Memory Utilization
Application Note
750 University Ave. ● Los Gatos, CA 95032 ● E: ● P:408.399.3500 ● F: 408.399.3501
Hifn Confidential
AN-0126-00AN-0126-A, © 2005, Hi/fn®, Inc. All rights reserved. 1/19
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form by any means without the written permission of Hi/fn, Inc. (“Hifn”)
Licensing and Government Use
Any Hifn software (“Licensed Programs”) described in this document is furnished under a license and may be used and copied only in accordance with the terms of such license and with the inclusion of this copyright notice. Distribution of this document or any copies thereof and the ability to transfer title or ownership of this document’s contents are subject to the terms of such license.
Such Licensed Programs and their documentation have been developed at private expense and no part of such Licensed Programs is in the public domain. Use, duplication, disclosure, and acquisition by the U.S. Government of such Licensed Programs is subject to the terms and definitions of their applicable license.
Disclaimer
Hifn reserves the right to make changes to its products, including the contents of this document, or to discontinue any product or service without notice. Hifn advises its customers to obtain the latest version of relevant information to verify, before placing orders, that information being relied upon is current. Every effort has been made to keep the information in this document current and accurate as of the date of this document’s publication or revision.
Hifn warrants performance of its products to the specifications applicable at the time of sale in accordance with Hifn’s standard warranty or the warranty provisions specified in any applicable license. Testing and other quality control techniques are utilized to the extent Hifn deems necessary to support such warranty. Specific testing of all parameters, with the exception of those mandated by government requirements, of each product is not necessarily performed.
Certain applications using Hifn products may involve potential risks of death, personal injury, or severe property or environmental damage (“Critical Applications”). Hifn products are not designed, intended, authorized, or warranted to be suitable for use in life saving, or life support applications, devices or systems or other critical applications. Inclusion of Hifn products in such critical applications is understood to be fully at the risk of the customer. Questions concerning potential risk applications should be directed to Hifn through a local sales office.
In order to minimize risks associated with the customer's applications, adequate design and operating safeguards should be provided by the customer to minimize inherent or procedural hazards. “Typical” parameters can and do vary in different applications. All operating parameters, including “Typicals,” should be validated for each customer application by the customer’s technical experts.
Hifn does not warrant that its products are free from infringement of any patents, copyrights or other proprietary rights of third parties. In no event shall Hifn be liable for any special, incidental or consequential damages arising from infringement or alleged infringement of any patents, copyrights or other third party intellectual property rights.
The use of this product in stateful compression protocols (for example, PPP or multi-history applications) with certain configurations may require a license from Motorola. In such cases, a license agreement for the right to use Motorola patents may be obtained through Hifn or directly from Motorola.
Patents
May include one or more of the following United States patents: 4,701,745; 5,003,307; 5,016,009; 5,126,739; 5,146,221; 5,414,425; 5,463,390; 5,506,580; and 5,5532,694. Other patents pending.
Trademarks
Hi/fn®, MeterFlow®, MeterWorks®, and LZS®, are registered trademarks of Hi/fn, Inc. HifnTM, FlowThroughTM, and the Hifn logo are trademarks of Hi/fn, Inc. All other trademarks and trade names are the property of their respective holders.
IBM, IBM Logo, and IBM PowerPC are trademarks of International Business Machines Corporation in the United States, or other countries.
Microsoft, Windows, Windows NT and the Windows logo are trademarks of Microsoft Corporation in the United States, and/or other countries.
Exporting
This product may only be exported from the United States in accordance with applicable Export Administration Regulations. Diversion contrary to United States laws is prohibited.
Hifn Confidential
If you have signed a Hifn Confidential Disclosure Agreement that includes this document as part of its subject matter, please use this document in accordance with the terms of the agreement. If not, please destroy the document.
