Packet Architects offers a series of high speed switching/routing IP cores developed using the unique FlexSwitch tool-chain. This allows us to provide an optimized custom IP core within days of receiving customer requirements.
Packet Architects can provide IP cores with a full range of Ethernet switching and routing features such as IPv4/IPv6 routing, L2 switching, MPLS switching, advanced VLAN handling, TSN, IPsec, MACsec, classification, automatic learning etc.
The core is built around a shared buffer memory architecture providing wire-speed switching and routing on all ports without head of line blocking. It offers dynamic allocation of packet buffers per port and priority to avoid starvation due to over-allocation. Advanced QoS features allow the most timing critical packets to get minimal delay while providing fairness between traffic classes.
No initial software setup is required and due to the hardware learning for MAC addresses the core is ready to receive and forward Ethernet frames immediately once powered up. There is a high performance processor interface for register configuration, and a high performance dedicated CPU port for slow path processing of packets.
The design is optimized for both FPGA and ASIC technology but does not have any dependencies on the underlying technology. If the target technology has TCAMs these can be utilized.
Ethernet IPSec/MACSec Switch/Router IP Core - Efficient and Massively Customizable
Overview
Key Features
- Full wire-speed on all ports and all Ethernet frame sizes.
- Store and forward shared memory architecture.
- Support for jumbo packets up to 32733 bytes.
- Passes maximum overlap mesh test (RFC2899) excluding the CPU port, for all packet sizes up to 1601 bytes.
- Queue management operations:
- Disable scheduling of packets on a port.
- Disable queuing new packets to a port.
- Allow a port to be drained without sending out packets.
- Allow checking if a port is empty or not.
- Input and output mirroring.
- 4 source MAC address ranges with a number of different actions.
- 4 destination MAC address ranges with a number of different actions.
- 16,384 entry L2 MAC table, hash based 8-way.
- 4,096 entry VLAN table.
- 32 entry synthesized CAM to solve hash collisions.
- 4 entries of the synthesized CAM are fully maskable.
- 512 entry L2 multicast table.
- Automatic aging and wire-speed learning of L2 addresses. Does not require any CPU/software intervention.
- Spanning tree support, ingress and egress checks.
- 16 multiple spanning trees, ingress and egress checks.
- Allows software to inject special packets which are used to write into MAC tables while hardware learning engine is running.
- Allows software to track which L2 MAC entries are being learned and port moved.
- Allows software to track which L2 MAC entries are being aged out.
- Egress VLAN translation table allowing unique VID-to-VID translation per egress port.
- VLAN priority tag can bypass VLAN processing and be popped on egress.
- MPLS forwarding with support for swap,push,pop and penultimate pop operations.
- 4 entry VRF table.
- 16,384 * 4 hash based L3 routing table.
- 32 entry L3 routing TCAM.
- 2,048 entry next hop table. Pointed to from the routing entries.
- 2,048 entry packet modification table used by the next hop table to determine how build l2 fields in a packet to find the next hop.
- Configurable ECMP support based on L3 protocol field,L3 Tos, and L4 SP/DP
- ECMP supports with up to 64 paths.
- 8,192 number of Ingress Network Address Translation (NAT) entries.
- 8,192 number of Egress Network Address Translation (NAT) entries.
- 10184 entries of ingress classification / ACL Lookups. The classification / ACL keys are configurable for each source port and the fields are selected from a incoming packets L2, L3 or L4 fields. The selection is described in 15.2 The classificaiton / ACL key can be up to 560 bits long. The classification / ACL lookup is based on a combination of hash and TCAM. The actions which can be done is listed below:
- Multiple actions can be assigned to each result. All results can be done in parallel if the user so wishes.
- Result action can be to drop a packet.
- Result action can be to send a packet to the CPU port.
- Result action can be to send a packet to a specific port.
- Result action can be to update a counter. There are 64 counters which can be used by the classification / ACL engine.
- Result action can be to force packet to a specific queue on a egress port.
- Result action can be to assign a meter/market/policer to measure the packet bandwidth.
- Result action can be to assign a color to the packet which is used by the meter/marker/policer.
- Result action can be to force the packet to use a specific VID when doing the VLAN table lookup.
- Result action can be to do a input mirror on a packet.
- Result action can be to not allow the packet to be learned in L2 MAC table.
- The ingress configurable classification / ACL engine can use the type and code fields from ICMP frames.
- The ingress configurable classification / ACL engine can use the fields, including the group address, from IGMP frames.
