KeyStone Training. Network Coprocessor (NETCP)
|
|
- Gyles Freeman
- 6 years ago
- Views:
Transcription
1 KeyStone Training Network Coprocessor (NETCP) Security Accelerator e () Agenda Motivation Firmware ae Low Level Driver (LLD) IPsec Encryption Example IPsec Decryption Example 1
2 Security Accelerator: Motivation Motivation Firmware Low Level Driver (LLD) IPsec Encryption Example IPsec Decryption Example : Motivation Motivation Hardware Encryption, Decryption, and Authentication Faster than software Supported Protocols IPsec ESP IPsec AH SRTP 3GPP Software Provided Firmware Needed for operation LLD Simplify programming SGMII0 SGMII1 PHY mdio_link_intr[1:0] mdio_user_intr[1:0] misc_int buf_starve_intr NETCP Block Diagram Controller GbE Switch Subsystem INTD stat_pend_raw[1:0] 2
3 Security Accelerator: Firmware Motivation Firmware Low Level Driver (LLD) IPsec Encryption Example IPsec Decryption Example Firmware Download firmware images to PDSPs prior to running : 1. php1 image (IPsec); Download to PDSP1 2. php2 image (SRTP and 3GPP); Download to PDSP2 CPU/3 CFG TeraNet SCR CPU/3 Main TeraNet SCR SGMII 0 SGMII 1 Config 32-bits _VBUSM_TXRX 128 bits SERDES SERDES MDIO 0 INTS Controller CP_ACE Security Unit Switch Status INTS CPSGMII CPSGMII CPMDIO 3-Port Ethernet Switch 32-bit VBUSP TeraNet SCR Streaming Interface Switch Pass 1 LUT CDE Pass 1 LUT CDE Pass 1 LUT CDE Pass 2 LUT CDE CDE PDSP+ 1 PDSP+ 2 PDSP+ 3 PDSP+ 4 PDSP+ 5 PDSP+ CDE 6 Stats 32-bit VBUSP TeraNet SCR Timer16 1 Timer16 2 Timer16 3 Timer16 4 Timer16 5 Timer16 6 PDSP Scratchpad RAM 1 PDSP Scratchpad RAM 2. : PDSP Scratchpad RAM n INTD 3
4 Low Level Driver (LLD) Motivation Firmware Low Level Driver (LLD) IPsec Encryption Example IPsec Decryption Example LLD Overview LLD provides an abstraction layer between the application and the Sub system. It provides both the system level interface and the channel level interface with a set of APIs System Level interface Reset, download and update the PDSP images. Query states and statistics. Read a 64 bit true random number Perform the large integer arithmetic through the PKA module Monitor and report system error Channel Level interface Convert the channel configuration information into the security contexts defined by the. Perform protocol specific packet operations such as insertion of the ESP header, padding and ESP tail. Decrypt and authenticate the received SRTP packet if the is not able to perform the operations due to the key validation failure. Generate the command labels in data mode operation. Maintain the protocol specific channel statistics. LLD does not provide transport layer and all API calls are non blocking The software layers above the LLD must call the appropriate LLD APIs, and then call the appropriate CPPI and QMSS APIs to actually send packets to the. For more information on LLD, refer to the Security Accelerator () User Guide. 4
5 LLD API: Common Interface (1/2) Sa_getBufferReq (Sa_SizeCfg_t *sizecfg, int sizes[], int aligns[]) Sa_getBufferReq returns the memory requirements for the LLD instance. It returns the memory buffer requirements in terms of the size and alignment array. Sa_create (Sa_Config_t *cfg, void *bases[], Sa_Handle *phandle) Sa_create creates the LLD instance. It initializes the LLD instance and its corresponding instance structure based on channel configuration data such as the call out table, and etc. Sa_close (Sa_Handle handle, void *bases[]) Sa_close decativates the LLD instance. Sa_getSysStats (Sa_Handle handle, Sa_SysStats_t *stats) This function obtains LLD system statistics. Sa_State_ t Sa_resetControl (Sa_Handle handle, Sa_State_t newstate) This function controls the reset state of the Sub System. Sa_downloadImage (Sa_Handle handle, int modid, void *image, int sizebytes) This function downloads a PDSP image to a PDSP core within the sub system. u Sa_getID (Sa_Handle handle) This function returns the system ID associated with the specified handle. LLD API: Common Interface (2/2) Sa_rngInit (Sa_Handle handle, Sa_RngConfigParams_t *cfg) The function is called to initialize and configure the RNG (Random Number Generator) module inside. Sa_getRandonNum (Sa_Handle handle, u f_isr, Sa_RngData_t *rnd) This function returns a 64 bit true random number. Sa_rngClose (Sa_Handle handle) Sa_rngClose decativates the RNG module. Sa_pkaInit (Sa_Handle handle) This function initializes the PKA (Public Key Accelerator) module inside. Sa_pkaOperation (Sa_Handle handle, Sa_PkaReqInfo_t *pkareqinfo) This function triggers a large vector arithmetic operation through the PKA module. Sa_pkaClose (Sa_Handle handle) Sa_pkaClose decativates the PKA module. 5