750 University Ave. ● Los Gatos, CA 95032 ● E: ● P:408.399.3500 ● F: 408.399.3501
Hifn Confidential
8155 Memory Utilization
Contents
1Scope
2Private Memory Organization
2.1Types of Sessions
2.2Maximum Number of Simultaneous Open Sessions
2.3Maximum Number of Sessions by Memory Size......
2.4Anti-replay Memory Usage
2.4.1Maximum Number of Small Sessions with Anti-Replay
2.5Optimized Large Context Memory Usage Tables
2.5.1RC4 / SSL, Stateless or without Compression
2.5.2Stateful Compression
2.5.3Stateful LZS Decompression
2.5.4Stateful MPPC Decompression
THIS PAGE INTENTIONALLY LEFT BLANK.
Memory Utilization - Application Note, AN-0126-001
Hifn Confidential
8155 Memory Utilization
1Scope
This application note contains private memory organization and session capacity information for HIPP II 8155 security processor. The information contained in this document is intended as a general guide when designing with the 8155 security processor.
HIPP II security processors have the unique ability to perform encryption and compression operations on entire packets at very high speeds in switched packet network applications. This is accomplished by storing session context and certain packet processing algorithms in the security processors private memory. As a result, a significant amount of processing is alleviated from the host network processor and the throughput of the system may be dramatically increased.
The reader is assumed to have a general knowledge of 8155 architecture. Refer to the latest version of the 8155 Network Security Processor Device Specification, DE-0011-xx,for for more information about the 8155.
For technical support about this product, please contact your local Hifn sales office, representative, or distributor. For general information about Hifn and Hifn products please refer to:
THIS PAGE INTENTIONALLY LEFT BLANK.
Memory Utilization - Application Note, AN-0126-001
Hifn Confidential
8155 Memory Utilization
2Private Memory Organization
The primary purpose of private memory is to maintain session context, compression histories, scratch buffers, core descriptors and store DPU programs which are used to perform encryption, compression, and other miscellaneous packet or session functions. An example of a private memory map is shown in Figure 1. This document focuses on the private SDRAM requirements for storing different types of session context.
Figure 1Private Memory Organization
The 8155 processor supports three types of context memory mapping: small context, legacy large context, and optimized large context. The Device Specification for the 8155 processor describes how to use each of these types of context mapping. The following sections illustrate how session context and compression histories are stored in 8155 private memory.
2.1Types of Sessions
Table 1 below compares the amount of memory required for a variety of session types.
Table 1Memory Requirements for different Session Types
Session Type / Required Context Types / Total Memory per ContextSmall Sessions / Small Context only (256) / 256 bytes
Legacy Large Sessions
with Encryption (no Compression) / Small Context + Large Encryption Context (256 + 512) / 768 bytes
Legacy Large Sessions
with Compression / Small Context + Large Encryption Context + Large Compression Context (256 + 512 + 8K) / 8960 bytes
Optimized Large Sessions
(RC4 & SSL) / Optimized Large Context (512) / 512 bytes
Optimized Large Sessions with Stateful Compression / Optimized Large Context + Stateful Compression History (512 + 512) / 1024 bytes
Optimized Large Sessions with Stateful Decompression / Optimized Large Context + Stateful Decompression History (512 + 2048) / 2560 bytes
Optimized Large Sessions with stateful MPPC decompression / Optimized Large Context + Stateful MPPC Decompression History (512 + 8192) / 8704 bytes
2.2Maximum Number of Simultaneous Open SessionsThis is a two step calculation process. First, the amount of memory that can be allocated to small context sessions is found. Then t
The maximum number of simultaneous open sessions can be found as follows:
- Determine the amount of memory available for the small session structure. This is the total memory, less the amount of memory reserved for packet buffers, core descriptors, and DPU programs.
- Divide the result of step 1 by 256 (the size of a small memory context).
