Skip navigation

Software & Bios

5 Posts authored by: simon_stanley

windThe combination of rapidly growing data traffic on both wireless and fixed line networks and relatively slow growth in revenue has forced service providers to optimize network performance using policy enforcement systems in both mobile and fixed line networks.  Policy enforcement uses deep packet inspection (DPI) to identify applications and traffic flows. At the same time service providers are planning to implement network functions virtualisation (NFV), a new approach that uses virtual platforms to enable a more flexible network for service providers.

 

In this blog I am going to explore the benefits of using virtual platforms to implement DPI and policy enforcement using software development kits from 6WIND and Qosmos that have been optimized for Intel® Xeon® processors and Intel® Data Plane Development Kit (Intel® DPDK). 6WIND and Qosmos are Associate members of the Intel® Intelligent Systems Alliance. The 250-plus members of the Alliance collaborate closely with Intel to create hardware, software, tools, and services to help speed intelligent systems to market.

 

Policy Enforcement  in 3G/LTE Networks

Figure 1 shows the key elements in the combined 3G/LTE network. The LTE eNodeB base stations are connected directly into the enhanced packet core (EPC) that includes the Serving Gateway, PDN Gateway and MME. The 3G NodeB base stations are connected through the radio network controller (RNC) to the packet core (SGSN/GGSN). These elements are being implemented on virtual platforms as the industry moves to NFV.

 

Policy Enforcement in 3g-LTE Networks.png

Figure 1. Policy Enforcement in3G/LTE Networks (Source: Earlswood Marketing)

 

Policy enforcement in 3G/LTE networks is handled by the Policy and Charging Rules Function (PCRF) and Policy and Charging Enforcement Function (PCEF). The PCRF allows operators to dynamically control policies for bandwidth, charging and other functions for each subscriber and application. The PCEF implements these policies through the GGSN and PDN Gateway. Similar functions are used for policy enforcement in fixed line systems.

 

DPI Processing Platforms

DPI processing platforms have changed significantly over the last few years. Dedicated hardware has been replaced by multicore processors running on industry standard COTS platforms. This in turn has opened up the opportunity to use virtualized platforms for DPI and policy enforcement with applications running on virtual machines that are connected through virtual switches. This approach is being standardized by ETSI as Network Functions Virtualisation (NFV). There are many companies working on solutions for NFV including several that, like 6WIND and Qosmos, are supporting the CloudNFV initiative.

 

The development of the Intel® DPDK and the introduction of the Intel® Xeon® processor E5-2600 v2 have significantly increased the performance of virtual platforms. The 6WINDGate packet processing software and Qosmos ixEngine DPI software take full advantage of the Intel DPDK and Intel Xeon processors.

 

6WINDGate Packet Processing Solution

6WINDGate is a data plane processing software solution for multicore and virtualized platforms. The solution includes a full suite of layer 2-4 protocols for networking applications, works with commercial and open-source Linux distributions, and has full support for standard Linux APIs. 6WINDGate can be used to deliver best-in-class performance for mobile infrastructure, network appliances and data center networks.

 

6WINDGate in NFV.jpg

Figure 2. 6WINDGate in NFV (Source: 6WIND).

 

6WINDGate has full support for industry-standard hypervisors with no impact on system performance. Figure 2 shows 6WINDGate used in an NFV solution. Each virtual machine running within the hypervisor supports a virtual network function (NFV) with LINUX operating system and 6WINDGate networking stack. The virtual machines are connected through an open virtual switch which is also accelerated by the 6WINDGate networking stack.

 

The virtual machines and virtual switch are running on standard COTS or server platforms using x86 processors. 6WINDGate uses the Intel DPDK and is optimized for Intel processors such as the Intel Xeon processor E2600v2. When used to accelerate the standard Open vSwitch (OVS), 6WINDGate typically delivers a 10x improvement in switching performance and a 3x improvement in virtual machine density over a purely Linux implementation.

 

Qosmos ixEngine DPI Solution

The Qosmos ixEngine DPI is software development kit that supports real-time layer 7 IP flow analysis and application identification. The solution uses stateful inspection and heuristic analysis to extract metadata and content information. The ixEngine will extract over 6000 types of information for more than 1000 protocols. The Qosmos ixEngine includes software libraries and tools that are easily integrated into existing solutions. The Qosmos iXEngine is designed to work in a range of hardware platforms and virtual environments. The solution works with the 6WINDGate multicore network stacks and takes advantage of the Intel DPDK.

