A Comprehensive Overview of Accolade’s Products and Technology
Accolade Technology was founded in 2003 and provides the most technologically advanced, lossless packet capture and acceleration adapters available in the market today. Accolade’s ANIC line of adapters are FPGA-based and help accelerate security and networking applications developed by the world’s leading security and networking vendors. The ANIC adapters are fully PCIe compliant and seamlessly integrate into standard servers and network appliances offered by industry leaders such as Cisco, Dell, HP, Super Micro and others. Accolade’s OEM customers are leading network appliance vendors offering products for network monitoring/forensics, deep packet analysis, video stream monitoring, network test and measurement, high frequency trading (HFT), high performance computing (HPC) and more.
Accolade adapters are available in a variety of port configurations with speeds ranging from 1 to 100 Gbps (see Table 1). Each adapter performs lossless packet capture and a variety of acceleration functions such as time stamping, packet filtering, and flow classification.
Table 1: ANIC Adapters
Network traffic is captured via an Ethernet interface, processed by the onboard FPGA and then intelligently steered directly to the appliance’s (host) memory for processing by the security or networking application. For multi-core CPU based appliances, the adapter intelligently distributes traffic to all available CPU cores thereby maximizing performance and efficiency.
Accolade Customer Engagement Model
Accolade partners exclusively with network appliance vendors that are focused on developing leading edge security and networking related products. The term “partner” is used to describe the customer relationship because all engagements require close cooperation to successfully integrate an ANIC adapter(s) into the customer’s network appliance.
During product development the customer will have to make some modifications to the software application and network appliance in order to take advantage of the advanced capabilities offered by each ANIC adapter. However, customers can rest assured that Accolade engineers will be available throughout the process to offer unparalleled software expertise and support to ensure that the customer’s network or security application gains the maximum benefit possible from each ANIC adapter.
There are at least three key reasons why customers choose Accolade Technology for their security and network application acceleration needs.
- Technology Leadership – Accolade is the technology leader in the FPGA-based, lossless packet capture and acceleration market. Figure 1 shows the numerous market firsts Accolade has achieved over the years.
Figure 1: Accolade Market Firsts
- Intellectual Property – There are many vendors that provide “raw” FPGA-based cards, leaving the customer to figure out what to do with the hardware. In contrast, Accolade provides not only the hardware, but also in-house developed intellectual property as well as customized functionality if required. This is crucial because with Accolade a network appliance vendor has a single partner that can provide hardware, leading edge intellectual property along with support and software integration resources to bring an entire solution to market in record time.
- Time to Market – Many appliance vendors believe they can build all needed functionality themselves and sometimes entirely in software. This may be true, but is building everything yourself the most optimal use of time and resources? Accolade has accumulated vast expertise over the past decade by working directly with many security and networking vendors just like you. Let Accolade show you how they can substantially cut your time to market; saving you not only time but also making you more money!
Figure 2 shows a high level depiction of an ANIC adapter. This graphic shows the ANIC-40K which has 4 x 10 Gigabit Ethernet ports, but the general architecture of all ANIC adapters is similar and can be inferred from this graphic.
Figure 2: ANIC Hardware Architecture
There are six major areas of the architecture (each marked with a corresponding number) described below.
- Ports – Each adapter has between one and four Ethernet ports which are 1, 10 or 100 Gbps. See Table 1 for port configuration of each ANIC adapter. Traffic is captured (or transmitted to) from the network via these ports and brought into the adapter for processing. All ports capture traffic at line rate (e.g. 100 Gbps) and do not drop a single packet.
- Timing – Precise time stamping (up to 4 nanosecond accuracy) is provided for each incoming packet. The time stamping relies on either a 1PPS (one pulse per second) time source such as GPS or CDMA or on the IEEE 1588 Precision Time Protocol (PTP). Either of these time sources can be connected to the adapter via the available RJ-45 port.
- Advanced Packet Processor (FPGA) – The advanced packet processor (some adapters have more than one) is an FPGA (Field Programmable Gate Array) and is the brains of the ANIC adapter. This FPGA contains intellectual property developed by Accolade to provide critical capabilities such as packet filtering, flow classification and direct memory access (DMA).
- Card-to-Card Bus – The card-to-card bus is used to merge the operation of two physically separate adapters to make them logically appear and operate as one. This bus can also be used to convey time source data from one adapter to another. For example, one adapter might have a GPS time source connected to its RJ-45 port and that time information can be relayed to other adapters in the same network appliance via this bus.
- Memory– Each ANIC adapter has between 2 and 12 Gigabytes (GB) of onboard memory to use for a variety of functions such as buffering or table lookup. See Table 1 for the memory configuration of each ANIC adapter.
- PCIe Bus – PCIe (Peripheral Component Interconnect Express) is a standard supported by every server or appliance vendor (e.g. Cisco, Dell, HP, Super Micro) for peripheral devices such as an ANIC adapter to be plugged into an available physical slot. The ANIC adapter utilizes the PCIe bus for high speed communication directly with the server (host) memory.
