an139 vortiqa software for enterprise smb residential network
TRANSCRIPT
TM
Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009.
VortiQa Software for Enterprise / SMB / Residential Networking EquipmentSatish Swarnkar, Director of EngineeringPravin Kantak, Engineering ManagerSoftware Products Division, Networking and Multimedia Group
July 2009
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009.
► VortiQa software:a new brand of Freescale software for networking equipment that helpsaccelerate product development and increase the pace of innovation
► Four new VortiQa product lines of production-ready software applications:• VortiQa software for service provider equipment• VortiQa software for enterprise network equipment• VortiQa software for small business gateways• VortiQa software for SOHO/Residential gateways
► A comprehensive solution-centric approach for networking applications in targeted vertical segments:
• Silicon – QorIQ™ and PowerQUICC® communications processors• Software – VortiQa software products• Expanded Ecosystem - hardware, OS, ISVs, system integrators
VortiQa Software – Announced on June 15, 2009
\vór · ti · ka\: A whirlwind of innovation
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 3
Challenges for Network Equipment Vendors
► Complex networks need rich and comprehensive security solutions
• Threats on rise• Need unified threat management
solution with firewall, IPS, Anti-X and secure VPN and with fine-grained access control to:
Prevent attacksEnsure data confidentialityPrevent viruses and stop spam
► Performance• Threats from within the core (inside)
and from external world raise the bar on performance requirements with Gigabit speeds of traffic
► Complex multicore silicon needs highly optimized and tuned software solution in short time frame
• For faster time to market
► Potpourri of software stacks and products makes maintenance difficult
INTERNET
MALICIOUS HACKERS
VortiQa software offers:• Protection from external and internal attackers•Stateful Protocol Analysis with ability to detect and prevent the attacks
ENTERPRISE NETWORK
Email Server
App Server
Web Server
Confidential
CENTRAL SERVICES
FINANCE SUBNET
MARKETING SUBNET
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 4
Challenges for Network Equipment Vendors
► Complex networks need rich and comprehensive security solutions
• Threats on rise• Need unified threat management
solution with firewall, IPS, Anti-X and secure VPN and with fine-grained access control to:
Prevent attacksEnsure data confidentialityPrevent viruses and stop spam
► Performance• Threats from within the core (inside)
and from external world raise the bar on performance requirements with Gigabit speeds of traffic
► Complex multicore silicon needs highly optimized and tuned software solution in short time frame
• For faster time to market
► Potpourri of software stacks and products makes maintenance difficult
INTERNET
MALICIOUS HACKERS
VortiQa software offers:• Protection from external and internal attackers•Stateful Protocol Analysis with ability to detect and prevent the attacks
DoS Attacks
ApplicationAttacks
OS Finger Printing Attacks
Anti-NIDSAttacks
ENTERPRISE NETWORK
Email Server
App Server
Web Server
Confidential
CENTRAL SERVICES
FINANCE SUBNET
MARKETING SUBNET
Insider Attacks
Trojan Attack
Dishonest Employee
Application security hole:
Patch not applied
App security hole:Patch unavailable
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 5
VortiQa Software for Network Equipment
► VortiQa software for Enterprise, SMB and Residential network equipment
• Unified Threat Management system is defined as an integrated network security device implementing:
FirewallIntrusion PreventionNetwork Anti-VirusIPsec VPNTraffic Management (TM)
• High performance solution in a System
• Completely leveraging hardware featuresSEC, PME, Quick Engine etc.