6 LLD API: Channel Interface Sa_chanGetBufferReq (Sa_ChanSizeCfg_t *sizecfg, int sizes[], int aligns[]) Sa_chanGetBufferReq returns the memory requirements for an LLD channel. It returns the memory buffer requirements in terms of the size and alignment array. Sa_chanCreate (Sa_Handle handle, Sa_ChanConfig_t *cfg, void *bases[], Sa_ChanHandle *pchanhdl) Sa_chanCreate creates the LLD channel. It initializes an instance of LLD channel and its corresponding instance structure based on channel configuration data such as the security protocol, and etc. t Sa_chanClose (Sa_ChanHandle handle, void *bases[]) Sa_chanClose decativates the LLD channel. It clears the LLD channel instance. All the associated memory buffers can be freed after this call. Sa_chanControl (Sa_ChanHandle handle, Sa_ChanCtrlInfo_t *chanctrlinfo) This function controls the operations of a channel instance of LLD. It is used to configure and/or re configure the LLD channel with various control information. This function should be called multiple times to configure and activate the LLD channel during the call setup period. Then it is typically called to perform re key operation subsequently. Sa_chanReceiveData (Sa_ChanHandle handle, Sa_PktInfo_t *pktinfo) This function processes packets received from the network. It performs protocol specific post operations on the decrypted and/or integrity verified data packet. It also performs the actual decryption/authentication operation in SW only mode. Sa_chanSendData S (Sa_ChanHandle H handle, Sa_PktInfo_t t *pktinfo, u tclear) This function processes the data packet to the networks. It performs protocol specific operations to prepare the data packets to be encrypted and/or authenticated by the. It also performs the actual encryption and/or authentication in the SW only mode. Sa_chanGetStats (Sa_ChanHandle handle, u flags, Sa_Stats_t *stats) This function obtains LLD channel protocol specific statistics. uint16 _t Sa_chanGetID (Sa_ChanHandle handle) Sa_chanGetID returns the channel ID associated with the specified handle. u LLD API: Utility Functions Sa_isScBufFree (uint8_t *scbuf) This function verifies whether the security context buffer has been freed by. 6
7 LLD API: Callout Functions (1/2) void(* void(* void(* void(* DebugTrace )(Sa_ChanHandle handle, u msgtype, u msgcode, u msglength, u *msgdata) A callout to the system code's debug and exception handling function. This is a function pointer and must point to a valid function which meets the API requirements. ChanKeyRequest )(Sa_ChanHandle handle, Sa_KeyRequest_t *keyreq) Callout to externally supplied system to request a new security key. This function may be triggered by either the Sa_chanSendData() or Sa_chanReceiveData() APIs. The application should call the Sa_chanControl() API to pass the new key when it is available. This is a function pointer and must point to a valid function which meets the API requirements. ScAlloc )(Sa_ChanHandle handle, Sa_ScReqInfo_t *screqinfo) Callout to externally supplied system to allocate the security context with the specified size. This function must be implemented as a simple non blocking function. This is a function pointer and must point to a valid function which meets the API requirements. ScFree )(Sa_ChanHandle handle, u scid) Callout to externally supplied system to release the security context with the specified ID. This function must be implemented as a simple non blocking function. This is a function pointer and must point to a valid function which meets the API requirements. LLD API: Callout Functions (2/2) void(* void(* void(* ChanRegister )(Sa_ChanHandle handle, Sa_SWInfo_t *chanswinfo) Callout to externally supplied system to register the security channel with its software routing information to be programmed into the SS lookup table in the from Network direction. It may be triggered by the Sa_chanControl(), Sa_chanSendData() and Sa_chanReceiveData() APIs. This is a function pointer and must point to a valid function which meets the API requirements. ChanUnRegister )(Sa_ChanHandle handle, Sa_SWInfo_t *chanswinfo) Callout to externally supplied system to un register the security channel with its software routing information to be removed from the SS lookup tables. It may be triggered by the ssa_chanclose(), Sa_chanSendData() and Sa_chanReceiveData() APIs. This is a function pointer and must point to a valid function which meets the API requirements. ChanSendNullPkt )(Sa_ChanHandle handle, Sa_PktInfo_t *pktinfo) Callout to externally supplied system to send an Null packet to the sub system. The null packet is used to evict and/or tear down the security context associated with the channel. It may be triggered by the Sa_chanClose(), Sa_chanSendData() and Sa_chanReceiveData() APIs. This is a function pointer and must point to a valid function which meets the API requirements. 7
8 LLD: Basic Configuration Configuration Information Step 2: Load FW: Sa_resetControl(DIBLE) Sa_downloadImage() Sa_resetControl(ENABLE) Step 1: Set up memory: Sa_getBufferReq() Sa_create() NETCP QMSS CorePac LLD Multicore Navigator IPsec Encryption Example Motivation Firmware Low Level Driver (LLD) IPsec Encryption Example IPsec Decryption Example 8