 

DPI-in-Traffic-Shaping_no caption.jpg

Figure 3. Qosmos ixEngine in Policy Enforcement (Source: Qosmos).

 

Figure 3 shows the Qosmos DPI technology being used for policy enforcement on a virtual switch. The solution runs within a hypervisor that is running on an Intel Xeon processor-based platform. The solution bypasses the LINUX kernel via the Intel DPDK to accelerate connections for the virtual applications and virtual switch communication. An external PCRF controls the policy enforcement application that is pre-integrated into the hypervisor. The traffic shaping function uses information in the PCRF- configured flow table to transmit, queue, drop, or tag packets as required to enforce policy.

 

Virtualized Solutions

The combination of the 6WINDGate packet processing and Qosmos ixEngine DPI solutions running on virtual platforms is enabling high performance DPI and policy enforcement for NFV environments. These solutions are just part of the developments being made to ease the shift from dedicated systems to virtual platforms in the telecom infrastructure.

 

Learn More

Contact Featured Alliance Members:

Solutions in this blog:

Related topics:

 

6WIND and Qosmos are Associate members of the Intel® Intelligent Systems Alliance.

 

Simon Stanley

Roving Reporter (Intel® Contractor), Intel® Intelligent Systems Alliance

Principal Consultant, Earlswood Marketing

Follow me on Twitter: @simon_stanley

Software Defined Networking (SDN) is changing the way companies develop solutions for data center and network infrastructure. The separation of control plane and data plane in SDN forces developers to use a more modular approach to system and software development. Open standards defined for SDN such as OpenFlow and OpenStack allow service providers and equipment manufacturers to use systems and building blocks from different suppliers. The challenge is finding the right building blocks to minimize time to market, ensure interoperability and maximize system performance.

 

In this blog I am going to explore the benefits of using the Wind River Open Network Software (ONS). ONS is a comprehensive switch software environment for developing data center and network infrastructure solutions that support SDN. Wind River Systems is an Associate member of the Intel® Intelligent Systems Alliance. The 250-plus members of the Alliance collaborate closely with Intel® to create hardware, software, tools, and services to help speed intelligent systems  to market.

 

The Importance of SDN

 

SDN makes the network simpler and easier to manage by separating the data plane and control plane functions. This separation together with the use of open interfaces allows carriers and service providers to source network elements from a variety of vendors or a single vendor as they prefer. This gives carriers and service providers opportunities to manage costs and deliver new services.

 

SDN switches and other data plane systems route packets using a flow table. The flow tables are managed by controllers that communicate with the switches through a secure channel defined by the OpenFlow protocol. The controllers can be managed by a centralized orchestrator through a cloud operating system such as OpenStack that controls large pools of networking, storage and compute.

 

Wind River Open Network Software (ONS)

 

The Wind River Open Network Software (ONS) is a complete network switch software environment to deliver highly optimized control plane software for SDN solutions including top of rack switches, micro server platforms and network infrastructure elements. Wind River ONS is available with extensive support including professional services to develop customer specific hardware and run-time solutions.

 

Wind River ONS New.png

Figure 1. Wind River Open Network Software (ONS).

 

The Wind River ONS is a modular design as shown in figure 1. The four main blocks cover L1, L2, L3 and open switch functionality. Below are the ONS core services and switch adapter API, above are the data base services, object model and management API. The Wind River ONS supports a range of network protocols including OSPF, BGP, Spanning Tree, Link Aggregation (LAG) and BGP as well as access lists and advanced tunneling. The solution supports OpenFlow and OpenStack for SDN implementations.

 

The ONS object model is defined in an XML descriptive language and the database covers every element that management API needs to access. The management API supports XML-RPC, SNMP and other management applications. The Wind River application development kit (ADK) allows engineers to develop additional applications such as MPLS.  The ADK includes the development environment and tools, libraries, sample code and documentation.

