networkZONE Products for the week of February 13, 2006

Tarari, Inc. Says…
Tarari Multi-Core Content Processor Accelerates Security, Crypto, XML Processing and QoS Management Tasks
Tarari's T9000 Content Processors offer Network Security and XML OEMS/ODMs greater performance and shorter time to market

Tarari Inc. has introduced its new family of multi-core Tarari T9000 Content Processors that combine high-end computing hardware with optimized algorithms to deliver the first multi-core content processor on a single chip.

The T9000 family feature optimized versions of nine of the most CPU-intensive algorithms found in the enterprise and include both gigabit and multi-gigabit solutions. Tarari's product line, which includes boards, software and now ASICs has already been selected by major OEMs, ODMS and ISVs in the XML switch and appliance markets as well as in network security markets such as: UTM (Unified Threat Management), intrusion detection and prevention (IDS/IPS) and Anti-Spam.

Any application that needs to scan, parse or filter data can also benefit from T9000 Content Processors, which are ideally suited for applications such as content-based routing (CBR) and switching, application firewalls and security gateways, web acceleration, content filtering, anti-virus, regulatory compliance, database interfaces, and secure archiving.

"The T9000 family of Content Processors represent the industry's first Content Processing ASIC designed to dramatically improve capabilities while shortening time to market for a wide range of XML and Network Security applications," said Randy Smerik, CEO of Tarari, Inc. "Tarari's breakthrough multi-core technology, with up to nine different cores on a single ASIC, is a critical enabler of one of the dominant trends we are likely to see in 2006 - solutions capable of far greater throughput in a form factor that costs less and places less demand on the data center for real estate and power."

"Performance and power consumption have become key limiting factors in the evolution of many important network technologies," said Bob Wheeler, senior analyst at The Linley Group. "By accelerating and offloading CPU-intensive algorithms to Tarari T9000 Content Processors, solution developers can obtain dramatic performance gains while achieving significant design cost reductions through reduced chip count, latency, power consumption, and complexity."

Optimized acceleration agents include:

Other T9000 family members include single grammar processors and single RegEx agents designed to be used for lower-performance systems.

"With the maturity of Service-oriented Architecture (SOAs) and Web Services technologies, notoriously inefficient XML processing will soon consume more and more compute resources in every data center," said Ron Schmelzer, senior analyst with ZapThink, LLC. "Tarari's T9000 family of Content Processors provides developers with an important technology for creating XML-based security without imposing significant additional load on existing application servers and middleware infrastructures."

Performance
Tarari T9000 Content Processors feature industry-leading performance:

Requiring only a mere 5 Watts of power, T9000 Content Processors dramatically reduce the power consumption requirements of large-scale security and XML/Web Services deployments.

Agent Chaining
Agent-chaining allows the output of one agent to then be processed by another agent, thus data processing can continue without re-crossing the I/O bus Multiple operations such as decrypting an attachment, decompressing it, and then scanning it for viruses can be achieved in just one pass.

External Agents & Devices
The T9000 can function as a standalone solution or support multiple external ASIC or FPGA-based content processing engines (utilizing reprogrammable parts from either Xilinx or Altera.) Support is also included for dual ZBT or Quad data rate RAM and up to 2GB of external DDR RAM.

Operating System & Host Processor Support
Both Linux 32 bit and 64 bit and Microsoft Windows XP® are supported. Driver source code is available to aid porting to other operating systems such as FreeBSD, VXworks and Solaris. Applications stacks are available for Intel, MIPs and PowerPC based host processors, leading to faster time to market.

analogZONE Says . . .

Tarari's first merchant chip carries much more credibility that most companies' maiden silicon because the company has already earned a good name for itself with its reconfigurable FPGA-based boards that successfully tackled some of the tougher XML security & acceleration tasks that servers and security appliances encounter. While the T9000's crypto and compression functions that compare favorably with other specialized processors from companies like Broadcom, Cavium, and Freescale, it really excels at "Regular Expression" (RegEx) processing tasks which provide context - and application-aware analysis of information mined from deep within the bowels of packet flows. Content/RegEx processing was pioneered several years ago by Seaway (recently acquired by Freescale), but has only recently become one of the key technologies for detecting the malicious or unwanted network traffic, and for ensuring that authorized traffic gets the level of QoS that it deserves.