9 IPsec Encryption: Packets Starting Packet (before IPsec Encryption) MAC Final Packet (after IPsec Encryption) MAC IPsec IPsec Encryption: Configuration MAC Configuration Information NOTE: Currently, only reserving room for IPsec header. The actual header has not been created yet! NETCP IPsec QMSS Multicore Navigator NOTE: Currently, only reserving room for IPsec tail. The actual tail has not been created yet! Set up routing for decryption in Sa_DestInfo_t structure. CorePac Step 1: Set up IPsec channel: Sa_chanGetBufferReq() Sa_ chancreate() //Setup Security Context Sa_chanControl() //setup general cfg Sa_chanControl() //setup key cfg Sa_chanControl() //setup TX chan LLD Step 2: Prepare packet for IPsec encryption: /* Reserve room for ESP Header and the initialization vector in front of ESP payload, calculate ESP padding size, insert ESP padding and ESP Tail, adjust payload length and packet size */ Sa_chanSendData() Step 3: Create command to be sent with the packet to : HO_SINFO_FORMAT_CMD() 9
10 IPsec Encryption: Tx Queue Transmit Data Packet MAC IPsec Receive Data Packet Step 4: Set command, link buffer, and push descriptor onto Tx queue: Cppi_setPSData(command) // Link command from Step 3 /* Provide info from Sa_chanControl() allow to access security context */ Cppi_setSoftwareInfo() descriptor->buffptr = pkt // Link Packet Qmss_queuePush() // Push descriptor onto TX queue NETCP QMSS CorePac LLD Multicore Navigator Step 5: automatically pops descriptor from the Tx queue and sends the packet to NETCP. After finishes the data transfer, the Tx descriptor is returned to the specified packet completion queue. IPsec Encryption: to Step 6: Once the data transfer from 0 queue to the NETCP has completed, the controller transfers the packet through the packet streaming switch to the. Q640: PDSP0 Controller Q641: PDSP1 Q642: PDSP2 Q643: PDSP3 Q644: PDSP4 Q645: PDSP5 Q646: 0 Q647: 1 Q648: GbE SW Q900: RXQUEUE SGMII0 SGMII1 PHY mdio_link_intr[1:0] mdio_user_intr[1:0] misc_int buf_starve_intr GbE Switch Subsystem INTD stat_pend_raw[1:0] 10
11 IPsec Encryption: to Step 7: encrypts the packet with IPsec ESP encryption and transfers the packet through the packet streaming switch to the controller and into the RXQUEUE. Q640: PDSP0 Controller Q641: PDSP1 Q642: PDSP2 Q643: PDSP3 Q644: PDSP4 Q645: PDSP5 Q646: 0 Q647: 1 Q648: GbE SW Q900: RXQUEUE SGMII0 SGMII1 PHY mdio_link_intr[1:0] mdio_user_intr[1:0] misc_int buf_starve_intr GbE Switch Subsystem INTD stat_pend_raw[1:0] IPsec Encryption: to CorePac Repeat steps 5-7 to encrypt more packets. Transmit Data Packet MAC IPsec Receive Data Packet NOTE: Contains encrypted IPsec data. NETCP QMSS Multicore Navigator Step 8: The packet is transferred from the controller to host memory via the. Once the transfer is complete, the Rx flow pushes the descriptor onto the Rx queue specified in Sa_DestInfo_t structure during setup. CorePac Step 9: Pop the descriptor to process the packet: QMSS_queuePop() LLD 11
12 IPsec Decryption Example Motivation Firmware Low Level Driver (LLD) IPsec Encryption Example IPsec Decryption Example IPsec Decryption: Packets Starting Packet (before IPsec Decryption) EMAC O_IP IPsec I_IP Final Packet (after IPsec Decryption) EMAC O_IP I_IP 12
13 IPsec Decryption: Config & Tx Queue Configuration Information MAC IPsec Transmit Data Packet Step 3: automatically pops the descriptor from TX queue and sends the packet to NETCP via. After finishes the data transfer, the Tx descriptor is returned to the specified packet completion queue. NETCP QMSS Multicore Navigator Step 2: Set command, link buffer, and push descriptor onto Tx queue: Cppi_setPSData() /* Provide info from Sa_chanControl() allow to access security context */ Cppi_setSoftwareInfo() Descriptor->buffPtr = pkt //Link packet buffer Qmss_queuePush() //Push descriptor onto TX queue CorePac Sets up routing for decryption in Sa_DestInfo_t structure. LLD Step 1: Set up IPsec Channel: Sa_chanGetBufferReq() Sa_chanCreate() //Setup Security Context Sa_chanControl() //setup general cfg Sa_chanControl() //setup key cfg Sa_chanControl() //setup RX chan IPsec Decryption: to Step 4: Once the data transfer from 0 queue to the NETCP has completed, the controller transfers the packet through the packet streaming switch to the. Q640: PDSP0 Controller Q641: PDSP1 Q642: PDSP2 Q643: PDSP3 Q644: PDSP4 Q645: PDSP5 Q646: 0 Q647: 1 Q648: GbE SW Q900: RXQUEUE SGMII0 SGMII1 PHY mdio_link_intr[1:0] mdio_user_intr[1:0] misc_int buf_starve_intr GbE Switch Subsystem INTD stat_pend_raw[1:0] 13
14 IPsec Decryption: to Step 5: decrypts the IPsec ESP packet and transfers the packet through the packet streaming switch to the controller and into the RXQUEUE. Q640: PDSP0 Controller Q641: PDSP1 Q642: PDSP2 Q643: PDSP3 Q644: PDSP4 Q645: PDSP5 Q646: 0 Q647: 1 Q648: GbE SW Q900: RXQUEUE SGMII0 SGMII1 PHY mdio_link_intr[1:0] mdio_user_intr[1:0] misc_int buf_starve_intr GbE Switch Subsystem INTD stat_pend_raw[1:0] IPsec Decryption: to CorePac MAC Receive Data Packet IPsec NOTE: Remove space reserved for IPsec header in Step 8. NOTE: Decrypted data NOTE: Remove space reserved for IPsec tail in Step 8. NETCP QMSS CorePac LLD Multicore Navigator Step 8: Remove IPsec header and tail: /* Update the packet size and protocol payload size in the header parsing information */ Sa_chanReceiveData() Step 6: The packet is transferred from the controller to host memory via the. Once the transfer is complete, the Rx flow pushes the descriptor onto the queue specified in Sa_DestInfo_t structure during setup. Step 7: Pop descriptor to process the packet: QMSS_queuePop() 14
