1U, OEM Application Acceleration Platform Use Cases: Flow Exporter, Data Duplicator, Cluster Load Balancer, Inline DPI and more
A Network Acceleration Platform That Can be Adapted to Most Any Networking or Security Application
The ATLAS-1000 is a fully integrated, 1U application acceleration platform exclusively designed for OEM customers developing network/cyber security and monitoring appliances. Like COTS appliances, the ATLAS-1000 provides a multi-core Intel CPU, memory and storage but that is where the similarities end.
The platform, show in Figure 1, integrates Accolade’s APP (Advanced Packet Processor) in the form of an onboard FPGA with acceleration features such as lossless packet capture, nanosecond precision timestamping, packet merging, packet filtering, flow classification, packet steering and more. For a detailed description of packet capture features please visit: https://accoladetechnology.com/features/
The API implemented for the ATLAS-1000 is also common to Accolade’s ANIC packet capture adapters ensuring seamless migration across Accolade’s comprehensive product offerings.
ATLAS-1000 is a very powerful and flexible platform that can be used in a variety of different situations. Following are a few representative use cases to give readers some sense of how to utilize the product. This list is not exhaustive and the platform can be adapted to most any networking or security application. It is particularly effective when there is some specific packet processing or manipulation feature that must be performed at scale.
Capturing flow records is an important monitoring function in computer networks and the de-facto standard format is NetFlow. In some cases, switches or other devices in the network can output NetFlow records. However, there are often points in the network where records are not available or perhaps must be output in another format. In this case, a standalone Flow Exporter appliance is very useful and with ATLAS-1000 the OEM vendor only has to supply the requisite software; leaving all the hardware and advanced packet processing responsibilities to the Accolade platform. The architecture shown in Figure 2 also subsumes the network TAP function directly into the appliance thus eliminating an element from the network.
Duplicated data poses a significant burden on network monitoring appliances. Sometimes as much as 50% of all traffic is duplicate. This is often because a SPAN port is configured to copy ingress and egress data from every switch port, which leads to duplicate packets for every packet that goes into and then out of a network switch. With ATLAS-1000, duplicate packets can be eliminated in hardware at 10 or 40G speeds before they ever reach the network monitoring appliance, thus saving a tremendous number of wasted processing cycles.
ATLAS-1000 can also be deployed as an inline data duplication appliance, as shown in Figure 3, thus operating on live network traffic. In this scenario, for maximum data availability, the platform can be equipped with an optional PIM that includes optical bypass. With bypass, even if the data duplicator loses power or otherwise fails, traffic will continue to flow through the appliance (with no deduplication) uninterrupted.
Cluster Load Balancer
For scale purposes a group or cluster of network monitoring appliances (NMAs) is often front-ended by a load balancer or packet broker. At a high level these devices take in packet data from the network, inspect the traffic and intelligently (based upon some rules or policy) distribute the traffic to some number of NMAs that form the cluster. The NMAs may be homogenous (different instances of the same function) or heterogeneous (cluster of NMAs with different purposes such as security and performance monitoring). Figure 4 shows a heterogeneous cluster of NMAs front-ended by an ATLAS-1000.
There are numerous load balancer and packet broker products available in the market from companies such as F5 Networks and Gigamon. These products are certainly appropriate in some situations but they are also very complicated and very expensive. Sometimes a simpler solution that has a targeted purpose with a much lower price point is more appropriate. This is where the ATLAS-1000 platform shines and delivers tremendous value to networking/security companies and their end users alike.
ATLAS-1000 can be used to limit or completely eliminate certain application traffic (e.g. Skype) within or between networks as show in Figure 5. The platform provides the hardware, optical bypass (in case of appliance power loss) and advanced flow classification. These capabilities combined with deep packet inspection (DPI) software from a leading vendor yields a robust, compact and cost effective solution.
Hardware-based flow classification is the key ATLAS-1000 feature that enables a robust inline DPI solution. Details on how flow classification can be used for this purpose can be found at: https://accoladetechnology.com/hardware-based-flow-classification-of-up-to32-million-ip-flows/