AnalyzeAccelerate Secure

THE TRIPLE CROWN FOR INTELLIGENT NETWORKS

Wind River, November 2012

© 2012 Wind River. All Rights Reserved.1

AnalyzeAccelerate Secure

1. Must design network products that enable more services and higher value?

2. Must get products to faster ahead of the competition?

Which Issue Do You Most Relate To?

3. Must better leverage new, powerful multicore processors to build higher performance products?

The Triple Crown of Next Generation Networks Goes to Software

AnalyzeAccelerate Secure

Higher Performance

=

Better Quality

of Experience

Built-In Intelligence

=

New Services

Tighter Security

=

Better Quality

of Service

| © 2012 Wind River. All Rights Reserved.3

Wind River Intelligent Network Platform

Development

Life Cycle Solution

Development

Life Cycle Solution

Wind River Global Support

Migration and Design Services

Wind River Simics

Native

Linux App

Customer

Data Plane App

Customer

Data Plane App

Customer

Data Plane App

Customer

Data Plane App

Customer

Data Plane App

Management

Plane

Wind River

Application

Acceleration

Wind River

Content

Inspection

Future

Engine(s)

Native

Linux App

Native

Linux App

Linux Kernel Space Linux User Space

| © 2012 Wind River. All Rights Reserved.4

Wind River Global Support

Migration and Design Services

Wind River

Workbench

Wind River

Test ManagementWind River Linux

with Intel DPDK

Acceleration

Engine

Inspection

Engine

Core Core Core Core Core Core Core Core Core Core Core Core

Core

Affinity

Core

Affinity

Core

Affinity

Core

Affinity

Wind RiverApplication Acceleration Engine

Protocol Conversion

Accelerated Socket Application

UDP or TCP

IPv4/IPv6

DPDK Libraries

Protocol Socket A Protocol Socket B

Packet

Protocol X TCP IP

Payload Headers

Packet

Protocol Y Test Test

Payload Headers

| © 2012 Wind River. All Rights Reserved.5

Proxy 0

DPDK User Mode Drivers

Proxy 1

Wind River Content Inspection Engine

Accelerated Socket Application

UDP or TCP

IPv4/IPv6

DPDK Libraries

Inspection Libraries

Pattern Matching

Configure, Monitor

| © 2012 Wind River. All Rights Reserved.6

DPDK User Mode Drivers

Proxy 0 Proxy 1

Protocol X WireWire

Pattern Matching

Wire

Compiler

Database

• Pattern matching is a CPU-intensive operation.

• Content Inspection Engine is ideal for applications that need to scan large

amounts of data at line rate such as intrusion prevention, antivirus, and

unified threat. Management

Logs

Looking Ahead…Accelerated Traffic Flow Classification

Accelerated Socket Application

UDP or TCP

IPv4/IPv6

DPDK Libraries

Flow Class Libraries

Flow Classification

Configure, Monitor

| © 2012 Wind River. All Rights Reserved.7

DPDK User Mode Drivers

Proxy 0 Proxy 1

WireWire

Flow Classification

• Classify traffic into various flows; runs faster with DPDK libraries.

• Identify 1,000+ protocols/applications, extract thousands of protocol and

application metadata, and analyze in real-time traffic at 10, 40, 100 Gb/s.

Logs

Wire Wire Flows

Intel DPDK Components

Mempool

Mbuf

Ether

EAL

L3FWD / VF

Exception Path

Timer

Multi-Process

LibrariesCode Examples

Data-Plane

- Software Libraries

- Optimized NIC Drivers in Linux User Space

- BSD-license

- Enables consolidation of mgt-plane and data-plane

| © 2012 Wind River. All Rights Reserved.8

User-Mode Drivers

port0

User IO Module

Timer

Ring

Net

Malloc

LPM

HashL2FWD / VF

Link Status IRQ

DPDK QAT

VMDQ_DCP

Input Frag

Load Balancer

port1 portN

User-Space

Kernel-Space

…

mgt-plane and data-plane on the same board

Intel® DPDK Components – What’s missing?

Data-Plane

Mempool

Mbuf

Ether

EAL

L3FWD / VF

Exception Path

Timer

Multi-Process

LibrariesCode Examples

TCP UDP

Sockets

Applications

Management-Plane

C

O

-

O

P

S

C

• Adds spt for multiple contexts within

the same thread/process/core

• enables implementing a multi-

tasking environment and the BSD

socket API with blocking calls

Memory

Protection

pktgen

shellScreen, nc, telnet

Netlink- routes –

-SA Sync –

- interface -

IKE Strongswan

Interactive

Config/Monitoring

Proxy Interfaces

Legend: Intel DPDK

User-Mode Drivers

port0

User IO Module

Timer

Ring

Net

Malloc

LPM

HashL2FWD / VF

Link Status IRQ

DPDK QAT

VMDQ_DCP

Input Frag

Load Balancer

port1 portNQemuport

ARP ICMP IGMP VRF

DPI

PROCFS

Exception Path

Linux OS

IPsec

C

H

E

D

U

L

E

R

Not Provided with Intel DPDK

Flow Classification Pattern Matching

LAG

Q

E

M

U

Enables

Development

w/out

Requiring

Supported

NICs

ICMP, ARP, IKE,etc.

