Singing about storage security
In the last issue of Storage Network Notes, we reported that NetOctave had obtained $7.8 million in second-round financing and was producing a dedicated storage security ASIC. We caught up with David Mountain, marketing communications manager, to learn more.

The new product is called the NSP 3200 Security Processor. It is being designed for 1-Gbps storage networking gear, and also for use in OC-48 IP networking equipment in conjunction with network processors from Applied Micro Circuits Corp, (a.k.a. AMCC) and Intel.

FlowThrough architecture

Traditional Look-Aside architecture

Storage equipment makers are using TCP Offload Engines (TOEs) to handle TCP/IP processing, freeing the server CPU to handle application processing. These chips are often on the motherboard or are placed on an associated daughterboard. Reference designs employed by NetOctave call for the NetOctave chip to handle IPsec and packet processing, pass the traffic on to the TOE, which will handle the unencrypted Internet traffic and pass unencrypted data on to the data server.

According to a white paper by company cofounder, Ray Savarda "Next Generation Network Security Processors: Optimal Design and Integration with Network Processors" [.pdf], software implementations of IPsec were once sufficient for most WAN needs. A simple 850 MHz Celeron processor could handle the following data rates for encryption traffic:

Simply put, if your largest data pipe is a T-3 (45 Mbps), no problem. But as soon as you move to Gigabit Ethernet, you have a problem, and if you are considering 10 Gigabit Ethernet, this will not work at all. You need a dedicated ASIC.

With a dedicated processor operating on the system bus (133 MHz) at 64 bits wide = 133 x 64 = 8,512 bits per second, you get approximately 1.06 Gbps before allowing for inefficiencies (and ignoring the fact that a kilobyte is 1,024 bytes). This is sufficient for most full duplex gigabit Ethernet applications, but even the system bus is too slow for full duplex 10 GbE.

NetOctave's dedicated processors are optimized for storage traffic, which requires few concurrent connections but a large bus width to accommodate large data frames.

This optimization will, Mountain says, provide the NSP 3200 and the future NSP 4200 Security Processors (the NSP 4200 will be designed for 10 Gbps full duplex performance) with a significant advantage (in storage environments) over off-the-shelf processors designed for other IPsec implementations. Off-the-shelf IPsec processors are optimized to handle many concurrent connections but less data transfer per connection, and should not perform as well in storage applications.

High availability system now available
Auspex announced that new ServerGuardV Software for its NS3000 series of Network Attached Storage (NAS) servers increases stability to the point where the product achieves the coveted "five nines" (99.999 percent uptime) avalability.

Storage joust
"Easing Backup Pain: A Backup & Restore Workshop," was hosted and held by the SNIA Technology Center in Colorado Springs, Colorado. Each demonstration team was challenged to conduct a backup and restore at a minimum data backup rate of 1 terabyte per hour. Spectra Logic, Network Appliance, and VERITAS Software announced that they backed up and restored an entire terabyte of data in less than 53 minutes. Teams from Hewlett-Packard and Computer Associates passed the test too, but results for other teams were not available at press time, although a webcast is available here.

Finance
All funding news in the storage sector was drowned out by the giant plopping sound heard as Caspian Networks obtained a whopping $120 million in fourth-round funding, bringing the total obtained to date to $262 million. Founded in February of 1999, the company has not yet produced a product but has an impressive leadership battery that includes cofounder Dr. Lawrence Roberts, who led the team that built ARPANET and can thus be called the true founder of the Internet, and Bill Sickler, former President and CEO of Gadzoox Networks.

—End

<Back to page 1: Storage Area Network Notes
<Back to page 2: The Silky Side of Storage