DragonSWx - Dragon Technology Distribution (HK)

deadpannectarineNetworking and Communications

Oct 26, 2013 (3 years and 10 months ago)

110 views

Dragon SW
Development

IA Solutions

PPT
模板下载:
www.1ppt.com/moban/

Dragon Technology Distribution (HK) Limited

Index

About Dragon(HK)

About SW Team

SE Firewall

Solutions and Support

1

2

3

4

About Dragon

Dragon Technology Distribution (HK) Limited


A
pioneer in high technology industry and high speed communication
and a
leader in Telecom
and Information
Technolog


Close
relationships with major component and system suppliers including Intel, Cortina,
Semtech
, PTI,
Pericom
,
Emcore
, Dialog, Rohm,
Netronme
,
Vweb
, and son on.


Offers
a wide portfolio of semiconductor and system level solutions for
customers.

Dragon Technology Distribution Co., Ltd was established in 1993
.



In 2007, the company name was changed to Dragon Technology Distribution (HK) Limited.
Dragon's headquarter is located in Hong Kong with offices established in over 10 cities in
China including Shenzhen, Shanghai and Beijing.


At
the moment, Dragon has more than 100 senior engineers offering second to none pre
-
sales
and post
-
sales support to our OEM and ODM customers in China.


About Dragon

Dragon and Intel


Featured Products


Micro Processor


Chipset


Ethernet Controller


Ethernet Adapter


Mother Board


Solid State Drive


Bridge


Media Processor


Demodulator and Tuner


Chassis Product.

About Dragon

Dragon and Emerson

Emerson (NYSE: EMR) is a diversified global manufacturing and technology company. We offer a
wide range of products and services in the industrial, commercial, and consumer markets through
our Process Management, Industrial Automation, Network Power, Climate Technologies, and
Commercial & Residential Solutions businesses. China is among the fastest
-
developing regions
for Emerson's businesses.

Featured Products


AC Power, Outdoor Base Station Platform, DC Power


Server Power Management System


Power Switching & Controls, Surge Protection, Precision Cooling


Monitoring System


Data Center Infrastructure Management, Server Cabinet System, Harmonic Treatment System


Solar Power Generation System, Wind Power Generation System


Electric Vehicle Charging Station System


Medium
-
voltage Inverter

Index

About Dragon(HK)

About SW Team

SE Firewall

Solutions and Support

1

2

3

4

About SW Team

Software Development Department and Service

Dragon SW is
a diverse offshore software development
department that
deliver technology
solutions through software
development
and services.

Dragon SW Team is a forward
-
looking
software development company offering tailor
-
made
software
development implementing
the latest
Intel
-
chipset platforms
and technologies such as
Intel DPDK, Wind River INP.

Our core skills:


C
, C++
development


Linux
programming

Since
its inception in the year
2013, Dragon SW Service has already built up our
associations with
Intel, Emerson, Wind River
and
others
helps us to develop competitive solutions
for
organizations
aiming at getting higher
profits.

We works
closely with our clients for understanding each and every aspect of projects.

We support your project to the end.

About SW Team

Products and Partners

Network
SW Service

Intel
DPDK
Libraries

Emerson
ATCA(HW)

Dragon SW
Development

INP
Platform

Wind River
INP
Platform

Intel
DPDK
Libraries

Dragon SW
Development

Server
Platform

Intel Mother
Board

Dragon SW
Development

We are willing to share our software platform to help our customers to
aiming at getting higher
profits and customer
satisfaction.

In additional, we combine partners together to provide competitive system solutions.







Index

About Dragon(HK)

About SW Team

SE Firewall

Solutions and Support

1

2

3

4

About SW Team

Solutions 1: Intel DPDK

Technique support:


DPDK Training


DPDK Development Supporting


DPDK Application Development


DPDK
Discription
:


With
Intel® processors, it's possible to transition from using discrete architectures per major
workload (application, control, packet, and signal processing) to a single architecture that
consolidates the workloads into a more scalable and simplified solution. As a result, developers may
be able to eliminate special
-
purpose hardware such as
NPUs,
co
-
processors,
ASICs, and FPGAs.


DPDK can
improve packet processing performance by up to ten times.


As
a result, it’s possible to achieve over 80
Mpps

throughput on a single Intel® Xeon® processor
and double that with a dual
-
processor
configuration.


