Application Note Template Template



|8155 |

|Memory Utilization |

|Application Note |

AN-0126-00AN-0126-A, © 2005, Hi/fn®, Inc. All rights reserved. 6/05

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form by any means without the written permission of Hi/fn, Inc. (“Hifn”)

Licensing and Government Use

Any Hifn software (“Licensed Programs”) described in this document is furnished under a license and may be used and copied only in accordance with the terms of such license and with the inclusion of this copyright notice. Distribution of this document or any copies thereof and the ability to transfer title or ownership of this document’s contents are subject to the terms of such license.

Such Licensed Programs and their documentation have been developed at private expense and no part of such Licensed Programs is in the public domain. Use, duplication, disclosure, and acquisition by the U.S. Government of such Licensed Programs is subject to the terms and definitions of their applicable license.

Disclaimer

Hifn reserves the right to make changes to its products, including the contents of this document, or to discontinue any product or service without notice. Hifn advises its customers to obtain the latest version of relevant information to verify, before placing orders, that information being relied upon is current. Every effort has been made to keep the information in this document current and accurate as of the date of this document’s publication or revision.

Hifn warrants performance of its products to the specifications applicable at the time of sale in accordance with Hifn’s standard warranty or the warranty provisions specified in any applicable license. Testing and other quality control techniques are utilized to the extent Hifn deems necessary to support such warranty. Specific testing of all parameters, with the exception of those mandated by government requirements, of each product is not necessarily performed.

Certain applications using Hifn products may involve potential risks of death, personal injury, or severe property or environmental damage (“Critical Applications”). Hifn products are not designed, intended, authorized, or warranted to be suitable for use in life saving, or life support applications, devices or systems or other critical applications. Inclusion of Hifn products in such critical applications is understood to be fully at the risk of the customer. Questions concerning potential risk applications should be directed to Hifn through a local sales office.

In order to minimize risks associated with the customer's applications, adequate design and operating safeguards should be provided by the customer to minimize inherent or procedural hazards. “Typical” parameters can and do vary in different applications. All operating parameters, including “Typicals,” should be validated for each customer application by the customer’s technical experts.

Hifn does not warrant that its products are free from infringement of any patents, copyrights or other proprietary rights of third parties. In no event shall Hifn be liable for any special, incidental or consequential damages arising from infringement or alleged infringement of any patents, copyrights or other third party intellectual property rights.

The use of this product in stateful compression protocols (for example, PPP or multi-history applications) with certain configurations may require a license from Motorola. In such cases, a license agreement for the right to use Motorola patents may be obtained through Hifn or directly from Motorola.

Patents

May include one or more of the following United States patents: 4,701,745; 5,003,307; 5,016,009; 5,126,739; 5,146,221; 5,414,425; 5,463,390; 5,506,580; and 5,5532,694. Other patents pending.

Trademarks

Hi/fn®, MeterFlow®, MeterWorks®, and LZS®, are registered trademarks of Hi/fn, Inc. HifnTM, FlowThroughTM, and the Hifn logo are trademarks of Hi/fn, Inc. All other trademarks and trade names are the property of their respective holders.

IBM, IBM Logo, and IBM PowerPC are trademarks of International Business Machines Corporation in the United States, or other countries.

Microsoft, Windows, Windows NT and the Windows logo are trademarks of Microsoft Corporation in the United States, and/or other countries.

Exporting

This product may only be exported from the United States in accordance with applicable Export Administration Regulations. Diversion contrary to United States laws is prohibited.

Hifn Confidential

If you have signed a Hifn Confidential Disclosure Agreement that includes this document as part of its subject matter, please use this document in accordance with the terms of the agreement. If not, please destroy the document.

Contents

1 Scope 1

2 Private Memory Organization 3

2.1 Types of Sessions 5

2.2 Maximum Number of Simultaneous Open Sessions 5

2.3 Maximum Number of Sessions by Memory Size 6

2.4 Anti-replay Memory Usage 7

2.4.1 Maximum Number of Small Sessions with Anti-Replay 7

2.5 Optimized Large Context Memory Usage Tables 8

2.5.1 RC4 / SSL, Stateless or without Compression 9

2.5.2 Stateful Compression 9

2.5.3 Stateful LZS Decompression 10

2.5.4 Stateful MPPC Decompression 10

THIS PAGE INTENTIONALLY LEFT BLANK.

Scope

This application note contains private memory organization and session capacity information for HIPP II 8155 security processor. The information contained in this document is intended as a general guide when designing with the 8155 security processor.