• Field Proven Solution with ecosystem support
• Faster time to market
• Engineering Support teams supporting Customer’s engineering teams
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 6
VortiQa Software Products OverviewDelivers integrated networking and security functionality
Freescale Silicon
Example Applications
Key Features
Software for Service Provider Equipment
QorIQ™ processors(P4080)
Multi-service edge routers, Switches, Wireless infrastructure, security gateway
Networking protocolsL2 or L3 Stateful Packet Inspection Firewall, NATIPSec VPN + IKEv1 + IKEv2Stateful deep packet inspection:
• P2P filtering• Protocol Anomaly• Traffic Anomaly
QoS / Traffic Management
Software for Enterprise Equipment
PQIII® and QorIQ™processors(8377E, 8572E, P2020, P4080)
Enterprise UTM, security appliances, secured routers and switches
Networking protocolsL2 or L3 SPI Firewall support IPSec Enterprise VPN + IKEv + IKEv2Stateful deep packet inspection:
• P2P filtering• Protocol Anomaly• Traffic Anomaly
QoS / Traffic ManagementAnti-Virus and Anti-SpamHA Support
Software for Small Business Gateways
PQIII® and QorIQ™processors(8377E, P2020)
Multi-service business gateways
Networking protocolsAdvanced IPSec VPN + IKE supportsSPI Firewall + Advanced NAT features + Dual WAN with
“Load balancing / Fail Over”Optional service provider provisioning
Software for SOHO / Residential Gateways
PQIII® and QorIQ™processors(8315E, 8314E, P1020)
xDSL, PON, FTTH, and other CPE devices
Networking protocolsSPI Firewall + NAT + Residential GatewayIPSec VPNOptional service provider provisioning
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 7
QorIQ P4PRODUCTS:P4080
QorIQ P3
QorIQ P2PRODUCTS:P2020P2010
QorIQ P1PRODUCTS:P1020P1010P1011
How QorIQ Platforms and VortiQa Products Align
QorIQ P5
Radio Network Control
Serving Node Router (GSN)
Metro Carrier Edge Router
IMS Controller
Access GatewaySSL, IPSec, Firewall
Converged Media Gateway
Unified ThreatManagement
BasestationWireless MediaGateway
VoIP Carrier-Class Media Gateway
Home MediaHub
NetworkAttached Storage
Integrated Services Router
Service ProviderRouters
NetworkAdmission Control
StorageNetworks
VortiQa Software
for ServiceProvider
Equipment VortiQa Software
for Enterprise Equipment
VortiQa Software for
Small/MediumBusiness Gateways
VortiQa Software for
SOHO/Residential Gateways
VortiQa™Software ProductsQorIQ Platforms/Products
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 8
Architecture: VortiQa Software for Enterprise Network Equipment
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 9
Architecture: VortiQa Software for Enterprise Network Equipment
•SPI Firewall
•Inline IPS
•IPSec VPN
•SSLVPN
•Anti-Virus
•Anti-Spam
•Routing
•QoS
•Transparent mode support
•High availability (active-backup)
•Clustering (active-active)
Ethernet, Bridging and WAN Protocols
Session Management and Packet processing
IPSec Packet Processing
Traffic Policing Traffic ShapingTraffic Shaping
Firewall Policy Mgmt
Transparent Proxy
Support
Application Level
Gateway
Intrusion Detection/ Prevention
EngineTCP/ IP
Drop-in Clustering
Kernel Space
Ethernet Controllers Crypto Acceleration Pattern Matching Acceleration
Hardware Layer
SSLVPN
Reverse Proxy
Socks App Tunnel
L2 Tunnel
Portal
AV/AS
SMTP/S Proxy
POP3/s Proxy
HTTP Proxy
FTP Proxy
AV DB
AS DB
IKEv1/v2
PKI (SCEP, OCSP, LDAP)
XAUTH, EAP
IRAC
IRAS
AuthenticationServices
LDAP Client
RADIUS Client
Local
IPS Manager
CMS/Embedded Management: CLI, HTTP, LDSV, SYSLOG, EMAIL, SNMP
User Space
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 10
Firewall Architecture
► Stateful inspection firewall • Defense against DoS & DDoS
attacks• Security Access Policy enforcement• Application level filtering & cookie
filtering• Event logging (SMTP client, syslog
client)► Comprehensive configuration
• Granular, user specific policiesTraffic type, protocol/port, Source/ destination, time of the day, as well as authentication based access
• System-wide policies► Comprehensive NAT w/ ALGs
• ALGs (application layer gateways)Enterprise Application – SQL*NetCommunications – SIP, MSNStandard Protocols - FTP
Administration Management Engine
Syslog Support Email Export log Web Based Configuration CLI
Event Log Network Access Policy Manager
Smurf
Ping of Death
Reassembly AttacksIP Spoofing
WinNuke Land ICMP Redirects IP Source Routing
DoS Attacks
Network Access Statistics Application Specific Content Filtering
NAT withALG
Support
Network Access Policy Engine
User Specific Access Policies
System –Wide Access Policies
