1. Traditional X86 architecture
The traditional X86 architecture uses a common CPU and PCI bus interface, which has high flexibility and scalability. It was once the main platform for the development of network security devices. Main advantages:The product features are implemented by software, which is easy to add or reduce function modules and provides good flexibility. However, the shortcomings are also prominent, mainly manifested inX86, as a general computing platform, is not easy to optimize. The bandwidth is limited by the PCI bus (shared) and limited by the North-South Bridge Structure (PCI bus goes through the south bridge> the North Bridge> FSB> CPU );The CPU processing capability is limited, and it is difficult to reach the gigabit speed. The X86 architecture is based on the general operating system, and the security depends on the security of the general operating system. At the same time, the increasing frequency leads to increasing energy consumption at a square speed and the resulting heat dissipation problems become increasingly prominent. If it is applied to application traffic control products, it is generally difficult to achieve a processing capability of 1 GB, and many products still use this architecture on the market.
2. ASIC Architecture
Application Specific intergrated circuit (dedicated ic) accelerates hardware processing through specially designed ASIC chip logic. The advantage is that ASIC can solidify the instruction or computing logic to the chip to achieve high processing capability and more extensive adaptability. The disadvantage is that ASIC is not programmable. Once the computing logic is solidified to the hardware, it is difficult to modify, the flexibility and scalability are not enough, the development cycle is long, and the R & D cost is high, the flexibility is limited and too many features cannot be supported. Its performance has inherent advantages and is very suitable for processing telecom-grade large traffic with simple modes and high requirements on throughput and latency indicators, however, it is not suitable for application traffic control products that require frequent upgrades and feature updates.
3. Network Processor (NPU) Architecture
NP is a technology between the X86 architecture and the ASIC architecture. It is a processor designed specifically for network devices to handle network traffic, its architecture and instruction set have been specially optimized for common packet filtering, forwarding, and other algorithms and operations to efficiently complete common operations on the TCP/IP stack, and fast concurrent processing of network traffic. Most of the hardware structure design uses high-speed interface technology and Bus Specifications, with high I/O capability. You can build a fully programmable architecture with hardware acceleration, or upgrade software and hardware to support new standards and protocols. However, developers have high technical requirements and require microcode-level programming, the development cycle is long. There are not many NP-specific products, and they are often combined with other hardware architectures such as ASIC/x86 to achieve high-performance network products.
4. x86 multi-core architecture
The multi-core processor market is currently composed of two camps: The x86 multi-core camp consisting of Intel and AMD; the MIPs camp consisting of netlogic (RMI), cavium, telira, arm, IBM and other companies.
X86 multi-core platforms generally integrate 1 ~ 2 4-core CPU, single-core processing capacity can reach 2 GHz, with the latest PCI-E bus (directly from the North Bridge exclusive Bus), Io efficiency is greatly improved, however, the processing capability of multiple cores is not linear superposition, but the system performance decreases significantly when the processing traffic increases. In addition, the x86 camp uses the Complex Instruction Set (CISC) (Complex Instruction Set Computing) to execute program commands in sequence, which is easy to control and is more suitable for PC, medium, and low-end servers, data packets cannot be captured and data streams can be processed at the highest speed, because all data packet processing, interrupt processing, security processing, grouping, and forwarding tasks are wasting valuable CPU cycles and need to monitor large traffic volumes, still unable to meet.
5. MIPS multi-core architecture
The MIPs camp uses the Reduced Instruction Set of the balanced ed Instruction Set Computing, which is in the same format as the CISC command, with fewer types and search methods, it also adopts an over-standard and over-pipeline structure, which greatly improves the processing speed and is suitable for network communication, information security, high-end servers, and other fields. To further enhance the competitiveness in the information security field, the mips architecture camp puts forward a new concept of SOC (system on chip), that is, on-chip systems, integrates Network Connection, Server Load balancer, encryption/decryption, application acceleration, and other functions into one chip. The representative of MIPs, cavium, has released a 16-core CPU with a total processing capacity of 600 MHz for each core. The representative of netlogic (RMI) also released an 8-core CPU,Each CPU has four hard threads, so it can be said that there are 32 vcpus, each core 1.2 GHz, with a total processing capacity of 9.6 GHz. Application traffic control products based on the mips64 multi-core architecture can process 10 Gbit/s of link traffic at a wire speed. The system throughput can reach 40 Gbit/s or higher, and the number of concurrent connections that can be processed can reach more than 64 million, based on the mips64 multi-core architecture, it will be the first security device for large-traffic network.