DPDK
is also playing a critical role in software
-
defined networking (SDN) and network functions
virtualization (NFV).



Intel DPDK maybe useful also in applications as below


Telecommunication/Network Devices (against traffic flows).


DPI/QOS/Data Base/Data Center Gateway/load balancer


Enterprise/Business Server.

ATCA

Business Server

Firewall

About SW Team

Solutions 1: Intel DPDK

About SW Team

Solutions 2: Intelligent Embedded Firewall Example

SE Firewall
system, combined with
Intel DPDK SDK, intelligent firewall
technology, and Emerson hardware
Technology , is a integrated system
solution.

We also are able to develop customer
APP.

SE Firewall
System

Product

Intel DPDK

Software

Dragon
SW APP

Software

Intel Driver

Software

Customer
APP

Software

ATCA
Board

Hardware

Intel
Chipset

Hardware

About SW Team

Solutions 3: Wind River INP

Technique support:


Wind River INP Training


Wind River
INP
Application Development Technique Support


Wind River
INP
Application Development

Wind River INP:

Wind
River® Intelligent Network Platform is an integrated and optimized software system consisting of the
critical run
-
time components and life cycle development tools needed to build next
-
generation intelligent network
elements. The platform enables equipment providers to build high performance, high value products that
accelerate, analyze, and secure network traffic and applications.

About SW Team

Solutions 3: Wind River INP

Features:


Consolidated
Management and Data Plane Run
-
Time

Wind River Intelligent Network Platform is a comprehensive solution for the consolidation of
management and data plane network applications.
Ether to utilize
it in its entirety as a fully
integrated and optimized system, or
each component
of the platform is available as a
standalone offer
.


Packet Acceleration and Throughput

By
optimizing software with specific hardware technologies, significant performance gains can
be achieved in IP forwarding and in UDP and TCP
termination, on the
Intel® communications
platform
.


Deep Packet Inspection

a software
-
enabled deep packet inspection (DPI) solution that identifies traffic flows,
communication protocols, and applications. It can also be used to inspect packets for patterns
that may contain viruses and malware. Our DPI solution is accelerated using Wind River
Application Acceleration Engine with DPDK extensions, and includes two critical engines
:


Wind River Flow Analysis Engine


Wind River Content Inspection Engine

Modules:


Wind River Application Acceleration Engine

A comprehensive, optimized network stack designed for the acceleration of layer 3 and 4
network protocols. Application Acceleration Engine works in conjunction with Linux in the data
plane and has been fine
-
tuned for the Intel communications platform and processors.


Wind River Flow Analysis Engine

Wind
River Flow Analysis Engine is a set of software libraries and tools that enable deep
visibility into layers 4

7 traffic flows, including real
-
time packet classification. Flow Analysis
Engine categorizes the traffic into different flows, and may also be used to identify the
communication protocols and applications that transmit the packets onto the network.


Wind River Content Inspection Engine

Wind River Content Inspection Engine is a high
-
speed pattern matching solution that matches
large groups of regular expressions against blocks or streams of data. Content Inspection
Engine is ideal for network applications that need to scan large amounts of data at high data
rates, such as intrusion prevention (IPS), antivirus (AV), unified threat management (UTM), and
other DPI systems.

About SW Team

Solutions 3: Wind River INP

About SW Team

Solutions 3: Wind River INP

About SW Team

Solutions 3: Wind River INP

Index

About Dragon(HK)

About SW Team

SE Firewall

Solutions and Support

1

2

3

4

Internet

SE Firewall

Local Network

Local Servers

QOS(Quality of Service

Access Control

Flow Classify


SE Firewall is a high speed packet
-
filtering and Flow
Classify solution for Local
-
Network gateway front end.


SE Firewall Software is compatible with ALL IA CPUs,
Service
-
Boards and ATCA with Intel Inside.


SE Firewall provide high
-
speed above 10G bps
packets forwarding.


Access control, packets
-
filtering and flow classification.