DynamicRemote
User Access
Weekly ActivationSchedule
Stateful Inspection Engine
CyberDefense Engine ™
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 11
IPS Architecture► Freescale Inline IPS sensor
• Advanced detection techniques with stateful application intelligence
Greater accuracy over traditional IPSReduced false positives & High performance
• Protocol anomaly detection► Embedded Manager
• Comprehensive configuration capabilities with support for rule editing
• Extensive Reporting► Centralized signature updates
• Freescale produces IPS signature updates
• Provides centralized update capabilities
Inline IPS Manager and Administration Management
Rule Parsing Engine
Stateful Application Engine
POP3 Engine IMAP Engine SNMP Engine
NNTP EngineAPC EngineFTP Engine
HTTP Engine SMTP Engine DNS Engine
TCP Resequencing Traffic Anomaly
IP Layer EngineTransport Layer Engine
(TCP,UDP, ICMP)
Content Search Engine
Session Classification
EngineIP
Reassembly
Cyber DefenseEngine
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 12
IPsec VPN Architecture
►Proven interoperability • Time tested in the field
►VPN protocol support• Layer 3: IPSec, IKEv1 and v2• Layer 2: PPTP and L2TP• PKI and Certificates: Support
for X.509v3 including SCEP, OCSP, PKCS 7,10 and LDAP client for CRL retrieval
►Advanced Features• Granular policy management
for specific protocols• DPD(Dead peer detection),
DPTD (Dead peer tunnel detection)
• NAT traversal• Hardware encryption
accelerator support
Physical Layer
RADIUSClient
LDAPClient
OCSPClient
SECPClient
XAuth NGM Mode ConfigIKE Policy Manager
Certificate Manager
IKE-IPSec APIs
EAP
BSD Sockets ISecPDri IPsecDrv
TPSec Engine
SPDSAD
MKMDAH/ESP
IP Layer
UDP Interface ICMP Interface
Public Key Crypto APIs Symmetric Key Crypto APIs
SKEP Driver
Software Crypto Library
Public KeyEncryption Processor
Symmetric Key Encryption ProcessorLink Layer
Inline A
ccelerator Interface
IPSec APIs
IKEv1 and V2 Engine
Software CryptoLibrary
PKEP Driver
Physical Layer
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 13
Packet Tap – Interface with Linux®
►Packet Reception• VortiQa software registers to pre-routing
netfilter hook• Hardware interrupt context, Packets
queued to CPU specific queues at dev layer
• Hardware interrupts acked immediately• Either Hardware Interrupt or Ksoftirqd
executes RX_PACKET softirq routine• TCP/IP, VortiQa software code are
executed in the context of Hardware Interrupt Or ksoftirqd
• No blocking calls in VortiQa software code• Local out packets are collected at
Post-Route hook►Packet Transmission
• VortiQa software utilizes Linux TCP/IP route lookups, interface related API
• VortiQa software invokes IP layer Transmit routine directly to send out packet on a given interface
VortiQaSoftware
TCP/IP
NetFilterHooks
Socket Layer
Dev Layer
Ethernet / WAN Drivers
Networking Hardware
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 14
Packet Processing Control Flow
► VortiQa software modules IPsec-VPN, IPS, Traffic Mgmt register with Firewall ecosystem
► VortiQa software Core Security Module – Firewall captures packets from TCP/IP stack
► After firewall functionality (Policy Enforcement, Attack verifications) done, Firewall Eco-system dispatches packets to registered modules in priority basis
► IPsec-VPN, IPS may use their Hardware Eco-system interface to utilize Hardware Accelerator services
► Each module may consume or return packets to Firewall Eco-system
► Firewall Eco-system finally dispatches packets out
SSLVPN AntiX
Linux® TCP/IP Stack
Firewall with Eco-system Interface
TrafficMgmt
IPS IPsec VPN
HW Accelerator Eco-System
Glue Layer
HW Accelerator
► Accelerators• IPsec/IKE: Crypto Accelerators
Plain CryptoIHAPPIIn-linePKI
• IPS: Pattern Matching AcceleratorsDFA
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 15
Packet Processing Control Flow (Cont…)
►Typical data packet processing flow:
• Traffic Policing*• Firewall• IPS*• AV/AS *‡• IPsec*• Traffic Shaping*
Note:* Enabled through configuration‡ Supported protocols: HTTP, SMTP & POP3
Ingress Egress
TrafficPolicing
Firewall IPsec
TrafficShaping
IKEv1/IKEv2
AV/AS
SSLVPN
IPS
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 16
Management Infrastructure
Management APIs
CLI WebGUI CMS LDSV SNMP
Character Pseudo-driver Loopback SocketsIPC/Wrapper Layer
KernelModules
User landModules
• All management applications use the same management APIs
• Kernel space modules make their management APIs available through pseudo-driver IOCTL/Command IDs.
