AnalyzeAccelerate Secure
THE TRIPLE CROWN FOR INTELLIGENT NETWORKS
Wind River, November 2012
© 2012 Wind River. All Rights Reserved.1
AnalyzeAccelerate Secure
1. Must design network products that enable more services and higher value?
2. Must get products to faster ahead of the competition?
Which Issue Do You Most Relate To?
3. Must better leverage new, powerful multicore processors to build higher performance products?
The Triple Crown of Next Generation Networks Goes to Software
AnalyzeAccelerate Secure
Higher Performance
=
Better Quality
of Experience
Built-In Intelligence
=
New Services
Tighter Security
=
Better Quality
of Service
| © 2012 Wind River. All Rights Reserved.3
Wind River Intelligent Network Platform
Development
Life Cycle Solution
Development
Life Cycle Solution
Wind River Global Support
Migration and Design Services
Wind River Simics
Native
Linux App
Customer
Data Plane App
Customer
Data Plane App
Customer
Data Plane App
Customer
Data Plane App
Customer
Data Plane App
Management
Plane
Wind River
Application
Acceleration
Wind River
Content
Inspection
Future
Engine(s)
Native
Linux App
Native
Linux App
Linux Kernel Space Linux User Space
| © 2012 Wind River. All Rights Reserved.4
Wind River Global Support
Migration and Design Services
Wind River
Workbench
Wind River
Test ManagementWind River Linux
with Intel DPDK
Acceleration
Engine
Inspection
Engine
Core Core Core Core Core Core Core Core Core Core Core Core
Core
Affinity
Core
Affinity
Core
Affinity
Core
Affinity
Wind RiverApplication Acceleration Engine
Protocol Conversion
Accelerated Socket Application
UDP or TCP
IPv4/IPv6
DPDK Libraries
Protocol Socket A Protocol Socket B
Packet
Protocol X TCP IP
Payload Headers
Packet
Protocol Y Test Test
Payload Headers
| © 2012 Wind River. All Rights Reserved.5
Proxy 0
DPDK User Mode Drivers
Proxy 1
Wind River Content Inspection Engine
Accelerated Socket Application
UDP or TCP
IPv4/IPv6
DPDK Libraries
Inspection Libraries
Pattern Matching
Configure, Monitor
| © 2012 Wind River. All Rights Reserved.6
DPDK User Mode Drivers
Proxy 0 Proxy 1
Protocol X WireWire
Pattern Matching
Wire
Compiler
Database
• Pattern matching is a CPU-intensive operation.
• Content Inspection Engine is ideal for applications that need to scan large
amounts of data at line rate such as intrusion prevention, antivirus, and
unified threat. Management
Logs
Looking Ahead…Accelerated Traffic Flow Classification
Accelerated Socket Application
UDP or TCP
IPv4/IPv6
DPDK Libraries
Flow Class Libraries
Flow Classification
Configure, Monitor
| © 2012 Wind River. All Rights Reserved.7
DPDK User Mode Drivers
Proxy 0 Proxy 1
WireWire
Flow Classification
• Classify traffic into various flows; runs faster with DPDK libraries.
• Identify 1,000+ protocols/applications, extract thousands of protocol and
application metadata, and analyze in real-time traffic at 10, 40, 100 Gb/s.
Logs
Wire Wire Flows
Intel DPDK Components
Mempool
Mbuf
Ether
EAL
L3FWD / VF
Exception Path
Timer
Multi-Process
LibrariesCode Examples
Data-Plane
- Software Libraries
- Optimized NIC Drivers in Linux User Space
- BSD-license
- Enables consolidation of mgt-plane and data-plane
| © 2012 Wind River. All Rights Reserved.8
User-Mode Drivers
port0
User IO Module
Timer
Ring
Net
Malloc
LPM
HashL2FWD / VF
Link Status IRQ
DPDK QAT
VMDQ_DCP
Input Frag
Load Balancer
port1 portN
User-Space
Kernel-Space
…
mgt-plane and data-plane on the same board
Intel® DPDK Components – What’s missing?
Data-Plane
Mempool
Mbuf
Ether
EAL
L3FWD / VF
Exception Path
Timer
Multi-Process
LibrariesCode Examples
TCP UDP
Sockets
Applications
Management-Plane
C
O
-
O
P
S
C
• Adds spt for multiple contexts within
the same thread/process/core
• enables implementing a multi-
tasking environment and the BSD
socket API with blocking calls
Memory
Protection
pktgen
shellScreen, nc, telnet
Netlink- routes –
-SA Sync –
- interface -
IKE Strongswan
Interactive
Config/Monitoring
Proxy Interfaces
Legend: Intel DPDK
User-Mode Drivers
port0
User IO Module
Timer
Ring
Net
Malloc
LPM
HashL2FWD / VF
Link Status IRQ
DPDK QAT
VMDQ_DCP
Input Frag
Load Balancer
port1 portNQemuport
ARP ICMP IGMP VRF
DPI
PROCFS
Exception Path
Linux OS
IPsec
C
H
E
D
U
L
E
R
Not Provided with Intel DPDK
Flow Classification Pattern Matching
LAG
Q
E
M
U
Enables
Development
w/out
Requiring
Supported
NICs
ICMP, ARP, IKE,etc.