For example, applications with 512 MB of private memory can support up to 2,076,752 simultaneous small sessions. This number is calculated by taking the total memory size (512 MB=536,870,912 bytes) and subtracting the size of the packet buffer space (32*128 KB) as well as the estimated number of bytes for the core descriptor space, the size of the DPU program(s), and any other miscellaneous memory requirements. For this example, 1 MB is chosen as the estimate.
Small context sessions size = Total memory size – packet buffer size – core descriptor and DPU program size
531,628,032 = 536,870,912 – 4,194,304 – 1,048,576
Since small context segments require 256 bytes each, the maximum number of sessions is given by:
531,628,032 / 256 = 2,076,752
Of course, this number would be significantly reduced if large sessions were used.
2.3Maximum Number of Sessions by Memory Size
The following table contains the maximum number of sessions that can be supported by typical SDRAM memory sizes. Anti-Replay window size is not included in the values shown.
Table 2Maximum Number of Sessions by Memory Size
64 MB / 128 MB / 256 MB / 512 MBSDRAM Device / (2x) 16M x 16 / (4x) 16M x 16 / (4x) 32M x 16 / (8x) 64M x 8
Total Bytes / 67,108,864 bytes / 134,217,728 bytes / 268,435,456 bytes / 536,870,912 bytes
Packet Buffers (32 Indexes) / 4,194,304 bytes / 4,194,304 bytes / 4,194,304 bytes / 4,194,304 bytes
Core Descriptors, DPU programs, misc. / 1,048,576 bytes / 1,048,576 bytes / 1,048,576 bytes / 1,048,576 bytes
Remaining memory for Session Context / 61,865,984 bytes / 128,974,848 bytes / 263,192,576 bytes / 531,628,032 bytes
Max Small Sessions / 241,664 / 503,808 / 1,028,096 / 2,076,672
Max Legacy Large Sessions (stateless) (1) / 65,535 / 65,535 / 65,535 / 65,535
Max Legacy Large Sessions (compression) / 6904 / 14,394 / 29,374 / 59,335
Optimized large session (stateless or no compression) RC4/SSL / 120,832 / 251,904 / 514,048 / 1,038,336
Optimized large session (stateful compression) LZS / 60,416 / 125,952 / 257,024 / 519,188
Optimized large session (stateful decompression) LZS / 24,166 / 50,380 / 102,809 / 207,675
Optimized large session (stateful decompression) MPPC / 7,107 / 14,817 / 30,224 / 61,080
1. The maximum number of legacy large sessions is limited by the size of the 16-bit pointer
2.4Anti-replay Memory Usage
Small anti-replay sequence histories (64-bits) are stored within regular session context. The 8155 processor also supports large anti-replay windows (128, 256, 512, or 1024-bits) that consume additional memory and in turn reduce the maximum number of simultaneous open sessions. In sessions using large anti-replay, each session context contains an address pointer to the SDRAM location where each anti-replay history is stored.
In addition to the anti-replay window, an extra 64 bits are stored in memory for the look-ahead buffer. So, for a large anti-replay window of 128-bits, the amount of memory consumed is given by:
128 + 64 = 192 bits = 24 bytes per session
Similarly, the total window size for 256, 512, and 1024-bit windows are calculated by adding 64-bits to the window size. The following table estimates how much memory will be consumed by the given numbers of sessions for each anti-replay window size.
Table 3Memory Consumption vs. Anti-replay Size
Large Anti-replaywindow size / 1 Session / 1,000 Sessions / 10,000 Sessions / 100,000 Sessions / 1,000,000 Sessions
128-bits / 24-bytes / 24 KB / 240 KB / 2.4 MB / 24 MB
256-bits / 40-bytes / 40 KB / 400 KB / 4.0 MB / 40 MB
512-bits / 72-bytes / 72 KB / 720 KB / 7.2 MB / 72 MB
1024-bits / 136-bytes / 136 KB / 1360 KB / 13.6 MB / 136 MB
2.4.1Maximum Number of Small Sessions with Anti-Replay
The following table contains the maximum number of IPsec sessions that will fit into given private memory configurations. The maximum number of small sessions is calculated for 64, 128, 256, 512, and 1024-bit anti-replay windows. Since a 64-bit anti-replay window is built into the small context, reduction to the maximum number of IPsec sessions actually begins when 128-bits, or more, of anti-replay are used.