VLAN

Logging

IKE Strongswan

Test

…

Intel® DPDK + Intelligent Network Platform

Data-Plane

Mempool

Mbuf

Ether

EAL

L3FWD / VF

Exception Path

Timer

Multi-Process

LibrariesExamples

TCP UDP

Sockets

Applications

Management-Plane

IKE Strongswan

Interactive

Config/Monitoring

C

O

-

O

P

S

C

• Adds spt for multiple contexts within

the same thread/process/core

• enables implementing a multi-

tasking environment and the BSD

socket API with blocking calls

Memory

Protection

pktgen

shellScreen, nc, telnet

Netlink- routes –

-SA Sync –

- interface -

Proxy Interfaces

Legend: Intel DPDK

User-Mode Drivers

proxy0

User IO Module

Timer

Ring

Net

Malloc

LPM

HashL2FWD / VF

Link Status IRQ

DPDK QAT

VMDQ_DCP

Input Frag

Load Balancer

proxy1 proxyNQemuport

ARP ICMP IGMP VRF

DPI

PROCFS

Logging

Exception Path

Linux OS

IKE Strongswan

IPsec

C

H

E

D

U

L

E

R

Wind River Intelligent Network Platform

Flow Classification Pattern Matching

LAG

Q

E

M

U

Test

Enables

Development

w/out

Requiring

Supported

NICs

ICMP, ARP, IKE,etc.

VLAN

QAT

WR Products are

delivered as a Source

Code Product …

Linux Delivery Options

Intelligent

Network

Engines

Intelligent

Network

Engines

Stand-AloneWind River Linux

Airplane Development

Engines Engines

Intel DPDK Intel DPDK

Wind River Linux12.04 Desktop

Qemu

Airplane Development

SSL+

16

Takes 2 minutes to install,

build and run an application

Screaming Performance � Significant improvements for IP forwarding, UDP, and TCP– >1100% IP-forwarding performance over Linux

– 500% UDP or TCP improvement over Linux

– VPN with hardware acceleration 5.5 Mpps/port

� Reduced pattern-matching latency � Reduced pattern-matching latency – 200-to-400% faster than Snort (stand-alone)

– Plus - 2800% lower latency on AAE/DPDK (accelerated)

� Substantially reduced data plane network application latency– Wire-line speed at 2 threads/port for suite-spot frame-length

Huge Time-to-Market Savings

� Three-minute installation

� Savings of six staff years for developing advanced accelerated networking protocols

� Savings of ten staff years for developing pattern-matching software

� Savings of priceless years of deep technical knowledge ensuring the building and deployment of successful networking products

Embedded Development Kit Lanner FWA-8895With Intel® DPDK Integration

Live USB™SBC/System TargetGetting Started

Guide

• Host environment + optimized

• 30 day trial activation

• Intel® DPDK APIs and libraries

Coming soon

| © 2012 Wind River. Subject to NDA with Wind River. All

Rights Reserved.

14

• Optimized Wind River Linux runtime image included on target system

• Intel® DPDK runtime

optimized demonstrations that highlight silicon

• Written Tutorials

• Intel® DPDK tutorial

• Video Tutorials

Complete development environment

and Intel DPDK evaluation within

minutes of opening the box!

LiveUSB™ - Key to Development Kit

Features

� Complete IDE on a stick

� Boot from any host PC

� Automatic “tools” eval license

� All documentation included

Wind River Workbench� Wind River Workbench 3.3

• Eclipse framework (Galileo) 3.5

• Eclipse CDT project 6.0

• Wind River GNU compiler

� All documentation included

� Best in class embedded “OOB” experience

• User space and kernel debuggers

• Linux user & kernel space configuration tools

• Run-time analysis tools:

• System viewer

• Memory analyzer

• Performance profiler

• Data monitor

• Code coverage analyzer

| © 2012 Wind River. All Rights Reserved.15

One Intelligent Software System to Use Across the Network

� Scalable across product lines

� Consolidate management and data plane

� Integrated software components to accelerate, analyze, and secure applications

� Flexible configuration – full platform � Flexible configuration – full platform or standalone components

� Comprehensive lifecycle development tools

� Access to technical experts to design, develop, and extend

� One support call for all pieces

� WR Products are delivered as a Source Code Product

© 2012 Wind River. All Rights Reserved.

Wind River Networking for Intel DPDK

� Dedicated R&D Group

• Source access

• Active patch porting

� Professional Services

• Experts Globally

• 2-day DPDK Training � Support and Premium offerings

• Global 24 hours, 365 days

• On-line Forum Support

• 95% CSAT

• 20% Net Promoter Score

Hardware Development Kits

• Integrated for fast evaluations

�Tools and Extensions

• PKGen

• Performance Studio

Intel

DPDK®

Commercially-Available Extensions

• DPDK Roadmap alignmentTest Infrastructure

• Automated Suites

• Quality artifacts�Linux Distribution

Integration

• Latest, greatest

updates

• Integrated for fast evaluations

• Great OoB experience• Performance Studio

DPDK®

| © 2012 Wind River. All Rights Reserved.18