 

The switch adapter API connects the ONS core services through a switch adapter to either the switch silicon or the SimSwitch hardware simulator. The switch adapter block is specific to the physical switch silicon being used. Wind River will supply source code or run-time code for a number of different hardware platforms including the Intel Seacliff Trail reference platform. Support for additional platforms is available through Wind River professional services. The SimSwitch hardware simulator allows developers to build the system software before the switch hardware is available.

 

Intel Seacliff Trail Reference Platform

 

Wind River ONS has been ported to 10 different hardware platforms including the Intel Seacliff Trail Reference Platform show in Figure 2. The reference platform includes an Intel® Ethernet Switch FM6700 device dual power supplies and AMC module. The Intel Ethernet Switch FM6700 device integrates a FlexPipe frame processor that is used to support SDN applications. The device will support up to 4000 OpenFlow 12–tuple table entries. The FlexPipe frame processor is programmed through the ONS Switch Adapter.

 

SCT2 - Smaller.jpg

Figure 2. Intel Seacliff Trail Reference Platform

 

The Seacliff Trail Reference Platform AMC slot has a single AMC module with Intel® Xeon® processor E3-1105C and Intel® Communications Chipset 89xx Series. The Intel Xeon processor E3-1105C has four 1GHz hyperthreaded 64-bit cores that run the Wind River ONS software.

 

Building Blocks for SDN

The Wind River ONS is one of a number of building blocks that are already available for SDN. By using off-the-shelf solutions that are designed to support open Interfaces and protocols and taking advantage of hardware reference platforms such as Sea Cliff Trail developers can quickly bring new systems to market that support SDN. The shift towards SDN is accelerating driven on by the use of open interfaces and the widespread support from both service providers and equipment manufacturers.

 

Learn More

Solutions in this blog:

 

Related topics:

 

Wind River Systems is an Associate member of the Intel® Intelligent Systems Alliance.

 

Simon Stanley

Roving Reporter (Intel® Contractor), Intel® Intelligent Systems Alliance

Principal Consultant, Earlswood Marketing

Follow me on Twitter: @simon_stanley

Big data, multimedia communications and cloud-based services are forcing service providers to deploy intelligent network infrastructures. At the core of these network infrastructures are intelligent network systems with the latest multicore processors. The software running on these multicore processors needs to support control plane processing and complex packet processing functions delivering optimal performance and fast time to market.

 

In this blog I am going to explore the benefits of using the Wind River Intelligent Network Platform (INP) to develop high-performance networking applications on Intel® Xeon® processors. Wind River Systems is an Associate member of the Intel® Intelligent Systems Alliance. The 250-plus members of the Alliance collaborate closely with Intel to create hardware, software, tools, and services to help speed intelligent systems to market.

 

Developing Network Infrastructure

Network traffic is rapidly growing on both fixed line and wireless networks. Internet access, cloud services, video and TV on demand and voice over IP (VoIP) are all driving network bandwidth. LTE/4G wireless networks and the enhanced packet core (EPC) are providing dramatically higher capacity to mobile devices with at least 10Mbps already available in many areas and some operators planning support for 1Gbps using LTE-Advanced.

 

To profitably deliver these services carriers are investing in intelligent networks that can effectively control network traffic based on application, available bandwidth and subscriber status. These new networks are entirely packet-based and handle a mix of data, video and voice. The intelligent network systems at the core of these networks must efficiently forward packets to the destination, analyze flows to identify applications and subscribers, and inspect packet content to filter out malware and other unsuitable content.

 

Wind River Intelligent Network Platform (INP)

The Wind River Intelligent Network Platform (INP) is an integrated and optimized software system designed to enable equipment providers to deliver high-performance network systems that accelerate, analyze and secure network traffic and applications. The INP includes both critical run-time components and tools for developing network systems using the latest processors including Intel Xeon processors based on the Sandy Bridge microarchitecture.

 

As shown in Figure 1 the INP integrates runtime solutions for both Linux operating system and high performance data plane engines running on multicore processors. The platform can be used with native Linux applications and a growing range of data plane applications. The INP has been optimized for Wind River Carrier Grade Linux, a commercial grade open source runtime solution that complies with the Carrier Grade Linux 5 specification. Developers can also use their own Linux distribution.