15 For More Information For more information, refer to the Security Accelerator () User Guide. For questions regarding topics covered in this training, visit the support forums at the TI E2E Community website. 15
KeyStone Training. Network Coprocessor (NETCP) Packet Accelerator (PA)
KeyStone Training Network Coprocessor (NETCP) Packet Accelerator (PA) Agenda Applications Hardware Modules Firmware PA Low Level Driver (LLD) Programming Example Packet Accelerator: Applications Applications
More informationKeyStone Training. Network Coprocessor (NETCP) Packet Accelerator (PA)
KeyStone Training Network Coprocessor (NETCP) Packet Accelerator (PA) Agenda Applications Hardware Modules Firmware PA Low Level Driver (LLD) Programming Example Packet Accelerator: Applications Applications
More informationKeyStone Training. Multicore Navigator Overview
KeyStone Training Multicore Navigator Overview What is Navigator? Overview Agenda Definition Architecture Queue Manager Sub-System (QMSS) Packet DMA () Descriptors and Queuing What can Navigator do? Data
More informationGigabit Ethernet Switch Subsystem
Gigabit Ethernet Switch Subsystem 1 Agenda GbE Switch SGMII MDIO Example Code SGMII Loopback PC-EMAC Communication 2 GbE Switch Overview ALE Operational mode Normal Mode Direct Packet Bypass Mode MAC Flow
More informationKeyStone Training. Turbo Encoder Coprocessor (TCP3E)
KeyStone Training Turbo Encoder Coprocessor (TCP3E) Agenda Overview TCP3E Overview TCP3E = Turbo CoProcessor 3 Encoder No previous versions, but came out at same time as third version of decoder co processor
More informationC66x KeyStone Training HyperLink
C66x KeyStone Training HyperLink 1. HyperLink Overview 2. Address Translation 3. Configuration 4. Example and Demo Agenda 1. HyperLink Overview 2. Address Translation 3. Configuration 4. Example and Demo
More informationC66x KeyStone Training HyperLink
C66x KeyStone Training HyperLink 1. HyperLink Overview 2. Address Translation 3. Configuration 4. Example and Demo Agenda 1. HyperLink Overview 2. Address Translation 3. Configuration 4. Example and Demo
More informationIntroduction to AM5K2Ex/66AK2Ex Processors
Introduction to AM5K2Ex/66AK2Ex Processors 1 Recommended Pre-Requisite Training Prior to this training, we recommend you review the KeyStone II DSP+ARM SoC Architecture Overview, which provides more details
More informationKeyStone Training Serial RapidIO (SRIO) Subsystem
KeyStone Training Serial RapidIO (SRIO) Subsystem SRIO Overview SRIO Overview DirectIO Operation Message Passing Operation Other RapidIO Features Summary Introduction To RapidIO Two Basic Modes of Operation:
More informationKeyStone C66x Multicore SoC Overview. Dec, 2011
KeyStone C66x Multicore SoC Overview Dec, 011 Outline Multicore Challenge KeyStone Architecture Reminder About KeyStone Solution Challenge Before KeyStone Multicore performance degradation Lack of efficient
More informationKeystone Architecture Inter-core Data Exchange
Application Report Lit. Number November 2011 Keystone Architecture Inter-core Data Exchange Brighton Feng Vincent Han Communication Infrastructure ABSTRACT This application note introduces various methods
More informationSoC Overview. Multicore Applications Team
KeyStone C66x ulticore SoC Overview ulticore Applications Team KeyStone Overview KeyStone Architecture & Internal Communications and Transport External Interfaces and s Debug iscellaneous Application and
More informationKeyStone Training. Bootloader
KeyStone Training Bootloader Overview Configuration Device Startup Summary Agenda Overview Configuration Device Startup Summary Boot Overview Boot Mode Details Boot is driven on a device reset. Initial
More informationKeyStone Training. Power Management
KeyStone Training Management Overview Domains Clock Domains States SmartReflex Agenda Overview Domains Clock Domains States SmartReflex C66x Overview New Management Features New features: Switchable Logic
More informationINTERNET PROTOCOL SECURITY (IPSEC) GUIDE.
INTERNET PROTOCOL SECURITY (IPSEC) GUIDE www.insidesecure.com INTRODUCING IPSEC NETWORK LAYER PACKET SECURITY With the explosive growth of the Internet, more and more enterprises are looking towards building
More informationSecure RTP Library API Documentation. David A. McGrew Cisco Systems, Inc.
Secure RTP Library API Documentation David A. McGrew Cisco Systems, Inc. Contents 1 Overview 1 2 Secure RTP Functions 3 srtp protect().................................... 3 srtp unprotect()..................................
