WHITE PAPER Intel® QuickAssist Technology Communications and Networking
Flexible Workload Acceleration on Intel® Architecture Lowers Equipment Cost
Intel® QuickAssist Technology eliminates the need for various add-on acceleration modules
There will always be classes of standard application programming workloads and algorithms that interfaces (APIs). They provide consistent push the capabilities of traditional conventions and semantics across multiple compute platforms. A prime example is accelerator implementations, thus future- computationally-expensive public key proofing software investments. The platform encryption algorithms supporting SSL, also delivers exceptional packet processing particularly the handshaking mechanism performance by running performance- that allows a server and a client to optimized libraries from the Intel® Data establish a connection. Consequently, Plane Development Kit (Intel® DPDK). IT professionals often deploy specialty This paper provides an overview of Intel based add-on acceleration modules QuickAssist Technology and describes four to increase performance and avoid implementation scenarios that underscore overloading their servers. the flexibility available to equipment Now, there’s an alternative to using manufacturers, independent software specialized ASICs for compute-intensive vendors (ISVs) and IT professionals. Using Acceleration modules built workloads. Servers based on the Intel® this workload acceleration technology, into the Intel® Platform for Platform for Communications it’s possible for Telco central offices and Infrastructure have new capabilities for datacenters to significantly lower their Communications Infrastructure accelerating asymmetric and symmetric equipment cost and improve workload cryptography, data compression and other balancing across servers. workloads. The platform incorporates Intel® QuickAssist Technology, which includes acceleration modules that are accessed via a unified set of industry- Intel® QuickAssist Technology Workload Open Source Framework Open Source Applications Overview Cryptography • OpenSSL libcrypto • IPSec (NETKEY) Although Intel QuickAssist Technology • Linux* Kernel Crypto API • Apache* supports several mechanisms for Intel® (scatterlist) architecture platforms to communicate Data • zlib • File compression (minigzip) with accelerators, this paper focuses on the Compression • Linux Kernal Crypto • IPComp (NETKEY) acceleration capabilities within the Intel API (scatterlist) Platform for Communications Infrastructure, namely through the processors’ chipset which Table 1: Supported Workloads and Open Source Frameworks and Applications may also be used as a PCIe* device for higher performance. They are accessed via the Intel Benefits Implementation Effort and QuickAssist Technology API, which makes Today, equipment manufacturers and Performance calls to hardware acceleration modules in the IT professionals can choose from a Equipment manufacturers and IT platform, as depicted in Figure 1. The large assortment of specialty add-on professionals can implement Intel specialized acceleration modules available acceleration modules that span a wide QuickAssist Technology in a number in this chipset, execute specific workloads range of performance. Compared to many of ways, as illustrated in Figure 2. The including symmetric and asymmetric modules, Intel QuickAssist Technology offers implementation options support either cryptography, compression and pattern comparable or better performance, while open source or proprietary applications matching. The API enables the acceleration providing some other benefits. It is relatively and whether the protocol processing is modules to be easily accessed by open easy to scale performance because the done in user or kernel space. A number source software or vendor. Therefore, this acceleration capacity can be increased by of open source application patches flexibility can shorten time to market by adding processor cores and/or chipsets (user and kernel space) are supplied reducing development complexity and effort. to the design. For instance, in bladed by Intel engineers; and therefore, the systems, having integrated acceleration in customer software integration effort is the processor chipset eliminates the need User or OpenSource for an add-on acceleration module, reduces Application cost, lowers overall power consumption and decreases footprint. The Intel QuickAssist SHIMs (NETKEY, openlib, zlib) Proprietary Proprietary
Software Technology API also preserves software Applications Applications investment over generations of platforms. Intel® QuickAssist Technology API
Implementation Scenarios Open Source Open Source Applications Applications Intel QuickAssist Technology offers a high
Hardware- Effort Programming Assisted level of flexibility given that it supports Kernel Space User Space Acceleration diverse workloads, embraces open source (IPSec & IPComp) (Others)
Hardware software and runs in both kernel and Implementation Intel® Processor-Based Platform user space to best accommodate the Figure 2. Possible Implementation Scenarios Intel Supplied Customer Supplied implementation provided by the open source community. For example, IPSec and IPComp simplified. On the other hand, performance Figure 1. Intel® QuickAssist Technology Accesses typically run in kernel space, whereas many optimizations are possible for proprietary Hardware Acceleration Modules other open protocols run in user space. applications, which may require some Proprietary applications may run in either customization to interface to the Intel Open Source Software Support user or kernel space as well. QuickAssist Technology APIs. And these Today, Intel QuickAssist Technology performance optimizations can be carried accelerates cryptography and data • User space: The memory area typically forward in future generations of Intel compression workloads, with others assigned to application software by the QuickAssist Technology. Implementation currently in development. The workloads operating system. examples for these scenarios are provided are supported by open source frameworks Kernel space: The memory area reserved in the following and depicted in Figure 3. and applications, as shown in Table 1. • to run the kernel (the central part of an The use of open frameworks enables operating system) and software controlling developers to quickly evaluate the platform resources, such as device drivers. performance of the acceleration modules.
