skip to Main Content

Napatech Link Capture Software

for Napatech FPGA-based SmartNICs

Product Brief

THE NECESSITY OF FULL PACKET CAPTURE
Today, a massive selection of tools is available to help engineers and administrators manage and secure their networks. Still, few capabilities are as fundamental to this task as packet capture.

Full packet capture provides an accurate, real-time view of what is happening within a network infrastructure. It provides organizations with the ability to re-create network events with high fidelity for verification and validation of architectural changes, measure network performance, troubleshoot issues, and perform forensic analysis to determine the impact of network breaches. However, as network speeds continue to increase, existing capture solutions are struggling to keep up.

LINK CAPTURE SOFTWARE
In helping enterprises, network operators and equipment vendors overcome this challenge, Napatech has developed Link Capture Software. This technology can immediately improve an organization’s ability to monitor and react to events that occur within its network infrastructure. The speed and accuracy of the software’s programmable logic enables:

• Line-Rate Capture and Replay
Link Capture Software is ideal for performing high-speed packet capture and replay, allowing precise inter-frame gap (IFG) control, which is critical when replaying captured traffic for troubleshooting or simulation of traffic flows.

• Stateful Flow Management
To maintain capture and analysis performance at high speeds, it is important to identify and direct traffic flows immediately upon ingress to minimize the load on user-space applications. Link™ Capture Software provides the ability to dynamically identify and direct data flows into specific CPU cores based on the type of traffic being analyzed. Per flow match/action in HW gives control back to the user providing additional computation to the application by reducing the amount of data needed for processing as certain flows or protocols no longer need monitoring and can be blocked in hardware.

Napatech Link Capture Software supports a broad range of applications and use cases. Where standard Network Interface Cards (NICs) suffer from intolerable packet loss for the target applications, Napatech guarantees line rate throughput with zero packet loss and replay for all packet sizes.

MULTIPLIED APPLICATION PERFORMANCE
Link Capture Software has been benchmarked across a wide range of third-party, commercial and open source networking and cybersecurity applications. Common to these is the unconditional requirement for line rate throughput for all packet sizes, with 100% lossless packet forwarding and capture, for a multitude of sessions, users and flows. With Link Capture Software, the performance improvements are outstanding, delivering more than triple the performance over servers with standard NIC configurations. This means a third of the required server resources to run the same application.

KEY BENEFITS
• Achieve complete network visibility and limit massive costs from cyberattacks or infrastructure issues
• Increase application performance from every server by offloading heavy workloads
• Reduce system costs by using fewer servers to achieve target performance
• Limit OPEX by cutting rack space, power, cooling and management
• Diminish time-consumption on complex tasks due to additional computing power

SOFTWARE HIGHLIGHTS
• Zero packet loss under all conditions
• Full throughput up to 100 Gbps bi-directional
• Deterministic performance
• PCAP and DPDK API support