More informationHigh Performance Compute Platform Based on multi-core DSP for Seismic Modeling and Imaging
High Performance Compute Platform Based on multi-core DSP for Seismic Modeling and Imaging Presenter: Murtaza Ali, Texas Instruments Contributors: Murtaza Ali, Eric Stotzer, Xiaohui Li, Texas Instruments
More informationCIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec
CIS 6930/4930 Computer and Network Security Topic 8.1 IPsec 1 IPsec Objectives Why do we need IPsec? IP V4 has no authentication IP spoofing Payload could be changed without detection. IP V4 has no confidentiality
More informationTMS320C6000 Network Developer's Kit (NDK) Support Package Ethernet Driver Design Guide
TMS320C6000 Network Developer's Kit (NDK) Support Package Ethernet Driver Design Guide Literature Number: SPRUFP2 January 2009 IMPORTANT NOTICE Texas Instruments Incorporated and its subsidiaries (TI)
More informationUDP1G-IP reference design manual
UDP1G-IP reference design manual Rev1.1 14-Aug-18 1 Introduction Comparing to TCP, UDP provides a procedure to send messages with a minimum of protocol mechanism, but the data cannot guarantee to arrive
More informationrte_security: An update and introducing PDCP
rte_security: An update and introducing PDCP Akhil Goyal (NXP) Hemant Agrawal (NXP) DPDK Summit Dublin- 2018 Agenda Rte_security A brief recap PDCP - Introduction Rte_security Updates for PDCP Protocol
More informationlib/librte_ipsec A NATIVE DPDK IPSEC LIBRARY UPDATE 2018/12 DECLAN DOHERTY, MOHAMMAD ABDUL AWAL, KONSTANTIN ANANYEV
x lib/librte_ipsec A NATIVE DPDK IPSEC LIBRARY UPDATE 2018/12 DECLAN DOHERTY, MOHAMMAD ABDUL AWAL, KONSTANTIN ANANYEV /intro Create a DPDK native high performance library for IPsec processing. Develop
More information1. Overview Ethernet FIT Module Outline of the API API Information... 5
Introduction APPLICATION NOTE R01AN2009EJ0115 Rev.1.15 This application note describes an Ethernet module that uses Firmware Integration Technology (FIT). This module performs Ethernet frame transmission
More informationTime Synchronization Security using IPsec and MACsec
Time Synchronization using IPsec and MACsec Appeared in ISPCS 2011 Tal Mizrahi Israel ing Seminar May 2012 Time Synchronization Time synchronization is used for various applications. Securing the time
More informationChapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure
More informationPacketShader: A GPU-Accelerated Software Router
PacketShader: A GPU-Accelerated Software Router Sangjin Han In collaboration with: Keon Jang, KyoungSoo Park, Sue Moon Advanced Networking Lab, CS, KAIST Networked and Distributed Computing Systems Lab,
More informationC66x KeyStone Training HyperLink
C66x KeyStone Training HyperLink Agenda Overview Address Transla
More informationPHY-Less Ethernet Implementation Using Freescale Power Architecture Based Microprocessors
June 24, 2010 PHY-Less Ethernet Implementation Using Freescale Power Architecture Based Microprocessors FTF-NET-F0568 Patrick B. Billings NMG, NPD Applications Engineering and VortiQa are trademarks of
More informationInternet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho
Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality
More informationSecuring Network Traffic Tunneled Over Kernel managed TCP/UDP sockets
Securing Network Traffic Tunneled Over Kernel managed TCP/UDP sockets Sowmini Varadhan(sowmini.varadhan@oracle.com) Agenda Proceedings of NetDev 1.1: The Technical Conference on Linux Networking (February
More informationTOE10G-IP with CPU reference design
TOE10G-IP with CPU reference design Rev1.1 6-Feb-19 1 Introduction TCP/IP is the core protocol of the Internet Protocol Suite for networking application. TCP/IP model has four layers, i.e. Application
More informationNabto Serial Link Protocol
Nabto Serial Link Protocol Nabto TM Nabto Serial Link Protocol Page 1 of 22 Contents Vocabulary... 4 Introduction... 5 Access Control... 5 Connection type... 5 Access Control List... 5 Protocol details...
More informationCisco Exam Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Version: 6.0 [ Total Questions: 79 ]
s@lm@n Cisco Exam 300-135 Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Version: 6.0 [ Total Questions: 79 ] Topic break down Topic No. of Questions Topic 1: Mix Questions 26 Topic 2: Troubleshooting
More informationPerformance Enhancement for IPsec Processing on Multi-Core Systems
Performance Enhancement for IPsec Processing on Multi-Core Systems Sandeep Malik Freescale Semiconductor India Pvt. Ltd IDC Noida, India Ravi Malhotra Freescale Semiconductor India Pvt. Ltd IDC Noida,
More informationSpiNNaker Application Programming Interface (API)
SpiNNaker Application Programming Interface (API) Version 2.0.0 10 March 2016 Application programming interface (API) Event-driven programming model The SpiNNaker API programming model is a simple, event-driven
More informationEPoC PHY Link and Auto Negotiation. Ed Boyd, Broadcom Avi Kliger, Broadcom
EPoC PHY Link and Auto Negotiation Ed Boyd, Broadcom Avi Kliger, Broadcom 1 Overview & Goals This presentation continues the PHY Link & Auto Negotiation topic from the technical feasibility presentation
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationGPGPU introduction and network applications. PacketShaders, SSLShader
GPGPU introduction and network applications PacketShaders, SSLShader Agenda GPGPU Introduction Computer graphics background GPGPUs past, present and future PacketShader A GPU-Accelerated Software Router
More informationshow crypto group summary, page 1 show crypto ikev2-ikesa security-associations summary spi, page 2
This chapter includes the command output tables. group summary, page 1 ikev2-ikesa security-associations summary, page 2 ikev2-ikesa security-associations summary spi, page 2 ipsec security-associations,
More informationSFO17-406: IPsec Full Offload Support in OpenDataPlane. Bill Fischofer