- 9232 entries of egress classification / ACL rules. The classification / ACL keys are configurable based on what forwarding actions has been done and the fields are selected from the incoming packets L2, L3 or L4 fields and from forwarding results. The selection is described in 15.4 The ACL key can be up to 135 bits long. For each field there are options to only select part of the bits in a field. The ACL lookup is based on a combination of hash and TCAM. The actions are listed below:
- Multiple actions can be assigned to each result. All results can be done in parallel if the user so wishes.
- Result action can be to drop a packet.
- Result action can be to send a packet to the CPU port.
- Result action can be to update a counter. There are 64 counters which can be used by the classification / ACL engine.
- Result action can be to force packet to a specific queue on a egress port.
- The egress configurable classification / ACL engine can use the type and code fields from ICMP frames.
- The egress configurable classification / ACL engine can use the fields, including the group address, from IGMP frames.
- 1572864 bits shared packet buffer memory for all ports divided into 1024 cells each of 192 bytes size
- 8 priority queues per egress port.
- Configurable mapping of egress queue from IP TOS, MPLS exp/tc or VLAN PCP bits.
- 64 ingress admission control entries.
- Deficit Weighted Round Robin Scheduler.
- Bandwidth shapers per port.
- Individual bandwidth shapers for each priority on each port.
- Individual bandwidth shapers for each queue on each port.
- Egress queue resource limiter/guarantee with four sets of configurations.
- Configuration interface for accessing configuration and status registers/tables.
- Multicast/Broadcast storm control with separate token buckets for flooding, broadcast and multicast packets.
- Multicast/Broadcast storm control is either packet or byte-based, configurable per egress port.
- LLDP frames can optionally be sent to the CPU.
- IEEE 1588 / PTP support for 1-step and 2-step Ordinary Clock mode. The switch supports transfer of 8 byte timestamp from receive MAC to software and form software to transmit MAC.
- The packets which are sent to the CPU can contain extra sw-defined “meta-data” which software sets up. Meta-data is 2 bytes and can come from a number of different tables.
- Wirespeed tunnel exit and tunnel entry. No looping of packets is needed.
- Tunnel unit for both tunnel entry and tunnel exit. Tunnel exit can be done in the beginning of the packet processing or after normal L2, L3, ACL lookups. The tunnel exit can be done on known fields or by looking up bytes anywhere in the first cell of the packet. Tunnel entry can be done as a result from the normal L2,L3, ACL processing.
- The tunnel exit allows packet headers/bytes to removed and certain information to be copied from the original packet to new tunnel exited packet. Once a tunnel exit has been done the new tunnel exited packet will be processed as normal packet at wirespeed.
- The tunnel entry allows packet headers/bytes to be added and certain information from the previous packet to be copied to the new tunnel headers. The tunnel entry is reached from normal L2,L3 and ACL processing and happens just before the packet is sent out allowing the inner packet to do full switching and routing.
- A crypt unit enables support for IPsec with both AH , ESP and ESP tunneling support. Includes many crypto modes and authentication modes for both encryption, decryption and authentication.
- The core also supports MACsec encryption and decryption. The MACsec support allows VLANs to be located both before and after the MACsec header.
Benefits
- Quick customization thanks to a massively parametrized design, and the unique FlexSwitch tool-chain
- Port speeds from 10 Mbit/s to 400 Gbit/s. Mixed port speeds are supported.
- Number of ports from 4 to 128 with optimized design for each configuration.
- All table sizes can be configured such as L2 hash tables, VLAN tables, L3 LPM and direct host tables, classification tables etc.
- Most features can selectively be added or removed and the design will be automatically optimized for the chosen feature set.
- Design, datasheet and YAML files are automatically created based on the chosen parameter set.
- Delivered as non-encrypted, human readable, verilog source code
Block Diagram
Applications
- Enterprise swiches
- Carrier switches
- Datacenter switches
- ToR swiches
- 5G networks
Deliverables
- IP core delivered as non-encrypted Verilog source code.
- Datasheet with theory of operations and automatically created register description.
- Easy to parse YAML file for register mapping.
- Verilog testbench for checking simulator compliance and as an example of driving the cores interfaces.
- Low-level device driver
Technical Specifications
Foundry, Node
The RTL is not foundry dependent
Availability
Available Now
Related IPs
- 1G/10G/25G/50G/100G Ethernet Switch IP Core - Efficient and Massively Customizable
- Ethernet Enterprise Switch/Router IP Core - Efficient and Massively Customizable
- Complete memory system supporting any combinations of SDR SDRAM, DDR, DDR2, Mobile SDR, FCRAM, Flash, EEPROM, SRAM and NAND Flash, all in one IP core
- High-performance and low-power 2D vector graphics IP core
- Ethernet Switch / Router IP Core - Efficient and Massively Customizable
- ARINC818 controller Transmitter and Receiver IP core