HIPP II security processors have the unique ability to perform encryption and compression operations on entire packets at very high speeds in switched packet network applications. This is accomplished by storing session context and certain packet processing algorithms in the security processors private memory. As a result, a significant amount of processing is alleviated from the host network processor and the throughput of the system may be dramatically increased.

The reader is assumed to have a general knowledge of 8155 architecture. Refer to the latest version of the 8155 Network Security Processor Device Specification, DE-0011-xx, for for more information about the 8155.

For technical support about this product, please contact your local Hifn sales office, representative, or distributor. For general information about Hifn and Hifn products please refer to:

.

THIS PAGE INTENTIONALLY LEFT BLANK.

Private Memory Organization

The primary purpose of private memory is to maintain session context, compression histories, scratch buffers, core descriptors and store DPU programs which are used to perform encryption, compression, and other miscellaneous packet or session functions. An example of a private memory map is shown in Figure 1. This document focuses on the private SDRAM requirements for storing different types of session context.

[pic]

1. Private Memory Organization

The 8155 processor supports three types of context memory mapping: small context, legacy large context, and optimized large context. The Device Specification for the 8155 processor describes how to use each of these types of context mapping. The following sections illustrate how session context and compression histories are stored in 8155 private memory.

1 Types of Sessions

Table 1 below compares the amount of memory required for a variety of session types.

Memory Requirements for different Session Types

|Session Type |Required Context Types |Total Memory per Context |

|Small Sessions |Small Context only (256) |256 bytes |

|Legacy Large Sessions |Small Context + Large Encryption Context (256 + |768 bytes |

|with Encryption (no Compression) |512) | |

|Legacy Large Sessions |Small Context + Large Encryption Context + Large |8960 bytes |

|with Compression |Compression Context (256 + 512 + 8K) | |

|Optimized Large Sessions |Optimized Large Context (512) |512 bytes |

|(RC4 & SSL) | | |

|Optimized Large Sessions with Stateful Compression |Optimized Large Context + Stateful Compression |1024 bytes |

| |History (512 + 512) | |

|Optimized Large Sessions with Stateful Decompression|Optimized Large Context + Stateful Decompression |2560 bytes |

| |History (512 + 2048) | |

|Optimized Large Sessions with stateful MPPC |Optimized Large Context + Stateful MPPC |8704 bytes |

|decompression |Decompression History (512 + 8192) | |

2 Maximum Number of Simultaneous Open SessionsThis is a two step calculation process. First, the amount of memory that can be allocated to small context sessions is found. Then t

The maximum number of simultaneous open sessions can be found as follows:

1. Determine the amount of memory available for the small session structure. This is the total memory, less the amount of memory reserved for packet buffers, core descriptors, and DPU programs.

2. Divide the result of step 1 by 256 (the size of a small memory context).

For example, applications with 512 MB of private memory can support up to 2,076,752 simultaneous small sessions. This number is calculated by taking the total memory size (512 MB=536,870,912 bytes) and subtracting the size of the packet buffer space (32*128 KB) as well as the estimated number of bytes for the core descriptor space, the size of the DPU program(s), and any other miscellaneous memory requirements. For this example, 1 MB is chosen as the estimate.

Small context sessions size = Total memory size – packet buffer size – core descriptor and DPU program size

531,628,032 = 536,870,912 – 4,194,304 – 1,048,576

Since small context segments require 256 bytes each, the maximum number of sessions is given by:

531,628,032 / 256 = 2,076,752

Of course, this number would be significantly reduced if large sessions were used.

3 Maximum Number of Sessions by Memory Size

The following table contains the maximum number of sessions that can be supported by typical SDRAM memory sizes. Anti-Replay window size is not included in the values shown.

Maximum Number of Sessions by Memory Size

| |64 MB |128 MB |256 MB |512 MB |

|SDRAM Device |(2x) 16M x 16 |(4x) 16M x 16 |(4x) 32M x 16 |(8x) 64M x 8 |

|Total Bytes |67,108,864 bytes |134,217,728 bytes |268,435,456 bytes |536,870,912 bytes |

|Packet Buffers (32 Indexes) |4,194,304 bytes |4,194,304 bytes |4,194,304 bytes |4,194,304 bytes |

|Core Descriptors, DPU programs, |1,048,576 bytes |1,048,576 bytes |1,048,576 bytes |1,048,576 bytes |

|misc. | | | | |

|Remaining memory for Session |61,865,984 bytes |128,974,848 bytes |263,192,576 bytes |531,628,032 bytes |

