[j-nsp] SRX hardware acceleration caveats

Saku Ytti saku at ytti.fi
Sun Jun 17 03:14:11 EDT 2012


On (2012-06-17 11:07 +0800), Chen Jiang wrote:

> SRX is the 2rd pure-software forwarding equipment from Juniper(the 1st is J
> series routers), it just use multi-core CPU does all the forwarding and
> security things in software. But in recent releases(maybe from JUNOS 10.4)
>  there is a new feature called "service-offload" that could use NPC in
> SRX3K/5K to do hardware acceleration for fast path, but with concurrent
> sessions limited as a trade-off. and Juniper may go with this direction
> with NG-IOC to get rid of this limitation presently.

This is true for branch (multicore cavium octeon). But not for
1k/3k/5k. And there is no where to offload in branch.

5k is basically DPCE era MX with RMI/Netlogic XLR board taped in for
stateful inspection. But unlike MX, it does not appear to do much with its
ICHIP and it appears to do lot more on its EZChip (which makes sense, to
share core with 1k/3k)
1k and 3k don't even have ICHIP anymore, just ezchip for forwarding and
RMI/Netlogic XLR for stateful inspection.

EZchip is very much not software, ES+ linecards and ASR9k routers use
EZchip (albeit faster versions 3 and 4, SRX uses 2) for lookups also.
This 'service-offload' does what box should have been doing all along, punt
only first packet to RMI/Netlogic and use EZChip for subsequent packets.


1k/3k:

SPU http://www.ezchip.com/p_np2.htm
NPC http://www.netlogicmicro.com/Products/ProductBriefs/MultiCore/XLR500.htm
RE  http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=MPC8548E
CPP http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=MPC8544

5k: 

Same SPC, NPC, but also ICHIP. RE in SRX5k is intel celeron instead of pq3.
I'd love to hear what ICHIP does in SRX5k, if anything else but reduce R&D
costs of not having to redesign DPCE.

-- 
  ++ytti


More information about the juniper-nsp mailing list