Table 4Max Number of IPsec Sessions with Anti-Replay for Common Memory Sizes
64 MB / 128 MB / 256 MB / 512 MBSDRAM Device / (2x) 16Mx16 / (4x) 16Mx16 / (4x) 32Mx16 / (8x) 64Mx8
Total Bytes / 67,108,864 bytes / 134,217,728 bytes / 268,435,456 bytes / 536,870,912 bytes
Packet Buffers (32 Indexes) / 4,194,304 bytes / 4,194,304 bytes / 4,194,304 bytes / 4,194,304 bytes
Core Descriptors, DPU programs, misc. / 1,048,576 bytes / 1,048,576 bytes / 1,048,576 bytes / 1,048,576 bytes
Remaining memory for Session Context / 61,865,984 bytes / 128,974,848 bytes / 263,192,576 bytes / 531,628,032 bytes
Max Small Sessions with 64 bit anti replay window / 241,664 / 503,808 / 1,028,096 / 2,076,672
Max Small Sessions with 128-bit anti-replay window / 220,950 / 460,624 / 939,973 / 1,898,672
Max Small Sessions with 256-bit anti-replay window / 209,006 / 435,726 / 889,164 / 1,796,040
Max Small Sessions with 512-bit anti-replay window / 188,616 / 393,216 / 802,416 / 1,620,817
Max Small Sessions with 1024-bit anti-replay window / 157,821 / 329,017 / 671,409 / 1,356,194
2.5Optimized Large Context Memory Usage Tables
The following sections contain tables that define the raw memory requirements for varying combinations of optimized large session types. The values shown are in megabytes and do not take into consideration DPU code, descriptor memory, anti-replay memory consumption, etc.
2.5.1RC4 / SSL, Stateless or without Compression
1.2M / 614.41.1M / 563.2 / 614.4
1M / 512 / 563.2 / 614.4
900K / 460.8 / 512 / 563.2
800K / 409.6 / 460.8 / 512 / 563.2
# Optimized Large Session Context- RC4 / SSL / 700K / 358.4 / 409.6 / 460.8 / 512 / 563.2
600K / 307.2 / 358.4 / 409.6 / 460.8 / 512
500K / 256 / 307.2 / 358.4 / 409.6 / 460.8 / 512
400K / 204.8 / 256 / 307.2 / 358.4 / 409.6 / 460.8 / 512
300K / 153.6 / 204.8 / 256 / 307.2 / 358.4 / 409.6 / 460.8 / 512
200K / 102.4 / 153.6 / 204.8 / 256 / 307.2 / 358.4 / 409.6 / 460.8 / 512
100K / 51.2 / 102.4 / 153.6 / 204.8 / 256 / 307.2 / 358.4 / 409.6 / 460.8 / 512
0 / 51.2 / 102.4 / 153.6 / 204.8 / 256 / 307.2 / 358.4 / 409.6 / 460.8 / 512
0 / 200K / 400K / 600K / 800K / 1 M / 1.2 M / 1.4 M / 1.6 M / 1.8 M / 2 M
# of Small Session Context
2.5.2Stateful Compression
480K / 491.5420K / 450.6 / 501.8
400K / 409.6 / 460.8 / 512
360K / 368.6 / 419.8 / 471
320K / 327.7 / 378.9 / 430.1 / 481.3