 

Wind River INP.png

Figure 1. Wind River Intelligent Network Platform (INP)

 

The Wind River Application Acceleration Engine (1) is an optimized network stack supporting layer 3 and layer 4 network protocols. The Content Inspection Engine (2) is a high-speed pattern matching solution for Deep Packet Inspection (DPI). The Flow Analysis Engine (3) enables protocol and application identification, a critical component of intelligent network systems.


DPDK + INP.jpg

Figure 2. Intel® Data Plane Development Kit and INP

 

The Application Acceleration Engine works in conjunction with Linux in the data plane and leverages the Intel® Data Plane Development Kit (Intel® DPDK). As shown in Figure 2 the INP is closely integrated with the Intel DPDK leveraging the performance of the libraries to accelerate networking applications and protocols running on Intel processors. The Wind River Application Acceleration Engine supports 1, 10, and 40Gbps interfaces and Wind River claims performance gains of up to 1,100% for IP-forwarding and up to 650% for TCP.

 

Flow Analysis and Content Inspection

The Wind River Flow Analysis Engine is shown in Figure 3. Packets are extracted from the incoming packet stream and categorized into different traffic flows using data from the flow class libraries. The flow analysis engine can also be used to identify the communications protocols and applications related to individual packets and flows. The flow information from the Flow Analysis Engine is forwarded to other network elements, either within the INP or external and can be used to prioritize traffic associated with high value applications or subscribers.


WR Flow Analysis.jpg

Figure 3. Wind River Flow Analysis Engine

 

The Wind River Content Inspection Engine is a high-speed pattern matching solution. The Content Inspection Engine matches groups of regular expressions against blocks or streams of data extracted from the incoming packet stream. The run-time engine matches data against a compiled pattern database. Matching is supported across an arbitrary number of block writes and is conformant to a large subset of the industry standard Perl Compatible Regular Expressions (PCRE) syntax.

 

Media Gateway Example

The Wind River Intelligent Network Platform can be used in many different network systems. A simple example is a Media Gateway that is delivering video streams to subscribers. The video stream is split into packets that are forwarded by the INP Application Acceleration Engine. Individual video streams are identified by the INP Flow Analysis Engine. The content of the video stream is checked by the INP Content Inspection Engine for malware. The individual elements of the INP work together, to ensure the media gateway is delivering a high quality video stream.

 

Putting It All Together

The Wind River Intelligent Network Platform with Intel DPDK and Intel Xeon processors provide a high performance solution to accelerate packet forwarding, flow analysis and content inspection. By using standard processors and off-the-shelf software system providers can efficiently develop intelligent network systems that will maximize network throughput and service provider return on investment.

 

Learn More

 

Solutions in this blog:

 

Related topics:

 

Wind River Systems is an Associate member of the Intel® Intelligent Systems Alliance.

     Contact Wind River>>

 

Simon Stanley

Roving Reporter (Intel® Contractor), Intel® Intelligent Systems Alliance

Principal Consultant, Earlswood Marketing

Follow me on Twitter: @simon_stanley

 

The Intel® Data Plane Development Kit (Intel® DPDK) is changing the way companies develop solutions for wire-speed DPI and other packet processing functions. The dpdk.org Open-Source Project established by 6WIND aims to accelerate the development of Intel architecture-based networking products by making the Intel DPDK libraries, drivers and documentation available on one site, together with information on third party support and enhancements. System developers should find the dpdk.org Open-Source Project a valuable resource, making the benefits of the Intel DPDK readily accessible to a wide range of companies.

 

In this blog I am going to explore the benefits of using Intel DPDK and review the resources available through the dpdk.org Open-Source Project and the wider ecosystem. For this blog I have been talking to 6WIND, a commercial software supplier and an Affiliate member of the Intel® Intelligent Systems Alliance. The 250-plus members of the Alliance collaborate closely with Intel to create hardware, software, tools, and services to help speed intelligent systems  to market.

 

Intel® Data Plane Development Kit

The Intel DPDK is a set of source code programming libraries that accelerate basic data plane functions for Intel® processors. The Intel DPDK libraries have been optimized for packet processing performance on IA processors such as the Intel® Xeon® Processor E5-2600 and ES-2400 series. By using the Intel DPDK system developers can quickly implement packet processing functions, significantly reducing time to market.