|Context | | | | |

|Max Small Sessions |241,664 |503,808 |1,028,096 |2,076,672 |

|Max Legacy Large Sessions |65,535 |65,535 |65,535 |65,535 |

|(stateless) (1) | | | | |

|Max Legacy Large Sessions |6904 |14,394 |29,374 |59,335 |

|(compression) | | | | |

|Optimized large session (stateless |120,832 |251,904 |514,048 |1,038,336 |

|or no compression) RC4/SSL | | | | |

|Optimized large session (stateful | 60,416 |125,952 |257,024 |519,188 |

|compression) LZS | | | | |

|Optimized large session (stateful |24,166 |50,380 |102,809 |207,675 |

|decompression) LZS | | | | |

|Optimized large session (stateful |7,107 |14,817 |30,224 |61,080 |

|decompression) MPPC | | | | |

|1. The maximum number of legacy large sessions is limited by the size of the 16-bit pointer |

4 Anti-replay Memory Usage

Small anti-replay sequence histories (64-bits) are stored within regular session context. The 8155 processor also supports large anti-replay windows (128, 256, 512, or 1024-bits) that consume additional memory and in turn reduce the maximum number of simultaneous open sessions. In sessions using large anti-replay, each session context contains an address pointer to the SDRAM location where each anti-replay history is stored.

In addition to the anti-replay window, an extra 64 bits are stored in memory for the look-ahead buffer. So, for a large anti-replay window of 128-bits, the amount of memory consumed is given by:

128 + 64 = 192 bits = 24 bytes per session

Similarly, the total window size for 256, 512, and 1024-bit windows are calculated by adding 64-bits to the window size. The following table estimates how much memory will be consumed by the given numbers of sessions for each anti-replay window size.

Memory Consumption vs. Anti-replay Size

|Large Anti-replay |1 Session |1,000 Sessions |10,000 Sessions |100,000 Sessions |1,000,000 Sessions|

|window size | | | | | |

|128-bits |24-bytes |24 KB |240 KB |2.4 MB |24 MB |

|256-bits |40-bytes |40 KB |400 KB |4.0 MB |40 MB |

|512-bits |72-bytes |72 KB |720 KB |7.2 MB |72 MB |

|1024-bits |136-bytes |136 KB |1360 KB |13.6 MB |136 MB |

1 Maximum Number of Small Sessions with Anti-Replay

The following table contains the maximum number of IPsec sessions that will fit into given private memory configurations. The maximum number of small sessions is calculated for 64, 128, 256, 512, and 1024-bit anti-replay windows. Since a 64-bit anti-replay window is built into the small context, reduction to the maximum number of IPsec sessions actually begins when 128-bits, or more, of anti-replay are used.

Max Number of IPsec Sessions with Anti-Replay for Common Memory Sizes

| |64 MB |128 MB |256 MB |512 MB |

|SDRAM Device |(2x) 16Mx16 |(4x) 16Mx16 |(4x) 32Mx16 |(8x) 64Mx8 |

|Total Bytes |67,108,864 bytes |134,217,728 bytes |268,435,456 bytes |536,870,912 bytes |

|Packet Buffers (32 Indexes) |4,194,304 bytes |4,194,304 bytes |4,194,304 bytes |4,194,304 bytes |

|Core Descriptors, DPU programs, misc. |1,048,576 bytes |1,048,576 bytes |1,048,576 bytes |1,048,576 bytes |

|Remaining memory for Session Context |61,865,984 bytes |128,974,848 bytes |263,192,576 bytes |531,628,032 bytes |

|Max Small Sessions with 64 bit anti replay |241,664 |503,808 |1,028,096 |2,076,672 |

|window | | | | |

|Max Small Sessions with 128-bit anti-replay |220,950 |460,624 |939,973 |1,898,672 |

|window | | | | |

|Max Small Sessions with 256-bit anti-replay |209,006 |435,726 |889,164 |1,796,040 |

|window | | | | |

|Max Small Sessions with 512-bit anti-replay |188,616 |393,216 |802,416 |1,620,817 |

|window | | | | |

|Max Small Sessions with 1024-bit anti-replay |157,821 |329,017 |671,409 |1,356,194 |

|window | | | | |

5 Optimized Large Context Memory Usage Tables

The following sections contain tables that define the raw memory requirements for varying combinations of optimized large session types. The values shown are in megabytes and do not take into consideration DPU code, descriptor memory, anti-replay memory consumption, etc.

1 RC4 / SSL, Stateless or without Compression

| |

-----------------------

[pic]

[pic]

[pic]

[pic]

[pic]

[pic]

[pic]

[pic]

[pic]

[pic]

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download