CN101102200A - Switcher firewall plug board - Google Patents
Switcher firewall plug board Download PDFInfo
- Publication number
- CN101102200A CN101102200A CNA2007101113581A CN200710111358A CN101102200A CN 101102200 A CN101102200 A CN 101102200A CN A2007101113581 A CNA2007101113581 A CN A2007101113581A CN 200710111358 A CN200710111358 A CN 200710111358A CN 101102200 A CN101102200 A CN 101102200A
- Authority
- CN
- China
- Prior art keywords
- card
- main control
- firewall
- board plug
- control card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention comprises a main control card, a network processing card, some line interface cards and a communication module. Said main control card is used for providing exchanging channel for each line interface card and completing the system configuration management and the protocol process of the firewall plug-in board; said network processing card is used for completing the control plane function and the data forwarding function, and using multi-core architecture to setting the control plane and data plane into different processor; the line interface card is used for initializing and configuring the components on the firewall plug-in board, and processing a part of network protocol, and sending the protocol message to the main control card via communication module, and sending the data message to the network processing card, and providing interface for the firewall plug-in board; said communication module is used for providing the information exchange channel for the main control card and line interface card.
Description
Technical field
The present invention relates to switch and network security technology field, relate more specifically to a kind of switcher firewall plug board.
Background technology
At high-end switch deploy firewall board plug, realized organically blending of broadband technology and safe practice, the safe practice and the network equipment at a high speed are complementary, simplified network topology, user friendly management and operation.
At present, the firewall board plug of on high speed switch, realizing based on main framework comprise ASIC (application-specific integrated circuit (ASIC)) and NP (network processing unit) framework.
The ASIC fire compartment wall carries out hardware-accelerated processing by custom-designed asic chip logic.Asic technology mainly is in order to solve the forwarding speed problem, the message processing action of being formulated by hardware fully.Do the throughput performance that can obviously promote fire compartment wall like this.But because be that devices at full hardware is handled, the flexibility and the autgmentability of upgrade maintenance are not enough, and the development cost height based on the firewall product of asic technology exploitation, and the construction cycle is long, generally needs the time more than 2 years, is unfavorable for the rapid upgrading of network security product function.
NP is the processor that designs for the network device processing network traffics specially, and its architecture and instruction set have all been carried out special optimization for fire compartment wall packet filtering commonly used, forwarding scheduling algorithm and operation.Interfacing and bus specification at a high speed also adopted in the hardware configuration design mostly, has higher I/O (I/O) ability.It can make up a kind of hardware-accelerated complete programmable framework, and the software and hardware of this framework all is easy to upgrading.NP provides powerful program capability by special instruction set and supporting software development system, thereby is convenient to Application and Development, supports extendible service, and the lead time is short, and cost is lower.What domestic manufacturers' employing at present was more is exactly the NP framework.But, with respect to X86, because the expansion of application and development, function is subjected to the restriction of the software kit of NP, based on the very flexible of the fire compartment wall of NP technology.Because the depended software environment, so be not so good as ASIC at aspect of performance NP.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of switcher firewall plug board, realizes firewall board plug on high-end switch, and the expansion of application and development, function do not limit by code space, improves forwarding performance.
For addressing the above problem, the invention provides a kind of switcher firewall plug board, it is characterized in that, comprise main control card, network processing card, interface card and communication module, wherein:
Main control card is used for providing the interchange channel between each interface card, and finishes the system configuration management and the protocol processes of firewall board plug;
Network processing card is used to finish control plane and data forwarding function, adopts the polycaryon processor framework, and control plane and datum plane are deployed in the different processors;
Interface card is used for the device on the firewall board plug is carried out the processing of initialization, configuration and subnetwork agreement; Protocol massages is sent to main control card by communication module, to network processing card, and provides interface for firewall board plug data message forwarding;
Communication module is used to main control card and interface card that the passage that carries out information exchange is provided, and finishes the transmission of exchanges data, routing iinformation transmission, high speed signaling and data.
Firewall board plug of the present invention, wherein, described main control card comprises
The master cpu subcard is used to finish the system configuration management and the consultative management of firewall board plug;
The master control exchange chip is used for providing the interchange channel between each interface card.
Firewall board plug of the present invention, wherein, described firewall board plug also comprises standby main control card, described main control card and standby main control card pass through active and standby status signal lines announcement trunk interface card and the opposite end main control card used separately, clear and definite operating state, make the procotol bag exchange with net, when main control card breaks down, switch to standby main control card by main.
