Technology Summary
An Overview of Accolade’s FPGA-based Host CPU Offload Technology
Accolade Technology provides the most technologically advanced FPGA-based 1-100GE PCIe Host CPU Offload SmartNIC’s and 1U Host CPU Offload Platforms available in the market today. Accolade’s Advanced Cybersecurity Acceleration Suite (ACAS) Firmware IP and Software enables mission critical, high performance and scalable (up to 400G) OEM customer applications in the Cybersecurity and Network Monitoring markets. Accolade’s customers are global leaders in network monitoring & cybersecurity as well as in the network test and measurement, telecom, government and military markets. Through it’s ACAS technology, Accolade powers market leading SmartNIC products from key technology partners including Achronix and Xilinx. ACAS powers Achronix VectorPath™ 4x100G and Xilinx Alveo™ Accelerators/SmartNICs.
Adapters
ANIC Adapters
Accolade adapters are available in a variety of port configurations with speeds ranging from 1 to 100 Gbps (see Table 1). Each adapter performs lossless packet capture and a variety of acceleration functions such as time stamping, packet filtering, and flow classification.
wdt_ID Speed 1G 10G 10G 10G 10G/40G 10G/40G 100G 100G 100G
1
Model
4Ku
20ku
40ku
40kq
80ku
ATLAS-1100 Service Node
ANIC-200KFlex
ANIC-100Kq
ANIC-200Kq
2
Port/Type
4X1G SFP
2X10G SFP+
4X10G SFP+
1X40G QSFP+ 4X10G SFP+
2X40G QSFP+ 8X10G SFP+
4x10G SFP+ 1x40G QSFP+
2x100G QSFP28 2x40G QSFP28
1X100G QSFP28
2X100G QSFP28
3
PCIe Interface
Gen3 x8
Gen3 x8
Gen3 x8
Gen3 x8
Gen3 x8
Gen3 x8
Gen3 x16
Gen3 x16
Gen3 x16
4
Dimensions(H x L inches)
4.25 x 6.5
4.25 x 6.25
4.25 x 6.25
4.25 x 6.25
4.25 x 6.25
1.75 x12.28x14
4.25 x 6.5
4.25 x 10.5
4.25 x 10.5
5
Memory
32MB
4G
4G
4G
4G
16/32G
8G
12G
12G
6
Timestamp
5.7 nS
5.7 nS
5.7 nS
5.7 nS
5.7 nS
5.7 nS
4 nS
4 nS
4 nS
7
100% Packet
Capture✓
✓
✓
✓
✓
✓
✓
✓
✓
8
Gigamon, AristaTimestamp
✓
✓
✓
✓
✓
✓
✓
✓
✓
9
Packet Merging
✓
✓
✓
✓
✓
✓
✓
✓
✓
10
Packet Parsing
✓
✓
✓
✓
✓
✓
✓
✓
✓
Table 1: ANIC Adapters
Network traffic is captured via an Ethernet interface, processed by the onboard FPGA and then intelligently steered directly to the appliance’s (host) memory for processing by the security or networking application. For multi-core CPU based appliances, the adapter intelligently distributes traffic to all available CPU cores thereby maximizing performance and efficiency.
Save
Save
Save
Save
Save
Save
Save
Engagement Model
Accolade Customer Engagement Model
Accolade partners exclusively with network appliance vendors that are focused on developing leading edge security and networking related products. The term “partner” is used to describe the customer relationship because all engagements require close cooperation to successfully integrate an ANIC adapter(s) into the customer’s network appliance.
During product development the customer will have to make some modifications to the software application and network appliance in order to take advantage of the advanced capabilities offered by each ANIC adapter. However, customers can rest assured that Accolade engineers will be available throughout the process to offer unparalleled software expertise and support to ensure that the customer’s network or security application gains the maximum benefit possible from each ANIC adapter.
Accolade?
Why Accolade?
There are at least three key reasons why customers choose Accolade Technology for their security and network application acceleration needs.
- Technology Leadership – Accolade is the technology leader in the FPGA-based, lossless packet capture and acceleration market. Figure 1 shows the numerous market firsts Accolade has achieved over the years.
