The Open Systems Interconnection (OSI) Reference Model defines seven network protocol layers (L1-L7) used to communicate over a transmission medium. The upper layers (L3-L7) represent end-to-end connection-oriented communications and the lower layers (L1-L2) represent local communications.
Today's network services appliance implement comprehensive data content services with security. These include Content-aware Switching and Routing, Content-Aware Load Balancing, Deep-packet-inspection Firewall, Anti-Spam Gateway, IPsec and SSL VPN connectivity, Intrusion Detection and Protection and Anti-Virus. In addition, providing wired and wireless services and network attached data storage.
The convergence of multiple functions, and diverse services into network services appliances give rise to many challenges. First, network traffic needs to be handled at up to multi-gigabit rates. Second, deep packet inspection for all packets is required. Third, wire-speed security needs to be applied at each network layer, from Layer 2 to Layer 7. Fourth, services need to be performed at the content level.
Network processors are available for high-throughput L2 and L3 network protocol processing, that is, performing packet processing to forward packets at wire-speed. Typically, a general purpose processor is used to process L4-L7 network protocols that require more intelligent processing. One of the key building block of all Content-Aware processing is L4 processing, the Transmission Control Protocol (TCP). The Transmission Control Protocol (TCP), an L4 network protocol, is a connection oriented protocol that provides reliable in-order data delivery. Although packets may be transferred out of order over the network, or may be lost, the TCP protocol delivers the packets in order to L5-L7 layers in a reliable manner so that the L7 application receives the packets in the order that they were sent from a remote application.
The TCP protocol is based on a client/server model in which client and server processes identified by network endpoints (IP address and port number) are represented as sockets. A TCP connection is set up between a client process and a server process. The TCP connection is used to transfer application data between a client process in one computer system and a server process in another computer system. To provide reliable in-order delivery, TCP requires several compute intensive tasks including computing a checksum over the entire payload in the packet, managing TCP segment buffers, and maintaining multiple timers at all times on a per connection basis. Compute intensive tasks are required to ensure reliable in-order delivery on each TCP connection and there can be many concurrent TCP connections.
Although a general purpose processor can perform the compute intensive tasks, it does not provide sufficient performance to process the data for all of the concurrent TCP connections so that it can be forwarded at wire-speed.