Firewall board plug of the present invention, wherein, described network processing card comprises the SOC (system on a chip) equipment of MIPS64 nuclear.
Firewall board plug of the present invention, wherein, the SOC (system on a chip) equipment of the MIPS64 of described network processing card nuclear provides 8 core processors, and wherein, 1 core processor is used for the processing controls plane, and 7 core processors are used for the processing forward plane.
Firewall board plug of the present invention, wherein, at 7 core processors that are used for the processing forward plane, 1 core processor is used to finish session to be set up, and 6 core processors are used for data forwarding.
Firewall board plug of the present invention, wherein, 6 core processors that are used for data forwarding are deployed as parallel.
Firewall board plug of the present invention, wherein, 6 core processors that are used for data forwarding are deployed as serial.
Firewall board plug of the present invention wherein, communicates by the 100BASE-TX Fast Ethernet between network processing card or interface card and the main control card.
Firewall board plug of the present invention, wherein, the interface that described interface card provides comprises 10GE, GE, POS, photoelectricity self adaptation Combo interface.
Firewall board plug of the present invention, wherein, described communication module adopts the chip that comprises 16 100,000,000 fast ethernet ports to carry out data communication.
Adopt firewall board plug of the present invention, adopted the polycaryon processor framework, improved the performance of firewall board plug, reduced development cost, and because the polycaryon processor that adopts does not have the restriction of code space, the function expansion does not rely on software environment, more is applicable to flexible and changeable application and development.
Description of drawings
Fig. 1 is a kind of concrete enforcement structure chart of firewall board plug of the present invention.
Embodiment
The present invention further sets forth a kind of switcher firewall plug board of the present invention in order to solve the drawback that conventional solution exists by following examples, below embodiment is described in detail, but not as a limitation of the invention.
As shown in Figure 1, the structure chart of a kind of concrete enforcement of switcher firewall plug board of the present invention.
Switcher firewall plug board of the present invention comprises network processing card 11, interface card 12, main control card 13, standby main control card 14 and communication module 15, wherein:
Network processing card 11 is used to finish control plane and data forwarding function, adopts the polycaryon processor framework, and control plane and datum plane are deployed in the different processors;
Network processing card 11 is finished the fire compartment wall main business and is handled, and each network processing card 11 provides the disposal ability that is not less than 5Gbps; Network processing card 11 adopts the polycaryon processor framework, because the function of control plane and datum plane is not conflicted substantially mutually, can highly walk abreast, utilized the advantage of multiple processor structure like this, system is deployed to control plane and datum plane in the different processors, be that a part of processor is concentrated the function of finishing control plane, other processors are concentrated and are finished the data forwarding function, conplane processor can also be taked the deployment of parallel or serial by function or performance, satisfy the demand of difference in functionality and performance to greatest extent, system has higher flexibility and extensibility.
According to a kind of embodiment, described network processing card 11 comprises the XLR series lines thread processor of RMI, and software moves on the RMI polycaryon processor, and processor provides 8 core (core processor), 32 threads, wherein 1 core processing controls plane; Other 7 core are used for Forwarding plane.In Forwarding plane, 1 core is used to finish session (session) and sets up; Other 6 core are used for data forwarding.
Communicate by 100BASE-TX (100 megabit base band TX Ethernet) Fast Ethernet between described network processing card 11 or interface card 12 and the main control card 13, also adopt the ethernet communication mode between main control card 13 and operation maintaining background and monitoring warning system.
Interface card 12 is used for the device on the firewall board plug is carried out the processing of initialization, configuration and subnetwork agreement; Protocol massages is sent to main control card 13 by communication module, to network processing card 11, and provides interface for firewall board plug data message forwarding;
Interface card 12 is used with network processing card 11 and finishes firewall functionality.Interface card 12 comprises interface CPU (central processing unit) subcard and interface exchange chip.Interface CPU subcard is responsible for the device on the interface card 12 is carried out the processing of initialization, configuration and subnetwork agreement (as ARP (address resolution) protocol massages).The interface exchange chip will be delivered to interface CPU subcard on the protocol massages, data message forwarding is arrived network processing card 11.Interface card 12 mainly comprises style interfaces such as 10GE (gigabit Ethernet), GE, POS (grouping on synchronous optical network/SDH (Synchronous Digital Hierarchy)), photoelectricity adaptive interface for system provides multiple interfaces.
