Integrated Cryptographic and Compression Accelerators on Intel Architecture Platforms

Transcription

1 SOLUTION BRIEF Intel QuickAssist Technology Integrated Cryptographic and Compression Accelerators on Intel Architecture Platforms High performance, scalability, and ease of use allow network device manufacturers to dramatically decrease development time Workload Acceleration Challenges Demands on cloud and network equipment are escalating at breakneck pace, driving the need to deliver ever higher levels of traffic throughput and security To keep up with market requirements, network equipment manufacturers often accelerate compression and cryptographic workloads using commercially-available add-in cards, which can be time consuming to optimize performance using scarce programming resources Developers preferring to use open source software, like OpenSSL * or IPsec, may find accelerator card vendors either deviate from open source APIs, hindering software portability, or are slow to respond to API updates, thus delaying support for new features Built-in Acceleration With Intel QuickAssist Technology, Intel is making it easier for equipment manufacturers to deliver highperformance compression and cryptography on devices deployed in wireless, telecom, cloud, data centers, and enterprise systems The technology is integrated in a family of pin-compatible Intel chipsets that deliver scalable crypto performance - from 0 to 50 Gbps via on-chip hardware accelerators Additionally, crypto accelerators are available on select members of the Intel Atom processor C2000 product family, which makes these system-on-chip (SoC) solutions ideal for entry-level, network equipment The compression and cryptography performance of these products is shown in Table 1 1 KEY BENEFITS High performance on par with or better than leading crypto co-processors Scalability from 0 to 50 Gbps of crypto performance Ease of use different integration paths to software applications via patches or kernel changes Flexibility accelerate open-source or proprietary implementations Future proof application code stays the same as technology evolves This solution brief provides an overview of the integrated cryptographic and compression accelerators available on select Intel architecture platforms, and is one in a series of five briefs describing how to maximize the benefits from Intel QuickAssist Technology Please see the Resources section for links to the series

2 Intel Communications Chipset 89xx Series Intel Atom processor Version C2738 Intel QuickAssist Technology Capability (Gbps) None 2 50G IPsec (Gbps) 2 43G 7G SSL (Gbps) 2 49G 7G Compression (Gbps) 3G 8G 12G 24G Kasumi*/Snow3G* (Gbps) 24G 1G RSA Decrypt 1k-bit key (ops/sec) 12K 24K 28K 100K 190K 13K RSA Decrypt 2k-bit key (ops/sec) 5K 20K 40K 2K Package FCBGA: 27mm x 27mm BGA FCBGA1283 Table 1 Results from Compression and Cryptography Performance Testing 1 Open Source Software Support Intel QuickAssist Technology supports the open source frameworks and applications shown in Table 2, accelerating cryptography and data compression workloads The use of open frameworks enables application developers to benefit from the acceleration technology with minimal software development effort Workload Cryptography Open Source Framework OpenSSL* libcrypto Linux * Kernel Crypto API (scatterlist) Open Source Applications IPsec (NETKEY) Apache * Data Compression zlib File Compression (minigzip) Table 2 Supported Workloads and Open Source Frameworks and Applications 2

3 Ease of Use With minor changes to a software build, developers can significantly boost performance of the open-source frameworks listed in Table 2 using Intel QuickAssist Technology Software developers just need to add Intel-developed Linux * Kernel patches or Open Source Framework patches available at no cost to attain around an order of magnitude (eg, ten-fold) performance improvement 1 Even higher performance levels can be achieved by equipment manufacturers when their network applications (in Linux user-space or kernel-space) communicate directly with the built-in accelerators through the highly-extensible API Figure 1 depicts the symmetric cryptography, public key, and compression/decryption hardware accelerators present on an Intel processor-based platform with Intel QuickAssist Technology These accelerators can be accessed by proprietary applications, or open-source functions and OS libraries via the Intel QuickAssist Technology API The available patches and Linux kernel changes are designed to increase portability and performance Application Layer Proprietary Open Source (eg, IPSec, Apache*) Functions/ OS Libraries gzip (zlib) OpenSSL* (libcrypto) NetKey (LKCF) Intel-developed patches and kernel changes Drivers Intel QuickAssist Technology API Symmetric Cryptography Public Key Functions Compression/ Decryption Optimized Software Intel Processor-based Platform Intel Drivers, Patches etc Software-only Hardware accelerated Figure 1 Accessing Intel QuickAssist Technology Accelerators 3

