20 Gbps Packet Capture and Analysis
The NT20E3-2-PTP accelerator provides full packet capture and analysis of Ethernet LAN at 20 Gbps with zero packet loss for all frame sizes. Intelligent features accelerate application performance with extremely low CPU load. Flexible time synchronization support is included with a dedicated PTP port.
Accelerate Your Time-to-Market, Reduce Risk
Napatech Software Suite provides an efficient migration path by allowing you to mix and match ports and speeds. An advanced cooling design assures the required airflow while sensors monitor voltage, power, and temperature.
Also available in a NEBS level 3 compliant variant.
SECURITY DATA COLLECTION
In order to protect networks from the most advanced cyber threats, our solutions deliver data to security applications such as:
- Intrusion Detection Systems / Intrusion Prevention Systems (IDS/IPS)
- Unified Threat Management (UTM)
- Security Information and Event Management (SIEM)
- Data Loss Prevention (DLP)
- Advanced Persistent Threats (ATP)
Security data collection systems make it possible to discover and contain threats faster based on real-time data from critical network links.
Our solutions deliver data to applications that help governments see all data running through their networks. Recognizing malicious packages and suspicious patterns allows governments to take preemptive measures to stop criminals before or during an attack, safeguarding sensitive government information as well as the personal data of citizens.
QUALITY OF EXPERIENCE OPTIMIZATION
Our solutions deliver data security to applications that analyze quality of experience. Doing so enables telecoms to improve quality, while better managing the bandwidth challenges posed by rich media applications.
NETWORK BEHAVIOR SIMULATION
Our solutions deliver data to, and receive data from, applications that enable telecom operators to simulate real-life subscriber behavior with a variety of applications and services. These applications generate insights that lead to better decision-making regarding infrastructure, service upgrades, and deployment.
FULL LINE-RATE PACKET CAPTURE
Napatech accelerators are highly optimized to capture network traffic at full line-rate, with almost no CPU load on the host server, for all frame sizes. Zero-loss packet capture is critical for applications that need to analyze all the network traffic. If anything needs to be discarded, it is a matter of choice by the application, not a limitation of the accelerator.
Standard network interface cards (NICs) are not designed for analysis applications where all traffic on a connection or link needs to be analyzed. NICs are designed for communication where data that is not addressed to the sender or receiver is simply discarded. This means that NICs are not designed to have the capacity to handle the amount of data that is regularly transmitted in bursts on Ethernet connections. In these burst situations, all of the bandwidth of a connection is used, requiring the capacity to analyze all Ethernet frames. Napatech accelerators are designed specifically for this task and provide the maximum theoretical packet capture capacity.
FLOW IDENTIFICATION BASED ON HASH KEYS
A flow can be defined as Ethernet frames that are associated. The association can be created by comparing various information contained in the Ethernet and encapsulated protocol headers. One way of doing this is to calculate a hash value based on the specified header information. Then all frames with the same hash value are associated and handled in the same way.
Often, network applications need to look at flows of frames that are transmitted between specific devices (identified by their IP addresses) or even between applications on specific devices (identified i.e. by protocol and UDP/TCP/SCTP port numbers used by the application).
Napatech provides several hash value calculation methods, which use different information from various protocol headers in the Ethernet frame to calculate the hash value. This allows the correct hash calculation method to be selected depending on the kind of flows that need to be analyzed. Hash value calculation can also be configured for different types of flows. If only unidirectional flows need to be analyzed, one hash value is calculated for the flow from A to B and a different hash value is calculated for the flow from B to A. If bidirectional flows need to be analyzed, a sorted hash key can be used. This ensures that flows from either direction will receive the same hash value, and thereby be delivered and analyzed by the same CPU core, which is often the most efficient method for analysis.
Hash calculations can be based on the following protocol header information:
- IPv4 and IPv6 2-tuple
- IPv4 and IPv6 5-tuple
- Inner IP 2-tuple in GTP or IP-in-IP tunnel
- Inner IP 5-tuple in GTP or IP-in-IP tunnel
- IP Fragment
The hash value and hash key type are provided in the packet descriptor for each frame.
Modern servers provide unprecedented processing power with multi-core CPU implementations. This makes standard servers an ideal platform for appliance development. But, to fully harness the processing power of modern servers, it is important that the analysis application is multi-threaded and that the right Ethernet frames are provided to the right CPU core for processing. Not only that, but the frames must be provided at the right time to ensure that analysis can be performed in real time.