Main control card 13 is used for providing the interchange channel 12 of each interface cards, and finishes the system configuration management and the protocol processes of firewall board plug;
Main control card 13 is firewall board plug core veneers, can be inserted in master control groove position and standby master control groove position.Main control card 13 comprises master cpu subcard and master control exchange chip.
The master cpu subcard is mainly finished functions such as system configuration management etc., protocol processes.The master cpu subcard is the control unit of main control card 13.
The master control exchange chip is core in the main control card 13, it is the maincenter of firewall board plug exchanges data, the CrossBar (exchange bar switching fabric) that comprises 16 12Gbps speed ports, be responsible between each interface card 12, providing high speed, choke free interchange channel, be electrically connected by pci bus and control subsystem.
Because the status of main control card 13 in system is extremely important, so adopted the working method of active and standby pair of Hot Spare in design.Each main control card 13 must be notified each interface card 13 and opposite end main control card with status signal lines by separately active and standby, and clear and definite own operating state makes IP (procotol) bag exchange with switching network by leading.When main control card 13 breaks down, can switch to standby main control card 14 apace simultaneously, guarantee the quick clog-free exchange of packet.
Standby main control card 14 is used for when main control card 13 breaks down, and replaces main control card 13.
Described main control card 13 and standby main control card 14 pass through active and standby status signal lines announcement trunk interface card 12 and the opposite end main control card used separately, clear and definite operating state, make the procotol bag exchange with net, when main control card 13 breaks down, switch to standby main control card 14 by main.
Communication module 15 is used to provide the passage that carries out information exchange between main control card 13 and standby main control card 14, the interface card 12, mainly finishes exchanges data, routing iinformation transmission, overall routing table, safeguards the transmission of high speed signaling and data such as transmitting.Each interface card 12 is sent to Routing Protocol in the master cpu subcard by being with outer communication channel, after in the master cpu subcard, finishing corresponding protocol calculating and conversion, return interface CPU subcard by this passage again, and each ply-yarn drill is controlled by this channel transfer control command to each interface card 12.Communication module 15 adopts the chip that comprises 16 100M fast ethernet ports to carry out data communication.
The described switcher firewall plug board of the embodiment of the invention adopts a kind of novel polycaryon processor framework, utilizes the XLR series lines thread processor of RMI, realizes firewall board plug on high-end switch, thereby improves the performance of fire compartment wall, reduces development cost.
XLR series high-performance processor is SoC (SOC (system on a chip)) equipment that adopts MIPS64 nuclear, supports the C language development, does not have the restriction of code space, has avoided NP to be subjected to the restriction of specific software kit, more is applicable to flexible and changeable application and development.
The polycaryon processor framework is more emphasized the access efficiency and the utilance of processor and system storage.Even if current memory does not the most fast still catch up with the high speed processor of today, so its result produces a large amount of idle processing times, and this moment, processor was forced to wait reading of data from very slow relatively memory.This also makes entire system throughput and performance not to increase along with the increase of operating frequency, by be used in combination solution special-purpose and half programmable network processing unit, ASIC and coprocessor createed one become increasingly complex, the expensive and hardware environment that is difficult to expand, thereby force the user must between performance and availability, make painful balance.The possible solution that changes this situation can only be the general multiline procedure processor that possesses intelligence system and function integration capability of optimized throughput.The performance of polycaryon processor can reach ten times of calculated performance is the strongest in the market processor, and single chip just can be supported the network calculations task from the second layer to the layer 7 simultaneously, compares with ASIC or NP framework, and cost can save 1/3rd at least.
The described switcher firewall plug board of the embodiment of the invention adopts the architecture based on multiprocessor distributed treatment mechanism and Crossbar space switching structure, and network processing card 11 adopts the polycaryon processor framework; Employing is based on the modularized design of high speed serialization backboard, and architecture adopts present most popular multiprocessors parallel processing Crossbar space switching structure, and IP route technology and switching technology and present broadband network technology are organically combined.Aspect system design, control plane and Forwarding plane be separated in the different processors handle, the parallel processing capability by multinuclear improves the system forwards performance.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (11)
1, a kind of switcher firewall plug board is characterized in that, comprises main control card, network processing card, interface card and communication module, wherein:
Main control card is used for providing the interchange channel between each interface card, and finishes the system configuration management and the protocol processes of firewall board plug;
Network processing card is used to finish control plane and data forwarding function, adopts the polycaryon processor framework, and control plane and datum plane are deployed in the different processors;
Interface card is used for the device on the firewall board plug is carried out the processing of initialization, configuration and subnetwork agreement; Protocol massages is sent to main control card by communication module, to network processing card, and provides interface for firewall board plug data message forwarding;
Communication module is used to main control card and interface card that the passage that carries out information exchange is provided, and finishes the transmission of exchanges data, routing iinformation transmission, high speed signaling and data.