SFO17-406: IPsec Full Offload Support in OpenDataPlane Bill Fischofer Credits The work described in this session represents the collaborative contribution of the LNG ODP team, particularly: Petri Savolainen,
More informationOmni Flow Computer Master Driver v1.x Omni Flow Computer Master Modicon Compatible Driver 1.x
Omni Flow Computer Master Driver v1.x Omni Flow Computer Master Modicon Compatible Driver 1.x Information Sheet for Crimson v3.0+ Compatible Devices Omni Flow Computer devices equipped with Ethernet or
More informationVirtual Private Networks (VPN)
CYBR 230 Jeff Shafer University of the Pacific Virtual Private Networks (VPN) 2 Schedule This Week Mon September 4 Labor Day No class! Wed September 6 VPN Project 1 Work Fri September 8 IPv6? Project 1
More informationJason Manley. Internal presentation: Operation overview and drill-down October 2007
Jason Manley Internal presentation: Operation overview and drill-down October 2007 System overview Achievements to date ibob F Engine in detail BEE2 X Engine in detail Backend System in detail Future developments
More informationSoftware Datapath Acceleration for Stateless Packet Processing
June 22, 2010 Software Datapath Acceleration for Stateless Packet Processing FTF-NET-F0817 Ravi Malhotra Software Architect Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions
More informationUDP10G-IP reference design manual
UDP10G-IP reference design manual Rev1.2 22-Mar-18 1 Introduction Comparing to TCP, UDP provides a procedure to send messages with a minimum of protocol mechanism, but the data cannot guarantee to arrive
More informationKeyStone C665x Multicore SoC
KeyStone Multicore SoC Architecture KeyStone C6655/57: Device Features C66x C6655: One C66x DSP Core at 1.0 or 1.25 GHz C6657: Two C66x DSP Cores at 0.85, 1.0, or 1.25 GHz Fixed and Floating Point Operations
More informationCSC 6575: Internet Security Fall 2017
CSC 6575: Internet Security Fall 2017 Network Security Devices IP Security Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee Tech University 2 IPSec Agenda Architecture
More informationConfiguring High Availability
The Cisco High Availability (HA) technology enable network-wide protection by providing quick recovery from disruptions that may occur in any part of a network. A network's hardware and software work together
More informationWireless M-Bus Host Controller Interface DLL
Wireless M-Bus Host Controller Interface DLL Document ID: 4100/6404/0051 IMST GmbH Carl-Friedrich-Gauß-Str. 2-4 47475 KAMP-LINTFORT GERMANY General Information Document Information File name WMBus_HCIDLL_Spec.docx
More informationLeveraging Data Plane Acceleration Techniques on the QorIQ P4080 Processor
June 2010 Leveraging Data Plane Acceleration Techniques on the QorIQ P4080 Processor For High-Performance Network Security Applications (v1.0) John Rekesh Software Architect, Software Products Division
More informationWriting drivers for the Linux Crypto subsystem
May 18, 2014 Marek Vasut Software engineer at DENX S.E. since 2011 Embedded and Real-Time Systems Services, Linux kernel and driver development, U-Boot development, consulting, training. Versatile Linux
More informationChapter 5.6 Network and Multiplayer
Chapter 5.6 Network and Multiplayer Multiplayer Modes: Event Timing Turn-Based Easy to implement Any connection type Real-Time Difficult to implement Latency sensitive 2 Multiplayer Modes: Shared I/O Input
More informationIPSec Site-to-Site VPN (SVTI)
13 CHAPTER Resource Summary for IPSec VPN IKE Crypto Key Ring Resource IKE Keyring Collection Resource IKE Policy Resource IKE Policy Collection Resource IPSec Policy Resource IPSec Policy Collection Resource
More informationTTCN3 in Wireless Testing Eco Space
TTCN3 in Wireless Testing Eco Space Accenture, its logo, and Accenture High Performance Delivered are trademarks of Accenture. Agenda Challenges in Test environment development for Wireless Products Critical
More informationNabto SDK Nabto Serial Link Protocol
Nabto SDK Nabto Serial Link Protocol Nabto/001/TEN/011 Nabto Nabto/001/TEN/011 Nabto Serial Link Protocol Page 1 of 23 Vocabulary Contents 1 Vocabulary... 4 2 Introduction... 5 3 Access control... 5 3.1
More informationTable of Contents 1 IKE 1-1
Table of Contents 1 IKE 1-1 IKE Overview 1-1 Security Mechanism of IKE 1-1 Operation of IKE 1-1 Functions of IKE in IPsec 1-2 Relationship Between IKE and IPsec 1-3 Protocols 1-3 Configuring IKE 1-3 Configuration
More informationThe IPsec protocols. Overview
The IPsec protocols -- components and services -- modes of operation -- Security Associations -- Authenticated Header (AH) -- Encapsulated Security Payload () (c) Levente Buttyán (buttyan@crysys.hu) Overview
More information6.9. Communicating to the Outside World: Cluster Networking
6.9 Communicating to the Outside World: Cluster Networking This online section describes the networking hardware and software used to connect the nodes of cluster together. As there are whole books and
More informationMSC8156 Ethernet Interface
June 21, 2010 MSC8156 Ethernet Interface QUICC Engine Ethernet Programming Andrew Temple NMG DSP Applications Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis,
More informationETH. Ethernet MAC with Timestamp Extension. TCD30xx User Guide. Revision July 17, 2015
TCD30xx User Guide ETH Ethernet MAC with Timestamp Extension Revision 1.0.0-41582 July 17, 2015 Copyright 2015, TC Applied Technologies. All rights reserved. LIST OF TABLES... 16-3 LIST OF FIGURES... 16-4
More informationINT-1010 TCP Offload Engine
INT-1010 TCP Offload Engine Product brief, features and benefits summary Highly customizable hardware IP block. Easily portable to ASIC flow, Xilinx or Altera FPGAs INT-1010 is highly flexible that is
More informationRELEASE NOTES. JN517x ZigBee 3.0 SDK JN-SW Build NXP Semiconductors
RELEASE NOTES JN517x ZigBee 3.0 SDK JN-SW-4270 Build 1746 NXP Semiconductors For the contact details of your local NXP office or distributor, refer to: www.nxp.com CONTENTS RELEASE SUMMARY (v1746) 3 1.
