The design of the SonicWall ES7500 provides a case study of how multicore processors can provide a big win--if you are prepared to crank out a lot of low-level parallel programming software.
SonicWall started in 2003 with an idea for a network appliance that could scan traffic at gigabit/second rates for a complex set of viruses, malware and intruders' fingerprints. It partnered with Cavium Networks at a time when Cavium's 16-core Octeon processor was only a concept.
Embedded software vendors had no support for multicore chips, let alone the Octeon. So SonicWall had to staff a team to develop low-level control code, including linkers, com- pilers and debuggers. Its main competitor was Cisco Systems, a world-class ASIC designer. And the technical challenge was steep.
|SonicWall's John Gmuender (front row, blue sweater) and part of the 200-person software team that tackled the 16-core Cavium Octeon processor.|
"You look at every byte of every packet of every flow, scanning for tens to hundreds of thousands of parts looking for the bad stuff without impacting network bandwidth or latency," said John Gmuender, vice president of engineering at SonicWall.
Before you can even examine data for security threats, packets often need to be decompressed and decoded--a job that could require millions of processor cycles per packet. SonicWall aimed to surpass its competition by an order of magnitude, achieving half the gains from some unique algorithms and half from leveraging the 16-core Octeon.
The lack of multicore tools at that time "meant taking the hard road to get the first-mover advantage, and it could have failed," said Gmuender. "That's a barrier to entry for competitors, so it's both a blessing and a curse."
He pulled together a diverse 200-person design team, 90 percent of them working on software. They came from microprocessor teams Gmuender had led at IBM, Intel, Sun and elsewhere. The team worked closely with the Cavium Octeon group, led by a former designer of Digital Equipment's Alpha processor.