• Resources
  • Directory
  • Webinars
  • CAD Models
  • Video
  • Blogs
  • More Publications
  • Advertise
    1. Technologies
    2. Embedded
    3. Digital ICs
    4. Processors
    5. Microcontrollers

    A 40 Gbit/s Bump-in-the-Wire

    Feb. 7, 2011
    Cavium Networks Nitrox DPI II is designed to be just a small bump in the 40 Gbit/s wire providing deep packet inspection at line speeds.

    1 of Enlarge image

    Nitrox DPI II architecture

    DPI automata comparison

    Nitrox DPI II operating modes

    Nitrox DPI II inline mode

    Cavium Networks is well known for their network security processor and multicore network processors (see Multicore Chip Handles Broadband Packet Processing). Their new Nitrox DPI II (Fig. 1) is designed to be just a small bump in the 40 Gbit/s wire. It provides deep packet inspection (DPI) at line speeds.

    The Nitrox DPI II handles incoming and outgoing network flows itself. The flow and inspection managers can handle conventional filtering operations but the heavy lifting for DPI is done using the hyper finite automata (HFA) engines. HFA provides better performance (Fig. 2) than the alternatives: deterministic finite automata (DFI) and non-deterministic automata (NFA). Some of Cavium's earlier products used these techniques but the last and latest platforms use HFA exclusively.

    The HFA compiler transforms regular expressions normally used to define the DPI process into a system that is stored in the Nitrox DPI II's memory. This is used when scanning the stream of incoming packets. It can handle protocols, viruses and other information that requires over half a dozen packets to be scanned. DFI and NFA tend to slow down as the scanning depth increases and the number of rules increases.

    The Nitrox DPI II has three operating modes (Fig. 3). It can be used as a coprocessor where the host handles all network traffic passing off packets to be processed by the chip. It can also be used as a NIC (network interface card) where the Nitrox DPI II handles incoming and outgoing traffic but packets are handed off to the host. This allows the chip to be an augmented NIC providing packet inspection as necessary. Finally there is a standalone inline mode (Fig. 4). In this case, the chip passed packets through performing packet inspection as necessary. A host processor typically configures the system or it can be done during the boot process. It can also be configured using the network interface as well.

    Deep packet inspection is becoming a requirement addressing real time flows to detect protocols, viruses and other information. Its performance means the Nitrox DPI II will not be a bottleneck but rather just a small bump in the road.

    Continue Reading

    Sponsored Recommendations

    TTI Transportation Resource Center

    April 8, 2024
    From sensors to vehicle electrification, from design to production, on-board and off-board a TTI Transportation Specialist will help you keep moving into the future. TTI has been...

    Cornell Dubilier: Push EV Charging to Higher Productivity and Lower Recharge Times

    April 8, 2024
    Optimized for high efficiency power inverter/converter level 3 EV charging systems, CDE capacitors offer high capacitance values, low inductance (< 5 nH), high ripple current ...

    TTI Hybrid & Electric Vehicles Line Card

    April 8, 2024
    Components for Infrastructure, Connectivity and On-board Systems TTI stocks the premier electrical components that hybrid and electric vehicle manufacturers and suppliers need...

    Bourns: Automotive-Grade Components for the Rough Road Ahead

    April 8, 2024
    The electronics needed for transportation today is getting increasingly more demanding and sophisticated, requiring not only high quality components but those that interface well...

    Comments

    To join the conversation, and become an exclusive member of Electronic Design, create an account today!