SOLUTION BRIEF
Accelerating x86 Data Plane Packet Processing
with Mellanox Indigo™
BACKGROUND
Network functionalities are commonly deployed on x86, whether in servers in the data
center, or servers in Network Function Virtualization (NFV) architecture, or in dedicated
x86‑powered appliances. While this approach adds flexibility, it comes at the expense
of high management cost, high power consumption, or limited performance and poor
scalability.
Mellanox’s innovative Accelerated Data Plane (ADP) architecture is best suited to overcome
these limitations. By using the ADP architecture over Indigo, Mellanox’s high-performance
programmable L2-L7 packet processor, a range of functionalities running on x86 can be
accelerated, thereby reducing the required number of servers. Relevant applications
that may take advantage of Indigo’s data plane acceleration include traffic management
and SLA enforcement, stateful flow awareness, IPsec, and application awareness/Deep
Packet Inspection (DPI), and in so doing can offload security, load balancing, and firewall
applications. This can also benefit NFV deployments by enabling acceleration of Virtual
Network Functions (VNF), reducing the equipment footprint needed at the Point-of-Presence
of ISPs. ADP can also empower x86-based appliances to handle more functions in a smaller
enclosure.
The revolutionary concept of the ADP architecture is to maintain the business logic in
the servers, while fast-path packet processing is offloaded by Indigo. The Indigo network
processor is capable of:
•
Stateful flow processing at a rate above 500Gb/s on more than 200M flows
•
DPI at a rate of 400Gb/s on more than 100M flows with application recognition of
more than 3,000 applications/protocols
•
Up to 180Gb/s of IPsec encryption/decryption capabilities
•
480Gb/s of hardware-based traffic management
Implemented as part of the accelerated datapath application running on the Indigo
processor, these capabilities are exposed to the x86-based applications by a set of open
APIs provided by Mellanox as part of the Fast Path Host library.
HARDWARE-INDEPENDENT ACCELERATION
ADP extends Software-Defined Networking to security and networking by enabling the
application software running on x86 to take full advantage of the accelerations provided
by Indigo, without requiring the development of software to run on the Indigo itself. It
minimizes the necessary changes to the accelerated software running on the x86 by
providing the Fast Path software library, enabling the x86 software to invoke data plane
acceleration remotely.
HIGHLIGHTS
•Indigo-based seamless data plane acceleration for
x86 applications
•Use of ADP’s Fast Path Library APIs to abstract the
accelerating Indigo platform
•Maps packets to flows/users
•Identifies applications from list of 3000+
signatures
•Complete offload of crypto functions
•Fast path for policies and corresponding actions
•QoS
•Encryption/decryption
•ACLs
USE CASES
•PE routers, Session Border controllers, and SGSN/
GGSN gateways can offload:
•Service Level Agreement enforcement
•Traffic management
•Stateful flow awareness
•Application recognition
•Firewalls and DPI equipment can offload:
•Stateful flow awareness
•User awareness
•IPsec
BENEFITS
•No need to develop software on the underlying
Indigo hardware
•Significant reduction in VNF computation needs
thanks to Indigo’s 20-30X acceleration
•Reduced costs via higher VM density and fewer
servers
•Fewer VMs to manage and deploy
•Significant reduction in power consumption
2
Figure 1. ADP Solution with x86 and Indigo
Mellanox and ECI ADP-Based vCPE Acceleration
Mellanox and ECI Telecom teamed
to demonstrate ADP capability at the
Mobile World Congress in February
2017 through a hardware accelerated
advanced Entrerprise vCPE platform.
In this demonstration, ADP proved its significant data plane acceleration
capabilities for an open-source Vyatta-based vRouter application for
specific functions, including virtual router, L4-7 firewalling and L7 QoS. A
test bed comparison was run comparing Virtualized Network Functions
on x86 servers to similar x86 servers accelerated by ADP on the Indigo
platform. The ADP-enabled Mellanox-ECI joint solution showed more than
100X performance acceleration for network applications, proving the value
proposition of ADP.
The Indigo processor may be deployed in conjunction with the Mellanox
Spectrum™ switch, combining Spectrum’s Layer 2-L3 networking capabilities
with the flexibility of Indigo for crypto and L4-L7 processing. Indigo can be
located in the Mellanox IDG4400 1U platform or embedded in a custom
design.
Once the x86 application is modified to take advantage of the Fast Path
Library, it can be accelerated independently of the underlying hardware, and
can select whether or not to use the acceleration.
All APIs in the ADP architecture are open, and an x86-only implementation is
also available, enabling customers to maintain a single source base for both
accelerated and software-only deployments.
Figure 2. ADP x86 Processing HW Acceleration
FAST PATH LIBRARY
ACCELERATION EXAMPLES
The following are examples of capabilities that can be accelerated by
the APIs provided by the Fast Path Library:
Crypto
• Tunnel-based control of the crypto to be performed by ADP on
behalf of the VNF
• Provides full 180Gb/s crypto capabilities of Indigo
Flow awareness
• Enables mapping of incoming packets to bi-directional
stateful flows
• State machines keep track of TCP connection states
• Up to 200M flows and 500Gb/s
Firewall
• Offload of Linux Netfilter
• State machines at a rate of 300Gb/s for 200M flows
DPI-based Application Recognition
• Identification of a specific application in a specific flow
• Up to 100M flows and 400Gb/s performance
Traffic Bypass and Conditional Bypass per Flow
• Enables x86 applications to specify not to receive further packets
from a flow
• Allows auto-forwarding packets on which specified actions
should be performed
Shaping
• Enables traffic shaping for packets of a specific flow
• Utilizes Indigo’s proven, best-of-breed, hardware traffic
manager
Policy
• Enables policy-based rules that are fully offloaded from x86
to Indigo
Networking
• Large set of Fast Path APIs in support of networking
operations, such as flow bypass, routing, and statistics
350 Oakmead Parkway, Suite 100, Sunnyvale, CA 94085
Tel: 408-970-3400 • Fax: 408-970-3403
www.mellanox.com
© Copyright 2017. Mellanox Technologies. All rights reserved.
Mellanox and Mellanox logo are registered trademarks of Mellanox Technologies, Ltd. Indigo is a trademark of Mellanox Technologies, Ltd.
All other trademarks are property of their respective owners.
15-52210SB
Rev1.1