FEATURESLink Capture Software for Napatech FPGA SmartNICs
Rx Packet Processing• Line rate Rx up to 100 Gbps for packet size 64 – 10,000 bytes
• Zero packet loss
• HW time stamping with 1 ns resolution
• Multi-port packet merge sequenced in time stamp order
L2, L3 and L4 protocol classification• L2: Ether II, IEEE 802.3 LLC, IEEE 802.3/802.2 SNAP
• L2: PPPoE Discovery, PPPoE Session, Raw Novell
• L2: ISL, 3x VLAN, 7x MPLS
• L3: IPv4, IPv6
• L4: TCP, UDP, ICMP, SCTP
• L2 and L3/L4 (IP/TCP/UDP) Tx checksum generation
• L2 and L3/L4 (IP/TCP/UDP) Rx checksum verification
General purpose filters• Pattern match, network port, protocol, length check, error conditions
Tunneling support• GTP, IP-in-IP, GRE, NVGRE, VxLAN, Pseudowire, Fabric Path
Stateless flow management• Configurable flow definitions based on 2, 3, 4, 5 or 6-tupple
• Up to 36,000 IPv4 or up to 7,500 IPv6 2-tupple flows
• Flow match/actions: forward to specific host Rx queue, drop, fast
forward to network port, select packet descriptor type, slice
Stateful flow management (NT200A02 only)• Configurable flow definitions based on 2, 3, 4, 5 or 6-tupple
• 50 million bidirectional IPv4 or IPv6 flows
• Learning rate: 2 million flows/sec
• Flow match/actions: forward to specific host Rx queue, drop, fast
forward to network port, update metrics in flow record
• Flow termination: TCP flow termination, timeout, application
requested
• Flow records: Rx packet/byte counters and TCP flags, delivered to
application at flow termination
Hash keys• Custom 2 x 128 bits and 2 x 32 bits with separate bit masks
• Symmetric hash keys
• Protocol field from inner or outer headers
CPU load distribution• Hash key, filter-based or per flow
Packet descriptors and metadata• PCAP and Napatech descriptor formats
• Time stamp, network port ID, header offsets
• Hash key, color/tag
• 64-bit pointer for flow lookup
• 64-bit correlation key with maskable fields (packet fingerprint)
• Protocol and error information
IP fragment handling• First level IP fragmentation
• Filter actions on inner header fields applied to all fragments
 Deduplication• Configurable action per port group: discard or pass duplicates
• Duplicate counters per port group
• Configurable deduplication window: 10 microseconds – 2 seconds
Slicing• Slicing at dynamic offset or fixed offset from start or end of packet
Tx Packet Processing• Line rate Tx up to 100 Gbps for packet size 64 – 10,000 bytes
• Replay as captured with nanoseconds precision
• Per port traffic shaping
• Port to any port forwarding
Rx burst buffer capacity• NT20E3-2, NT40E3-4, NT40A01: 4GB
• NT200A02: 12GB
Host Buffers and Queues• Rx queues: 128
• Tx queues: 128
• Rx buffer size: 16 MB – 1 TB
• Tx buffer size: 4 MB
Advanced Statistics• Extended RMON1 per port
• Packets and bytes per filter/color
• Packets and bytes per stream/queue
Time Synchronization• OS time, PPS and IEEE 1588-2008 PTP V2
• NT-TS synchronization between Napatech SmartNICs
• Time stamp formats: Unix 10 ns, Unix 1 ns, PCAP 1 us, PCAP 1 ns
• Tx time stamp inject
• Rx time stamp
Time stamp formatsUnix 10 ns, Unix 1 ns, PCAP 1 us, PCAP 1 ns
Monitoring sensors• PCB temperature level with alarm
• FPGA temperature level with alarm and automatic shutdown
• Temperature of critical components
• Individual optical port temperature or light level with alarm
• Voltage or current overrange with alarm
• Cooling fan speed with alarm
Supported OS• Linux kernel 3.0 through 3.19 64-bit
• Linux kernel 4.3 through 4.18 64-bit
• Linux kernel 5.0 through 5.03 64-bit
• Windows Server 2016 64-bit and Server 2019 64-bit
Supported API’s• PCAP v. 1.8.1 and WinPcap 4.1.3
• DPDK v. 19.02
• NTAPI (Napatech API)
Supported HardwareNT200A02:
• 8×10 Gbps: QSFP+ breakout to 10GBASE-SR, CR
• 2×25 Gbps: SFP28 25GBASE-SR, LR, LR-BiDi
• 2×10/25 Gbps: SFP28 25GBASE-SR, LR
• 2×40 Gbps: QSFP+ 40GBASE-SR4, CR4, LR4, BiDi
• 2×100 Gbps: QSFP28 100GBASE-SR4, LR4

NT40E3:

• 4×1 Gbps: SFP 100/1000BASE-T, 1000BASE-T, SX, LX, ZX
• 4×10 Gbps: SFP+ 10GBASE-SR, CR, LR, ER
• 4×1/10 Gbps: SFP+ 1000BASE-SX/10GBASE-SR, 1000BASE-LX/10GBASE-LR

NT20E3:

• 2×1 Gbps: SFP 100/1000BASE-T, 1000BASE-T, SX, LX, ZX
• 2×10 Gbps: SFP+ 10GBASE-SR, CR, LR, ER
• 2×1/10 Gbps: SFP+ 1000BASE-SX/10GBASE-SR, 1000BASE-LX/10GBASE-LR

NT40A01:

• 4×1 Gbps: SFP 100/1000BASE-T, 1000BASE-T, SX, LX, ZX
Back To Top