The insistent beat of Netronome!

March 15, 2007

Last week I popped into to visit Netronome in their Cambridge office and was hosted by David Wells their VP Technology, GM Europe who was one of the Founders of the company. The other two Founders were Niel Viljoen and Johann Tönsing who previously worked for companies such as FORE Systems (bought by Marconi), Nemesys, Tellabs and Marconi. Netronome is HQed in Pittsburgh but has offices in Cambridge UK and South Africa.

I mentioned Netronome in a previous post about network processors – The intrigue of network / packet processors so I wanted to bring myself up to date with what they were up to following their closing of a $20M ‘C’ funding round in November 2006 led by 3i.

What do Netronome do?

Netronome manufacture network processor based hardware and software that enables the development of applications that need to undertake real-time network content flow analysis. Or to be more accurate, enable significant acceleration and throughput for applications that need to undertake packet inspection or maybe deep packet inspection.

I say to to be more accurate because it is possible to monitor packets in a network without the use of network processors using a low-cost Windows or Linux based computer, but if the data is flowing through a port at gigabit rates – which is most likely these days – then there is little capability to react to a detected traffic type other than switching the flow to another port or simply blocking it. If your really want to detect particular traffic types in a gigabit packet flow, make an action decision, change some of the data bits in the header or body, all transparently and at full line speed then you will undoubtedly need a network processor based card from a company like Netronome. The Intel powered 16 micro-engine used in Netronome’s products enables the inspection of upwards of 1 million simultaneous bidirectional flows.

Netronome’s product is termed an Open Appliance Platform. Equipment vendor companies have used network processors (NPs) for many years. For example Cisco, Juniper and the like would use them to process packets on an interface card or blade. This would more than likely be an in-house developed NP architecture used in combination with hard-wired logic and Field Programmable Gate Arrays (FPGAs). This combination enables complete flexibility to run what’s best to run in software on the NP and use the FPGAs to accommodate possible architecture elements that may change – maybe due to standards being incomplete for example.

Netronome’s Network Acceleration Card

Other companies that have used NPs for a long time make what are known as Network Appliances. A network appliance is a standalone hardware / software bundle often based on Linux that provides a plug-and-play application that can be connected to a live network with a minimum of work. Many network appliances are simply using a server motherboard with two standard gigabit network cards installed and Linux as the OS with the application on top. These appliance vendors know that they need the acceleration they can get from an NP, but they often don’t want to deal with the complexity of hardware design and NP programming.

Either way, they have written their application specific software to run on top their hardware design. Every appliance manufacture has taken a proprietary approach which creates a significant support challenge as each new generation of NP architecture improves throughput. Being software vendors in reality, all they really want to do is write software and applications and not have the bother of supporting expensive hardware.

This is where Netronome’s Open Appliance Platform comes in. Netronome has developed a generic hardware platform and the appropriate virtual run-time software that enables appliance vendors to dump their own challenging-to-support hardware and use Netronome’s NP processor instead. The important aspect of this is that this can be achieved with minimum change to their application code.

What are the possible applications (or use cases) of Netronome’s Network Acceleration card?

The use of Netronome’s product is particularly beneficial as the core of network appliances in the following application areas.

Security: All type of enterprise network security application that depends on the inspection and modification of live network traffic.

SSL Inspector: The Netronome SSL Inspector is a transparent proxy for Secure Socket Layer (SSL) network communications. It enables applications to access the clear text in SSLencrypted connections and has been designed for security and network appliance manufacturers, enterprise IT organizations and system integrators. The SSL inspector allows network appliances to be deployed with the highest levels of flow analysis while still maintaining multi-gigabit line-rate network performance.

Compliance and audit: To ensure that all company employees are in compliance with new regulatory regimes, companies must voluntarily discover, disclose, expeditiously correct, and prevent recurrence of future violations.

Network access and identity: To check the behaviour and personal characteristics by which an individual is defined as a valid user of an application or network.

Intrusion detection and prevention: This has always been a heartland application for network processors.

Intelligent billing: By detecting a network event or a particular traffic flow, a billing event could be initiated.

Innovative applications: To me this is one of the most interesting areas as it depends on having a good idea, but applications could be, modifying QoS parameters on the fly in an MPLS network or detecting particular application flows on the fly – grey VoIP traffic for example. If you want to know about other application ideas – give me a call!

Netronome’s Architecture components

Netronome Flow Drivers: The Netronome Flow Drivers (NFD) provide high speed connectivity between the hardware components of the flow engine (NPU and cryptography hardware) and one or more Intel IA / x86 processors running on the motherboard. The NFD allows developers to write their own code for the IXP NPU and the IA / x86 processor.

Netronome Flow Manager: The Netronome Flow Manager (NFM) provides an open application programming interface for network and security appliances that require acceleration. The NFM not only abstracts (virtualises) the hardware interface of the Netronome Flow Engine (NFE), but its interfaces also guide the adaptation of applications to high-rate flow processing.