SE Firewall

Applications


Burst R/T


Multi
-
Core Optimize


Driver
-
Level/High Efficiency


Cache/Memory Optimize


NIC Driver Optimize


IA CPUs

Packets

R/T

Packet
Inspection

Flow
Classify

QOS

Balance


Support typical protocols


Multi
-
Core Optimize


Rule/Policy Management


Core
-
Load Balance


QOS


Unit/Board Balance


Support most packets


Packet head pattern

SE Firewall

Applications

Intel® DPDK is a set of libraries and drivers for fast packet processing
on x86 platforms. It runs mostly in Linux
userland
.

Intel® DPDK website:

http://dpdk.org/

Dragon SE Firewall is a firewall software application optimized based
on Intel® DPDK EAL libraries and Intel chipset.

SE Firewall

About Intel DPDK

NIC PMD

Driver

Intel DPDK EAL

Queue
Mgmt

Buffer
Mgmt

Memory
Mgmt

Core
Mgmt

Packet R/T

Packet Classification

Packet Forwarding

Pattern
Inspection

Security Rules
Mgmt

QOS
Mgmt

Profile&History

Mgmt

Others

Command/Console/Shell

Ncurses

UI

KNI

SE Firewall, a typical security solution based on packets classification
technology, provide bottom
-
level access control for your LAN, without loss to
throughput speed.

LAN Edge Protection

Front

Back
Ground

SE Firewall

Front and Back Ground


Data
-
Plane and Management
-
Plane


Management
-
Plane maintain the security policy and user interface.


Data plane, as back
-
ground process, maintain the life cycle of the packet in the
firewall.


Run to Completion. Each core applies the packets procedure as blow.


Read from PMD


Apply security policies and protocol distribution policies.


Forward/purge to Linux kernel/purge to different App/VM/Drop.

SE Firewall

Features

Processor 0

SE Firewall is optimized for IA on Cache, huge
-
page of memory, multi
-
core
system, shared
-
memory
-
buffer, NIC PMD Driver, and upper
-
data
-
structures.

The throughput speed 10 times than native Linux.

Highly Optimized for IA

Physical Core 0


Native Linux


SE Firewall Management

Physical Core 1


DPDK

PMD Packet I/O

Flow Classification


RX


TX

Physical Core N


DPDK

PMD Packet I/O

Flow Classification


RX


TX

Niantic
10GbE

Niantic
10GbE

NIC PMD Driver

Huge


Memory


Manage
ment

SE Firewall

Packet Life Cycle

Niantic
10GbE

Niantic
10GbE

PMD

TX

RX

Packet
Parsing

Flow
Classify

Pattern
Match

Tag

QOS

Linux
Protocol

Stack

KNI

Ncurses

UI

Command

Policy Table

Profile&Script

Drop

SE Firewall


PMD


Receiving packets from NIC by polling.


Huge memory page


Lower TLB missing.


Zero copy


DMA/Shared Buffer


RTC(run to completion) and core affinity.


Multi
-
Core optimized.


Every thread distributed to specified core.


Unlock queue


Efficiency optimized for Packet Reading.


Cache
-
Line Optimization.

SE Firewall

IA Optimization

Rules modules

Packets classification module

TR module

Software Modules

Rules Maintain

Rules Pattern
Match

Packet Parsing

Packet
Classification

Burst Receiving

Burst
Transmitting

Rules
Recording

Command

SE Firewall


Rules Recording:


Record Rules from User Interface. Rule files management.


Rule Maintains:


M
anage and maintain the rule list in the memory


Command:


I
mport rules from console and script.



Packet Parsing:


U
npack the packet head in L3/L4 level.


Pattern Match:


Check into the Rule list and Policy List.


Packet Classification:


P
urge packets to different app and services according to the packets protocol,
length, and head information. Provides QOS services.


Receive Packets /Transmit Packets:


P
ackets
burst receiving/transmitting in user space.

SE Firewall

Modules


Supports Protocols


IPV4, IPV6, TCP, UDP, ICMP, IGMP, DHCP


SE Firewall data plane is a user space App


A typical packet procedure do not need to interactive with Linux Kernel.


Easy for packets distribution in users space.


Support blacklist and Whitelist configure


support virtual machine (KVM)


Support Forward Mode/App Mode/QOS Mode.


Support 1024 5
-
touple rules.

SE Firewall

Security


A
ncurses

stype

UI for easy use.


Supports command(console/script) management.

Ncurses

and Command

SE Firewall

Humanized Design