Foundation for High-Performance, Open and Flexible Software and Services in the Carrier Network. Sandeep Shah Director, Systems Architecture EZchip

Foundation for High-Performance, Open and Flexible Software and Services in the Carrier Network Sandeep Shah Director, Systems Architecture EZchip Linley Carrier Conference June 10, 2015 1

EZchip Overview Fabless semiconductor company, NASDAQ listed (EZCH) Leading provider of high-performance data-path processing solutions for carrier, cloud and data center networks NPUs (Network Processors) Multi-core CPUs Intelligent adapters and appliances EZchip is a strategic supplier of NPUs to the top routing vendors and the highest placed and fastest growing NPU vendor Developing the NPS, the most powerful NPU for carrier edge routers, datacenter appliances and white-box solutions Following the Tilera acquisition, developing the TILE-Mx, the highest core count many-core CPU with EZchip's networking accelerators Founded in 1999; >280 employees, over 200 in R&D Global offices in Israel (HQ); San Jose, CA; Boston, MA; and China Strong financial model; $184M in cash, no debt 2

Agenda Challenges facing the carrier today EZchip NPS: Addressing the challenges with fully S/W programmable NPU NPS software stack NPS based solutions Carrier Edge Switch Router L4-7 load balancing L4-7 network visibility and control NFV acceleration Stateful security interception SDN smart switch 3

Carriers: The Challenge Carriers are pressured more than ever before With Flat revenues Declining income from traditional services Growing competition from OTT players Continued growth of overall traffic volumes There are two ways that carriers can improve their position: Lower OPEX through better operational efficiency Increase revenues by introducing new services 4

Carriers: Software as a Solution!? An increased emphasis on software promises to address the challenges discussed, offering: Improved operational flexibility Faster way to introduce new services Lowering proprietary HW lock down Current NFV and SDN offering has shown that, as promised, all can be done in software but the scalability and cost remain a challenge 5

NPS: Addressing the Challenge With its best of breed HW accelerators and massively parallel architecture NPS directly addresses the carriers needs SW services may be: Integrated into the router and switch or Deployed on servers with key data path computations being offloaded to NPS increasing the VM density lowering the overall solution s power & management costs maintaining the flexibility and openness of SW Providing quick development and deployment of powerful software services at scales, throughput rates and economies suitable for carrier networks 6

NPS: A Game Changer NPU 400 Gbps NPU C Programmable Security & DPI Hardware Accelerators NPS NPU Performance CPU Programmability Linux OS Traffic Management Layer2- Layer7 Processing 7

NPS Value Proposition Wire speed L2 & L3 switching and routing SDN, Openflow, MPLS, IPV4, IPV6, VXLAN, NVGRE, GENEVE and any packet format and tunneling scheme Scalable to support millions of subscribers & flows Completely flexible flow classification, stateful tracking, ACLs and policy enforcement Guaranteed SLAs Highly granular traffic scheduling, priority enforcement and bandwidth allocation Statistics collection for millions of programmable flows & events Netflow interface to any data collection and analysis tools L4 L7 services on top of L2 & L3 Load balancing, IPsec, access control, network monitoring, application recognition, DPI Best power & space efficiency Single 1U NPS-based system is equivalent to a rack full of servers Fully S/W programmable for adding new features & services on the fly 8

NPS Software NPS includes a large set of C libraries These are designed to make full use of the state of the art HW acceleration offered by the NPU Reference applications are provided to shorten development time and highlight the architecture s capabilities 9

NPS Middleware: SFT Stateful Flow Table (SFT) Providing HW accelerated, stateful, bi-directional flow awareness and user mapping Client agnostic supporting 50 million concurrent flows at rates of 400Gbps Stateful services developed using the SFT Seamlessly scales across the NPS s 4096 Linux machines SFT deals with packet ordering and tunnel stripping ahead of its clients SFT efficiently manages the flow state for itself and its clients through hardware acceleration Fast path APIs to apply policy to all the packets within a flow All of the above functionality and scalability is provided without any need for flow based locking 10

NPS Middleware: DPI DPI based Application Recognition Developed on top of the SFT Provides application recognition at rates up to 400Gbps Supports 1000+ standard signatures Includes HTTP and SIP parsers DPI signature compiler provided in support of 3rd party signatures Develops as if there is a single stream (i.e. flow) and seamlessly scales to 4096 threads. => Functionality Robustness Feature Velocity Scale 11

NPS provided Reference Applications L7 visibility through dedicated NetFlow reporting L2-3 Carrier Edge Switch & Router Reference application provided 6Wind Gate optimized solution available on x86 HTTP L4-7 Load Balancing Using the SFT and DPI libraries to provide content based LB IPsec NPS includes hardware crypto engines IPsec reference application provides decryption/encryption of IPsec traffic at rates of 200Gbps Lawful Interception Demonstrates the use of the NPS pattern matching acceleration OpenFlow Reference application provided NoviFlow NoviWare solution coming soon Accelerated implementation enables customers to update to the latest version via software download without requiring a hardware re-spin DPDK based application acceleration DPDK Poll-Mode Driver controlling an NPS device through PCIe bus Allows x86 application to use the NPS HW accelerations 12

