The current network faces the challenge of heavy traffic load and cyber security.Meanwhile,there is an increasing demand for the optimization of throughput,transmission delay,security and CPU resource utilization of the network devices.Therefore,it's necessary to introduce a set of network system to ensure of data forwarding,security isolation and CPU offload to solve the above problems.Aiming at the current research and application requirements,a set of 10-Gigabit Ethernet forwarding and isolation system based on ZYNQ is designed for the data transfer in the network environment.It solves the practical problems of SI/PI/EMI,Ethernet and PCIe protocol logic implementation of high-speed circuit systems.The system supports three core services,including four-channel 10-Gigabit Ethernet forwarding,access control and isolation of the Ethernet data,and DMA of the host transaction data to forward.The high-speed digital system design independently implemented includes a ZYNQ processor,10-Gigabit Ethernet SFP+ interface,PCIe communication interface,three-speed Ethernet module,RAM(DDR3 1600/1066Mbps),memory modules(QSPI FLASH/SD Slot/SATA)and other hardware modules.Moreover,the whole design includes 45-page schematic design,the 1449 components' layout,17-channel distributed power supply,signal integrity simulation and board testing.It solves hardware issues such as signal integrity of up to 10 Gbps signals and the whole board's power integrity.Around the above three core businesses,the logic and part of the software is also independently implemented,which combines with the AXI-Stream and AXI-Lite bus to design the programmable logic top-level architecture.First.The queue combined with Priority Queue and Round-Robin Scheduling is used to realize four-channel network data scheduling for the forwarding.The maximum forwarding delay of the simulated network environment can reach 6.09μs~9.94μs,and the theoretical throughput can reach 4.3Gbps~9.4Gbps.Second.Device access control and security isolation are achieved with ZYNQ's processing system and the network configuration to meet the Information Security Technology—Security Functional Requirements for Products for Protecting Stand-alone Computer from Intrusion.Third.For the protocol offload forwarding,it solves the problems of out-of-order PCIe completion data packet reordering,DMA data cache,simple TCP service,etc.The bandwidth of the system achieves 523.5MB/s,and the CPU resource occupancy rate is less than 20%(i7-7700K).In summary,the system solves the difficulties of the high-speed digital circuit system design,the protocols implementation and the logic and timing optimization.Hence,it has four innovative points,including equipment compatibility,synergistic improvement performance with hardware and software,relatively independent security isolation and multi-functional integration. |