2, firewall board plug as claimed in claim 1 is characterized in that, described main control card comprises
The master cpu subcard is used to finish the system configuration management and the consultative management of firewall board plug;
The master control exchange chip is used for providing the interchange channel between each interface card.
3, firewall board plug as claimed in claim 1, it is characterized in that, described firewall board plug also comprises standby main control card, described main control card and standby main control card pass through active and standby status signal lines announcement trunk interface card and the opposite end main control card used separately, clear and definite operating state, make the procotol bag exchange with net, when main control card breaks down, switch to standby main control card by main.
4, firewall board plug as claimed in claim 1 is characterized in that, described network processing card comprises the SOC (system on a chip) equipment of MIPS64 nuclear.
5, firewall board plug as claimed in claim 4, it is characterized in that the SOC (system on a chip) equipment of the MIPS64 nuclear of described network processing card provides 8 core processors, wherein, 1 core processor is used for the processing controls plane, and 7 core processors are used for the processing forward plane.
6, firewall board plug as claimed in claim 5 is characterized in that, at 7 core processors that are used for the processing forward plane, 1 core processor is used to finish session to be set up, and 6 core processors are used for data forwarding.
7, firewall board plug as claimed in claim 6 is characterized in that, 6 core processors that are used for data forwarding are deployed as parallel.
8, firewall board plug as claimed in claim 6 is characterized in that, 6 core processors that are used for data forwarding are deployed as serial.
9, as the described firewall board plug of arbitrary claim in the claim 1 to 8, it is characterized in that, communicate by the 100BASE-TX Fast Ethernet between network processing card or interface card and the main control card.
10, firewall board plug as claimed in claim 1 is characterized in that, the interface that described interface card provides comprises 10GE, GE, POS, photoelectricity adaptive interface.
11, firewall board plug as claimed in claim 1 is characterized in that, described communication module adopts the chip that comprises 16 100,000,000 fast ethernet ports to carry out data communication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007101113581A CN100479368C (en) | 2007-06-15 | 2007-06-15 | Switcher firewall plug board |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007101113581A CN100479368C (en) | 2007-06-15 | 2007-06-15 | Switcher firewall plug board |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101102200A true CN101102200A (en) | 2008-01-09 |
| CN100479368C CN100479368C (en) | 2009-04-15 |
Family
ID=39036309
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2007101113581A Active CN100479368C (en) | 2007-06-15 | 2007-06-15 | Switcher firewall plug board |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100479368C (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101247234B (en) * | 2008-03-18 | 2010-09-08 | 中兴通讯股份有限公司 | Network processing card and operation method thereof |
| CN102075580A (en) * | 2011-01-20 | 2011-05-25 | 迈普通信技术股份有限公司 | Method and system for storing synchronous data in distributive network equipment |
| CN104092605A (en) * | 2014-07-15 | 2014-10-08 | 杭州华三通信技术有限公司 | Routers for forming virtue routing device in stacking mode and virtue routing device |
| CN104239251A (en) * | 2013-06-07 | 2014-12-24 | 鼎点视讯科技有限公司 | Transmission method of back plate data and distributed device |
| CN108769084A (en) * | 2018-08-28 | 2018-11-06 | 山东超越数控电子股份有限公司 | A kind of processor and fire wall |
| CN110245104A (en) * | 2018-03-09 | 2019-09-17 | 三星电子株式会社 | Adaptive interface storage device and storage system |
| CN110945843A (en) * | 2017-07-19 | 2020-03-31 | 阿里巴巴集团控股有限公司 | Virtual switching apparatus and method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1324867C (en) * | 2003-12-30 | 2007-07-04 | 华为技术有限公司 | Route exchanger of integrated fire proof wall |
| CN1809035A (en) * | 2006-02-10 | 2006-07-26 | 江苏华丽网络工程有限公司 | Novel firewall device integrating routing and switching function |
