Network Capture Card - NT100A01
for 4×1/10G | 4×10/25G

Line speed

Napatech’s network cards are highly optimized to capture network traffic even at full line speed, with very low CPU usage on the host server. Lossless packet capturing is critical for applications that need to analyze all network traffic. If anything needs to be discarded, the application makes this decision, so ultimately this should not be a limitation of the network cards.

Standard built-in network interface cards (NICs) are not designed for analysis applications that analyze the entire traffic of a connection or link. Normal NICs are designed from their mode of operation to be used for one communication only, where network data not addressed to the sender or recipient is simply discarded. This shows that NICs are not capable of handling amounts of data that continuously occur in bursts on Ethernet links. In these situations the full bandwidth of a connection is used, which in turn requires the ability to analyze all Ethernet frames. Napatech’s network cards have been designed specifically for this task and offer maximum capacity for uncompromising recording of network data.

Packet buffering

Napatech’s network cards have built-in memory for buffering Ethernet frames. Buffering ensures guaranteed delivery of data even if there is an overload when the data is sent to the application. There are three potential sources of congestion: the PCI interface, the server platform and the analytics application.

PCI interfaces provide a fixed bandwidth for transferring data from the accelerator to the application. This limits the amount of data that can be continuously transferred from the network to the application. For example, a 16-track PCIe Gen3 interface can transfer up to 115 Gbps of data to the application. However, if the network speed is 2 × 100 Gbps, a burst of data cannot be transmitted in real time over the PCIe Gen3 interface because the transfer rate exceeds twice the maximum PCIe bandwidth. In this case, the integrated packet buffering of the Napatech card can absorb the burst and ensure that no data is lost, and releases the frames again when the application provides capacity.

Servers and applications can be configured to overload the infrastructure of the servers or even the application itself. Likewise, CPU cores may be busy processing or retrieving data from remote caches and locations, resulting in new Ethernet frames not being able to be transferred properly by standard network cards.

In addition, the application can be configured with only one or a few processing threads, which can cause the application to become overloaded so that new Ethernet frames are not transmitted. Integrated packet buffering allows Ethernet frames to be buffered until the server or application is able to receive them. This ensures that no Ethernet frames are lost and that all network data is made available for analysis without compromise.

Multi-CPU Distribution

Modern servers offer unprecedented computing power through multi-core CPU implementations. This makes standard servers an ideal platform for device development. To fully utilize the processing power of modern servers, it is important that the analysis application also supports multi-threading and that the right Ethernet frames are made available to the right CPU core for processing. However, the frames must also be provided at the right time to ensure that the analysis can be performed in real time.

The Napatech multi-CPU distribution is built and optimized from our extensive knowledge of server architecture and the actual experience of our customers.

Napatech’s network cards ensure that identified data streams from related Ethernet frames are optimally distributed to the available CPU cores. This ensures that the processing load is balanced over the available processing resources and that the right frames are processed by the right CPU cores.

With flow distribution across multiple CPU cores, the throughput of the analysis application can be increased linearly with the number of cores (up to 128). Furthermore, the performance can also be scaled by faster processor cores. This highly flexible mechanism allows many different ways to design a solution and provides the opportunity to optimize cost and/or performance.

Napatech’s cards support different distribution types which are fully configurable:

• Distribution by ports: All frames captured on a physical port are transferred to the same CPU or a number of CPU cores for processing
• Distribution by traffic type: Frames of the same protocol type are transferred to the same CPU or a number of CPU cores for processing
• Distribution by flows: Frames with the same hash value are sent to the same CPU or a number of CPU cores for processing
• Combinations of the above

Time stamps

To achieve this, all Napatech SmartNICs are able to provide a highly precise time stamp with a resolution of 1 nanosecond for each frame captured and transmitted.

At 10 Gbit/s, an Ethernet frame can be received and transmitted every 67 nanoseconds. At 100 Gbps this time is reduced to 6.7 nanoseconds. This makes time stamping with nanosecond precision essential for uniquely identifying the reception of a frame. This incredible precision also allows you to sequence frames from multiple ports on multiple accelerators and merge them into a single, timed analysis stream.

To work seamlessly across the various supported operating systems, Napatech SmartNICs support a range of industry-standard timestamp formats and also offer a choice of resolutions suitable for different types of applications.

64-bit timestamp formats:

• 2 Windows formats with 10-ns or 100-ns resolution
• Native UNIX format with 10-ns resolution
• 2 PCAP formats with 1-ns or 1000-ns resolution

Cache optimization

Buffer configuration can dramatically impact the performance of analytical applications. Different applications have different latency or processing requirements. It is therefore extremely important that the number and size of buffers can be optimized for the specific application. Napatech SmartNICs make this possible.

The flexible server buffer structure supported by Napatech SmartNICs can be optimized for different application requirements. For example, for applications that require a short latency, frames can be delivered in small pieces, optionally with a fixed maximum latency. Applications without latency requirements can benefit from data delivered in large chunks, enabling more effective server CPU processing by the data. Applications that need to correlate information distributed over packets can configure larger server buffers (up to 128 GB).

Up to 128 buffers can be configured and combined with the Napatech multi-CPU distribution (see “Multi-CPU Distribution”).

Multi Port Package Sequencing

There is a growing need for analysis devices that are capable of monitoring and analyzing multiple points on the network and even provide a network-wide view of what is happening. This not only requires the installation of multiple SmartNICs in a single appliance, but also requires that the analysis data from all ports on each accelerator be correlated.

With the Napatech software suite it is possible to sequence the analysis data from multiple SmartNICs and merge them into a single analysis stream. The merging is based on the nanosecond accurate time stamps of each Ethernet frame, which allows a time ordered merging of the individual data streams.

Tunneling

Napatech SmartNICs decode these tunnels and provide the ability to correlate and load balance based on the flows in the tunnels. Analysis applications can use this capability to test, secure and optimize mobile networks and services. To effectively analyze the different services associated with each subscriber, it is important to separate them and analyze each one individually. Napatech SmartNICs have the ability to identify the content of tunnels, allowing the analysis of each service used by a subscriber. This quickly provides the application with the information it needs and enables efficient analysis of network and application traffic. Napatech’s frame classification, flow identification, filtering, coloring, splitting and intelligent multi-CPU distribution capabilities can thus be applied to the content of the tunnel rather than the tunnel itself, resulting in more balanced processing and more efficient analysis.

GTP and IP-in-IP tunneling are powerful features for telecommunications equipment vendors who need to build mobile network monitoring products. This feature allows Napatech to outsource and accelerate data analysis so that customers can focus on optimizing the application, maximizing processing resources in standard servers.

IP fragments

Traffic Replay

Traffic Forwarding

Session control

In-Line Mode

• Full throughput bidirectional Rx/Tx up to 100G link speed for all packet sizes
• Multi-core processing support with up to 128 Rx/Tx streams per SmartNIC
• Adaptable, hash-based load distribution
• Efficient Zero Copy Roundtrip from Rx to Tx
• Single bit flip selection to discard or forward each packet
• Typical 50 us roundtrip latency from Rx to Tx fiber

CPU Socket Load balancing