The development of network technologies, especially the emergence of 10 Gigabit Ethernet, poses increasingly high requirements on Layer 4 through 7 processing performance of network security devices. To this end, the existing technologies provide a new flow processing system architecture featuring high performance and good scalability.
However, no matching software architecture is provided along with the new architecture in the existing technologies. Typically, network communication devices such as routers and switches use centralized or distributed software architectures.
FIG. 1 shows the centralized software architecture used by a centralized network communication device, such as router and switch. In this architecture, the main central processing unit (CPU) of the system completes the control and management functions at the control plane and the packet forwarding function at the data plane. Interfaces deliver every received packet to the main CPU of the system. The main CPU searches the forwarding table, completes related service processing, and forwards the packet through the outgoing interface.
FIG. 2 shows the distributed software architecture used by a distributed network communication device, such as router or switch. In distributed software architecture, the system has a special main board and multiple independent interface cards (such as interface card A and interface card B). The control plane resides on both the main board and interface cards, and performs distributed control and management on the system. The data plane on the main board forwards packets locally received or sent and processes services. The data plane on the interface cards performs distributed forwarding and service processing. Upon receiving a packet, the receiving interface of an incoming interface card looks up the local forwarding table. If the packet is destined for the local host and should be processed by the main board, the interface delivers the packet to the main board. If the packet should be forwarded by the local interface card, the interface obtains information of the outgoing interface card and outgoing interface, performs necessary service processing, and sends the packet to the outgoing interface card. The outgoing interface performs necessary service processing and sends out the packet.
As is apparent, in the centralized software architecture of the existing technologies, the main CPU completes both the control and management functions at the control plane, and the forwarding and service processing functions at the data plane, so that the overall system performance is affected. In the distributed software architecture, the control plane needs to be deployed on every interface card to implement distributed management, which is complicated to implement and difficult to develop. Therefore, the existing software architecture restricts the performance and scalability of the new architecture, increases system complexity, and cannot keep system simplicity and efficiency.