3x n2disk™ Performance Increase
Napatech Link™ Capture Software
for Napatech SmartNICs
Napatech Link™ Capture Software for Napatech SmartNICs
n2disk™ is a powerful network traffic recorder application that enables users to capture and store network packets at multi-gigabit rate from a live network. n2disk™ allows security teams to seize, store and retrieve all network data on demand, providing retrospective PCAP evidence for vector identification, forensic analysis or operational troubleshooting.
n2disk™ effectively performs numerous tasks, including:
• Offline network packet analysis by feeding specialized IDS tools like Snort and Suricata n2disk Throughput
• Reconstruction of specific communication flows or network activities
• Reproduction of previously captured traffic to a different network interface
• Ability to output PCAP files so the output can be easily integrated with analysis tools (e.g. Wireshark)
As capable as n2disk™ is at recording network traffic, however, it will only be as effective as its implementation. A prerequisite for n2disk™ to be successful is that all network packets are captured with zero loss. But with a multi-gigabit traffic load, standard server deployments struggle to keep up.
In addressing this challenge, Napatech has created a hardware acceleration solution, based on the Napatech Link™ Capture Software, that alleviates the load on the CPU and thereby greatly increases application performance.
The Napatech difference
The Napatech Link™ Capture Software is uniquely suited for lossless acceleration of n2disk™. Optimized to capture all network traffic at full line rate, with almost no CPU load on the host server (all frame sizes), the solution demonstrates lossless performance advantages for n2diskTM compared to a standard Network Interface Card (NIC):
• Up to 3x lossless packet to disk performance
• Guaranteed capture to disk even for large packet bursts of minimum size packets
Turning Acceleration into Value
These performance advantages ultimately allow you to:
• Maximize your server performance by improving CPU utilization
• Minimize your TCO by reducing number of servers, thus optimizing rack space, power, cooling and operational expenses
• Diminish your time-to-resolution, thereby enabling greatly increased efficiency
Outstanding Lossless Performance
The outstanding improvements achieved with this solution were demonstrated by comparing n2disk™ performance running on a Dell PowerEdge R740 with a standard 40G NIC card and the Napatech NT200 SmartNIC with LinkTM Capture Software.
- Standard NIC
- Napatech SmartNIC
The outstanding improvements achieved with this solution were demonstrated by comparing n2disk™ performance running on a Dell PowerEdge R740 with a standard 40G NIC card and the Napatech NT200 SmartNIC with Link™ Capture Software.
To eliminate the storage subsystem as a potential limiting factor, n2disk™ performance was measured in disk simulation mode, using a RAM disk to emulate an infinitely fast disk. Ethernet frames of specific sizes from 64B to 1518B were sent with minimum inter-frame gaps to the device under test, and the n2disk™ receive packet rate was recorded as the throughput value.
The test revealed that the Napatech NT200 SmartNIC with Napatech Link™ Capture Software provides 3x higher throughput for small packets compared to a standard NIC.
The test configuration was based on a dual-socket Dell R740 with Intel® Xeon® Gold 6138 2.0 GHz, 128GB RAM running CentOS 7.5.
• Line rate network throughput for all packet sizes
• Lossless capture for perfect inspection and detection
• Onboard packet buffering during micro-burst or PCI Express bus congestion scenarios
• Advanced host memory buffer management for ultra-high CPU cache performance
• Packet classification, match/action filtering and zero-copy forwarding
Napatech Link™ Capture Software
The stunning benchmarks for ntop n2disk™ were achieved by deploying Napatech’s Reconfigurable Computing Platform™, based on FPGA-based Link™ Capture Software and Napatech SmartNIC hardware.
Napatech’s Reconfigurable Computing Platform flexibly offloads, accelerates and secures open, standard, high-volume and low-cost server platforms allowing them to meet the performance requirements for networking, communications and cybersecurity applications.
n2disk™ is a network traffic recorder application that allows users to capture full-sized network packets to disk at multi-gigabit rate from a live network interface. n2disk™ uses the industry standard PCAP file format to dump packets into files so the resulting output can be easily integrated with existing third party or open source analysis tools (e.g. Wireshark).
n2disk™ is an ideal example of the type of critical enterprise security application that can achieve better performance through hardware acceleration.