• User land processes make their management APIs available through wrapper layer over loopback sockets
• IPC/Wrapper layer transports the configuration commands appropriately to kernel/user space modules
• As kernel space APIs may modify the data structures used by packet path, proper synchronization should be implemented
• On a SMP architecture, spinlocks are used to protect configuration changes
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 17
Performance Consideration
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 18
Performance & Security Requirements
►Requirement• Perimeter – threats emerging from public Internet• Core – threats emerging from internal protected networks
Gigabit Ethernet ports connecting to desktops and servers• L3 switches providing security
►Performance issues• Deep packet / data inspection and protocol inspection• Traditional specialized ASIC providing data path solution are not
sufficient• Critical performance metrics: Throughput, Latency and Session rate
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 19
Symmetric Multiprocessing in Multicore Silicon
►Symmetric Multi-Processing (SMP) Usage
• Improve performance using Linux® SMP architecture
• Multiple processor usage by VortiQa™ software for enterprise Linux Kernel components
• Multiple pthreads in user level process
• Load DistributionCPU affinityReceive Side Scaling
Linux Interrupt Scheduler
NetworkControllerNetwork
ControllerNetworkControllerNetwork
Controller
VortiQa™Software
Processor 3
VortiQa™Software
Processor 2
VortiQa™Software
Processor 1
VortiQa™Software
Processor 0
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 20
Hardware Accelerators
►Accelerators Usage• Improve performance with offloading
repetitive CPU intensive tasks• VPN: Crypto accelerators
Plain Crypto AcceleratorsIHAPPIInlinePKI Accelerators
• Firewall: Data path acceleratorTable Look upQuick Engine
• IPS: Regular expression pattern match accelerators.
• IPS: Providing pre-screening capabilities in the data path
IPS IPsec VPN
HW Accelerator Eco-System
Glue Layer
HW Accelerator
Firewall
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 21
Software Optimization Techniques► Data structure design for search operations
• Session SearchHash listsNumber of buckets tunableLinked list and binary tree for collision elements
• Instance searchIndex based ( No linked list or array searches)
• Rule categorization (In IPS) is based on transport, application protocol and protocol stages► No buffer copy► ePoll (instead of poll/select) usage in socket based applications
• State machine oriented – Multiple sessions in one thread► Avoids memory allocations in the data path► Efficient code and data cache usage► SMP
• Minimum number of SMP locks in data path around granular code.• Session Parallelization
Only one processor at any time processes firewall, IPS or VPN sessions.Packets are queued to backlog queue of each session by other processors during this time.
• No binding of processor to the sessions. • Runs most of packet processing in softirq context to reduce the context switches.
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 22
Comprehensive VortiQa Software Solution and Deployment Scenarios
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 23
Enterprise Deployment
MALICIOUS HACKERS
ENTERPRISE NETWORK
Email Server
App Server
Web Server
Confidential Data
EDI Server
Other Internal Users
MARKETING SUBNETMarketing Users
Logging Console
Admin Console
FINANCE SUBNET
Finance Users
VortiQa™ Software
Trojan Attack
DoS AttacksAccess
Control Lists
HOMEOFFICE
TELECOMMUTER
Confidential Data
BRANCH OFFICE
Policies for individual security domainsPolicies for Individual usersPolicies for user groups
•Allow remote access•Allow access to web server•Deny access to finance server•Deny access to confidential data
Security Domain 1
Security Domain 2
Security Domain 3
Security Domain 4
Internet
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 24
Enterprise Deployment
MALICIOUS HACKERS
ENTERPRISE NETWORK
Email Server
App Server
Web Server
Confidential Data
EDI Server
Other Internal Users
MARKETING SUBNETMarketing Users
Logging Console
Admin Console
FINANCE SUBNET
Finance Users
VortiQa™ Software
Trojan Attack
DoS AttacksAccess
Control Lists
HOMEOFFICE
TELECOMMUTER
Confidential Data
BRANCH OFFICE
Policies for individual security domainsPolicies for Individual usersPolicies for user groups
•Allow remote access•Allow access to web server•Deny access to finance server•Deny access to confidential data
Security Domain 1
Security Domain 2
Security Domain 3
Security Domain 4
Internet
MPC8572E
Up to 1500MHz Dual- e500 core; 1MB L2, 800 Mhz DDR2/3, PCI-Express, 4xGbE, USB
SRIO, Security
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 25
Enterprise Deployment
MALICIOUS HACKERS
ENTERPRISE NETWORK
Email Server
App Server
Web Server