Figure 1: Accolade Market Firsts
- Intellectual Property – There are many vendors that provide “raw” FPGA-based cards, leaving the customer to figure out what to do with the hardware. In contrast, Accolade provides not only the hardware, but also in-house developed intellectual property as well as customized functionality if required. This is crucial because with Accolade a network appliance vendor has a single partner that can provide hardware, leading edge intellectual property along with support and software integration resources to bring an entire solution to market in record time.
- Time to Market – Many appliance vendors believe they can build all needed functionality themselves and sometimes entirely in software. This may be true, but is building everything yourself the most optimal use of time and resources? Accolade has accumulated vast expertise over the past decade by working directly with many security and networking vendors just like you. Let Accolade show you how they can substantially cut your time to market; saving you not only time but also making you more money!
Hardware
ANIC Hardware
Figure 2 shows a high level depiction of an ANIC adapter. This graphic shows the ANIC-40K which has 4 x 10 Gigabit Ethernet ports, but the general architecture of all ANIC adapters is similar and can be inferred from this graphic.
Figure 2: ANIC Hardware Architecture
There are six major areas of the architecture (each marked with a corresponding number) described below.
- Ports – Each adapter has between one and four Ethernet ports which are 1, 10 or 100 Gbps. See Table 1 for port configuration of each ANIC adapter. Traffic is captured (or transmitted to) from the network via these ports and brought into the adapter for processing. All ports capture traffic at line rate (e.g. 100 Gbps) and do not drop a single packet.
- Timing – Precise time stamping (up to 4 nanosecond accuracy) is provided for each incoming packet. The time stamping relies on either a 1PPS (one pulse per second) time source such as GPS or CDMA or on the IEEE 1588 Precision Time Protocol (PTP). Either of these time sources can be connected to the adapter via the available RJ-45 port.
- Advanced Packet Processor (FPGA) – The advanced packet processor (some adapters have more than one) is an FPGA (Field Programmable Gate Array) and is the brains of the ANIC adapter. This FPGA contains intellectual property developed by Accolade to provide critical capabilities such as packet filtering, flow classification and direct memory access (DMA).
- Card-to-Card Bus – The card-to-card bus is used to merge the operation of two physically separate adapters to make them logically appear and operate as one. This bus can also be used to convey time source data from one adapter to another. For example, one adapter might have a GPS time source connected to its RJ-45 port and that time information can be relayed to other adapters in the same network appliance via this bus.
- Memory– Each ANIC adapter has between 2 and 12 Gigabytes (GB) of onboard memory to use for a variety of functions such as buffering or table lookup. See Table 1 for the memory configuration of each ANIC adapter.
- PCIe Bus – PCIe (Peripheral Component Interconnect Express) is a standard supported by every server or appliance vendor (e.g. Cisco, Dell, HP, Super Micro) for peripheral devices such as an ANIC adapter to be plugged into an available physical slot. The ANIC adapter utilizes the PCIe bus for high speed communication directly with the server (host) memory.
Direct Memory Access (DMA)
One of the most beneficial acceleration techniques that Accolade engineers have implemented is direct memory access (DMA). Simply put, DMA is a technique that allows a hardware subsystem (such as an ANIC adapter) to directly access host memory independently of the central processing unit (CPU). The main advantage of DMA is the host CPU is not burdened with memory transfer and hence is available to perform other tasks. Figure 3 shows how data packets are transferred directly from the ANIC adapter to the appliance (host) memory without any CPU involvement.
Figure 3: DMA versus Non-DMA
Accolade engineers have taken DMA to another level by implementing a host packet buffer technique that makes processing by multiple host CPU cores more efficient. Figure 4 illustrates how multi-core DMA works. In our example we assume the host Intel CPU has 4 cores (up to 64 cores are supported) with each operating independently of the other 3 cores. The ANIC adapter is
Figure 4: Multi-core DMA
programmed to write data in to 4 independent segments of host memory (each segment is a unique host packet buffer) and each CPU core is in turn programmed to process only its corresponding host memory segment. In this way a security or networking application can take advantage of parallel processing of data and thus achieve higher levels of speed and efficiency.