NPS markets and applications Network Monitoring Switching & Routing SDN / NFV Lawful Interception NPS Targets Carrier and Data Center Networks Network Virtualization Network Appliances Load Balancers DPI Security 13

Solution: L7 Visibility and Control NPS provides L7 application visibility and control at unprecedented rates up to 400Gb on the router/switch: Carrier can identify how the network is used.. And through that: Identify and drive new services Provide much more intelligent policies and SLAs Optimize the network use to improve OPEX All without adding new appliances to network class-map match-all p2p-app match protocol attribute p2p-technology p2p-tech-yes policy-map control-policy class p2p-app police 8000 conform-action transmit exceed-action drop 14

Solution: Carrier Edge Switch Router NPS combines best-in-class HW accelerators with modern architecture offering scale and flexibility 400Gbps Linux based providing C programmability at all layers On-chip Traffic Manager 1M queues, 5-level Hierarchical-QoS Carrier-grade, field-proven, enabling traffic engineering and SLAs Enables subscriber isolation, bandwidth allocation and fully programmable policies IPsec through hardware acceleration Unique performance point enabling 100G IPsec tunnels for secure data center interconnect Support for very high scale of ACLs using on-chip TCAM with algorithmic extension to external DRAM Up to 96GB of DRAM for tables, stats, counters at wire-speed performance 15

Solution: NPS based Load Balancing Hardware accelerated mapping of traffic based on ACLs, Flows, L7 applications and service chains Dynamic load balancing among: Distributed VMs VNFs Blades Reference application uses on board HTTP parser to control traffic steering NFV Enabled Edge Router Smart NFV TOR Forwarding based on applicative flows Distributes traffic among cards based on L2-4 NPS enables smart equipment with load balancing NFV Accelerated White Box/Appliances/Blades Forwarding based on policy & content 16

Solution: NFV Acceleration NFV enabler Carriers require VNFs but are faced with scale issues VNFs are available but the number of servers/vms and related cost (e.g. equipment, power, management) limits actual large scale deployments The NPS distributed DP architecture directly addresses the scale issue by offloading the computation heavy parts of the VNFs High level architecture VNFs deployed in servers NPS serves as the fast path for policy and actions (e.g. QOS, encryption/decryption, drop, etc.) NPS decrypts and maps packets to flows, L7 application ID and users ahead of the service Packets received by the VNFs are already classified Host-based Fast Path Library and APIs allow services to enjoy the NPS acceleration without developing code on it 17

Solution: NFV Acceleration (cont.) NPS offloads: Crypto, DPI, classification, statistics and QOS, packet handling VNF focuses on business logic all the rest happens on the NPS Less computation per VM Larger VM density Lower power management Much better OPEX Achieving Scale while maintaining the openness and flexibility of SW solutions!!! of fast thepath fastlibrary. path library Developed Developed onon toptop of the Does Does not NPUNPU expertise notrequire require expertise Abstracts thethe NPSNPS acceleration Abstracts acceleration Deals with service chaining Constructs packet metadata Forwards packets 18

Solution: Stateful Security Inspection Offload Pattern matching offload for stateful security features such as IPS and Lawful Interception 200Gbps of HW accelerated Bloom filter based pattern matching Regex signatures are compiled out of box The loaded compiled signatures are matched using the accelerated Bloom filters DPI processes results in SW Suspected packets are forwarded for extra Regex matching Solution scales above 200Gbps through stateful bypass of un-interesting traffic small percentage of the traffic Loads compiled Regex signatures majority of the traffic Forwards suspected traffic for further processing 19

Solution: SDN Smart Switch Traditional SDN switch NPS based Smart TOR switch Always behind the latest OVS specs. Typical ASIC based SDN TOR switches have limited scalability OpenFlow connections to each Open vswitch in each server Non scalable scheme (10K-100K OpenFlow connections) Latest OVS support through SW update Managed Open vswitch integrated into TOR Server offload with switching and application services Tunneling to servers via VEB/VEPA Scalable Reduces system complexity 20

The Smart NPS White Box Switch - L2 /L3 forwarding - Data center bridging - Fixed encapsulation protocols - Limited scale Offloading VNF reduces the cost of NFV deployment - L2 /L3 forwarding & routing - Data center bridging - Multiple encapsulation protocols - VxLAN, NVGRE, STT - OVS offload & OpenFlow 1.3 ++ - Stateful flow table scaling to millions of flows - Classification & access control (ACL) - Load balancing - Firewall, security (IPsec, SSL) - DPI / application awareness - Traffic management - SLA enforcement - Network monitoring - TCP acceleration / termination - Service chaining 21

Summary Carriers are looking at software to provide improved OPEX and create new revenue streams. NPS provides a rich set of software libraries and infrastructure built on dedicated state of the art hardware accelerators. The scale and flexibility of NPS based services this allows are without precedent. NPS programmable packet processing enables the deployment of services at new rates and locations Opening new revenue opportunities Allowing improved manageability lowering OPEX Increasing the scale of NFV solutions All without the need to deploy extra appliances 22