skip to Main Content

Application Benchmarks

Napatech Link Capture Software on Intel® Programmable Acceleration Card (PAC) demonstrates enormous performance advantages compared to a standard Network Interface Card (NIC). With this solution, leading open source cybersecurity and networking applications can achieve greatly increased performance through hardware acceleration.

Key Features

• Line rate network throughput for all packet sizes
• Lossless capture for perfect inspection and detection
• Onboard packet buffering during micro-burst or PCIe bus congestion scenarios
• Advanced host memory buffer management for ultra-high CPU cache performance
• Packet classification, match/action filtering and zero-copy forwarding
• Intelligent and flexible load distribution to 64 queues improving CPU cache performance by always delivering the same flows to the same cores

Suricata

4x Suricata Performance Increase

Suricata IDS detects known threats, policy violations and malicious behaviors. However, as capable as Suricata is in reactively protecting a network, it will only be as effective as its implementation. Examining the contents of every network packet is extremely CPU-intensive, especially for a multi-gigabit traffic load. And this is often the limiting factor in Suricata performance: the packet processing on the CPU.

This demo compares the performance of the Link Capture Software running on an Intel PAC versus an off-the-shelf server NIC.

The Intel / Napatech difference
The Intel PAC and Napatech LinkTM Capture Software solution offloads processing and analysis of networking traffic from the application software, while ensuring optimal use of the standard server’s resources leading to effective application acceleration. Optimized to capture all network traffic at full line rate, with almost no CPU load on the host server (all frame sizes), the solution demonstrates substantial lossless performance advantages for Suricata compared to a standard NIC:

• 4 times lossless packet decode performance
• 100% lossless capture of all network traffic
• 40% improvement in CPU utilization

Performance Improvements
The improvements achieved with this solution were demonstrated by comparing Suricata performance running on a Dell PowerEdge R740 with a standard 40G NIC card and the Intel PAC.

Using all 20 cores (40 HT) on a single socket, the Intel PAC with Napatech Link Capture Software provided nearly 4 times higher lossless Suricata packet throughput compared to a standard NIC when running Suricata with a 12,712 signature Emerging Threats ruleset. Using 40 cores (80 HT) on both sockets, the Intel PAC delivered 39 Gbps of lossless Suricata packet throughput, while the standard NIC peaked at 15 Gbps.

Suricata Lossless Throughput

No-drop Rate (Gbps)

  • Standard NIC
  • Intel PAC A10

Worker Threads

Suricata Throughput (Emerging Threat Ruleset)

Decode Rate (Gbps)

  • Standard NIC 40 Threads
  • Standard NIC 80 Threads
  • Intel PAC A10 40 Threads
  • Intel PAC A10 80 Threads

Input Rate (Gbps)

Maximum Throughput
Running Suricata on all 40 cores, the system topped out at 28.8 Gbps with a standard NIC, whereas the Intel PAC delivered 40 Gbps – demonstrating a 40% improvement in CPU utilization. The solution delivered a full 40 Gbps data stream to Suricata without loss while the host buffer utilization was barely measurable.

n2disk

3x n2disk™ Performance Increase

n2disk is a powerful network traffic recorder application that enables users to capture and store network packets at multi-gigabit rate from a live network. n2disk allows security teams to seize, store and retrieve all network data on demand, providing retrospective PCAP evidence for vector identification, forensic analysis or operational troubleshooting. A prerequisite for n2disk to be successful is that all network packets are captured with zero loss. But with a multi-gigabit traffic load, standard server deployments struggle to keep up.

The Intel / Napatech difference
Combined, Intel PAC and Napatech Link Capture Software demonstrate substantial lossless performance advantages for n2disk compared to a standard NIC deployment:

• Up to 3x lossless packet to disk performance
• Guaranteed capture to disk of packet bursts up to 600 milliseconds

Outstanding Lossless Performance
The outstanding improvements achieved with this solution were demonstrated by comparing n2disk performance running on a Dell PowerEdge R740 with a standard 40G NIC card and the 40G Intel PAC.

Throughput test
To eliminate the storage subsystem as a potential limiting factor, n2disk performance was measured in disk simulation mode, using a ram disk to emulate an infinitely fast disk. Ethernet frames of specific sizes from 64B to 1518B were sent with minimum inter-frame gaps to the device under test, and the n2disk receive packet rate was recorded as the throughput value. The test revealed that the Intel PAC with Link Capture Software provided 3 times higher throughput for small packets compared to a standard NIC.

Test configuration
The test configuration was based on a dual-socket Dell R740 with Intel® Xeon® Gold 6138 2.0 GHz, 128GB RAM running CentOS 7.5.

n2disk Throughput

Throughput (Gbps)

  • Standard NIC
  • Intel PAC A10

Frame Size

Wireshark

7x Wireshark Performance Increase

Wireshark is a widely-used network protocol analyzer allowing users to see what is happening on their networks at a microscopic level. It is the de facto standard across many commercial and non-profit enterprises, government agencies, and educational institutions for troubleshooting and protocol analysis. Wireshark has a rich feature set including deep inspection of hundreds of protocols, live capture and offline analysis.

The ability to capture and analyze traffic at lossless rates is of the utmost importance for Wireshark to be successful. To decode all traffic, it is a fundamental requirement that Wireshark “sees everything”. If any traffic is missed, full protocol analysis is not possible. And if the capture server is overburdened and too slow to handle the incoming packet rate, packets are discarded, and information lost forever.

The Intel / Napatech difference
The Intel PAC and Napatech Link Capture Software solution dramatically increases capture and protocol analysis, allowing network engineers to utilize the full power of Wireshark to understand network traffic, find anomalies, and diagnose network issues at incredible speeds. The solution offloads processing and analysis of networking traffic from the application software, while ensuring optimal use of the standard server’s resources leading to effective Wireshark acceleration.

