WIXLIB

White PaperDesigning a Universal CPE (uCPE) withthe Intel Atom Processor C3000Series A new generation of network appliances based on the Intel Atom Processor C3000 Series offers significantenhancements over previous generation platforms, enabling further network infrastructure optimization throughpower-efficiency improvements, higher performance per watt and accelerated crypto offload. This paper takes acloser look at Advantech’s FWA-2012 and the advances it brings to compute and networking workloads.www.advantech.com/nc

White PaperSeriesDesigning a uCPE with the Intel Atom Processor C3000Designing a Universal CPE (uCPE)with the Intel Atom ProcessorC3000 SeriesIntroductionThe road to digital transformation of the enterprise is much like a multi-lane highway with new enablingtechnologies such as software-defined wide area networks (SD-WAN) accelerating businesses along the fastlane towards a destination of improved performance and agility.New technology advances in universal CPE design are also picking up speed in the mid lane and are expectedto play a pivotal, uniting role for IT departments as they take advantage of network function virtualization (NFV)and the convergence opportunities offered by a single consolidated platform.Laggards in the slow lane risk losing the competitive edge if they remain bogged down by multiple fixed functionproprietary devices, costly to maintain and upgrade, while their peers improve profitability, outpace competitionand accelerate time-to-market.The substantial increase in (SD-WAN) deployments over the past year is undoubtedly due to the importantbenefits it delivers in terms of flexibility and short-term cost efficiencies. Offering up to 90% cost savings overtraditional services, faster response to business needs and the ability to bring new offices on line at the touch ofa button, the case for SD-WAN is extremely compelling to both new and established companies.SD-WAN also carries the promises of centralized orchestration and automated zero-touch provisioning, theability to monitor traffic in real-time, and increased network availability with fast failover and built-in applicationacceleration. First generation Customer Premise Equipment (CPE) based on the Intel Atom Processor C2000 Series isalready being deployed in volume across multiple SD-WAN rollouts worldwide. Tabletop and rackmountappliances built on the system-on-chip provide sufficient compute performance and VPN throughput for small tomedium enterprise (SME) installations, leaving adequate headroom for workloads such as routing, security andWAN optimization in addition to SD-WAN specific functions. Initial platforms based on the Intel Atom Processor C2000 Series, such as the Advantech FWA-1010VC,FWA-1310 and FWA-2310 also meet a broad range of connectivity needs in SME installations, offering WirelessLAN and LTE options on the FWA-1010VC, in addition to local Ethernet breakout and high-speed WAN ports,while keeping within stringent platform cost boundaries set by cloud and communication service providers(CSPs).Nevertheless, as businesses bring more offices online, Cloud Service Providers and IT departments alike willneed networking equipment capable of handling the exponential growth in the number of users accessing theirservices. As worldwide security concerns increase, so will the use of VPNs, encrypting, encapsulating andtunneling traffic for authenticated remote and mobile workers, bridging LANs across multiple company sites andlinking global data centers together as virtual workloads shift geographically to match both virtual machine anduser demand.This shift places an increasing demand on the encryption capabilities and throughput of uCPE devices, a demand that is met by a new generation of white-box appliances based on the Intel Atom Processor C3000Series.www.advantech.com/nc

White PaperSeriesDesigning a uCPE with the Intel Atom Processor C3000The Intel Atom Processor C3000 The Intel Atom Processor C3000 is a dense, lower-power system-on-a-chip, designed specifically fornetwork and edge solutions and is manufactured on 14nm process technology. It is optimized for light scale-outworkloads that require very low power, high density, and high I/O integration. With up to 8 cores and 2 MBL2/Core or 16 cores with 2 MB L2/Core pair, the new SoC delivers higher performance and workloadprocessing than previous generation processors, with up to 2.3x compute performance improvement. It can run the same software and instruction sets as Intel Xeon processors to provide software consistency anddeployability from the provider edge to the customer edge.Figure 1: Intel Atom Processor C3000 block diagramUp to 2 channels of DDR4 ECC support increased data integrity and system reliability and offer up to 256GB ofmemory for more demanding workloads. PCI Express 3.0 ports provide extra capacity and flexibility for storageand networking connections, doubling the I/O bandwidth of previous-generation devices. Built-in SATA 3.0offers faster data access, system startups, and application load times, doubling data throughput versus previousgeneration designs for increased hard drive performance. Intel Server Platform Services (Intel SPS) technology facilitates platform management through a suite oftools that control and monitor power, thermal, and resource utilization. Intel QuickAssist Technology (Intel QAT) offers hardware acceleration for compute-intensive workloads,providing 20 Gbps cryptography throughput and 20 Gbps data compression. By offloading the functions to theSoC's specialized logic engine, valuable processor cycles are freed up for other workloads. A built-in Intel Ethernet controller with four 10GbE ports brings acceleration features for increased networkingperformance and provides additional cost and offload savings. Seven new Intel Advanced Encryption Standard New Instructions (Intel AES-NI) instructions bring faster,more affordable data protection, and greater security.www.advantech.com/nc