More informationIPSec. Overview. Overview. Levente Buttyán
IPSec - brief overview - security associations (SAs) - Authentication Header (AH) protocol - Encapsulated Security Payload () protocol - combining SAs (examples) Overview Overview IPSec is an Internet
More informationSRIO Programming and Performance Data on Keystone DSP
Application Report Lit. Number October 2011 SRIO Programming and Performance Data on Keystone DSP Zhan Xiang, Brighton Feng Communication Infrastructure ABSTRACT SRIO (Serial RapidIO) on Keystone DSP is
More informationHardware Telemetry. About Streaming Statistics Export (SSX) Packet Format. About Streaming Statistics Export (SSX), on page 1
About Streaming Statistics Export (SSX), on page 1 About Streaming Statistics Export (SSX) Packet Format The Streaming Statistics Export (SSX) module reads statistics from the ASIC and sends them to a
More informationWireless Base Band Device (bbdev) Amr Mokhtar DPDK Summit Userspace - Dublin- 2017
Wireless Base Band Device (bbdev) Amr Mokhtar DPDK Summit Userspace - Dublin- 2017 why baseband..? MAC Tx Data Downlink * Reference: 3GPP TS 36.211 & 36.212 architecture Common programing framework for
More informationlibnetfilter_log Reference Manual
libnetfilter_log Reference Manual x.y Generated by Doxygen 1.4.6 Tue Mar 21 13:47:12 2006 CONTENTS 1 Contents 1 libnetfilter_log File Index 1 2 libnetfilter_log File Documentation 1 1 libnetfilter_log
More informationLANCOM Techpaper Routing Performance
LANCOM Techpaper Routing Performance Applications for communications and entertainment are increasingly based on IP networks. In order to ensure that the necessary bandwidth performance can be provided
More informationDefining Unified CCX CTI Messages
This chapter includes the following topics that you need to understand in order to correctly define Unified CCX CTI Messages:, page 2 Alignment of data elements, page 6 Pack and unpack a Unified CCX CTI
More informationIPsec Anti-Replay Window Expanding and Disabling
IPsec Anti-Replay Window Expanding and Disabling Cisco IP security (IPsec) authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence
More informationAnand Raghunathan
ECE 695R: SYSTEM-ON-CHIP DESIGN Module 2: HW/SW Partitioning Lecture 2.26: Example: Hardware Architecture Anand Raghunathan raghunathan@purdue.edu ECE 695R: System-on-Chip Design, Fall 2014 Fall 2014,
More informationNetwork Security: IPsec. Tuomas Aura
Network Security: IPsec Tuomas Aura 3 IPsec architecture and protocols Internet protocol security (IPsec) Network-layer security protocol Protects IP packets between two hosts or gateways Transparent to
More informationKST3300 Firmware Specification
Revision 1.1 - Last Updated November 6, 2018 1 Table Of Contents Table Of Contents Introduction Document Revision History Overview Architecture Operational Description State Machine Uplink Messages Downlink
More informationGFP Considerations for RPR
GFP Considerations for RPR Angela T. Faber afaber@telcordia.com IEEE 802.17 RPRWG 1 Agenda GFP Background Why GFP? GFP Core Header GFP Payload Area GFP Options Signal Adaptation (Transparent GFP and Frame-mapped
More informationPE310G4SPI9 Quad Port Fiber 10 Gigabit Ethernet PCI Express Server Adapter Intel 82599ES Based
PE310G4SPI9 Quad Port Fiber 10 Gigabit Ethernet PCI Express Server Adapter Intel 82599ES Based Product Description Silicom s 10 Gigabit Ethernet PCI Express server adapters are designed for Servers and
More informationNew STM32WB Series MCU with built-in Bluetooth 5 and IEEE
New STM32WB Series MCU with built-in Bluetooth 5 and IEEE 802.15.4 Make the Choice of STM32WB Series The 7 keys points to make the difference 2 Open 2.4 GHz radio Multi-protocol Dual-core / Full control
More informationSystem Design Guide for Slave
System Design Guide for Slave Motor Business Unit Appliances Company 2012/2/15 Rev. 2 Page 1 Revision History Revision Date Change Description 1 2010/3/3 Initial Release 2 2012/2/15 P1 Changed title from
More informationWireless Sensor Networks. Introduction to the Laboratory
Wireless Sensor Networks Introduction to the Laboratory c.buratti@unibo.it +39 051 20 93147 Office Hours: Tuesday 3 5 pm @ Main Building, third floor Credits: 6 Outline MC1322x Devices IAR Embedded workbench
More informationjelly-near jelly-far
sudo./run Two interfaces created: os0, os1 Two networks created: (add to /etc/networks) peanut where os0 will connect 192.168.0.0 grape where os1 will connect 192.168.1.0 Two IP addresses in peanut: (add
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Security in Network Layer Implementing security in application layer provides flexibility in security
More informationdmrlib Documentation Release Wijnand Modderman-Lenstra
dmrlib Documentation Release 0.99.3 Wijnand Modderman-Lenstra September 03, 2016 Contents 1 Overview 1 2 Documentation 3 2.1 bits: bit and byte manipulation...................................... 3 2.2
More information2.5 Address Space. The IBM 6x86 CPU can directly address 64 KBytes of I/O space and 4 GBytes of physical memory (Figure 2-24).