Napatech Multi-CPU distribution is built and optimized from our close knowledge of server architecture, as well as real life experience from our manufacturing customers.
Napatech accelerators ensure that identified flows of related Ethernet frames are distributed in an optimal way to the available CPU cores. This ensures that the processing load is balanced across the available processing resources, and that the right frames are being processed by the right CPU cores.
With flow distribution to multiple CPU cores, the throughput performance of the analysis application can be increased by orders of magnitude. Not only that, but the performance can also be scaled by using faster processors or more processing cores.
Napatech accelerators support different distribution schemes that are fully configurable:
- Distribution per Port: All frames captured on a physical port are transferred to the same CPU core for processing
- Distribution per Traffic Type: Frames of the same protocol type are transferred to the same CPU core for processing
- Distribution by Flows: Frames with the same hash value are sent to the same CPU core for processing
FULL LINE-RATE TRANSMIT
Full line-rate transmit is an important capability for a number of test and analysis applications. Testing network performance under maximum load is increasingly important to not only assure quality of experience, but also to harden networks against attacks, such as Distributed Denial of Service (DDoS) attacks.
Napatech accelerators make it possible to build solutions where the maximum transmission capability can be achieved to thoroughly test network resilience.
With Napatech accelerators, the frames to be transmitted are either generated by the application, replayed frames that were previously captured to disk, or retransmitted frames received in an in-line configuration.
Frames that are generated for transmission, or host-based transmit, allow frames to be generated by the host and transmitted at line speed on the network. This is useful for load-testing of networks and devices or simulating network behavior for network management and security testing. Timing can be important in these cases to ensure that the right frames are transmitted at the right time and in the right order.
Replay-from-disk allows previously captured frames to be analyzed for troubleshooting or security purposes. In this case, it is important that timing is preserved to accurately recreate what happened. It can also be useful in these cases to change behavior to simulate different situations. For example, it can be useful to manipulate the inter-frame gap (IFG) to speed up or slow down transmission.
- Standard: IEEE 802.3 1 Gbps or 10 Gbps Ethernet LAN
- Physical interface: 2 x SFP or SFP+ ports
- Supported SFP modules: Multi-mode SX, single-mode LX and ZX, 1000BASE-T or 10/100/1000BASE-T
- Supported SFP+ modules: Multi-mode SR, singlemode LR and ER, 10GBASE-CR
- Supported dual-rate modules: Multi-mode SR and singlemode LR
- Capture rate: 2 x 10 Gbps
- Transmit rate: 2 x 10 Gbps
- CPU load: 5%
ON-BOARD IEEE 1588-2008 (PTP V2)
- • Full IEEE 1588-2008 stack
- • Packet Delay Variation (PDV) filter
- • PTP master and slave in IEEE 1588-2008 default profile
- • PTP slave in IEEE 1588-2008 telecom and power profiles
HARDWARE TIME STAMP
- Resolution: 4 ns
- Stratum 3 compliant TCXO
- NDIS 10 ns/100 ns
- UNIX 10 ns
- Externalconnectors: Dedicatedpluggable
- Internal connectors: 2 for daisy-chain support
PLUGGABLE OPTIONS FOR TIME SYNCHRONIZATION
- PPS for GPS and CDMA
- IEEE 1588-2008 (PTP v2)
- NT-TS for accelerator-to-accelerator time sync
HOST INTERFACE AND MEMORY
- Bus type: 8-lane 8 GT/s PCIe Gen3
- PCIeperformance: fullduplex
- Onboard RAM: 4 GB DDR3
- Flash: Supports 2 bootimages
- RMON1 counters plus jumbo frame counters per port
- Frame and byte counters per color (filter) and per host buffer
- Counter sets always delivered as a consistent time-stamped snapshot
ENVIRONMENT FOR NT20E3-2-PTP
- Operating temperature: 0° to 45°C (32° to 113°F)
- Operating humidity: 20% to 80%
ENVIRONMENT FOR NT20E3-2-PTP-NEBS
- Operating temperature (up to 1,800 m and airflow of at least 2,5 m/s): –5 °C to 55 °C (23 °F to 131 °F) measured around the accelerator
- Operating humidity: 5% to 85%
- Easy-to-integrate NT-API
- libpcap support
- WinPcap support
- Software PTP stack
- 1/2-length PCIe
REGULATORY APPROVALS AND COMPLIANCES
- NEBS level 3
- cURus (UL)