Accolade to Sponsor SuriCon Prague 2017

Resolve All Your Host CPU Bottlenecks: FPGA-based
1-100GE NICs/Platform 

Accolade Technology is proud to sponsor Suricon 2017 in Prague, the Czech Republic. SuriCon is a collaborative event made up of OISF members and the Suricata community to develop ideas, discuss projects and to build community.

Nov 15 – 17, 2017

WhereHotel Grandior Prague Na Poříčí 42 110 00 Praha 1-Florenc Czech Republic

Meet Accolade at SuriCon – Presentation Wed Nov 15, 2017 3:00pm – 3:30pm
[Preview Full SuriCon Agenda]

Hardware-based Flow Offload in Suricata — Alfredo Cardigliano, ntop
This talk covers the implementation of PF_RING enabled hardware flow shunting on Accolade 10/40/100 Gbit network adapters. 

ABSTRACT: Suricata is a CPU bound application, its performance is hence affected by the number of processed packets. For years, Suricata performance has been improved by offloading selected tasks or using accelerated packet capture techniques that overcome typical operating system bottlenecks as well as reducing CPU cycles necessary to process a packet flow. In order to reduce the ingress rate, packet filtering techniques have been used with limited success, since filtering rules are static. It would be desirable for Suricata to directly instruct the packet capture system to drop or pass through selected packet flows. This technique, named flow offload, is currently implemented in Suricata in the NFQUEUE module, but unfortunately it does not significantly improve the overall performance.

This talk covers the implementation of PF_RING enabled hardware flow shunting on Accolade 10/40/100 Gbit network adapters. By exploiting the Accolade hardware-based flow classification engine, it is possible to request the network adapter to drop or forward packets from selected flows when flow shunting mode is enabled in Suricata. Depending on the NIC model, it is possible to offload up to 16 or 32 million active flows in hardware. Validation performed on real user traffic has demonstrated that the heavy flows affecting Suricata performance, are usually large downloads or video streams. By enabling flow shunting on the adapter, these heavy flows are dropped by hardware. The use of this technique makes it possible to combine both packet capture acceleration and hardware flow offload, and to enable Suricata to perform at 40 and 100 Gbps.


About Accolade

Accolade is the technology leader in FPGA-based Host CPU Offload and 100% Packet Capture PCIe NIC’s and Scalable 1U Platforms. Accolade’s line of 1-100GE products enable 100% packet capture, flow classification, deduplication, packet filtering and more. Our customers are global leaders in network monitoring & cybersecurity applications as well as in the network test and measurement, telecom and video stream monitoring markets.

FPGA Acceleration Features

100% Packet Capture | Flow Classification | Precise Time Stamping | Packet Merging | Packet Slicing | Packet Parsing | Packet Filtering | Deduplication | Host Packet Buffer | Packet Steering | Direct Memory Access (DMA) | Statistics (RMON1)

Free Product Evaluation

Resolve all your host CPU offload bottlenecks. Share Your Technical Requirements with our FPGA and software experts to tailor the optimal solution. Accolade offers a 60 day free product evaluation for qualified customers to fully test and evaluate our products.

Share on LinkedInTweet about this on TwitterShare on Google+Email this to someone