VLAN
Logging
IKE Strongswan
Test
…
Intel® DPDK + Intelligent Network Platform
Data-Plane
Mempool
Mbuf
Ether
EAL
L3FWD / VF
Exception Path
Timer
Multi-Process
LibrariesExamples
TCP UDP
Sockets
Applications
Management-Plane
IKE Strongswan
Interactive
Config/Monitoring
C
O
-
O
P
S
C
• Adds spt for multiple contexts within
the same thread/process/core
• enables implementing a multi-
tasking environment and the BSD
socket API with blocking calls
Memory
Protection
pktgen
shellScreen, nc, telnet
Netlink- routes –
-SA Sync –
- interface -
Proxy Interfaces
Legend: Intel DPDK
User-Mode Drivers
proxy0
User IO Module
Timer
Ring
Net
Malloc
LPM
HashL2FWD / VF
Link Status IRQ
DPDK QAT
VMDQ_DCP
Input Frag
Load Balancer
proxy1 proxyNQemuport
ARP ICMP IGMP VRF
DPI
PROCFS
Logging
Exception Path
Linux OS
IKE Strongswan
IPsec
C
H
E
D
U
L
E
R
Wind River Intelligent Network Platform
Flow Classification Pattern Matching
LAG
Q
E
M
U
Test
Enables
Development
w/out
Requiring
Supported
NICs
ICMP, ARP, IKE,etc.
VLAN
QAT
WR Products are
delivered as a Source
Code Product …
Linux Delivery Options
Intelligent
Network
Engines
Intelligent
Network
Engines
Stand-AloneWind River Linux
Airplane Development
Engines Engines
Intel DPDK Intel DPDK
Wind River Linux12.04 Desktop
Qemu
Airplane Development
SSL+
16
Takes 2 minutes to install,
build and run an application
Screaming Performance � Significant improvements for IP forwarding, UDP, and TCP– >1100% IP-forwarding performance over Linux
– 500% UDP or TCP improvement over Linux
– VPN with hardware acceleration 5.5 Mpps/port
� Reduced pattern-matching latency � Reduced pattern-matching latency – 200-to-400% faster than Snort (stand-alone)
– Plus - 2800% lower latency on AAE/DPDK (accelerated)
� Substantially reduced data plane network application latency– Wire-line speed at 2 threads/port for suite-spot frame-length
Huge Time-to-Market Savings
� Three-minute installation
� Savings of six staff years for developing advanced accelerated networking protocols
� Savings of ten staff years for developing pattern-matching software
� Savings of priceless years of deep technical knowledge ensuring the building and deployment of successful networking products
Embedded Development Kit Lanner FWA-8895With Intel® DPDK Integration
Live USB™SBC/System TargetGetting Started
Guide
• Host environment + optimized
• 30 day trial activation
• Intel® DPDK APIs and libraries
Coming soon
| © 2012 Wind River. Subject to NDA with Wind River. All
Rights Reserved.
14
• Optimized Wind River Linux runtime image included on target system
• Intel® DPDK runtime
optimized demonstrations that highlight silicon
• Written Tutorials
• Intel® DPDK tutorial
• Video Tutorials
Complete development environment
and Intel DPDK evaluation within
minutes of opening the box!
LiveUSB™ - Key to Development Kit
Features
� Complete IDE on a stick
� Boot from any host PC
� Automatic “tools” eval license
� All documentation included
Wind River Workbench� Wind River Workbench 3.3
• Eclipse framework (Galileo) 3.5
• Eclipse CDT project 6.0
• Wind River GNU compiler
� All documentation included
� Best in class embedded “OOB” experience
• User space and kernel debuggers
• Linux user & kernel space configuration tools
• Run-time analysis tools:
• System viewer
• Memory analyzer
• Performance profiler
• Data monitor
• Code coverage analyzer
| © 2012 Wind River. All Rights Reserved.15
One Intelligent Software System to Use Across the Network
� Scalable across product lines
� Consolidate management and data plane
� Integrated software components to accelerate, analyze, and secure applications
� Flexible configuration – full platform � Flexible configuration – full platform or standalone components
� Comprehensive lifecycle development tools
� Access to technical experts to design, develop, and extend
� One support call for all pieces
� WR Products are delivered as a Source Code Product
Wind River Networking for Intel DPDK
� Dedicated R&D Group
• Source access
• Active patch porting
� Professional Services
• Experts Globally
• 2-day DPDK Training � Support and Premium offerings
• Global 24 hours, 365 days
• On-line Forum Support
• 95% CSAT
• 20% Net Promoter Score
Hardware Development Kits
• Integrated for fast evaluations
�Tools and Extensions
• PKGen
• Performance Studio
Intel
DPDK®
Commercially-Available Extensions
• DPDK Roadmap alignmentTest Infrastructure
• Automated Suites
• Quality artifacts�Linux Distribution
Integration
• Latest, greatest
updates
• Integrated for fast evaluations
• Great OoB experience• Performance Studio
DPDK®
| © 2012 Wind River. All Rights Reserved.18