional network interfaces.

 

This modular approach allows users and system developers to take advantage of the latest processors and optimize security performance by adding modules where needed. The system can use Intel® Xeon® Processors E5-2600 and E5-2400 Series or Intel® Xeon® and Intel® Core™ Processors for Communications Infrastructure. The Intel® Xeon® and Intel® Core™ Processors for Communications Infrastructure include processors with power consumption from 40W down to 10W. Future developments will further enhance processor performance and extend the packet processing and I/O options available within chipsets for both motherboard and expansion module implementations.

 

workload_consolidation.png For more on building flexible networking solutions, see intel.com/go/embedded-consolidation

 

comm.png For more on flexible, scalable, standards-based communications visit intel.com/go/embedded-communications

 

Portwell is a Premier  member of the Intel® Intelligent Systems Alliance.

 

Simon Stanley

Roving Reporter (Intel® Contractor), Intel® Embedded Alliance

Principal Consultant, Earlswood Marketing

Follow me on Twitter: @simon_stanley