2 Open Source Application Open Source Application Proprietary Application Proprietary Application User Space Kernel Space (IPSec & IPComp) User Space Kernel Space (IPSec & IPComp)
Open Source User Space Application Application
Open Source API Open Source Applications (e.g., EVP API) (e.g., Openswan User Space Application Open Source Framework pluto for IKE (e.g., OpenSSL, libcrypto) User Space Application Shim
Intel® QuickAssist Open Source API Intel® QuickAssist Technology API (e.g., OCF, cryptodev) Technology API
Cryptography Accelerator Cryptography Accelerator User Space User Space Driver User Space User Space Driver Driver Kernel Space (e.g., Kernel App crytodev for (e.g., NETKEY, Kernel Space Application OCF) Openswan, KLIPS)
Open Source API Intel® QuickAssist (e.g., OCF, scatterlist) Technology API
Open Source Framework Cryptography Accelerator (e.g., Linux* Kernel Kernel Space Driver CryptoFramework, OCF)
Shim
Intel® QuickAssist Customer Supplied Technology API Open Source Cryptography Accelerator Intel Supplied Kernel Space Driver
Intel QuickAssist Technology Cryptography Accelerator
Figure 3. Implementation Examples
Scenario 1. Open source application, Scenario 2. Open source application, Scenario 3. Proprietary application, user space kernel space (IPSec & IPComp) user space Challenge: An ISV wants to set up a cipher Challenge: An ISV wants to use open Challenge: An equipment manufacturer to perform encryption and decryption source IPSec & IPComp software, where wants to accelerate security functions operations in CBC, CFB, OFB or ECB mode. parts of the protocol handling run in kernel called by its proprietary user space space. security application. Solution: Download OpenSSL (open source) and the associated high level API, Solution: Use an open source API, such Solution: Modify the user space security called EVP. Include openssl/evp.h and link as OCF-Linux*, which is a Linux port of application to make calls to the Intel to libcrypto (-lcrypto). Compile with an the OpenBSD*/FreeBSD* Cryptographic QuickAssist Technology API. Some effort is Intel-provided shim that interfaces to the Framework (OCF). This port aims to bring needed to learn the API. Intel QuickAssist Technology API through full asynchronous crypto acceleration to an OpenSSL engine implementation, the Linux kernel and applications running Scenario 4. Proprietary application, which in turn calls a user space driver that under Linux. Intel supports kernel space kernel space interacts with the hardware. operation with the Intel QuickAssist Challenge: An equipment manufacturer Technology API, and a kernel-built shim wants to call the Intel acceleration and driver. In this scenario, the packet flow hardware modules from kernel space. usually stays in kernel space, and the user space code only handles control messages. Solution: Split up the proprietary security application so the calls to the hardware accelerators are made from kernel space.
3 Boost Packet Processing An Alternative to Add-on Throughput in User Space Acceleration Modules Intel developed the Intel Data Plane Intel QuickAssist Technology introduces Development Kit (Intel DPDK) to accelerate a framework for deploying platform- packet processing performance on level workload acceleration. It provides Intel architecture-based platforms. the flexibility to allow equipment The Intel DPDK contains a number of manufacturers and IT professionals libraries, whose source code is available to strike the right balance between to developers to use and/or modify in a programming effort and performance. In production network element. For select cases where Intel QuickAssist Technology Intel processors and chipsets, examples eliminates the need for add-on acceleration are available using “run-to-completion” modules, it’s possible to reduce cost, and/or “pipeline” models that enable the power consumption and form factor, while equipment manufacturer’s application to increasing the scalability and portability of maintain complete control. the workload acceleration solution. The Intel DPDK dramatically speeds up packet processing on Intel processors, as much as a seven times improvement, thereby enabling a higher level of throughput.
To learn more about Intel solutions for communications and networking, please visit http://www.intel.com/go/commsinfrastructure
Copyright © 2012 Intel Corporation. All rights reserved. Intel, the Intel logo and Xeon are trademarks of Intel Corporation in the United States and/or other countries. *Other names and brands may be claimed as the property of others. Printed in USA 0212/MS/SD/PDF Please Recycle 327217-001US