Confidential Data
EDI Server
Other Internal Users
MARKETING SUBNETMarketing Users
Logging Console
Admin Console
FINANCE SUBNET
Finance Users
VortiQa™ Software
Trojan Attack
DoS AttacksAccess
Control Lists
HOMEOFFICE
TELECOMMUTER
Confidential Data
BRANCH OFFICE
Policies for individual security domainsPolicies for Individual usersPolicies for user groups
•Allow remote access•Allow access to web server•Deny access to finance server•Deny access to confidential data
Security Domain 1
Security Domain 2
Security Domain 3
Security Domain 4
Internet
P4080E
Up to 1500MHz 8 Cores; 1 MB L2, DDR2/3, PCI-Express, 10G/GbE, USB
DPAA, Security
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 26
Enterprise Deployment
MALICIOUS HACKERS
ENTERPRISE NETWORK
Email Server
App Server
Web Server
Confidential Data
EDI Server
Other Internal Users
MARKETING SUBNETMarketing Users
Logging Console
Admin Console
FINANCE SUBNET
Finance Users
VortiQa™ Software
Trojan Attack
DoS AttacksAccess
Control Lists
HOMEOFFICE
TELECOMMUTER
Confidential Data
BRANCH OFFICE
Policies for individual security domainsPolicies for Individual usersPolicies for user groups
•Allow remote access•Allow access to web server•Deny access to finance server•Deny access to confidential data
Security Domain 1
Security Domain 2
Security Domain 3
Security Domain 4
Internet
MPC8548
Up to 1500MHz Single Core; 512KB L2, DDR2/3, PCI-Express, 4xGbE, USB
SRIO, Security
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 27
Enterprise Deployment
MALICIOUS HACKERS
ENTERPRISE NETWORK
Email Server
App Server
Web Server
Confidential Data
EDI Server
Other Internal Users
MARKETING SUBNETMarketing Users
Logging Console
Admin Console
FINANCE SUBNET
Finance Users
VortiQa™ Software
Trojan Attack
DoS AttacksAccess
Control Lists
HOMEOFFICE
TELECOMMUTER
Confidential Data
BRANCH OFFICE
Policies for individual security domainsPolicies for Individual usersPolicies for user groups
•Allow remote access•Allow access to web server•Deny access to finance server•Deny access to confidential data
Security Domain 1
Security Domain 2
Security Domain 3
Security Domain 4
Internet
MPC8315
400MHz2 x GigE (SGMII)
PCI, PCI-ExpUSB, DDR1/2,
Security<2.0W @ 400MHz
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 28
Datacenter Deployment
Server Farm
Aggregation SwitchesWith VortiQa Software Core Switches
With VortiQa™ Software
Internet
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 29
Datacenter Deployment
Server Farm
Aggregation SwitchesWith VortiQa Software Core Switches
With VortiQa™ Software
Internet
P4080E
Up to 1500MHz 8 Cores; 1 MB L2, DDR2/3, PCI-Express, 10G/GbE, USB
DPAA, Security
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 30
Datacenter Deployment
Server Farm
Aggregation SwitchesWith VortiQa Software Core Switches
With VortiQa™ Software
Internet
MPC8572E
Up to 1500MHz Dual- e500 core; 1MB L2, 800 Mhz DDR2/3, PCI-Express, 4xGbE, USB
SRIO, Security
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 31
Datacenter Deployment
Server Farm
Aggregation SwitchesWith VortiQa Software Core Switches
With VortiQa™ Software
Internet
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 32
SMB Deployment
Internet
SMB Network
Branch Office
VPN Tunnel
Telecommuters & Road Warriors
VortiQa Software for Enterprise Networks
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 33
SMB Deployment
Internet
SMB Network
Branch Office
VPN Tunnel
Telecommuters & Road Warriors
VortiQa Software for Enterprise Networks
MPC8378E MPC8377E
400-667MHz2 x GigE (SGMII)
PCI , PCI-ExpUSB, DDR1/2,
Security, SATA<5.0W @ 667MHz
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 34
SMB Deployment
Internet
SMB Network
Branch Office
VPN Tunnel
Telecommuters & Road Warriors
VortiQa Software for Enterprise Networks
P2020
Dual e500 Core, 800 - 1200 MHz512 KB L2 Cache
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 35
SMB Deployment
Internet
SMB Network
Branch Office
VPN Tunnel
Telecommuters & Road Warriors
VortiQa Software for Enterprise Networks
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 36
Summary and Q&A
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 37
Summary
►VortiQa software on QorIQ™ and PowerQUICC® processors
• Answer to challenges faced by the network equipment vendorsGuard against elevated and sophisticated threats.Highly optimized & performance tuned solution to get the most out of silicon & its capabilitiesAccelerate time to market with a comprehensive system solution – not just silicon or softwareSupport from the developers who have experience with silicon and software
• Expanded ecosystem working with independent vendors
TMFreescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. 38
Q&A
►Thank you for attending this presentation. We’ll now take a few moments for the audience’s questions and then we’ll begin the question and answer session.
TM