Peter Sanders, VP Field Applications Engineering at Napatech, looks at the importance of zero packet loss to a successful IDS deployment - measured by its effects on intrusion alert generation and file extraction.
The need for filtering
The open and uncontrolled nature of the Internet entails massive amounts of data being exposed to users all over the world. Some of the content may be undesirable for various reasons, depending on the enterprise or organization serving the affected users. A web filter allows an enterprise or organization to block out pages from websites including advertising, pornography and other objectionable content.
The data growth challenge
As Internet traffic increases, there is a need for higher speed networks to ensure service level and capacity. In telecom networks, to serve hundreds of thousands of users, 100 Gbps network links are introduced to keep up with the demand. Today, the market has reached a state of maturity regarding solutions for web content filtering at 1 Gbps and 10 Gbps, but filtering at 100 Gbps poses a whole set of new challenges.
Web content filtering at 100 Gbps requires a very large amount of processing power. Furthermore, there is a need for distribution of traffic across available processing resources. This is usually achieved with hash-based 2-tuple or 5-tuple flow distribution on subscriber IP addresses. In telecom core networks, subscriber IP addresses are carried inside GTP tunnels, and consequently support for GTP is required for efficient load distribution when filtering traffic in telecom core networks.
There are different approaches for achieving processing resources and providing load distribution.
Approach 1: Distributed, stacked server solution
This approach is based on a high-end load balancer and standard COTS servers equipped with several 10 Gbps standard NICs. The load balancer connects in-line with the 100 Gbps link and load distributes traffic to 10 Gbps ports on the standard servers. The load balancer must support GTP and flow distribution based on subscriber IP addresses. Because the load balancer cannot guarantee 100 percent even load distribution, there is a need for overcapacity on the distribution side. A reasonable solution, shown in Figure 1, comprises 24 x 10 Gbps links. For this solution, 3 standard servers, each equipped with four 2×10 Gbps standard NICs, in total provides the 240 Gbps traffic capacity (3 x 4 x 2 x 10 Gbps).
The solution includes an expensive load balancer, whereas the cost of the standard COTS servers and standard NICs is reasonable. The solution involves many components and complex cabling. Furthermore, the rack space required is relatively large and system management is complex due to the multi-chassis design.
Here is a list of the equipment required for the stacked server solution:
|1||High-end load balancer|
|3||Standard COTS server|
|12||2 x 10 Gbps standard NIC|
|24||Cables for 10 Gbps links|
Approach 2: Consolidated, single server solution
The alternative approach is to consolidate load distribution, 100G network connectivity and the total processing power in a single server. This solution requires a high-end COTS server and 100G Smart NICs. Since up to 200 Gbps traffic needs to be processed within the same server system, the server must be equipped with multiple cores for parallel processing. For example, a server with 48 CPU cores can run up to 96 flow processing threads in parallel utilizing hyper-threading. To fully utilize CPU cores, the Smart NIC must support load distribution to as many threads as the server system provides. Also, to ensure balanced utilization of CPU cores, the Smart NIC must support GTP tunneling. The Smart NIC should also support these features at full throughput and full duplex 100 Gbps traffic load, for any packet size.
Benefits of using this solution include:
- Simple cabling due to single component usage
- A one-shop system management, where there are no complex dependencies between multiple chassis
- Very low footprint in the server rack, thereby reducing rack space hosting expenses
Here is the list of equipment required for the single server solution:
|1||High-end COTS server|
|2||1 x 100 Gbps Smart NIC|
Choosing the right solution
The technical solution is obviously important, but when deciding a solution for 100 Gbps web content filtering, the total cost of ownership should be a serious consideration. Here are some significant parameters for CAPEX/OPEX calculations:
- Cost of servers
- Cost of smart NICs or standard NICs
- Cost of software
- Power consumption, including cooling
- Load balancers
- Rackspace hosting expenses
- Warranty and support
Selecting the server model depends on the application in each specific use case. Since cost varies significantly with each server model, choosing the right solution should be based on an estimation or prototyping of application CPU requirements.
Where to go from here?
If you consider a simpler, consolidated approach for web content filtering at 100 Gbps, I would recommend looking into Smart NICs for supporting load distribution and full throughput 100 Gbps.