# Optimized Large Session Context- stateful comp. / 280K / 286.7 / 337.9 / 389.1 / 440.3 / 491.5
240K / 245.8 / 297 / 348.2 / 399.4 / 450.6
200K / 204.8 / 256 / 307.2 / 358.4 / 409.6 / 460.8
160K / 163.8 / 215 / 266.2 / 317.4 / 368.6 / 419.8 / 471
120K / 122.9 / 174.1 / 225.3 / 276.5 / 327.7 / 378.9 / 430.1 / 481.3
80K / 81.9 / 133.1 / 184.3 / 235.5 / 286.7 / 337.9 / 389.1 / 440.3 / 491.5
40K / 41 / 92.2 / 143.4 / 194.6 / 245.8 / 297 / 348.2 / 399.4 / 450.6 / 501.8
0 / 51.2 / 102.4 / 153.6 / 204.8 / 256 / 307.2 / 358.4 / 409.6 / 460.8 / 512
0 / 200K / 400K / 600K / 800K / 1 M / 1.2 M / 1.4 M / 1.6 M / 1.8 M / 2 M
# of Small Session Context
2.5.3Stateful LZS Decompression
240K / 614.4220K / 563.2 / 614.4
200K / 512 / 563.2 / 614.4
180K / 460.8 / 512 / 563.2
160K / 409.6 / 460.8 / 512 / 563.2
# Optimized Large Session Context- stateful decomp. / 140K / 358.4 / 409.6 / 460.8 / 512 / 563.2
120K / 307.2 / 358.4 / 409.6 / 460.8 / 512
100K / 256 / 307.2 / 358.4 / 409.6 / 460.8 / 512
80K / 204.8 / 256 / 307.2 / 358.4 / 409.6 / 460.8 / 512
60K / 153.6 / 204.8 / 256 / 307.2 / 358.4 / 409.6 / 460.8 / 512
40K / 102.4 / 153.6 / 204.8 / 256 / 307.2 / 358.4 / 409.6 / 460.8 / 512
20K / 51.2 / 102.4 / 153.6 / 204.8 / 256 / 307.2 / 358.4 / 409.6 / 460.8 / 512
0 / 51.2 / 102.4 / 153.6 / 204.8 / 256 / 307.2 / 358.4 / 409.6 / 460.8 / 512
0 / 200K / 400K / 600K / 800K / 1 M / 1.2 M / 1.4 M / 1.6 M / 1.8 M / 2 M
# of Small Session Context
2.5.4Stateful MPPC Decompression
60K / 52255K / 478.5 / 529.7
50K / 435 / 486.2 / 537.4
45K / 391.5 / 442.7 / 493.9
40K / 348 / 399.2 / 450.4 / 501.6
# Optimized Large Session Context- stateful MPPC decomp. / 35K / 304.5 / 355.7 / 406.9 / 458.1 / 509.3
30K / 261 / 312.2 / 363.4 / 414.6 / 465.8
25K / 217.5 / 268.7 / 319.9 / 371.1 / 422.3 / 473.5
20K / 174 / 225.2 / 276.4 / 327.6 / 378.8 / 430 / 481.2
15K / 130.5 / 181.7 / 232.9 / 284.1 / 335.3 / 386.5 / 437.7 / 488.9
10K / 87 / 138.2 / 189.4 / 240.6 / 291.8 / 343 / 394.2 / 445.4 / 496.6
5K / 43.5 / 94.7 / 145.9 / 197.1 / 248.3 / 299.5 / 350.7 / 401.9 / 453.1 / 504.3
0 / 51.2 / 102.4 / 153.6 / 204.8 / 256 / 307.2 / 358.4 / 409.6 / 460.8 / 512
0 / 200K / 400K / 600K / 800K / 1 M / 1.2 M / 1.4 M / 1.6 M / 1.8 M / 2 M
# of Small Session Context
Memory Utilization - Application Note, AN-0126-001
Hifn Confidential
750 University Avenue
Los Gatos, California 95032
tel: 408.399.3500
fax: 408.399.3501
Hifn Confidential