Overview of Netronome’s architecture components

Netronome real-time Flow Kernel: At the heart of the platform’s software subsystem is a real-time microkernel specialized for Network Infrastructure Applications. The kernel coordinates and steers flows, rather than packets, and is thus called the Netronome Flow Kernel (NFK). The NFK also does everything the NFM does and it also supports virtualisation.

Open Appliance Platform: Netronome have recently announced a chassis system that can be used by ISVs to quickly provide a solution to their customers.


If your application or service really needs a network processor you will realise this quite quickly as the the performance of your non-NP based network application will be too slow, is unable to undertake the real-time bit manipulation you need or, the real killer, it is unable to scale to the flow rates your application will see in real world deployment.

In the old days, programming NPs was a black art not understood by 99.9% of the world’s programmers, but Netronome is now making the technology more accessible by providing appropriate middleware – or abstraction layer – that enables network appliance software to be ported to their open platform without a significant rewrite being necessitated or a detailed understanding of programming an NP. Your application just runs in a virtual run-time environment and uses the flow API and the Netronome product does the rest.

Good on ’em I say.


Amazing, from 2″ to 17″ wafer sizes in 35 years!

February 9, 2007

In January my son, Steve, popped into the Intel museum in Santa Clara, California to look at the 4004 display mentioned in a previous post.

He came back with various photos some of which showed how semiconductor wafer sizes have increased over the last 30 years. This is the most interesting one.

1969 2-inch wafer containing the 1101 static random access memory (SRAM) which stored 256 bits of data.

1972 3-inch wafer containing 2102 SRAMswhich stored 1024 bits of data.

1976 4-inch wafer containing 82586 LAN co-processors.

1983 6-inch wafer containing 1.2 million transistor 486 microprocessors

1993 8-inch wafer containing 32Mbit flash memory.

2001 12-inch wafer containing Pentium 4 microprocessors moving to 90 nanometer line widths.

Bringing the subject of wafer sizes up to date, here is a photo of an Intel engineer holding a recent 18-inch (450mm) wafer! The photo was taken by a colleague of mine at the Materials Integrity Management Symposium – sponsored by Entegris, Stanford CA June 2006.

The wafer photo on the left is a 5″ wafer from a company that I worked for in the 1980s called European Silicon Structures (ES2). They offered low-cost ASIC (Application Specific Integrated Circuit) prototypes using electron beam beam lithography rather than the more ubiquitous optical lithography of the time. The technique never really caught on as it was uneconomic, however I did come across the current use of such machines in a Chalmers University of Technology in Göteborg, Sweden if I remember rightly.

If you want to catch up with all the machinations in the semiconductor world take a look at ChipGeek.

35th anniversary of the Intel 4004 microprocessor

January 12, 2007

A group of engineers have taken the effort to recreate the 4004 as an anniversary project to build a larger than life model displayed in Intel’s museum in the Robert Noyce building in Santa Clara. They have had to recreate the original schematics as they have long since been filed away and lost. As the 4004 was the world’s first microprocessor, take a look as it’s a great project.

God, doesn’t time just fly? It seems that I’ve saying that I’ve “been in technology” for 25 years for simply ages. Wrong. It looks like 35 years is now nearer the mark! I want this blog to look forward rather than backward, but my readers will have take a little of my nostalgia pie I’m afraid!

35 years ago, back in those early years of the 1970s, I was one of the lucky recipients of the world’s first ever microprocessor, the MCS-4004. As has proved to be the case of other technology revolution I’ve had the luck to be participate in since, I had absolutely no idea at the time of the future impact of these beasts.

I worked in ICL’s Advanced Research Laboratory at the time and I believe I received the first 4004 in the UK – as I did with the later 8008 and 8080. Where did I actually get them from? Well a little start-up called Intel had opened a UK office just outside of Oxford and was staffed by only two sales guys – I probably still have their business cards somewhere in the attic if I could be bothered to delve deep enough.

What seems so funny to me today, was that it took me several months to remember this funny term microprocessor and I was very confused about how to pronounce the word You see, I used the UK pronunciation while these two sales guys used the American way. I had no idea which was correct. Indeed this confusion still reigns today and is not limited to just the word microprocessor.

Having this little DIL (dual in package) just locked away in my desk drawer was not really on as I was expected to do something with it. So I went up to the floor above mine and asked a number of ICL New Range mainframe architects for suggestions. None were forthcoming and, bar one of them, they were all quite dismissive. We had absolutely no idea what we could use this tiny processor for.

In the end, I built a little demonstrator that toggled a port connected to those new fangled things called LEDs. So much for revolutionising the world electronics industry!

A while later I received an early example of the 4040 and 8008, the 8-bit follow on to the 4004. I still have the programming manuals for the 4040 and the 8008 and they are quite amazing to read in the light of the powerful multi-core microprocessors we have today.

