Resolve All Your Host CPU Bottlenecks: FPGA-based
Accolade Technology is proud to sponsor Suricon 2017 in Prague, the Czech Republic. SuriCon is a collaborative event made up of OISF members and the Suricata community to develop ideas, discuss projects and to build community.
Nov 15 – 17, 2017
Where: Hotel Grandior Prague Na Poříčí 42 110 00 Praha 1-Florenc Czech Republic
Hardware-based Flow Offload in Suricata — Alfredo Cardigliano, ntop This talk covers the implementation of PF_RING enabled hardware flow shunting on Accolade 10/40/100 Gbit network adapters.
ABSTRACT: Suricata is a CPU bound application, its performance is hence affected by the number of processed packets. For years, Suricata performance has been improved by offloading selected tasks or using accelerated packet capture techniques that overcome typical operating system bottlenecks as well as reducing CPU cycles necessary to process a packet flow. In order to reduce the ingress rate, packet filtering techniques have been used with limited success, since filtering rules are static. It would be desirable for Suricata to directly instruct the packet capture system to drop or pass through selected packet flows. This technique, named flow offload, is currently implemented in Suricata in the NFQUEUE module, but unfortunately it does not significantly improve the overall performance.
This talk covers the implementation of PF_RING enabled hardware flow shunting on Accolade 10/40/100 Gbit network adapters. By exploiting the Accolade hardware-based flow classification engine, it is possible to request the network adapter to drop or forward packets from selected flows when flow shunting mode is enabled in Suricata. Depending on the NIC model, it is possible to offload up to 16 or 32 million active flows in hardware. Validation performed on real user traffic has demonstrated that the heavy flows affecting Suricata performance, are usually large downloads or video streams. By enabling flow shunting on the adapter, these heavy flows are dropped by hardware. The use of this technique makes it possible to combine both packet capture acceleration and hardware flow offload, and to enable Suricata to perform at 40 and 100 Gbps.
Accolade is the technology leader in FPGA-based Host CPU Offload and 100% Packet Capture PCIe NIC’s and Scalable 1U Platforms. Accolade’s line of 1-100GE products enable 100% packet capture, flow classification, flow shunting, deduplication, packet filtering and more. Our customers are global leaders in network monitoring & cybersecurity applications as well as in the network test and measurement, telecom and video stream monitoring markets.
Resolve all your host CPU offload bottlenecks. Share Your Technical Requirements with our FPGA and software experts to tailor the optimal solution. Accolade offers a 60 day free product evaluation for qualified customers to fully test and evaluate our products.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
Essential Website Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, you cannot refuse them without impacting how our site functions. You can block or delete them by changing your browser settings and force blocking all cookies on this website.
Other external services
We also use different external services like Google Webfonts, Google Maps and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Vimeo and Youtube video embeds: