P5020NSE1QMB Datasheet P5020NXN1TNB, P5020NXE1TNB, P5020NSE1QMB | P19-P21

Features

P5020 QorIQ Communications Processor Product Brief, Rev. 1

Freescale Semiconductor 19

• Because the FMan has up to 256 policing profiles, any frame queue or group of frame queues can

be policed to either drop or mark packets if the flow exceeds a preconfigured rate.

• Policing and classification can be used in conjunction for mitigating Distributed Denial of Service

Attack (DDOS).

• The policing is based on two-rate-three-color marking algorithm (RFC2698). The sustained and

peak rates as well as the burst sizes are user-configurable. Hence, the policing function can

rate-limit traffic to conform to the rate the flow is mapped to at flow set-up time. By prioritizing

and policing traffic prior to software processing, CPU cycles can be focused on the important and

urgent traffic ahead of other traffic.

3.9.4.2 Queue Manager (QMan)

The Queue Manager (QMan) is the main component in the DPAA that allows for simplified sharing of

network interfaces and hardware accelerators by multiple CPU cores. It also provides a simple and

consistent message and data passing mechanism for dividing processing tasks amongst multiple CPU

cores. The QMan features are as follows:

• Common interface between software and all hardware

— Controls the prioritized queuing of data between multiple processor cores, network interfaces,

and hardware accelerators

— Supports both dedicated and pool channels, allowing both push and pull models of multicore

load spreading

• Atomic access to common queues without software locking overhead

• Mechanisms to guarantee order preservation with atomicity and order restoration following

parallel processing on multiple CPUs

• Two-level queuing hierarchy with one or more Channels per Endpoint, eight work queues per

Channel, and numerous frame queues per work queue

• Priority and work conserving fair scheduling between the work queues and the frame queues

• Lossless flow control for ingress network interfaces

• Congestion avoidance (RED/WRED) and congestion management with tail discard and up to 256

congestion groups with each group composed of a user-configured number of frame queues.

3.9.4.3 Buffer Manager (BMan)

The buffer manager (BMan) manages pools of buffers on behalf of software for both hardware

(accelerators and network interfaces) and software use. The BMan features are as follows:

• Common interface for software and hardware

• Guarantees atomic access to shared buffer pools

• Supports 32 buffer pools. Software and hardware buffer consumers can request both different size

buffers and buffers in different memory partitions.

• Supports depletion thresholds with congestion notifications

• On-chip per pool buffer stockpile to minimize access to memory for buffer pool management

• LIFO (last in first out) buffer allocation policy that optimizes cache usage and allocation

P5020 QorIQ Communications Processor Product Brief, Rev. 1

Features

Freescale Semiconductor20

3.9.4.4 Security Engine (SEC 4.2)

The SEC 4.2 is QorIQ’s fourth generation crypto-acceleration engine. In addition to off-loading

cryptographic algorithms, the SEC 4.2 offers header and trailer processing for several established security

protocols. The SEC 4.2 includes several Descriptor Controllers (DECOs), which are updated versions of

the previous SEC crypto-channels. DECOs are responsible for header and trailer processing, and managing

context and data flow into the CHAs assigned to it for the length of an operation.

The DECOs can perform header and trailer processing, as well as single pass encryption/integrity checking

for the following security protocols:

•IPsec

• SSL/TLS

•SRTP

• IEEE Std 802.1AE™ MACSec

• IEEE 802.16e WiMax MAC layer

• 3GPP RLC encryption/decryption

In prior versions of the SEC, the individual algorithm accelerators were referred to as Execution Units

(EUs). In the SEC 4.2, these are referred to as Crypto Hardware Accelerators (CHAs) to distinguish them

from prior implementations. Specific CHAs available to the DECOs are listed below.

• Advanced encryption standard unit (AESA)

• ARC four execution unit (AFHA)

• Cyclic redundancy check accelerator (CRCA)

• Data encryption standard execution unit (DESA)

• Kasumi execution unit (KFHA)

• SNOW 3 G hardware accelerator (STHA)

• Message digest execution unit (MDHA)

• Public key execution unit (PKHA)

• Random number generator (RNGB)

Depending on the security protocol and specific algorithms, the SEC 4.2’s aggregate symmetric

encryption/integrity performance is 5 Gbps, while asymmetric encryption (RSA public key) performance

is ~5,000 1024b RSA operations per second.

The SEC 4.2 is also part of the QorIQ Trust Architecture, which gives the P5020 the ability to perform

secure boot, runtime code integrity protection, and session key protection. The Trust Architecture is

described in Section 3.10, “Avoiding Resource Contentions Using the QorIQ Trust Architecture.”

Features

P5020 QorIQ Communications Processor Product Brief, Rev. 1

Freescale Semiconductor 21

Figure 6. SEC 4.2 Block Diagram

3.9.4.5 Pattern Matching Engine (PME 2.1)

The PME is a self-contained hardware module capable of autonomously scanning data from streams for

patterns that match a specification in a database dedicated to it. The PME 2.1 is an updated version of the

PME used in previous members of the PowerQUICC family. Specific updates include the following:

• QMan interface supporting the DPAA Queue Interface Driver

• 2x increase in the number of patterns supported (16 Kbytes to 32 Kbytes)

• Increase in number of stateful rules supported (8 Kbytes to 16 Kbytes)

• Raw scanning performance is ~ 5 Gbps.

Patterns that can be recognized, or “matched,” by the PME are of two general forms:

• Byte patterns are simple matches such as “abcd123” existing in both the data being scanned and in

the pattern specification database.

• Event patterns are a sequence of multiple byte patterns. In the PME, event patterns are defined by

stateful rules.

3.9.4.5.1 PME Regular Expressions (Regex)

The PME specifies patterns of bytes as regular expressions (regex). The P5020 (by means of an online or

offline process) converts Regex patterns into the PME’s pattern specification database. Generally, there is

a one-to-one mapping between a regex and a PME byte pattern. The PME’s use of regex pattern matching

offers built-in case-insensitivity and wildcard support with no pattern explosion, while the PME’s

NFA-style architecture offers fast pattern database compilation and fast incremental updates. Up to 32,000

regex patterns are supported, each up to 128 bytes long. The 32,000 regex patterns can be combined by

means of stateful rules to detect a far larger set of event patterns. Comparative compilations against DFA

style regex engines have shown that 300,000 DFA pattern equivalents can be achieved with ~8000 PME

regexes with stateful rules.

Job Queue

Controller

On-Chip

System

Interface

Queue Manager

Interface

Descriptor

Controllers

RTIC

CHAs

P1-P3 P4-P6 P7-P9 P10-P12 P13-P15 P16-P18 P19-P21 P22-P24 P25-P27 P28-P30 P31-P32

P5020NSE1QMB

Mfr. #:

Buy P5020NSE1QMB

Manufacturer:

NXP / Freescale

Description:

Microprocessors - MPU StdTmpEnc 1600/1200

Lifecycle:

New from this manufacturer.

Delivery:

DHL FedEx Ups TNT EMS

Payment:

T/T Paypal Visa MoneyGram Western Union

P5020NSE1QMB

P5020NSE1QMB

Products related to this Datasheet