White PaperSeriesDesigning a uCPE with the Intel Atom Processor C3000SD-WAN Characterization A series of tests were performed to characterize the Intel Atom Processor C3958 on an Advantech FWA2012 network appliance.The tests consisted of connecting the FWA-2012 as System Under Test (SUT) to a traffic termination endpoint node, also an Intel Atom Processor C3958-based appliance.Both systems were connected directly over a gigabit Ethernet data plane. Management interfaces wereconnected to a separate gigabit Ethernet network and did not interfere with data plane tests.PROX was used as the network traffic generator and receiver at the Tester side and was also used to runworkloads on the SUT with corresponding configurations.DATS was used to characterize dataplane performance of the SUT using DPDK for network communication.Figure 2. Test Set-upwww.advantech.com/nc

White PaperSeriesDesigning a uCPE with the Intel Atom Processor C3000Test Overview and ResultsThree tests were performed as shown in the following table. The variable for each test was the mechanismused for cryptography. Test case #1 uses AES128-GCM, an IPsec ESP mechanism for confidentiality anddata origin authentication. It is an efficient and secure mechanism enabling high-speed implementations. Thefollowing two test cases use Secure Hash Algorithm 1, or AES128-SHA1, with Test case #3 performing thetest using built-in Intel Quickassist Technology to offload crypto computation. All tests use 6 cores and werecharacterized on 100 & 500 DKDPDK IPSecAES128-GCM06 coresTested with 100 and 500 flows2nDPI-L2FWD-DPDKDPDK IPSecAES128-SHA106 coresTested with 100 and 500 flows3nDPI-L2FWD-DPDKDPDK IPSecQATAES128-SHA106 coresTested with 100 and 500 flowsTable 1: Overview of testsSDWAN - CRUCIO - APJ LabTestCaseCoresusedDPIIPSec 00100200020012Max Througput Max Througput(Mpps)(Mbps)AverageLoss rate (%)latency (ms) (in 10 mins AES128SHA1-QATFALSETable 2: Test resultswww.advantech.com/nc

White PaperSeriesDesigning a uCPE with the Intel Atom Processor C3000Results 1: Characterization of SD-WAN VNFs using DPDK Poll Mode Driver without hardwareacceleratorUsing the DPDK Poll Mode Driver without hardware acceleration, the results show close to line rateperformance at 920 Mbps using DPDK-AES128-GCM on 100 flows, decreasing to 778 Mbps on 500 flows. Themaximum throughput for the SHA1 algorithm shows a maximum performance of 815 Mbps and 780 Mbps on100 and 500 flows consecutively.Results 2: Characterization of SD-WAN VNFs using DPDK Poll Mode Driver with hardwareacceleratorUsing the DPDK Poll Mode Driver with QAT acceleration, the results show a slightly better performance thanwithout hardware acceleration. It should be noted that the CPU is being offloaded in this case and processorcores are freed up for further processing.www.advantech.com/nc

White PaperSeriesDesigning a uCPE with the Intel Atom Processor C3000Results 1 & 2: Comparison between test configurationsAdvantech FWA-2012The FWA-2012 is an off-the-shelf network appliance designed for a broad range of networking applicationsincluding unified threat management, cybersecurity and universal customer premise equipment (CPE) amongothers. It is a white-box platform based on Intel x86 architecture optimized for deploying bare-metal functions orvirtual network functions (VNFs) and services in small to medium enterprise businesses.The platform is primarily destined for communication and cloud service providers (CSPs) leveraging theadvantages of NFV (Network Function Virtualization) and Software Defined Networks (SDN) to replace fixedfunction systems with an open platform running these functions as VNFs.Figure 3: Advantech FWA-2012 Network Appliance and uCPE based on the Intel Atom Processor C3000www.advantech.com/nc

White PaperSeriesDesigning a uCPE with the Intel Atom Processor C3000Scalability and performance The FWA-2012 is available in Intel Atom Processor C3000 for server configurations with 4, 8 and 16 coreversions ensuring that the right performance level can be matched to the workload at hand. Support for DPDKon all network interfaces provides up to 10x in packet throughput.LAN connectivity and expansionThe base FWA-2012 platform provides four integrated copper gigabit Ethernet ports from the SoC connectedvia a Marvell 1543 physical layer device.The copper ports support LAN bypass on two pairs allowing uninterrupted network traffic if the appliance losespower, suffers from a software failure, or becomes unavailable during updates or upgrades. A further twogigabit Ethernet ports are available via an Intel i210 LAN controller and can be used for additional LANconnectivity or the implementation of a DMZ.Four additional gigabit Ethernet can be added via an Advantech PCIe-2002 NIC Card.In addition, a passive Network Mezzanine Card (NMC) middle-board with a high speed PCIe x8 connectoroffers further LAN expansion to a wide choice of 1, 10 and 40GbE NMCs with 2, 4 and 8 port counts and choiceof copper or SFP connectors depending on model.The 4-core version only supports a PCIe x4 NMC interface, saving costs on entry level configurations.Reliability & AvailabilityThe FWA-2012 comes with dual-channel DDR4 ECC memory capability as an essential feature for serverreliability. In data centers, cloud and enterprise IT infrastructure, ECC support is mandatory, and as suchAdvantech’s FWA-2012 supports this feature as it is a crucial element in providing enterprise customers withstringent SLAs.Crypto offload frees up CPU coresIntegrated Intel QuickAssist Technology accelerates execution of crypto algorithms without burdening theCPU. As a result, secure branch connectivity including end-to-end encryption can be provided withoutcompromising VNF performance or increasing cost. An optional Trusted Platform Module (TPM) acts as a rootof trust and can be used for secure key storage.www.advantech.com/nc