 | ||
July 6, 2004 |
||
|
Development of the World's Fastest 10Gb/s Packet Classification and Forwarding Board for Advanced Function on High-speed Networks -Realization of Flexible and Stable Maintenance and Operation by Enabling Change of Packet Processing Algorithm- |
||
Nippon Telegraph and Telephone Corporation (NTT, headquartered in Chiyoda-ku, Tokyo. President and CEO is Norio Wada) has developed the world's fastest 10Gb/s packet classification and forwarding board. Featuring the complex Wspeed (*1) chip capable of handling wired-speed traffic, the 10Gb/s packet processing performance of the board has now been verified in a firewall system. With its ability to handle 10Gb/s traffic, the board can be applied to the network core, a capability that up to now has been impossible, and can be applied to a wide range of equipment including server and router interfaces demanding very high speed packet processing. (Figure) The Wspeed chip installed on the board was developed as a key LSI device supporting advanced functional processing over firewalls and other high-speed networks, and features 10Gb/s wired-speed packet processing and IPv4 packet flow classification capabilities. In addition to firewalls, the board can also be applied to a range of off-load processing tasks including user policy-based transfer processing at routers, high layer routing, and application of IPSec (*2) at high-speed network servers. Since the load on servers and superfluous interfaces are eliminated using the Wspeed-mounted board, the cost of implementing firewalls for example can be substantially reduced. <Development Background> The movement toward IT and widespread penetration of the Internet has caused a phenomenal increase in the traffic volume while users are demanding ever more diversity and advanced capabilities. This has intensified the need for faster packet processing and greater flexibility to modify and customize the capabilities of networks and the various kinds of equipment that are connected to networks. Up to now, advanced packet processing functions were always implemented with ASICs (*3) so the circuitry was hard wired in and unmodifiable. If one wanted to speed up or upgrade packet processing, the only alternative was to pull out the old board and replace it with a new board, and this created enormous problems in terms of maintenance and operability. When flexibility to modify functions was a priority and network processors were used, the processing was always done by software which basically limits the speed to no more than about several hundred megabits per second. For example, this meant that if you wanted to speed up Internet or other advanced protocol processing in a network server, there was no way the processing involved in modifying or extending the protocol could be implemented in hardware, so it was virtually impossible to obtain gigabit-class performance. Firewalls and other kinds of security systems provide another example. In recent years we have seen a growing number of DDoS attacks (*4) in which multiple computers connected to the network are used flood a server or network service with millions of packets so the service cannot be accessed and worms (*5). These kinds of attacks are a serious problem plaguing society. In order to empower networks so they can counter these attacks requires faster packet processing in security systems and the ability to flexibly modify processing algorithms. Providing a solution, NTT Network Service Systems Laboratories and NTT Network Innovation Laboratories developed Wspeed, a highly reconfigurable complex IC that can be readily modified, and that features a super-fast packet processing hardware algorithm enabling 10Gb/s wire-speed performance and IPv4 packet flow classification capability supporting individual packet processing in flow units. We then followed with the development of an equally fast 10Gb/s packet processing board carrying the Wspeed chip, and have now verified the outstanding performance of the board when employed as a firewall, a typical security-related application. <Features of the Board> Here we will highlight the key features of the board. (1)10Gb/s packet processing capability The part features Wspeed 10Gb/s wired-speed packet processing capability and IPv4 packet flow classification capability thereby achieving super-fast 10Gb/s packet processing. -10Gb/s wired-speed packet processing capability: Processing which enables the input which the packet of short length followed at 10Gb/s speed using fast packet processing hardware algorithm. -IPv4 packet flow classification capability: Processing which classifies a IPv4 packet in flow units. (2)Hitless update function The algorithm on the board can be modified or updated without interrupting services. <Future Development> The board is the object of continuing research with the aim of applying the device to NTT's new Resonant Communication Network Architecture (*6). A series of trials will be conducted to demonstrate the performance and utility of the high-speed 10Gb/s packet processing device not only for security applications such as firewalls but for a wide range of other application scenarios as well. By exploiting just the packet header processing part of this board technology, we are also planning to offer a commercial general-purpose packet processing board. As a first step in this direction, we plan to bring out a commercial 2Gb/s PCI board with two ports for Gigabit Ethernet (GbE) within the year. <Terminology> *1 Wspeed ( Wired-Speed Packet Engine for EDge system ): An LSI which has 10Gb/s wired-speed packet processing capability and IPv4 packet flow classification capability. *2 IPSec: IP Security. A standard for encrypting communication on the Internet. *3 ASIC: Application Specific Integrated Circuit. *4 DDoS attack: Distributed Denial of Service attack. An attack involving multiple hosts that employs a virus to flood a target server with millions of packets to disrupt service. *5 Worm: An illegitimate program that reproduces by copying itself over and over. *6 Resonant Communication: A communication network architecture proposed by NTT offering exceptional usability and performance. |
||
Figure: Envisioned applications for the board | ||
|
||
|
