3x n2disk™ Performance Increase

Napatech Link Capture Software
for Intel® PAC with Intel Arria® 10 GX FPGA

Solution Description

Napatech Link™ Capture Software for Intel® PAC
n2disk™ is a powerful network traffic recorder application that enables users to capture and store network packets at multi-gigabit rate from a live network. n2disk™ allows security teams to seize, store and retrieve all network data on demand, providing retrospective PCAP evidence for vector identification, forensic analysis or operational troubleshooting.

n2disk™ effectively performs numerous tasks, including:

• Offline network packet analysis by feeding specialized IDS tools like Snort and Suricata
• Reconstruction of specific communication flows or network activities
• Reproduction of previously captured traffic to a different network interface
• Ability to output PCAP files so the output can be easily integrated with analysis tools (e.g. Wireshark)

As capable as n2disk™ is at recording network traffic, however, it will only be as effective as its implementation. A prerequisite for n2disk™ to be successful is that all network packets are captured with zero loss. But with a multi-gigabit traffic load, standard server deployments struggle to keep up.

In addressing this challenge, Napatech has created a hardware acceleration solution that alleviates the load on the CPU and thereby greatly increases application performance. This has been achieved by making the Napatech LinkTM Capture Software available as an Acceleration Stack for the Intel® Programmable Acceleration Card (PAC) with Intel Arria® 10 GX FPGA.

Key Solution Features
• Line rate network throughput for all packet sizes
• Lossless capture for perfect inspection and detection
• Onboard packet buffering during micro-burst or PCI Express bus congestion scenarios
• Advanced host memory buffer management for ultra-high CPU cache performance
• Packet classification, match/action filtering and zero-copy forwarding

The Intel / Napatech difference
Combined, Intel PAC and Napatech LinkTM Capture Software are uniquely suited for lossless acceleration of n2disk™. Optimized to capture all network traffic at full line rate, with almost no CPU load on the host server (all frame sizes), the solution demonstrates enormous lossless performance advantages for n2disk™ compared to a standard Network Interface Card (NIC):
• Up to 3x lossless packet to disk performance
• Guaranteed capture to disk of packet bursts up to 600 milliseconds

Turning acceleration into value
These performance advantages ultimately allow you to:
• Maximize your server performance by improving CPU utilization
• Minimize your TCO by reducing number of servers, thus optimizing rack space, power, cooling and operational expenses
• Diminish your time-to-resolution, thereby enabling greatly increased efficiency

Outstanding Lossless Performance
The outstanding improvements achieved with this solution were demonstrated by comparing n2disk™ performance running on a Dell PowerEdge R740 with a standard 40G NIC card and the 40G Intel PAC.

Throughput test
To eliminate the storage subsystem as a potential limiting factor, n2disk™ performance was measured in disk simulation mode, using a ram disk to emulate an infinitely fast disk. Ethernet frames of specific sizes from 64B to 1518B were sent with minimum inter-frame gaps to the device under test, and the n2disk™ receive packet rate was recorded as the throughput value.
The test revealed that the Intel PAC with Napatech LinkTM Capture Software provides 3x higher throughput for small packets compared to a standard NIC.

Test configuration
The test configuration was based on a dual-socket Dell R740 with Intel® Xeon® Gold 6138 2.0 GHz, 128GB RAM running CentOS 7.5.

