Getting to 100G with NPUs

April 01, 2010

Getting to 100G with NPUs

Network flow processors are meeting the needs for increasing content awareness and faster throughputs.


Getting to 100G with NPUs

Niel Viljoen, CEO, Netronome Systems

ECD: A lot of people are talking about 10G, 20G, 40G, and 100G packet processing. Where are you now, and where do you see technology going in the next year?

VILJOEN: Network traffic in enterprise and carrier networks continues to rise with today’s bandwidth requirements at 10 Gbps and increasing to 40 Gbps and 100 Gbps in the coming years. It is no longer sufficient for computing network infrastructures to forward packets blindly, even at those incredible throughputs. Instead, our communications network must be capable of intelligently and securely processing every piece of data to ascertain its nature rather than just its destination. This intelligence is required due to the explosion in new IP-based applications, and is needed to counter the security threats that we face.

As the demand for intelligent networking applications at 10 Gbps to 100 Gbps increases, general-purpose CPU architectures struggle to keep pace with these extreme performance requirements. To meet these needs, Netronome’s family of Network Flow Processors (NFP-32xx) are powered by 40 programmable networking cores each operating at 1.4 GHz to deliver 2,000 instructions per packet at 30 million packets per second, enabling up to 40 Gbps of L2-L7 processing with line-rate security and I/O virtualization per chip. In addition, Netronome is designing the follow-on to the NFP-3240, which will offer even greater throughputs while retaining the important L2-L7 programmability and integrated hardware-based cryptography engines.

ECD: How does your current hardware architecture, with 40 cores as you mentioned, fit into real-world problems in IP-based wireless networks? Where have you seen other NPU architectures fall short in this application?

VILJOEN: This explosion in bandwidth and the need for increasing content awareness applies not only to fixed LAN/WAN-based networks, but increasingly to mobile networks as well. With the bandwidths that 3G wireless and long-term evolution networks offer, along with the converged data, voice, and video services that users utilize over these networks, wireless infrastructure needs to support all of the same services as fixed networks, which means it also shares vulnerabilities to the same types of threats. Support for IP-based wireless services requires massively parallel, highly programmable systems. Accordingly, the NFP-3240 contains 40 programmable RISC cores optimized for networking and security with unparalleled performance per watt.

In contrast, general-purpose processors excel at application and control plane processing but stall when used for high-throughput networking tasks, security processing, and deep packet inspection. Traditional network processors only support processing traffic at L2-L3, typically support a pipeline rather than parallel architecture, and are configurable rather than programmable.

The optimal architecture for IP-based wireless networks and services utilizes heterogeneous multicore processing coupling the NFP-3240 microengine cores with the performance and scalability of general-purpose multicore x86 systems over a high-speed, virtualized PCI Express data path via enhanced I/O virtualization.

ECD: What is the key technology in your software solution, and how will you compete with NPU vendors buying Linux and middleware vendors?

VILJOEN: Netronome’s processors are optimized for high-performance programmable data planes for L2-L7 packet processing, I/O virtualization, and security. Our strategy is to have application and control plane processing execute on x86 cores, the industry’s highest-performance general-purpose processing architecture.

The NFP is specifically designed to be a network coprocessor to x86, not replace it. This architecture accelerates applications to 100 Gbps while offering the comfort and familiarity of x86. As such, our software focus is to provide an extensive library of software for network flow processing and cryptography and rely on our partners for operating system and middleware solutions.

Netronome’s expansive software library support spans low-level functionality like Rx/Tx code, memory operations, and bulk cryptography to high-level abstractions like PCI Express with I/O virtualization, switching, routing, packet classification, load balancing, stateful flow processing, and TCP-related operations. We also make these libraries available as full software distributions exposed as APIs to host operating systems.


Figure 1: ECD in 2D: Netronome's David Wells discusses an SSL appliance - use your smartphone, scan this code, watch a video:, or visit




Niel Viljoen is CEO of Netronome Systems, with more than 20 years of experience focusing on IP, ATM, security, and system design. His experience includes angel investing in Nujira, Intune, and Azuro; CTO of the Marconi Group and VP with FORE Systems; and CEO of Nemesys Ltd. He attended the University of Stellenbosch and Cambridge University.

Netronome Systems 724-778-3290 |