Application Deployment Featured Article

Accelerating Deep Packet Inspection with Intel Servers, Appliance Deployment

January 18, 2013


In part two of the five part series on deep packet inspection (DPI) from appliance deployment specialist NEI’s (News - Alert) Director of Feld Engineering Austin Hipes, the focus was on performing high performance DPI and encryption without using specialized network processing units (NPUs).

However, in part three the author shows that the new Intel (News - Alert) platform for communications infrastructure (formerly known as “Crystal Forest”) provides OEMs with the opportunity to achieve new levels of design flexibility for DPI and encryption processes compared to their more expensive NPU counterparts.  In fact, the platform is capable of performing operations on control planes, data planes, and applications simultaneously with high throughput rates.

According to Hipes, deep packet inspection, data compression and decompression, and encryption take place at higher throughput rates with the Intel platform for communications infrastructure because it is made up of multi-core processors in combination with Intel QuickAssist technology hardware accelerators.  As a result, the platform enhances DPI capabilities by processing over 160 million packets of data per second as compared to NPU’s 100 million packets per second. 

The elimination of NPUs in the hardware scheme along with the faster processing capacity and reduced development time needed for new applications results in substantial cost reductions for the OEM.

Further, the high performance nature of the new platform is attributed to Intel Xeon processors (E5-2600 series) arranged in a dual-socket configuration. It can be configured to provide up to 16 cores, an 80 channel root complex of PCI (News - Alert) Express (PCIe) Gen 3.0 and 8 1600 MHz memory controllers. 

Another contributor to this increased performance is the 89xx series Intel communications chipset, formerly called Cave Creek. As per the explanation provided, the chipset combines communications hardware accelerators with Platform Controller Hub (PCH) compute I/O functions, and can be used as a standalone PCIe device added to a traditional server platform, or as a PCH in an embedded motherboard design.

Hipes added that the hardware accelerators remove the encryption and data compression functions from the main CPU load, leaving the “CPU free to do other work.  “With the cores freed up of encryption duties, they can now perform DPI and application processing tasks, effectively working on both the control and data planes simultaneously,” notes Hipes

Since the platform and chipset are scalable, it allows designers to adapt their solutions to suit the application. Thus, allowing the designers to go from single-core, low-cost, low-power designs all the way up to 16-core designs. Consequently, the chipsets can be configured for a single device with five Gbps of encryption capability going up to four device configurations in excess of 80 Gbps of encryption potential. 

In short, by simply changing the number of cores or accelerators used in a given platform, OEMs and independent software vendors (ISVs) have the flexibility to enter a variety of market segments without a significant reinvestment in new code development, asserts Hipes.  In addition, existing server platforms can be converted to high-throughput DPI and encryption machines through the addition of PCIe cards housing 89xx series Intel communications chipsets, wrote Hipes.

Meanwhile, reports indicate that cloud-based backup and recovery appliance deployment is on the rise. A recent report posted on TMCnet shows that online backup is gaining popularity in SMBs, education and local government because it provides low-cost and hassle-free solutions to these organizations. This report, generated by Zetta (News - Alert), also shows that large enterprises will increasingly depend on hybrid-online backup 2.0 for their distributed offices.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida.  Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.

Edited by Jamie Epstein
  • Featured Podcast
    UNICOM Engineering Podcast Featuring Austin Hipes, vice president of technology at UNICOM Engineering

Featured Case Study

UNICOM Engineering Helps Bandura®, a TechGuard Security® Company, Expand Globally
Bandura® is a wholly owned subsidiary of Techguard Security®, which provides technologies and services that protect critical networks from cyber attack. Its flagship product, developed by TechGuard, is the PoliWall® appliance, a hardware device that sits between firewalls and edge routers to stop threats at the network edge by blockingmalicious traffic...

Featured Webinars

Featured Datasheets

S-1600 R3 High Reliability, Single CPU Systems
UNICOM Engineering’s S-1600 R3 offers high-reliability in a single CPU package...

E-1800 R3 - High-Reliability, Medium-Density Communications Systemss
UNICOM Engineering’s E-1800 R3 communications appliance delivers the industry’s best combination of high-performance and high-reliability for medium density applications...

N-2500 R5 - Next Generation Carrier-Class Application Platform
UNICOM Engineering’s N-2500 R5 Carrier Grade Server combines performance, ruggedness, reliability, and long life in a NEBS-3 and ETSI-compliant 2U chassis...

Popular Articles