Address Space 2.5 Address Space The IBM 6x86 CPU can directly address 64 KBytes of I/O space and 4 GBytes of physical memory (Figure 2-24). Memory Address Space. Access can be made to memory addresses
More informationNET. A Hardware/Software Co-Design Approach for Ethernet Controllers to Support Time-triggered Trac in the Upcoming IEEE TSN Standards
NET A Hardware/Software Co-Design Approach for Ethernet Controllers to Support Time-triggered Trac in the Upcoming IEEE TSN Standards Friedrich Groÿ Till Steinbach Franz Korf Thomas C. Schmidt Bernd Schwarz
More informationFirepower Threat Defense Site-to-site VPNs
About, on page 1 Managing, on page 3 Configuring, on page 3 Monitoring Firepower Threat Defense VPNs, on page 11 About Firepower Threat Defense site-to-site VPN supports the following features: Both IPsec
More informationASPERA HIGH-SPEED TRANSFER. Moving the world s data at maximum speed
ASPERA HIGH-SPEED TRANSFER Moving the world s data at maximum speed ASPERA HIGH-SPEED FILE TRANSFER 80 GBIT/S OVER IP USING DPDK Performance, Code, and Architecture Charles Shiflett Developer of next-generation
More informationInternet security and privacy
Internet security and privacy IPsec 1 Layer 3 App. TCP/UDP IP L2 L1 2 Operating system layers App. TCP/UDP IP L2 L1 User process Kernel process Interface specific Socket API Device driver 3 IPsec Create
More informationUsing Diagnostic Tools
Using Diagnostic Tools The Tools System Diagnostics page on the INVESTIGATE view provides several diagnostic tools that help troubleshoot various kinds of network problems and process monitors. Tech Support
More informationNetworking Technologies and Applications
Networking Technologies and Applications Rolland Vida BME TMIT Transport Protocols UDP User Datagram Protocol TCP Transport Control Protocol and many others UDP One of the core transport protocols Used
More informationDesigning with STM32F2x & STM32F4
Designing with STM32F2x & STM32F4 Course Description Designing with STM32F2x & STM32F4 is a 3 days ST official course. The course provides all necessary theoretical and practical know-how for start developing
More informationTS Manipulator Requirement Specifications & High Level Design Document. George Mason University
TS Manipulator Requirement Specifications & High Level Design Document ECE-612 Project Phase I George Mason University Version: 2.1 Revision: 2 Date: 11/02/2008 Author Mr. Pranav Varsekar Copyright Notice
More informationRooting Routers Using Symbolic Execution. Mathy HITB DXB 2018, Dubai, 27 November 2018
Rooting Routers Using Symbolic Execution Mathy Vanhoef @vanhoefm HITB DXB 2018, Dubai, 27 November 2018 Overview Symbolic Execution 4-way handshake Handling Crypto Results 2 Overview Symbolic Execution
More informationVisual Profiler. User Guide
Visual Profiler User Guide Version 3.0 Document No. 06-RM-1136 Revision: 4.B February 2008 Visual Profiler User Guide Table of contents Table of contents 1 Introduction................................................
More information6 Cryptographic Operations API
118/202 TEE Internal API Specification Public Release v1.0 6 Cryptographic Operations API This part of the Cryptographic API defines how to actually perform cryptographic operations: Cryptographic operations
More informationDeploying and Troubleshooting Network Address Translation
Deploying and Troubleshooting Network Address Translation Session mihollow@cisco.com 2 Copyright Printed in USA. Agenda The WWW of NAT The Why, the What, and the Where Pitfalls and How to Avoid Tools for
More informationInterrupts Peter Rounce - room 6.18
Interrupts Peter Rounce - room 6.18 P.Rounce@cs.ucl.ac.uk 20/11/2006 1001 Interrupts 1 INTERRUPTS An interrupt is a signal to the CPU from hardware external to the CPU that indicates than some event has
More informationConfiguring the Switch for Access Point Discovery
Configuring the Switch for Access Point Discovery Finding Feature Information, on page 1 Prerequisites for, on page 1 Restrictions for, on page 2 Information About, on page 2 How to Configure Access Point
More informationPRU Hardware Overview. Building Blocks for PRU Development: Module 1
PRU Hardware Overview Building Blocks for PRU Development: Module 1 Agenda SoC Architecture PRU Submodules Example Applications 2 SoC Architecture Building Blocks for PRU Development: PRU Hardware Overview
More information10Gb Ethernet PCS Core
July 2002 Features Complete 10Gb Ethernet Physical Coding Sublayer (PCS) Solution Based on the ORCA 10 Gbits/s Line Interface (ORLI10G) FPSC, Enabling Flexible10GbE LAN/WAN Application Solutions. IP Targeted
More informationIKEv2 - Protection Against Distributed Denial of Service
IKEv2 - Protection Against Distributed Denial of Service This feature provides security mechanisms for IKEv2 to defend against Distributed Denial-of-Service (DDoS) attacks. The following topics are discussed:
More informationProgrammable Data Plane at Terabit Speeds
AUGUST 2018 Programmable Data Plane at Terabit Speeds Milad Sharif SOFTWARE ENGINEER PISA: Protocol Independent Switch Architecture PISA Block Diagram Match+Action Stage Memory ALU Programmable Parser
More information