Intel DPDK.png

Figure 1. Intel® Data Plane Development Kit

 

As shown in Figure 1 the key Intel DPDK elements are buffer and memory management, queue management and packet flow classification libraries, and poll mode drivers for network interface cards (NICs). The Intel DPDK supports a low overhead, run-to-completion model, optimized for data plane performance. The environment abstraction layer includes platform specific guidelines and initialization code, reducing the cost of application porting. The Intel DPDK supports a Linux userspace environment.

 

The Intel DPDK Memory Manager is responsible for allocating pools of objects in memory. The Memory Manager creates a pool in memory space using a ring to store free objects. The Intel DPDK Buffer Manager handles pre-allocated fixed size buffers which are stored in memory pools. The Buffer Manager significantly reduces the amount of time the operating system spends allocating and de-allocating buffers. The Intel DPDK Queue Manager implements lockless queues, instead of using spinlocks, allowing different software components to process packets, while avoiding unnecessary wait times. The  Intel DPDK Flow Classifier uses the Intel® Streaming SIMD Extensions (Intel® SSE) to implement hash based flow classification to quickly place packets into flows for processing. This is an efficient mechanism that greatly improves throughput.

 

The Intel DPDK includes Poll Mode Drivers for Gigabit Ethernet (GE) and 10GE controllers. The drivers are designed to work without asynchronous, interrupt based, signaling mechanisms, greatly increasing the packet pipeline performance.

 

The Intel DPDK is provided as free, unsupported, BSD-licensed source, downloadable from Intel, in addition to part of commercial solutions from leading ecosystem companies including Wind River, Tieto and 6WIND, and through the dpdk.org Open-Source Project.

 

dpdk.org Open-Source Project

The dpdk.org Open-Source Project was established in April 2013 by 6WIND. The project provides a central store for source code, documents and application examples. The dpdk.org site includes libraries, drivers, documentation, development mailing list, git repository and support relevant to high-performance packet processing using the Intel DPDK. The site also includes links to relevant press releases from key ecosystem companies. To ensure the best user experience the Intel source code provided through dpdk.org have been thoroughly tested and may be one or two revisions behind the latest version available direct from Intel.

 

The dpdk.org Open-Source Project seems to be gaining significant interest. “We have already had 50 companies download code from the site” says Charlie Ashton, VP of Marketing at 6WIND.

 

Enhanced Support for Intel® Data Plane Development Kit

The three leading companies providing commercial support for Intel DPDK are Wind River, Tieto and 6WIND. The Wind River Intelligent Network Platform (INP) is an integrated software solution for intelligent network systems. The Wind River INP integrates an application acceleration engine, content inspection engine and flow analysis engine. All three engines leverage the performance of the Intel DPDK. The platform is optimized for Wind River Carrier Grade Linux which includes Intel DPDK as an integrated and supported run-time component.

 

Tieto provides an integrated service offering combining Managed Services, Consulting and System Integration. The company provides professional software services for multi-core packet processing for wireless and fixed infrastructure with support for Intel DPDK.

 

6WIND provides software solutions for advanced networking functions in mobile infrastructure equipment, networking appliances and data center networking including the 6WINDGateTM software which provides high-performance data plane processing software for multicore platforms. The 6WIND Intel DPDK library is shown in Figure 2. In addition to the baseline Intel DPDK library this supports virtualization, multi-buffer IPsec, Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI), additional monitoring and statistics and drivers for security and compression accelerators like the Intel® Communications Chipset 89xx Series (formerly code named Cave Creek) and NICs like the Intel® 82571EB Gigabit Ethernet Controller.

6WIND DPDK.jpg

Figure 2. Intel® Data Plane Development Kit Library from 6WIND

 

This growing support ecosystem is extending access to the Intel DPDK and high performance data plane software. Developers can quickly implement packet processing functions using the Intel DPDK and receive support through ecosystem members or dpdk.org.

 

Learn More

Solutions in this blog:

Related topics:

 

Wind River Systems is an associate member of the Intel® Intelligent Systems Alliance.

     Contact Wind River>>

6WIND is an affiliate member of the Intel® Intelligent Systems Alliance.

