Get The Jump On Next-Gen Enterprise-Class Wireless Access Points
The higher data rates and advanced services expected of next-generation 802.11n (Wi-Fi) and WiMAX-based wireless enterprise access points (APs) will require engineers to carefully balance the need for higher performance with cost and power consumption. This presents a difficult challenge for the approach they take in system design.
In access points designed to utilize the emerging generation of 802.11n radios, which currently achieve up to 300 Mbits/s and will soon reach up to 600 Mbits/s, a separate host microprocessor is essential to handle the much higher packet rates and new protocol requirements. AP designs that relied on just the embedded processor within the wireless chipset would quickly become overwhelmed.
To meet the complex challenges presented by 802.11n technology, designers need an innovative microprocessor that can deliver great performance and integrated features like PCI Express (PCIe), Gigabit Ethernet, USB 2.0, and an advanced security engine. It’s also essential that it consume the least amount of power possible and deliver all of these capabilities at an affordable price.
The IEEE 802.11 Working Group is closing in on a final specification for the new 802.11n Wireless LAN standard, with ratification expected by the first half of 2009. This revolutionary new WLAN standard will increase maximum Wi-Fi data rates by up to 10 times, taking them from a maximum of 54 Mbits/s for 802.11g and 802.11a to 600 Mbits/s with 802.11n. In addition to faster data rates, next-generation access points will be expected to support several new protocols for quality of service (QoS), Voice over Internet Protocol (VoIP), and advanced security for VPN and IPSec.
The 802.11n standard is a key enabling technology for a wide range of enhanced WLAN applications, including high-definition (HD) video streaming, multichannel high-fidelity audio streaming, comprehensive network security, and multiple, simultaneous VoIP channels. An HD video stream typically needs 20 Mbits/s of dedicated bandwidth on a network. In first-gen 802.11n radios, it’s common to see up to 200 Mbits/s of available bandwidth.
However, when you account for network overhead required to manage wireless links, the available bandwidth drops to less than half that rate under typical operating conditions, making it impractical for even a single compressed HD video channel. For this reason, video streaming over 802.11g networks has never achieved commercial success. With 802.11n’s support for highperformance radios, there’s more than sufficient bandwidth available to simultaneously carry multiple HD video and VoIP channels across distances of up to 40 meters.
To support these higher data rates and new services, next-generation wireless access-point designs require a new breed of microprocessor. The ideal processor requires high levels of integration to reduce system complexity, lowering the external component count and overall system cost. A cost-effective microprocessor suited for 802.11n AP designs must be optimized for the demanding enterpriseclass workloads, as well as for both general networking and general-purpose processing applications, allowing economies of scale to keep its price low.
To offer major enhancements in performance, bandwidth, security, and multi-platform support for next-generation APs based on the new 802.11n and WiMAX standards, designers should consider microprocessors with the following attributes:
• Processing performance up to 600 MHz, yielding 900 DMIPS
• Dual single-lane PCI Express ports, each with integrated SERDES to support connectivity to 802.11n/Wi-Fi, WiMAX, or other PCI Express-based chip sets
• Very low power dissipation, to ensure compatibility with 802.3af (PoE)
• Integrated hardware-accelerated Turbo Security Engine for handling IPSec and VPN services, featuring single-pass operation and full header/trailer protocol processing independent of the CPU
• USB 2.0 On-The-Go with support for either host or device modes
• DDR1/2 memory support
But designers of these systems have to meet strict cost constraints. With that in mind, a microprocessor offering all of the attributes listed above should be available for an average selling price of under $20 to achieve design momentum.
SCALABLE PERFORMANCE Today’s consumer-grade 802.11a/g APs typically don’t have separate application processors. Often, there’s enough processing capacity available in the embedded processor core within the wireless chipset to handle AP tasks and a minimal number of higher-level protocols.The shift to 802.11n radios in access points, though, will require the addition of a host processor to accommodate the increased data rates. Moreover, new enterprise and residential network services require increased security, support for multimedia streaming and real-time VoIP, and support for the advanced protocols and standards behind these services such as H.232, IPSec, and AES.
To meet these needs, host processors in next-generation AP platforms should deliver up to 900 DMIPS of processing capacity. Thus, designers of AP systems must consider the system-level throughput requirements. These would include PCI Express, since most new 802.11n radio cards are shifting to this interface, 32-bit DDR2 memory for high performance, and Gigabit Ethernet to accommodate 802.11n data rates that are well above 100 Mbits/s. Figure 1 shows an optimized processor architecture for 802.11n APs.
Continue on Page 2
Wireless AP designers will want the option of cost-reducing designs by optimizing frequency to their application or by enhancing AP capabilities over time. A versatile processor is well-suited to meet designer needs when it offers the scalability of 400, 533, and 600 MHz of CPU performance, or the option of single Gigabit Ethernet and PCI Express ports, or dual Gigabit Ethernet and PCI Express ports.
However, by designing in more processing capacity, APs can be enhanced over time through software upgrades to introduce these features even after deployment, without the need to replace hardware.
