• Resources
  • Directory
  • Webinars
  • CAD Models
  • Video
  • Blogs
  • More Publications
  • Advertise
    1. Technologies
    2. Embedded
    3. Digital ICs
    4. Processors
    5. Microcontrollers

    A 40 Gbit/s Bump-in-the-Wire

    Feb. 7, 2011
    Cavium Networks Nitrox DPI II is designed to be just a small bump in the 40 Gbit/s wire providing deep packet inspection at line speeds.

    1 of Enlarge image

    Nitrox DPI II architecture

    DPI automata comparison

    Nitrox DPI II operating modes

    Nitrox DPI II inline mode

    Cavium Networks is well known for their network security processor and multicore network processors (see Multicore Chip Handles Broadband Packet Processing). Their new Nitrox DPI II (Fig. 1) is designed to be just a small bump in the 40 Gbit/s wire. It provides deep packet inspection (DPI) at line speeds.

    The Nitrox DPI II handles incoming and outgoing network flows itself. The flow and inspection managers can handle conventional filtering operations but the heavy lifting for DPI is done using the hyper finite automata (HFA) engines. HFA provides better performance (Fig. 2) than the alternatives: deterministic finite automata (DFI) and non-deterministic automata (NFA). Some of Cavium's earlier products used these techniques but the last and latest platforms use HFA exclusively.

    The HFA compiler transforms regular expressions normally used to define the DPI process into a system that is stored in the Nitrox DPI II's memory. This is used when scanning the stream of incoming packets. It can handle protocols, viruses and other information that requires over half a dozen packets to be scanned. DFI and NFA tend to slow down as the scanning depth increases and the number of rules increases.

    The Nitrox DPI II has three operating modes (Fig. 3). It can be used as a coprocessor where the host handles all network traffic passing off packets to be processed by the chip. It can also be used as a NIC (network interface card) where the Nitrox DPI II handles incoming and outgoing traffic but packets are handed off to the host. This allows the chip to be an augmented NIC providing packet inspection as necessary. Finally there is a standalone inline mode (Fig. 4). In this case, the chip passed packets through performing packet inspection as necessary. A host processor typically configures the system or it can be done during the boot process. It can also be configured using the network interface as well.

    Deep packet inspection is becoming a requirement addressing real time flows to detect protocols, viruses and other information. Its performance means the Nitrox DPI II will not be a bottleneck but rather just a small bump in the road.

    Continue Reading

    Sponsored Recommendations

    The Importance of PCB Design in Consumer Products

    April 25, 2024
    Explore the importance of PCB design and how Fusion 360 can help your team react to evolving consumer demands.

    PCB Design Mastery for Assembly & Fabrication

    April 25, 2024
    This guide explores PCB circuit board design, focusing on both Design For Assembly (DFA) and Design For Fabrication (DFab) perspectives.

    What is Design Rule Checking in PCBs?

    April 25, 2024
    Explore the importance of Design Rule Checking (DRC) in manufacturing and how Autodesk Fusion 360 enhances the process.

    Unlocking the Power of IoT Integration for Elevated PCB Designs

    April 25, 2024
    What does it take to add IoT into your product? What advantages does IoT have in PCB related projects? Read to find answers to your IoT design questions.

    Comments

    To join the conversation, and become an exclusive member of Electronic Design, create an account today!