Outstanding Lossless Performance
Optimized to capture all network traffic at full line rate, with almost no CPU load on the host server, the solution demonstrates enormous lossless performance advantages for Wireshark: up to 7 times lossless capture and decode performance compared to a standard NIC.

Turning acceleration into value
These advantages allow users to:

• Maximize server performance
• Minimize TCO by deploying fewer servers
• Diminish time-to-resolution

Combined, the Intel PAC and Link Capture Software are uniquely suited for accelerating Wireshark performance. They capture data from networks at high speed and high volume using patented packet capture technology, enabling real-time insight into network traffic.

Lossless throughput tests
For the lossless throughput test, traffic was sent at fixed rates and packet sizes and throughput was measured as the rate at which Wireshark is able to receive and analyze the packets.

Wireshark Lossless Throughput

Lossless Receive Rate (Gbps)

  • Standard NIC
  • Intel PAC A10

Input Frame Size (B)

Up to 7 times lossless capture performance compared to a standard NIC

The outstanding improvements achieved with this solution were demonstrated by comparing Wireshark performance running on a Dell PowerEdge R740 with a standard 40G NIC and the Intel PAC.

Additional testing for back-to-back frames was applied as described in the RFC 2544 benchmarking methodology to send a burst of frames with minimum inter-frame gaps to the Device Under Test (DUT) and count the number of frames received/forwarded by the DUT. The back-to-back value was defined as the number of frames in the longest burst that the DUT could handle without the loss of any frames. The Intel and Napatech solution proved over 100 times better in this test configuration.

TRex

4x TRex Performance Increase for Tx & Rx

As for any other traffic generation solution, the ability for TRex to reliably generate packets at line rate across all packet sizes is paramount. Whether simply packet blasting or replaying PCAP files for testing, the ability to send traffic for small packets at the maximum speed is a prerequisite.

Traffic reception is also of critical importance. The ability to receive the generated traffic once it has traversed the Device Under Test (DUT) is the only way of measuring the effectiveness of the solution. If the traffic reception does not match the generation capabilities, testing is compromised as one cannot identify if it is the DUT that is dropping traffic or the test equipment itself.

Accelerated TRex Performance
Optimized for lossless transmit and receive, the combined Napatech and Intel solution demonstrates substantial performance advantages for TRex compared to a standard NIC:

• 2x traffic generation performance
• 4x traffic reception performance

TRex generates layer 4-7 traffic based on pre-processing and smart replay of real traffic templates. TRex amplifies both client and server-side traffic. When running on the Intel PAC with Napatech Link Capture Software, TRex can both generate and receive traffic at 40G line rate regardless of packet size. This enables scalability both of bandwidth and feature complexities, thus providing businesses a high-performance and massively cost-efficient alternative to proprietary traffic generators.

TRex Stateless functionality includes support for multiple streams, the ability to change any packet field and provides per stream statistics, latency and jitter. Advanced Stateful functionality includes support for emulating L7 traffic with fully-featured scalable TCP layer.

TRex Transmit Performance

Transmit Rate (Gbps)

  • Standard NIC
  • Intel PAC A10

Frame Size (B)

TRex No-drop Receive Performance

Receive Rate (Gbps)

  • Standard NIC
  • Intel PAC A10

Frame Size (B)

When running on the Intel PAC with Napatech Link™ Capture Software, TRex can generate and receive traffic at 40G line rate regardless of packet size.

Test configuration
The outstanding improvements achieved with this solution were demonstrated by comparing TRex performance running on a Dell PowerEdge R740 with a standard 40G NIC card and the Intel® PAC A10.

Test configuration: dual-socket Dell R740 with Intel® Xeon® Gold 6138 2.0 GHz, 128GB RAM running CentOS 7.5.

And more…

Guaranteed Zero Packet Loss with 60% Throughput Improvement

More and more enterprises and government organizations are building their own solutions based on low-cost standard servers. The availability of commercial software as well as open-source software and tools for in-house development are empowering enterprises and government organizations to build more affordable solutions that meet their exact needs and thereby stretch their limited IT budgets.

The challenge of building your own network management, security, or test and measurement solution is that low-cost servers, and in particular standard NICs, are not ideal for these kinds of applications. Issues such as packet loss and non-deterministic performance undermine analysis efforts.

The Napatech Link Capture Software for the Intel PAC addresses precisely these issues with a solution that guarantees zero packet loss and deterministic performance under all conditions. This allows enterprises and government organizations to build affordable, yet reliable network management, security and test and measurement solutions based on low-cost servers.

Outstanding lossless performance
The Link Capture Software ensures that data is transferred from the Intel PAC to the application using a non-blocking data delivery mechanism that ensures efficient utilization of the PCIe bus and maximum throughput for all packet sizes.

Compared to a standard NIC, the Intel PAC and Napatech Link™ Capture Software solution provides full theoretical throughput for all packet sizes, also in burst situations, which are common in Ethernet networks.

Lossless Throughput Test

Throughput (Mpps)

  • Standard NIC
  • Intel PAC A10

Input Frame Size (B)

When running on the Intel PAC with Napatech Link™ Capture Software, TRex can generate and receive traffic at 40G line rate regardless of packet size.

Lossless throughput test
The outstanding lossless performance improvements were based on a test configuration using a Dell PowerEdge R740 with a standard NIC and the Intel PAC. The test demonstrated that packet loss occurred for the standard NIC for packet sizes below 128 bytes or at throughput rates higher than 33.78 Mbps. The Intel PAC and Napatech Link Capture Software solution experienced no packet loss.

Back To Top