Filter
Top Products
23
Policy Enforcement Engine
The ProVision network ASICs contain the Policy Enforcement Engine. This engine provides fast packet
classification to be applied to ACLs, QoS, rate limiting, and some other features through an onboard Ternary
Content Addressable Memory (TCAM). Some of the variables that can be used include source and destination
IP addresses (which can follow specific users), TCP/UDP port numbers and ranges (apply ACLs to an
application that uses fixed-port numbers or ranges). More than 14 different variables can be used to specify the
packets to which ACL and QoS rules, rate-limiting counters, and others are to be applied.
The Policy Enforcement Engine provides a common front end for the user interface to ACLs, QoS, rate limiting,
and some other services. In subsequent software releases for the switches, more features can take advantage of
the Policy Enforcement Engine to provide a powerful, flexible method for controlling the network environment.
For example, traffic from a specific application can be raised in priority for some users, blocked for other users,
and limited in bandwidth for still other users. After the Policy Enforcement Engine, the header is then forwarded
to the programmable section of the network switch engine.
Network switch engine programmability
Each ProVision ASIC switch engine contains multiple programmable units, making them true network processor
units (NPUs). One of the functions of the NPU is to analyze the header of each packet as it comes into the
switch. The packet’s addresses can be read with the switch making forwarding decisions based on this
analysis. For example, if a packet’s IEEE 802.1Q tag needs to be changed to re-map the packet priority, the
ProVision ASIC needs to look at each packet to see if any particular one needs to be changed. This packet-by-
packet processing has to occur very quickly to maintain overall wire-speed performance—a capability of the
ProVision ASICs.
To broaden the flexibility of the ProVision ASICs, a programmable function is included for its packet processing.
This NPU function allows HP networking designers the opportunity to make future changes or additions in the
packet-processing features of the ASIC by downloading new software to it. Thus, new features needing high-
performance ASIC processing can be accommodated, extending the useful life of the switch without the need to
upgrade or replace the hardware.
HP networking’s first venture into switching ASIC designs began in 1995, with the introduction of the 2000
switch. The concept of adding the programmable functionality of the NPU within a switching ASIC was
designed and implemented in the popular ProCurve Switch 4000M product family introduced in 1998.
ProCurve’s 5300xl programmable capability was a third-generation design based on the original ProCurve
Switch 4000M implementation. The programmable capability was used to give both the ProCurve Switch
4000M and Switch 5300xl new ASIC-related features well after initial release of those products. Customers
with existing units could benefit from the new features through free software downloads. The customer’s
investment in the ProCurve Switch 4000M and 5300xl is preserved by providing new functionality not
otherwise possible without the ASIC NPU programmability. Being based on the ProCurve Switch 4000M and
5300xl implementations, the NPU capabilities of the ProVision ASICs used in the ProCurve 6600, 8200zl,
5400zl, 6200yl, and 3500yl series are a fourth-generation design, following the designs of the 5300xl and
4000M switch, and the original 2000 switch.
Fabric interfaces
After the packet header leaves the programmable section, the header is forwarded to the fabric interface. The
fabric interface makes final adjustments to the header based on priority information, multicast grouping, and
other factors, and then uses this header to modify the actual packet header as necessary.
The fabric interface then negotiates with the destination ProVision ASICs for outbound packet buffer space.
Finally, the ProVision ASIC’s fabric interface forwards the entire packet through the Fabric ASIC to an awaiting
output buffer on the ProVision ASICs that controls the outbound port for the packet. Packet transfer from the
ProVision network ASICs to the Fabric ASIC is accomplished using the 28.8-Gbps full-duplex connection, which
is also managed by the fabric interface.
ProVision ASIC CPU
Each ProVision ASIC contains its own CPU for learning Layer 2 nodes, packet sampling for the XRMON/
sFlow function, handling local MIB counters, and running other module-related operations. Overall, the local
CPU offloads the master CPU by providing a distributed approach to general housekeeping tasks associated
with every packet. MIB variables, which need to be updated with each packet, can be done locally. The