I eventually came up with an idea on how to use the 8008. I was busy building a test machine for Intel’s first 1k bit dynamic memory, the 1103 and I needed to programme it from the standard computer input media of the time – a paper tape reader. So that is what I designed, an 8008 powered paper tape reader. Wow!

We first needed an assembler programme to convert the 8008 assembly language instructions into binary, so we wrote one in Cobol to run on an ICL 1900 mainframe computer. I actually found the listing of the PTR programme the other day printed out on typical mainframe hammer printer paper of the time. From what I remember, as there were no 8-bit wide programmable ROMs at the tim,I had to put the programme into two 4-bit 256 word types.

Those old computer rooms were just marvellous to behold. Lots of deafening line printers chugging away together with all those high speed paper tape readers spewing 8” rolls of tape through high into the air. Now if, they ever went wrong… Using a PC as I am now, is nowhere near as much fun as is far less impressive.

Anyway, that paper tape reader really worked well and ICL did eventually take microprocessors more seriously, though it was a few decades later I suspect.

A further network processor chip manufacturer

January 9, 2007

Following yesterday’s posting on network processors, a colleague from San Francisco brought to my attention another company that produces network processors based in San Francisco – Bay Microsystems.

They claim to have a “125G processing capacity and are able to manage a 122 million packets per second sustained performance”. This is a new company to me, so maybe there are others out there? If so please let me know!

The intrigue of network / packet processors

January 8, 2007

I’ve always been intrigued by network or packet processors such as those made by Intel.

They are used as embedded processors by many network router or switch equipment manufacturers to provide high speed programmable functionality on line cards or ‘blades’ controlling other associated line-speed logic such as programmable ASICs.

What makes them intriguing to me is that they can undertake deep packet inspection at true line speeds on a 1gbit/s Ethernet port, and maybe even 10gbit/s is possible.

It’s a no-brainer for equipment vendors to use such devices as a key mechanism to provide flexibility for changes in standards, but what about other uses?

Back in the late 1990s, when network processors were gaining widening recognition, several start-up companies developed generic network processor based cards and targeted their marketing at carriers. The idea being, I suppose, was that carriers could use these generic network processor products to develop innovative and differentiated services. Several companies come to mind; Netrake over in Dallas, Tipping Point, Force Computers in Germany (bought by Motorola and were one of my customers back in the early 80s when they were one of the first companies to offer a set of industrial cards based on the Motorola 68000 16-bit microprocessor) and our very own Newport Networks (One of Terry Matthews’ company of Mitel and Newbridge Networks fame). Another company who work in several application areas is CloudShield.

This strategy generally proved disasterous (though I’m open to be enlightened!). Why? Well yes the telecoms industry crashed, but the strategy broke well before that. My take isthat the majority of carriers did not have the software expertise or the resource to undertake such down in the bits and bytes development. Outside of incumbent carriers such as BT, FT and DT, who were ‘blessed’ with their own R/D departments, the majority of carriers expect this sort of work to be done by equipment vendors and their role in life was simply to implement the service features they created. I remember Mercury Communications in the mid 1990s setting up a software development department to develop Intelligent Network applications with somewhat mixed results.

As a bynote, in the IP router world, many of these advanced features were never switched on by carriers as they were just too scared of the possible results! I always remember asking John Chambers of Cisco why this was the case when he visited C&W in the late 90s. I will not quote his reply here!

Most of the vendors offering generic network cards were forced into application markets which they targeted by creating the appropriate personalisation software. Netrake and Newport Networks went for VoIP service inter-connect while Tipping chose security related markets.

I came a cross a new UK company in this space last year that looks really interesting: Netronome who focus on the appliance market. I hope to write more about them later.

I have always been interested in the possible use of generic network processor cards by a start-up to create innovate new services operating at line speeds. However, there are not too many examples that I know, so if you are aware of any companies doing this please let me know.

In the UK there are certainly not too many. However, one is Nexagent, a company I co-founded with Charlie Muirhead back in 2000. They use network processors to manipulate 8-bit CoS (CoS, Class of Service, was outlined by the IETF Differentiated Services Working Group to create Diff-Serv service levels) packet header bits at full line speed as well as other sophisticated functions. The need was caused because the IETF never defined standards for defining class levels so each carrier ended up with different CoS bit definitions. If carriers or systems integrators want to interconnect their MPLS networks or IP-VPN services to create end-to-end CoS multi-carrier services, mediation is required at each carrier domain boundry. Network processors were used to achieve this.

Network processors still intrigue me as their use looks like a black art to most engineers and there are not too many individuals around who understand or can programme them (this is a bit like analogue design I suppose!). But when you need to use one, you need to use one as doing anything at true line speeds is impossible with traditional PC approaches. By the way, the development software for network processors comes from Teja.

I’m sure there are other innovative applications and I continue to hunt for them. I have recently come across another UK company who might need to use network processors for a highly imaginative service. If I’m allowed to, I will write about them a future blog entry.

Who says technology is not fun?

Addendum: The insistent beat of Netronome!