Direct Memory Access (DMA)
One of the most beneficial acceleration techniques that Accolade engineers have implemented is direct memory access (DMA). Simply put, DMA is a technique that allows a hardware subsystem (such as an ANIC adapter) to directly access host memory independently of the central processing unit (CPU). The main advantage of DMA is the host CPU is not burdened with memory transfer and hence is available to perform other tasks. Figure 3 shows how data packets are transferred directly from the ANIC adapter to the appliance (host) memory without any CPU involvement.
Figure 3: DMA versus Non-DMA
Accolade engineers have taken DMA to another level by implementing a host packet buffer technique that makes processing by multiple host CPU cores more efficient. Figure 4 illustrates how multi-core DMA works. In our example we assume the host Intel CPU has 4 cores (up to 64 cores are supported) with each operating independently of the other 3 cores. The ANIC adapter is
Figure 4: Multi-core DMA
programmed to write data in to 4 independent segments of host memory (each segment is a unique host packet buffer) and each CPU core is in turn programmed to process only its corresponding host memory segment. In this way a security or networking application can take advantage of parallel processing of data and thus achieve higher levels of speed and efficiency.
Lossless Packet Capture
Unlike standard NIC cards, each ANIC adapter receives and processes packets at the specified line rate (e.g. 100 Gbps) without dropping any packets. Lossless packet capture is guaranteed irrespective of packet size (e.g. 64 byte) and no matter which packet processing features are enabled. Onboard memory buffers that absorb large bursts of traffic and DMA are key capabilities that enable lossless packet capture on each ANIC port.
FPGA Packet Processing Features
Accolade provides a set of standard capabilities (implemented in the onboard FPGA) with each ANIC adapter. The available “out of the box” features are briefly described below. In addition, custom features can also be implemented for specific requirements. Please contact an Accolade sales representative to discuss custom feature development.
Table 2: ANIC Features
In order to use an ANIC adapter some basic software integration is required. Accolade’s world class technical support team is always available to provide software integration assistance and reference applications. Figure 5 shows the two major software integration points: 1) ANIC API and 2) ANIC Device Driver.
Figure 5: ANIC Stack
ANIC API (Application Programming Interface)
The security or networking application that runs in user space on the network appliance has to be modified in order to interact with the ANIC adapter. To keep the modification simple, Accolade provides a lightweight, C language API which is linked to the user application as a shared library. Various API calls are used to communicate with the ANIC adapter.
One of the many benefits of a standard API is investment protection. With a common API customers can seamlessly migrate their network appliance from one ANIC adapter (e.g. 10G) to another (e.g. 100G) without any significant modification to the host application.
ANIC Device Driver
A device driver (supplied by Accolade) must be loaded into the network appliance as an extension to the host kernel. Device drivers are available for Linux, Windows and FreeBSD. As with conventional device drivers the ANIC driver facilitates communication to the ANIC adapter (via the host kernel) for common operations such as adapter setup, turning ports on and off or reading port status. However, unlike conventional device drivers the ANIC driver also facilities a “fast path” or kernel bypass mode which is used for most data intensive interactions with the ANIC adapter such as table updates or bulk data transfer.
Figure 6 compares a conventional network appliance using a standard network interface card (NIC) such as from Intel with one that has an ANIC adapter.
Figure 6: ANIC Fast Path Communication
Network and Security Monitoring Use Case
Accolade ANIC adapters can be inserted in to a variety of different network appliances for lossless packet capture and acceleration. However one of the most common uses is in network monitoring appliances (NMAs) as shown in Figure 7.
Figure 7: Network Monitoring Appliances (NMAs)
Network monitoring appliances are a perfect fit for ANIC adapters because they are typically flooded with a large volume of packet data which they must process and analyze with software for some specific network, security or quality of service related purpose. The software analysis of the data runs the gamut from tracing a hacker after a security breach to network troubleshooting to measuring the quality of voice and video traffic.
ANIC adapters are inserted into the NMA for lossless packet capture and pre-processing (such as time stamping, packet filtering, and flow classification) of the incoming packets. All relevant data is then passed along directly to host memory for analysis by the security or networking application. The ANIC adapter saves valuable CPU cycles and thus achieves higher levels of processing speed and efficiency.
Accolade is the technology leader in high performance FPGA-based packet capture and application acceleration adapters/NICs serving global OEM network security and monitoring appliance customers. Customers integrate Accolade’s ANIC adapters into their network appliances to perform advanced packet capture and processing functions. Accolade’s ANIC series of advanced Adapters are optimized to offload multi-core host CPUs in a variety of target applications including network monitoring, network/cyber security, (IPS, IDS, DPI, DDoS, Network Forensics) network test, latency measurement and video monitoring. Accolade’s NICs offer lossless packet capture at Line Rate, the richest acceleration feature sets at the best value per GigE port in the 1-100G performance spectrum.