OVERCOME BANDWIDTH LIMITATIONS VIA PCI EXPRESS PCI Express is the clear successor to PCI in WLAN apps. By providing a higherbandwidth interface while consuming less power, a single-lane PCIe interface can ensure full bandwidth availability and utilization to radio modules or chipsets.Developers need the flexibility in an embedded processor architecture to offer either a single, integrated PCI Express port or a dual PCI Express port with each capable of delivering 2.0 Gbits/s of bandwidth. Dual PCI Express support is essential for enterprise APs that need to differentiate between high-data-rate and low-data-rate devices. While maintaining backward compatibility to 802.11a, 802.11b, and 802.11g devices, nextgeneration 802.11n devices have to deal with problems that arise when slower devices operate over the same frequency of high-speed devices.
High-speed device performance will suffer unless the design integrates dual PCI Express support to enable operation of two radios—one operating at 5 GHz for highspeed devices only and one at 2.4 GHz for slower devices (Fig. 2).
UNPARALLED POWER In enterprise applications, most APs are powered through 802.3af, commonly referred to as Power over Ethernet (PoE), to avoid the additional installation and maintenance costs of running power lines as well as CAT5 lines. The 802.3af PoE standard, however, typically delivers just under 13 W for attached equipment. Most enterprise-class APs using either 802.11g or 802.11a radios are able to operate within this power budget.Still, next-generation 802.11n APs will require designers to do more to minimize power consumption, since 802.11n radios will consume much more power than 802.11g or 802.11a radios. In addition, new enterprise APs will include dual radios, further increasing power consumption.
Developing low-power 802.11n APs is a substantially different prospect compared to 802.11a/g designs given the increase in bandwidth, as well as the need of a dedicated application processor. With 6 W already accounted for by the presence of both 5- and 2.4-GHz radios (3 W for each radio module), managing the remaining power budget early in the design process becomes increasingly critical.
By assessing the needs of the market, it’s clear that developers of APs will need alternatives to off-the-shelf processors that consume between 4 and 5 W. Some of the processors used in AP designs today operate at lower frequencies and provide virtually none of the hardware-based security capabilities required for new AP designs.
Processors using less than 2 W at 533 MHz for the entire chip will be essential to meet the demands of 802.11n AP system developers. Also, the processor will need to provide dual Gigabit Ethernet interfaces, hardware-based security acceleration, and USB 2.0 support at less than half the power of competing devices.
DIFFERENTIATION VIA SECURITY While wireless access grants users greater mobility and freedom, such open accessibility also exposes networks to undesirable intrusion. Security over the wireless link itself is enabled using 802.11i-based security (also known as WPA2) and is typically managed by the wireless radio. However, the connection from wireless AP to the enterprise network can also present security vulnerabilities. To achieve comprehensive security, then, the wired connection needs a security layer of its own.For 802.11a/g APs, a lack of processing resources on the radio chip made it unreasonable to implement security over the wired link without using an inline coprocessor. Because these coprocessors significantly impacted system cost, many manufacturers were unable to support comprehensive security. The infeasibility of implementing such security, though, did not reduce its need.
Continue on Page 3
With a new generation of embedded processors, comprehensive security for both wireless and wired links becomes possible through an integrated security engine that avoids the cost and complexity of an external security coprocessor.
The ideal security engine should support IPSec, SSL, and DTLS security protocols and incorporate public key acceleration and true random number generation, enabling administrators to bring security services such as Virtual Private Network (VPN) processing out to the edge of the wired network. By being fully compatible with FIPS-140-2 and ANSI X9.17 Annex C, the security engine can maximize its performance and design versatility. The availability of integrated hardware-accelerated security processing of 802.11n packets at up to 500-Mbit/s data rates will quickly make support for wired security a key differentiating feature in next-generation enterprise wireless APs (Fig. 3).
In contrast to security implementations from previous-generation processors, an integrated security engine that supports full header/trailer protocol processing reduces CPU workload while boosting throughput. While other hardware security measures require multiple passes to handle headers, trailers, and payload security processing, a security engine with header/ trailer processing performs these tasks in one pass. From a design standpoint, singlepass processing simplifies the packet inspection pipeline, since packets needn’t be temporarily stored during multiple passes or interleaved with other packets waiting to be processed.
In addition, the security engine should be directly attached to the processor’s main data bus and operate at the same frequency. This will maximize the security engine performance, giving it more direct access to the CPU core, system memory, and high-speed I/O, such as Gigabit Ethernet and PCIe. Thus, it will eliminate any unnecessary latency when processing secure data traffic.
An integrated, single-pass security engine with header/trailer protocol processing can also give designers greater flexibility in their choice of packet inspection implementation. By providing an integrated security engine, together with the drivers and an application programming interface (API), designers get the option of implementing the packet inspection software of their choice with the packet engine, whether proprietary or open source.
THE COMPLETE OFFERING To process 802.11n traffic without bottlenecks, developers need scalable and versatile platforms that provide a high level of integration to simplify design. These platforms should also foster quicker time-tomarket and much lower system BOM cost. For example, AMCC’s PowerPC 405EX and 405EXr processors offer performance, efficiency, and integrated security levels needed for wireless applications. Price points are low, too, costing under $20.When considering a processor for a line of products, wireless AP developers should also factor in the ecosystem that supports the processor. Several items, such as thirdparty development tools, operating systems, and turnkey software, are all key factors.