     Contact 6WIND>>

Tieto is an affiliate member of the Intel® Intelligent Systems Alliance.

     Contact Tieto>>

 

Simon Stanley

Roving Reporter (Intel® Contractor), Intel® Intelligent Systems Alliance

Principal Consultant, Earlswood Marketing

Follow me on Twitter: @simon_stanley

Organisations around the globe are looking to move critical data and applications into the cloud. At the same time service providers are looking to manage data center costs by sharing server hardware across multiple customers. This combination creates a significant security issue for both organisations and service providers unless the servers are running secure virtualisation software that ensures absolute separation between virtual machines running on a single server.

 

This blog will look at how military grade secure virtualization, running on Intel® hardware technology, can help protect cloud environments, and allow for hardware consolidation by allowing secure multi-tenancy even within sensitive environments such as government, medical and financial systems.. For this blog I have been talking to Robert Day, Vice President, Marketing at LynuxWorks, an affiliate member of the Intel® Intelligent Systems Alliance. The 200-plus members of the Alliance collaborate closely with Intel® to create hardware, software, tools, and services to help speed intelligent systems  to market. 

 

Moving Data into the Cloud

In the early days of computers data was stored centrally on mainframes and accessed through private dumb terminals. The development of PCs and low cost servers drove a shift towards distributed data with most data stored locally on PCs, or local servers, connected through a local area network (LAN).

 

We are now moving into a new era in which most organisations, both large and small, are looking to move critical data to the cloud, making it accessible over the Internet from a wide range of user devices including PCs, tablets and smartphones. This is taking us back to a centralized system but is creating new security concerns as the data is stored in shared data centers and accessed over a public network.

 

We know that endpoints are difficult to secure and moving all the data to one place invites a much more catastrophic breach if attacked. Service providers and other organizations need to ensure that they control direct access to their own data, wherever it is stored, and ensure that their data is protected from other users sharing data centers or servers.

 

Intel® Virtualization Technology

 

The latest Intel® processors, including 3rd Generation Intel® Core™ Processors and Intel® Xeon® Processor E3 and E5 families support several hardware virtualization technologies.

  • Intel® Virtualization Technology (Intel® VT-x)
  • Intel® Virtualization Technology for Directed I/O (Intel® VT-d)
  • Extended Page Table (EPT)

 

Secure Virtualization

LynxSecure from LynuxWorks is a secure separation kernel and hypervisor that has been developed for military applications and transferred into the enterprise domain. LynxSecure provides a secure environment in which multiple operating systems can run simultaneously without compromising security, reliability or data. LynxSecure offers both time-space partitioning and operating-system virtualization and supports multiple heterogeneous, secure and nonsecure, operating system environments. LynxSecure will support common operating systems including Windows, Linux and Solaris, running unmodified ‘guest’ operating systems in their own secure virtual machines.

 

LynxSecure.png

Figure 1. LynxSecure runs unmodified ‘guest’ operating systems in their own secure virtual machines.

 

LynxSecure uses the hardware virtualization technologies integrated into the latest Intel® processors. The software enables VT-x features within the processor to manage Guest VMs and ensure privileged operations cannot bypass the hypervisor. LynxSecure utilizes VT-d extensions to ensure that only allowed memory regions are accessed. The software utilizes the EPT technology in Intel® processors to provide a significant boost in performance of guest operating systems while preserving the separation and isolation between them.

 

Enabling Cloud Deployments in Sensitive Areas

As organizations move critical data and applications to the cloud, service providers need to ensure the servers they are using support a high level of security between users. By using hardware virtualization technology on the latest Intel® processors and secure kernel and hypervisor solutions such as LynxSecure companies can offer their customers secure multi-tenancy server solutions that can be used even within sensitive environments such as government, medical and financial systems.

 

virtualization.png To learn more about virtualization for embedded devices, visit intel.com/go/embedded-virtualization

 

comm.pngFor more on flexible, scalable, standards-based communications visit intel.com/go/embedded-communications

 

LynuxWorks is an affiliate member of the Intel® Intelligent Systems Alliance.

 

Simon Stanley

Roving Reporter (Intel® Contractor), Intel® Embedded Alliance

Principal Consultant, Earlswood Marketing

Follow me on Twitter: @simon_stanley