-
2007
- 2007-06-15 CN CNB2007101113581A patent/CN100479368C/en active Active
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101247234B (en) * | 2008-03-18 | 2010-09-08 | 中兴通讯股份有限公司 | Network processing card and operation method thereof |
| CN102075580A (en) * | 2011-01-20 | 2011-05-25 | 迈普通信技术股份有限公司 | Method and system for storing synchronous data in distributive network equipment |
| CN102075580B (en) * | 2011-01-20 | 2013-04-17 | 迈普通信技术股份有限公司 | Method and system for storing synchronous data in distributive network equipment |
| CN104239251B (en) * | 2013-06-07 | 2018-09-28 | 鼎点视讯科技有限公司 | The transmission method and distributed apparatus of backboard data |
| CN104239251A (en) * | 2013-06-07 | 2014-12-24 | 鼎点视讯科技有限公司 | Transmission method of back plate data and distributed device |
| CN104092605A (en) * | 2014-07-15 | 2014-10-08 | 杭州华三通信技术有限公司 | Routers for forming virtue routing device in stacking mode and virtue routing device |
| CN104092605B (en) * | 2014-07-15 | 2017-07-14 | 新华三技术有限公司 | The router and the virtualization routing device of virtualization routing device are formed for stacking |
| CN110945843A (en) * | 2017-07-19 | 2020-03-31 | 阿里巴巴集团控股有限公司 | Virtual switching apparatus and method |
| CN110945843B (en) * | 2017-07-19 | 2022-04-12 | 阿里巴巴集团控股有限公司 | Virtual switching apparatus and method |
| CN110245104A (en) * | 2018-03-09 | 2019-09-17 | 三星电子株式会社 | Adaptive interface storage device and storage system |
| CN110245104B (en) * | 2018-03-09 | 2022-02-01 | 三星电子株式会社 | Adaptive interface storage device and storage system |
| US11775462B2 (en) | 2018-03-09 | 2023-10-03 | Samsung Electronics Co., Ltd. | Adaptive interface storage device with multiple storage protocols including NVMe and NVMe over fabrics storage devices |
| CN108769084A (en) * | 2018-08-28 | 2018-11-06 | 山东超越数控电子股份有限公司 | A kind of processor and fire wall |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100479368C (en) | 2009-04-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100479368C (en) | Switcher firewall plug board | |
| US5925097A (en) | Directly programmable distribution element | |
| CN103379005B (en) | A kind of optical line terminal equipment and its implementation | |
| CN101052013B (en) | Method and system for realizing network equipment internal managing path | |
| CN103218337B (en) | Based on wishbone bus realize main and master and slave with from the SOC (system on a chip) communicated and method | |
| CN102033581B (en) | High-expandability advanced telecom calculating architecture (ATCA) plate based on multi-core network processing unit | |
| CN103905281A (en) | FC-AE-1553 bus node card capable of interchangeably achieving functions of network controller and network terminal | |
| CN201926952U (en) | High-extendibility ATCA (advanced telecom computing architecture) board based on multi-core network processor | |
| CN108156099A (en) | Srio switching system | |
| CN107181702B (en) | Device for realizing RapidIO and Ethernet fusion exchange | |
| CN103561361A (en) | GPON hardware system designed based on FPGA | |
| CN217088087U (en) | Optical line terminal communication equipment | |
| CN115866100A (en) | Configurable on-chip communication system based on multiple protocols and communication equipment | |
| CN209765401U (en) | System for managing multiple ARM server nodes | |
| CN114124786A (en) | R-NAT device for rail transit train and ETBN exchanger | |
| JP7111829B2 (en) | Data communication system and method | |
| CN103716258A (en) | High-density line card, switching device, cluster system and electric signal type configuration method | |
| CN1620047A (en) | Unified platform system of Ethernet exchanger and router | |
| CN107980223A (en) | Ethernet interconnection circuit and device | |
| CN202949446U (en) | High-reliability highly-real-time ring network topology structure suitable for remote-control system | |
| US6714556B1 (en) | In-band management of a stacked group of switches by a single CPU | |
| CN112702313A (en) | High-speed UDP data transmission system and method | |
| CN213906701U (en) | Mimic switch | |
| CN115499293B (en) | SRIO network access abnormality recovery method, equipment and medium of domestic DSP | |
| CN109257306A (en) | The embedded L3 Switching device of low-power consumption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |