Solve the complexity crisis in network system design

While the telecom bubble of 1999 seems light years away, those of us in the business of designing networking equipment have seen the complexity and number of challenges in this area steadily rise. Predictably, this increased complexity has either resulted in compromises in product functionality or performance, or long development cycles or both, with increased risk, fueled by rapidly evolving standards. Although the increasing complexity of network applications has been documented many times in the past, let’s look at the macro factors driving this complexity. Staying at the macro level, some of the key networking drivers are:

• A general increase in traffic, resulting in higher line speeds, higher throughput, more network elements, etc.
• Convergence and standardization on IP and eventual migration to IPv6, resulting in more gateways (e.g., media gateways, Packet Cable, etc.).
• Mobility, resulting in a significant increase in network endpoints (e.g., handsets) as well as contributing to IP conversion and an increase in traffic.
• Security concerns, resulting in an increased number of network elements with security functionality as well as a trend to combine what have traditionally been individual security devices into multi-function devices, such as Unified Threat Management devices.
• Despite the convergence and standardization of IP, there’s still a lot of change with new protocols, additional standards, new uses, and new threads emerging.

While each one of these factors drives increased function, capacity, and/or performance in networking equipment, let’s start with security. Obviously, maintaining information security is one of the biggest challenges affecting the broader usage of the Internet for communications. Looking deeper, a technology such as Voice over Internet Protocol (VoIP) will continue to grow in popularity as a low cost alternative to traditional service, but implementing it securely brings some major challenges for communications systems designers.

A key component of VoIP systems is the session border controller (SBC) that enables VoIP media to traverse enterprise firewalls and network address translation (NAT), as well as supporting other advanced features like encrypted media. Other examples of complex SBC features include the network hardening of these devices to prevent denial-of-service attacks and support deep packet processing, such as signature detection for intrusion detection.

SBC system providers, like other communication system vendors, are rising to the challenge by providing equipment with the performance to analyze data packets on the fly at wire-speed. In general, the industry approach has been to use programmable processor-based systems (as opposed to ASIC- or FPGA-based designs) to maximize the flexibility needed to keep pace with the rate of change. Designs typically incorporate the following:

• high degrees of parallelism, either through multi-core general purpose processors or network processors;
• fixed-function accelerators, such as encryption/decryption, hash units, and TCAMs;
• various memory types, each with potentially different access models and timings;
• various buses/interconnects to other silicon, again, each with different access models and timings;
• interaction with other system elements or planes.

Focusing on SBC vendors, they represent a perfect example of this. Despite pressure from carriers to minimize the number of unique boxes in their networks, SBCs have established a foothold as standalone elements in the networks. The reason is because SBCs have stayed ahead of the innovation curve, and because they have visibility to both the signaling and media content, they are well positioned to implement new features.

But all of this comes at is the cost of increased software development complexity, simply because meeting the performance goals typically requires a new and complex architecture. One example is the proliferation of the network processor (NP). NPs are optimized for packet processing because they incorporate a high degree of parallelism through pipelining or superscalar processor arrangements, multi-threading, multiple memory types, and dedicated-function accelerators (e.g., hash units, CRC generators, etc).

The most obvious impact of this complex architectural environment is increased development and lifecycle software costs due to the steep learning curve and lengthened development, debug, and test phases. But there are other impacts, too. For example, the lengthened development cycle often causes a functional prototype to be delayed until late in the project cycle, thus delaying integration with other system components and overall system performance modeling. Another artifact of the high complexity is that designers are often hesitant to modify or enhance working designs due to the risk of change and lengthy debug cycle, and therefore negate one of the benefits of NP-based designs, namely flexibility.