The router market might be in the doldrums, but that hasn't stopped Nokia spending big on drive silicon to drive its latest operator-scale router iron.
To get there, the company's ION (IP and optical) business CTO Steve Vogelsang told The Register, Nokia needed more density than its current 40 nm silicon could approach, so it skipped a couple of geometries, and designed the FP4 to use 16nm FinFET technology.
Memory's the other bottleneck the engineers were briefed to beat, because network packet processing is highly memory-intensive.
“To run a router at 80 to 90 per cent utilisation on each link comes down to memory”, Vogelsang explained.
To maximise memory bandwidth without wasting space, the designers borrowed from gaming and graphics rigs, which are also “very memory-driven” (in particular, he picked out memory stacking as a design borrowing).
The result, the company claims, is a five-fold board space saving as well as lower power and higher performance.
Light my fire
The FP4 ended up with six times the capacity of its predecessor FP3 - and in system terms, that means a single FP4-based line card can run 12 Tbps, 20 per cent faster than the entire FP3-based SR-12e system's 9.6 Tbps.
The biggest FP4-based system claims an eye-watering 576 Tbps in the largest configuration (six shelves, each capable of 96 Tbps).
The reason for so much capacity is multifold, Vogelsang told Vulture South: yes, Internet traffic is growing, but inter-data-centre traffic in the Webscale operations is growing even faster – and today's technologies aren't coping with the amount of attack traffic that attackers can mobilise (for example, in a DNS reflection attack).
Phenomena like the growth of video traffic are predictable to traffic engineers, Vogelsang said (“the equations are relatively simple”).
That's not true of traffic within and between big data centres, which in organisations like Amazon, Google, Facebook, Microsoft and others is “growing dramatically faster than what they serve to the internet”.
At the same time, individual workloads in those data centres can spike in ways that are hard to predict.
The FP4 silicon gives the routing platforms better telemetry and SDN capability, he said, to deal with these issues, working with Nokia's Deepfield network analysis.
The telemetry from routers is driven out of the chipset, Vogelsang explained, and that's combined with other sources like DNS lookups and address mapping to feed the software-defined network layer.
The SDN platform then pushes configuration and state back into the network – which is standard SDN capability, but with the FP4, he said, network admin gets “very fine-grained control”.
Internet of Things
Then there's the Internet of Things, a “class of devices that are meant to be set-and-forget” – except that set-and-forget is exactly what happens. That comes back to bite because IoT devices weren't secure to begin with, seldom if ever get upgraded and are too easy to attack.
“If you're not constantly upgrading, the footprint of vulnerable devices will always grow,” Vogelsang said.
“With the FP4 we have the ability to build in the fine-grained precision to block out those attacks … we could block out 90 per cent of [DoS attack traffic] with flow-based filtering, and because we have the ability to look beyond the header to see attack patterns”.
The “look beyond the header” isn't a complete solution, he added, and it's not meant to be. Rather, in something like a DNS reflection attack, the chip can handle a lot of pattern-matching lookups to identify attack packets.
If it meets that admittedly-ambitious target, the router silicon would also make life easier for existing security kit like deep packet inspection (DPI).
The FP4 doesn't handle something as complex as stateful attack traffic, since for that you need to see what's happening in both directions.
“We'd send that off to a scrubbing centre for analysis,” Vogelsang said (which is what already happens). “You're getting more out of that, because you're sending lower volumes.”
That approach also saves network traffic, because not so much is being sent to the scrubbing centre.
About that router market
One thing that intrigued The Register is why Nokia has built this ambitious device and throw it into the flat router market.
One answer is that there's no choice, because “there's no other way to build such large-scale networks”, Vogelsang said. He also thinks there are bright spots in the market, especially at Web-scale.
At the top of the market, there isn't any merchant silicon that “allows us to fill those pipes with IP packets and drive them hard”. ®