NFI Logo - blog featured image
Tags :

Migration of existing applications to Cavium OCTEON using its SDK/ADK and/or Linux Kernel for acceleration

CaviumIf you are developing a processor intensive network application, such as encryption/decryption, Virtual Private Networks, intrusion detection and prevention, or Network Attached Storage appliances, you’ll need a highly-integrated security and network application processor chip that delivers tremendous network throughput, such as the Cavium OCTEON® processor.

Designed for increasing network application performance for enterprises, data centers and service provider infrastructures, the Cavium OCTEON family of multi-core MIPS64 processors is a scalable, high-performing solution for intelligent networking applications ranging from 100Mbps to 100Gbps. This family of processors is targeted at intelligent networking, wireless, control plane, and storage applications, and is being used in a variety of OEM networking and storage equipment, including routers, switches, unified threat management (UTM) appliances, content-aware switches, application-aware gateways, triple-play gateways, WLAN and 3G/4G access and aggregation devices, storage arrays, storage networking equipment, servers, and intelligent NICs.

OCTEON offers two options for application development – use Cavium’s ported Linux or Cavium’s Simple Executive for core OCTEON data plane applications. If you don’t need the full throughput of Cavium’s OCTEON, then using the first option is a good approach since it gives you the benefit of being able to quickly port and use any application written for a standard Linux distribution. With this approach your standard application that’s been developed for a standard Linux distribution will pretty much run with minimum changes on OCTEON, while you still get to take advantage of many components of the OCTEON hardware. It’s a faster development time since you only need bare minimum changes to migrate to OCTEON and you’re still able to use open source software written for Linux. This is often done for control plane applications on OCTEON since these applications do not need to run at line rates.

With the second option – writing core OCTEON data plane applications, you don’t have a full OS (Linux).  OCTEON provides a bare minimum boot loader (port of open source Uboot) and then your application directly deals with hardware. Here you can get the best of OCTEON’s throughput and avoid overheads (scheduling, context switches, etc.) introduced by an operating system.  However, you have to write applications from scratch using the OCTEON SDK and you cannot quickly port code written for standard Linux. But with this approach, you can fully utilize the capabilities of the OCTEON chip. For example, if you were creating a large real world application, you’d select this option for most of your data plane processing using most of cores of an OCTEON chip, reserving one or two cores for other functions.  The reserved cores might be running the first option (explained above, i.e. Linux) for control plane and sending accumulated data stats to the external world.

Many view the OS kernel as part of the performance solution, but rather, it can be part of the problem. By running software without any OS between itself and hardware, we have the liberty to take packet handling, memory management etc. out of hands of the kernel and put into the application where it can be done efficiently while not wasting any cycles in say context switching. We program it ourselves on bare hardware, and we can do it fast enough for the performance requirements that’s needed. We let Linux handle the control plane and continue to let the application handle the data plane. Cavium’s OCTEON gives the ability to do this when needed – even adding specialized hardware to perform at par with this in true parallel fashion (i.e. there is no OS process scheduling with running your code, which makes it slow).

OCTEON can do true multicore processing by sending different flows (traffic between one user session and website) to different cores. By doing the routing in hardware it’s far faster than doing it via software locking in than, let’s say, a Linux kernel. Usually the bottleneck for processing isn’t attributed to the processor but rather the IO, scheduling and other aspects OCTEON greatly speeds up by providing specialized hardware.

At Northforge we’ve developed solutions for customers that take advantage of the control and data planes for many OCTEON based applications, whether you need a gigabit WiFi access point, a firewall for a large institution or other network applications. We can help you can take advantage of a scalable processor line for high performance and integration for many of your advanced security, networking and application acceleration needs.