4 Hardware Options Intel QuickAssist Technology is available in two different form factors: chipsets and server accelerator cards For the lowest cost, power, and board footprint, the Intel Communications Chipset 89xx series can be paired with the Intel Xeon processor E v2 product family, or a two or four-core Intel processor in a BGA package The recently launched Intel Communications Chipset 8950 improves the crypto acceleration performance by 25 times over the Intel Communications Chipset 8920 and accelerates compression workloads by up to 20 Gbps All Intel Communications Chipset 89xx series are pin compatible, so a common board design can be configured from no crypto (Intel Communications Chipset 8900) to 50 Gbps crypto acceleration performance (Intel Communications Chipset 8950) Additionally, Intel offers Intel QuickAssist Technology Server Accelerator Cards (Figure 2), which plug into a PCI Express * Gen 3 x8 slot on existing servers based on the Intel Xeon processor E v2 and Intel Xeon processor E product families Since most servers have an available x8 slot, these accelerator cards are typically easier to deploy than other accelerator cards that require the less common PCI Express Gen 2 x16 slot Two server accelerator cards are available: Intel QuickAssist Adapter 8920-SCC: up to 20 Gbps crypto acceleration performance Intel QuickAssist Adapter 8950-SCCP: up to 50 Gbps crypto acceleration performance Since these accelerator boards are based on the same technology as the Intel Communications Chipset 89xx series, they are low power and do not require active heat sinks Future Proof Applications can use the Intel QuickAssist Technology API to communicate directly with acceleration hardware, providing the highest performance Alternatively, applications can call the associated open source APIs, which will use either Intel-developed patches (for Figure 2 Intel QuickAssist Technology Server Acceleration Card platforms containing hardware acceleration with Intel QuickAssist Technology) or software optimizations based on the latest Intel instruction set architectures In other words, application code calling an open-source framework (eg, OpenSSL) remains the same regardless of whether the acceleration is provided by a software module or a hardware accelerator on the platform Likewise, application code does not have to change as technology evolves (ie, new encryption feature) since the Intel QuickAssist Technology API will maintain backward-compatibility, thereby future-proofing equipment manufacturer software Flexible Workload Acceleration on Intel Architecture As the complexity of networking and security applications grows, more systems will need to offload cryptography and data compression workloads, making more CPU cycles available for other functions, like deep packet inspection (DPI) and traffic management Intel QuickAssist Technology offers a high-level of flexibility with optimized support via shims for both open source or propriety implementations of these functions Moreover, the high performance, scalability, and ease-of-use benefits derived from Intel QuickAssist Technology allow equipment manufacturers to shorten their time to market for next generation network devices 4

5 Resources Solution Brief Series: Intel QuickAssist Technology Part 1: Integrated Cryptographic and Compression Accelerators on Intel Architecture Platforms Part 2: Bridging Open Source Applications and Intel QuickAssist Technology Acceleration Part 3: Accelerating OpenSSL* Using Intel QuickAssist Technology Part 4: Accelerating Hadoop* Applications Using Intel QuickAssist Technology Part 5: Scaling Acceleration Capacity from 5 to 50 Gbps Intel QuickAssist Technology Intel QuickAssist Technology For more information About Intel QuickAssist Technology, visit 1 Performance tests and ratings are measured using specific computer systems and/or components and reflect the approximate performance of Intel products as measured by those tests Any difference in system hardware or software design or configuration, as well as system use patterns including wireless connectivity, may affect actual test results and ratings Copyright 2013 Intel Corporation All rights reserved Intel, the Intel logo, and Xeon are trademarks of Intel Corporation in the United States and/or other countries Cryptographic and Compression Acceleration Symmetric cryptography functions include cipher operations (AES, DES, 3DES, ARC4); wireless (Kasumi, Snow 3G); hash/authenticate operations (SHA-1, MD5; SHA-2 [SHA-224, SHA-256, SHA-384, SHA- 512]); authentication (HMAC, AES- XCBC, AES-CCM); AES-XTS (Intel Communications Chipset 8925 and Intel Communications Chipset 8950 only); and random number generation Public Key functions include RSA operation; Diffie-Hellman operation; digital signature standard operation; key derivation operation; elliptic curve cryptography (ECDSA and ECDH); random number generation; and prime number testing Compression/decompression include DEFLATE (Lempel-Ziv 77) and LZS (Lempel-Ziv-Stac) *Other names and brands may be claimed as the property of others Printed in USA MS/VC/1113 Order No US 5