Security is a vital component of any data center or communications solution. Security functions implemented in software can be slow and in many systems require a disproportionate percentage of processing power. Security accelerators are a cost-effective solution to accelerating security functions in servers and network appliances. The latest Intel® Communications Chipset 89xx Series devices dramatically increase the performance of these security accelerators while retaining backwards compatibility with existing hardware and software solutions.

 

In this blog I am going to explore the benefits of using the latest Intel Communications Chipset 89xx Series to accelerate security functions in servers and network appliances. I am using examples from Dell and Portwell, both Premier members of the Intel® Intelligent Systems Alliance, and Silicom, a General Member of the Alliance. The 250-plus members of the Alliance collaborate closely with Intel to create hardware, software, tools, and services to help speed embedded systems to market.

 

Security Functions

 

Servers and network appliances need to support multiple security functions. These include secure transactions, data encryption and authentication. Secure Sockets Layer (SSL) is widely used for web browsing, email and Voice-Over-IP (VoIP). SSL supports message authentication and data encryption between applications at layer 4.

 

Internet Protocol Security (IPsec) protects all traffic on the network by providing authentication and encryption at layer 3. IPsec has wide industry support and can be used for both Internet and non-Internet applications.

 

Intel® Communications Chipset 89xx

 

The Intel Communications Chipset 89xx Series support SSL performance up to 50Gbps, IPsec performance up to 43Gbps and compression up to 24Gbps. SSL performance for six devices in the family is shown in Figure 1. Up to 4 devices can be used in a system giving SSL performance up to 200Gbps.

Coleto Creek SSL Performance.jpg

Figure 1. Intel® Communications Chipset 89xx Series SSL Performance (Gbps)

 

The Intel Communications Chipset 89xx Series block diagram is shown in Figure 2. The Intel® QuickAssist Technology defines a unified set of Application Programming Interfaces (APIs) that support encryption and compression functions. The Intel Communications Chipset 89xx Series device works directly with the Intel QuickAssist Technology’s Accelerator Abstraction Layer (AAL) to provide hardware acceleration for these functions. The Intel QuickAssist Technology is fully compatible with the Intel® Data Plane Development Kit (Intel® DPDK).

 

The Intel QuickAssist Technology is accessed through the PCIe Gen 2.0 x8/x16 interface. The same interface is used to access the four GbE interfaces integrated on some devices. All the devices support standard PC chipset interfaces, including PCIe Gen 1.0, USB and SATA, that are accessed through the DMI Gen2 x4 interface.

Intel 89xx Block Diagram.png

Figure 2. Intel® Communications Chipset 89xx Series Block Diagram

 

Server Acceleration

 

The Dell PowerEdge™ R720, shown in Figure 3, is a 2S/2U rack server with support for up to sixteen hard drives and a maximum internal storage capacity of 32TB. The PowerEdge™ R720 integrates dual Intel® Xeon® processors E5-2600 v2, with 4, 6, 8, 10 or 12 processor cores each, and up to 768GB DDR3 DRAM. There are several networking interface options each supporting four ports of GbE, 10GbE, or a combination.

PowerEdge R720 crop.jpg

Figure 3. Dell PowerEdge R720 Rack Server

 

The Dell PowerEdge™ R720 has one PCIe x16 adapter slot and four PCIe x8 adapter slots. Security acceleration can be added to the server using the Intel QuickAssist Adapter SCC-8950 shown in Figure 4. This adapter card integrates a 24 Lane PCIe Gen 3 switch and a single Intel Communications Chipset 8950 device. The Dell PowerEdge™ R720 will support up to 4 of these Intel QuickAssist Adapters SCC-8950.

Intel SCC-8950.jpg

Figure 4. Intel® QuickAssist Adapter SCC-8950

 

An alternative for server security acceleration is the Crypto Compression Accelerator Adapters from Silicom (see Figure 5). These PCI Express 3.0 x16 adapters integrate one, two or four Intel Communications Chipset 8950 devices. These adapters support virtualized environments, with streams allocated to the accelerated SSL, IPsec and compression functions, and can be used for load balancing and security acceleration in software defined networking (SDN).

PE3iSCO2-1.jpg

Figure 5. Silicom Crypto Compression Accelerator Adapter

 

Appliance Acceleration

 

The Portwell CAR-5020, shown in Figure 6, is a 2U rackmount network security appliance designed to support firewall, virtual private networks (VPN), intrusion detection and prevention (IDS/IPS), antispam, anti-virus and universal threat management (UTM). The system integrates dual Intel Xeon processors E5-2600 with up to 16 cores and Intel Communications Chipset 89xx.

CAR-5020.jpg

Figure 6. Portwell CAR-5020 Security Appliance

 

The Portwell CAR-5020 provides many expansion and network interface options. The system integrates four GbE ports, three swappable network interface modules and four PCIe slots. Three of the PCIe slots support the Portwell NIP-71042 Network Card shown in Figure 7. The NIP-71042 integrates a single Intel Communications Chipset 89xx device with support for Intel QuickAssist Technology.


Portwell NIP-71042.jpg

Figure 7. Portwell NIP-71042 Network Card with Intel® Communications Chipset 89xx Series

 

Scaling Security

 

As shown in this blog there are several ways to accelerate security in servers and network appliances using the Intel Communications Chipset 89xx Series. Intel QuickAssist Technology will support up to 4 devices in a system and is fully compatible with the Intel DPDK. The result is a flexible solution that is easy to support and scales up to 200Gbps.

 

Learn More

Contact featured member:

 

Solutions in this blog:

 

Related topics:

 

Dell and Portwell are Premier members of the Intel® Intelligent Systems Alliance.  Silicom is a General Member of the Alliance.

 

Simon Stanley

Roving Reporter (Intel® Contractor), Intel® Intelligent Systems Alliance

Principal Consultant, Earlswood Marketing

Follow me on Twitter: @simon_stanley