Resolve All Your Host CPU Bottlenecks: FPGA-based
Accolade Technology is proud to sponsor Suricon 2017 in Prague, the Czech Republic. SuriCon is a collaborative event made up of OISF members and the Suricata community to develop ideas, discuss projects and to build community.
Nov 15 – 17, 2017
Where: Hotel Grandior Prague Na Poříčí 42 110 00 Praha 1-Florenc Czech Republic
Hardware-based Flow Offload in Suricata — Alfredo Cardigliano, ntop This talk covers the implementation of PF_RING enabled hardware flow shunting on Accolade 10/40/100 Gbit network adapters.
ABSTRACT: Suricata is a CPU bound application, its performance is hence affected by the number of processed packets. For years, Suricata performance has been improved by offloading selected tasks or using accelerated packet capture techniques that overcome typical operating system bottlenecks as well as reducing CPU cycles necessary to process a packet flow. In order to reduce the ingress rate, packet filtering techniques have been used with limited success, since filtering rules are static. It would be desirable for Suricata to directly instruct the packet capture system to drop or pass through selected packet flows. This technique, named flow offload, is currently implemented in Suricata in the NFQUEUE module, but unfortunately it does not significantly improve the overall performance.
This talk covers the implementation of PF_RING enabled hardware flow shunting on Accolade 10/40/100 Gbit network adapters. By exploiting the Accolade hardware-based flow classification engine, it is possible to request the network adapter to drop or forward packets from selected flows when flow shunting mode is enabled in Suricata. Depending on the NIC model, it is possible to offload up to 16 or 32 million active flows in hardware. Validation performed on real user traffic has demonstrated that the heavy flows affecting Suricata performance, are usually large downloads or video streams. By enabling flow shunting on the adapter, these heavy flows are dropped by hardware. The use of this technique makes it possible to combine both packet capture acceleration and hardware flow offload, and to enable Suricata to perform at 40 and 100 Gbps.
Accolade is the technology leader in FPGA-based Host CPU Offload and 100% Packet Capture PCIe NIC’s and Scalable 1U Platforms. Accolade’s line of 1-100GE products enable 100% packet capture, flow classification, flow shunting, deduplication, packet filtering and more. Our customers are global leaders in network monitoring & cybersecurity applications as well as in the network test and measurement, telecom and video stream monitoring markets.
Resolve all your host CPU offload bottlenecks. Share Your Technical Requirements with our FPGA and software experts to tailor the optimal solution. Accolade offers a 60 day free product evaluation for qualified customers to fully test and evaluate our products.