skip to Main Content

Napatech Link-Inline™ Software
for Napatech FPGA-based SmartNICs

Product Brief

Network and Security Processing Challenges
Network security architects are seeing requirements for their solutions quickly changing with the explosion in network throughputs while at the same time, the threat landscape is continuously evolving and becoming more complex and sophisticated. Stateless security solutions are no longer adequate to identify and block threats. Inline networking and security solutions require complete and stateful awareness of all users and applications at throughputs topping 100Gbps.

To support these requirements, network infrastructures need to contain more intelligence with deeper inspection of traffic at increasing line rates. With this need for inline stateful flow processing, application awareness, content inspection, and security processing, the amount of compute power to meet these increasing line rates grows exponentially.

NT200A02 SmartNIC

Stateful Flow Management and Offload
To maintain performance at high speeds and address all of these challenging issues, Link-Inline™ software offloads packet and flow-based processing to reconfigurable FPGA- based SmartNICs. The SmartNIC performs flow classification and identification on ingress and maintains state for each packet of a flow. For known flows, action processing is dynamically handled completely in the SmartNIC and all other packets are forwarded to the application for additional analysis to minimize the load on user-space applications. Link-Inline™ Software additionally provides the ability to dynamically identify and direct data flows into specific CPU cores based on the type of traffic being analyzed. Link-Inline™ software is tightly coupled to x86 cores for inline network and security applications. Per-flow match/action processing in HW gives control back to the user providing additional computation to the application by reducing the amount of data needed for processing as certain flows or protocols that no longer need monitoring and can be blocked or forwarded in hardware.

Napatech’s Link-Inline™ software accelerates standard Linux applications and provides open APIs for development and integration of inline network and security applications. The solution significantly reduces host CPU utilization and solution latency by offloading complex flow classification and packet processing to the FPGA-based SmartNIC.

Flow Classification
Flow classification is the ability to decode a packet where the parameters used to identify a flow are captured based on known IP parameters. If the flow is known, the action assigned to the flow can be based on policy or dynamically assigned via the application parameters including the ability to perform one or more actions on the packet. If the flow is unknown, it is forwarded to the application for further processing. Rules provide the application the ability to dynamically change the action once a flow has been identified, application known, and threat status verified.

Stateful Flow Management Block Diagram

 

FEATURES Link-Inline™ Software for Napatech FPGA SmartNICs
Stateful flow management
  • Up to 140 million bidirectional IPv4 or IPv6 flows
  • Learning rate: > 2 million flows/sec
  • Flow match/actions:
    • Forward to host, hairpin, drop, GTP encapsulate/decapsulate, slice, SDF/QoS policing, update metrics
    • DSCP tagging (*), billing counters (*), NAT (*), mirroring (*)
  • Flow termination: TCP protocol, timeout, application-requested
  • Flow records: Rx packet/byte counters and TCP flags, delivered to application at flow termination
  • Configurable flow definitions based on 2-, 3-, 4-, 5- or 6-tuple
Pre-filtering
  • Configurable 2-, 3-, 4-, 5- or 6-tuple, enabling up to 36,000 IPv4 or up to 7,500 IPv6 2-tuple flows
  • 864 (32-bit) wildcard entries
  • General purpose filters: Pattern match, network port, protocol
CPU load distribution
  • Load distribution based on hash key, filter or per flow
  • Hash keys, calculated on 5-tuple from inner or outer headers
Rx Packet Processing
  • Load distribution based on hash key, filter or per flow
  • 128 Rx queues
  • Multi-port packet merge, sequenced in time stamp order
  • L2, L3 and L4 protocol classification
    • L2: Ether II, IEEE 802.3 LLC, IEEE 802.3/802.2 SNAP
    • L2: PPPoE Discovery, PPPoE Session, Raw Novell
    • L2: ISL, 3x VLAN, 7x MPLS
    • L3: IPv4, IPv6
    • L4: TCP, UDP, ICMP, SCTP
  • Tunneling support
    • GTP, IP-in-IP, GRE, NVGRE, VxLAN, Pseudowire, Fabric Path
Tx Packet Processing
  • 128 Tx queues
  • Per-port traffic shaping
  • Port-to-any-port forwarding
Advanced Statistics
  • Extended RMON1 per port
  • Packets and bytes per flow
  • Flow programming statistics
Monitoring Sensors (*)
  • PCB temperature level with alarm
  • FPGA temperature level with alarm and automatic shutdown
  • Temperature of critical components
  • Individual optical port temperature or light level with alarm
  • Voltage or current overrange with alarm
  • Cooling fan speed with alarm
Supported OS and Orchestration
  • Linux kernel 5.17 (64-bit)
  • Kubernetes (*)
Supported APIs
  • DPDK v. 21.11.1, RTE_FLOW, RTE_METER
Supported Hardware and Transceivers
  • NT200A02:
    • 100GBASE-SR4, SR-BiDi, LR4

(*) Not available in Link-Inline™ 3.0beta

Back To Top