Packet Capture
Lossless Packet Capture
Unlike standard NIC cards, each ANIC adapter receives and processes packets at the specified line rate (e.g. 100 Gbps) without dropping any packets. Lossless packet capture is guaranteed irrespective of packet size (e.g. 64 byte) and no matter which packet processing features are enabled. Onboard memory buffers that absorb large bursts of traffic and DMA are key capabilities that enable lossless packet capture on each ANIC port.
Processing Features
FPGA Packet Processing Features
Accolade provides a set of standard capabilities (implemented in the onboard FPGA) with each ANIC adapter. The available “out of the box” features are briefly described below. In addition, custom features can also be implemented for specific requirements. Please contact an Accolade sales representative to discuss custom feature development.
Table 2: ANIC Features
Integration
Software Integration
In order to use an ANIC adapter some basic software integration is required. Accolade’s world class technical support team is always available to provide software integration assistance and reference applications. Figure 5 shows the two major software integration points: 1) ANIC API and 2) ANIC Device Driver.
Figure 5: ANIC Stack
ANIC API (Application Programming Interface)
The security or networking application that runs in user space on the network appliance has to be modified in order to interact with the ANIC adapter. To keep the modification simple, Accolade provides a lightweight, C language API which is linked to the user application as a shared library. Various API calls are used to communicate with the ANIC adapter.
One of the many benefits of a standard API is investment protection. With a common API customers can seamlessly migrate their network appliance from one ANIC adapter (e.g. 10G) to another (e.g. 100G) without any significant modification to the host application.
ANIC Device Driver
A device driver (supplied by Accolade) must be loaded into the network appliance as an extension to the host kernel. Device drivers are available for Linux, Windows and FreeBSD. As with conventional device drivers the ANIC driver facilitates communication to the ANIC adapter (via the host kernel) for common operations such as adapter setup, turning ports on and off or reading port status. However, unlike conventional device drivers the ANIC driver also facilities a “fast path” or kernel bypass mode which is used for most data intensive interactions with the ANIC adapter such as table updates or bulk data transfer.
Figure 6 compares a conventional network appliance using a standard network interface card (NIC) such as from Intel with one that has an ANIC adapter.
Figure 6: ANIC Fast Path Communication
Network and Security Monitoring Use Case
Accolade ANIC adapters can be inserted in to a variety of different network appliances for lossless packet capture and acceleration. However one of the most common uses is in network monitoring appliances (NMAs) as shown in Figure 7.
Figure 7: Network Monitoring Appliances (NMAs)
Network monitoring appliances are a perfect fit for ANIC adapters because they are typically flooded with a large volume of packet data which they must process and analyze with software for some specific network, security or quality of service related purpose. The software analysis of the data runs the gamut from tracing a hacker after a security breach to network troubleshooting to measuring the quality of voice and video traffic.
ANIC adapters are inserted into the NMA for lossless packet capture and pre-processing (such as time stamping, packet filtering, and flow classification) of the incoming packets. All relevant data is then passed along directly to host memory for analysis by the security or networking application. The ANIC adapter saves valuable CPU cycles and thus achieves higher levels of processing speed and efficiency.
About Accolade
Accolade is the technology leader in FPGA-based Host CPU Offload and 100% Packet Capture PCIe NIC’s and Scalable 1U Platforms. Accolade’s line of 1-100GE products enable 100% packet capture, flow classification, flow shunting, deduplication, packet filtering and more. Our customers are global leaders in network monitoring & cybersecurity applications as well as in the network test and measurement, telecom and video stream monitoring markets.
FPGA Acceleration Features
100% Packet Capture | Flow Classification | Flow Shunting | Precise Time Stamping | Packet Merging | Packet Slicing | Packet Parsing | Packet Filtering | Deduplication | Host Packet Buffer | Packet Steering | Direct Memory Access (DMA) | Statistics (RMON1)
Free Product Evaluation
Resolve all your host CPU offload bottlenecks. Share Your Technical Requirements with our FPGA and software experts to tailor the optimal solution. Accolade offers a 60 day free product evaluation for qualified customers to fully test and evaluate our products.