Doing measurements using the PowerQUICC III MBC 85xx series
The PowerQUICC III MPC85xx series of integrated communications processors represents the mid-high end of the PowerQUICC product line. These devices use the e500 Power Architecture processor core, with front side L2 caches. The e500 core operates at frequencies up to 1.5 GHz. All members of the MPC85xx series use full-featured SECs.
Measurement configuration #1. Shown in Figure 9 below is the security performance for the MPC8544E and MPC8533E PowerQUICC III integrated communications processors, which contain the 32-bit e500 Power Architecture core, and SEC 2.1. These are the parameters:
MPC8544E CDS
e500 core at 800 MHz, DDR at 400 MHz data rate, and SEC at 133 MHz
OS: Linux 2.6.23
IPsec stacks: Mocana, running 3DES-HMAC-SHA-1
The only IPsec results available for the MPC8544E are from Mocana, for their commercial NanoSec IPsec implementation. Note that the SEC runs at a lower frequency (relative to the CPU) in the MPC8544E than in other 85xx devices, so the reduction in CPU utilization due to SEC saturation begins earlier than in other devices.
 |
| Figure 9. MPC8544E IPsec Performance |
Measurement configuration #2. Figure 10 below show the security performance for the MPC8555E and MPC8541E PowerQUICC III integrated communications processors, which contain the 32-bit e500 Power Architecture core, and SEC 2.0. These are the parameters:
MPC8555E CDS
e500 core at 833 MHz, DDR at 333 MHz data rate, and SEC at 166 MHz
OS: StrongSwan Linux 2.4, Mocana Linux 2.6.11
IPsec stacks: StrongSwan, Mocana, both running 3DES-HMAC-SHA-1
The chart compares StrongSwan with Mocana, with CPU utilization information. For this particular device, Mocana NanoSec outperforms StrongSwan at all packet sizes. Mocana CPU utilization steadily declines as packet size increases, while StrongSwan consumes 100% of the CPU at all packet sizes due to its synchronous, polling mode of operation.
 |
| Figure 10. MPC8555E IPsec Performance |
Measurement Configuration #3. The security performance for the MPC8548E PowerQUICC III integrated communications processor, which contain the 32-bit e500 Power Architecture core, and SEC 2.1 is shown in Figure 11 below. These are the parameters:
MPC8548E CDS
e500 core at 1.33 GHz, DDR at 533 MHz data rate, and SEC 2.1 at 266 MHz
OS: Linux 2.6.11
IPsec stacks: Mocana, running 3DES-HMAC-SHA-1
The chart compares OpenSwan with Mocana, and adds information about CPU utilization. Mocana NanoSec provides the highest throughput at all packet sizes and begins to saturate the SEC at 390 bytes.
CPU utilization continues to drop as packet size increases, and at 1456 bytes, Mocana achieves 1057 Mbps with 38 percent CPU utilization. OpenSwan has a similar profile; however, it does not saturate the SEC until 1024 bytes, and consumes 69 percent of the CPU while achieving 1057 Gbps at 1456 bytes.
 |
| Figure 11. MPC8548E IPsec Performance |
Conclusion
As the example configurations described in this article illustrate, the security performance of embedded communications processors is strongly determined by the performance of the CPU for small/medium packet sizes and is limited more by the crypto-hardware/memory bus for larger packet sizes.
While this point was illustrated here with the performance curves of various PowerQUICC processor family members, it is true for all embedded communications processors using general purpose CPUs and look-aside crypto acceleration.
It is possible to achieve higher performance using more NPU-like processing engines; however, doing so generally results in less flexibility, both in absolute programmability and in tool chain support.
Author Geoff Waters Senior Systems Engineer, joined Freescale Semiconductor in 1997 to work in the company's Networking and Computing Systems Group in Austin, Texas. Initially focused on security acceleration technologies, Geoff has served as a senior systems engineer for Freescale's Digital Systems Division for the last 5 years. Prior to working at Freescale, Geoff was a contractor to the US Defense Threat Reduction Agency [formerly known as the Defense Nuclear Agency (DNA)]. He is a graduate of the University of Houston Honors Program.
Editor Kurt Stammberger, CISSP, is VP of Development for Mocana. which focuses on the security of non-PC devices. He has over 19 years of experience in the security industry. He joined cryptography startup RSA Security as employee #7, where he led their marketing organization for eight years, helped launch spin-off company VeriSign, and created the brand for the technology that now protects virtually every electronic commerce transaction on the planet. Kurt founded and still serves on the Program Committee of the annual RSA Conference. He holds a BS in Mechanical Engineering from Stanford University, and an MS in Management from the Stanford Graduate School of Business, where he was an Alfred P. Sloan Fellow.
Readers may download free source-code trial packages of the Mocana software mentioned in this article by going to the Mocana website.