Until recently if you needed deep RegEx capabilities, the only viable alternatives to Tarari's boards were either to use Seaway's early chips or take a brute-force approach with tons of code running on general-purpose processors. I can think of several less power-hungry solutions that the 5 - 10 10-W Pentium III processors that Tarari claims to replace with a single T9000, but none of them come close to the 5 W that this chip is specified to draw And, as we'll see, the combination of RegEx and security processing on a single, 5-W chip represents both a significant technical achievement and a great value for designers needing this kind of functionality in their box, blade, or subsystem.

As the release above so ably explains, Tarari's dual sets of RegEx engine and grammar processors provide content inspection and manipulation, while their software and development tools wrap the silicon with higher-level packet/message processing and system-level components. It also packs a well-stocked arsenal of crypro accelerator cores, including SHA-1, RNG, RSA, DES/3DES (see Fig. 1). All these elements, along with a set of compress/decompression cores, share a wide "workflow bus." Bus bandwidth resource allocation and task management between the cores is coordinated by a state machine-based controller. And, if you want to add your own "secret sauce," the chip's external interface enables you to add extra processing cores or other engines to support advanced RegEx features, or XML processing like C14N.

Once you have the ability to peek deeply into a packet's contents, and analyze it according to a complex, context-oriented rules set, all sorts of interesting possibilities begin to emerge. Besides being able to filter e-mail IM, and Web/XML traffic, you can also write rules to perform sophisticated intrusion prevention and anti-virus functions.

Tarari's host interface is a PCI/X bus, giving it straightforward access to Pentium processors, but it can also be hitched up to Broadcom's SiByte multi-core CPUs, RAZA's XLR parts, and soon Freescale's line of PowerQUICC communication processors. Each pairing of host and content processor has its own advantages. In the Broadcom-based implementation, for example, the SiByte CPU runs software that lets it handle TOE offload, message assembly, and management tasks, while Tarari does its RegEx thing. In fact, there are already Tarari evaluation boards equipped with the BRCM SiByte/1280 MIPS-based processor available for you to play with. The T9000 also works with RAZA's multi-core XLR processor (see Fig. 2) which performs similar front-end processing functions in applications like firewall/intrusion prevention, advanced secure switches, and the unified threat management appliances that are generating so much buzz these days.

Tarari has wisely invested lots of effort in producing a full set of flexible programming tools that are relatively straightforward to use to support customer-designed boards, ODM platforms, and integrated network devices. The tools have been designed so that all the software they generate is compatible at the application level, allowing the code to be preserved regardless of implementation. In fact most services that you develop or borrow from their reference designs can be implemented in raw software, FPGA-based cards, or the T9000 processor.

The other half of Tarari's srategy to ease developer workload is to open up a large ecosystem of commercially-available turnkey software stack package for anti-virus, anti-spam, intrusion prevention. They currently have third-party vendors like Mail Filters for anti-spam, Kaspersky for anti-virus, and InToto for intrusion prevention.

Right now Tarari is enjoying a relatively uncrowded competitive field with Sensory Networks, about to release its own RegEx silicon, Freescale, and a handful of other deeply-cloaked companies expected to unveil their own content processors much later this year. About the only other competition (at least for the next few weeks) are some high-end models of Cavium's well-respected OCTEON multi-core processors which also have some limited RegEx capabilities. But while Cavium's RegEx cores may be competition in some lightweight content inspection applications, their multi-core RISC engines make such a good front-end to the T-9000 that there could be some very big opportunities to partner.

The Tarari T9000 Content Processor will sample March-April 2006 with production slated for Q2 2006 priced between $300 and $400. A development kit is available.

Lee's Saltshaker Rating

analogZONE
(c) 2006. All rights reserved.