Netcope Session Filter (NSF) is a session-oriented packet capture solution that leverages the hardware platform of Netcope FPGA Boards to accelerate per-packet processing and flow-based stateful filtering, which leaves more CPU performance for complex processing of network traffic, like DPI. The cooperation of hardware and software makes it possible to build a powerful solution even for 100G Ethernet networks based on commodity multi-core servers.

HANDLE THE NETWORK FLOWS IN HARDWARE

Key feature of NSF is stateful filtering-based packet manipulation, which offers significant advantage over per-packet stateless processing. NSF perceives network traffic as a set of network flows and it is able to track hundreds of thousands of network flows directly in hardware. Software applications leverage hardware preprocessing of network flows to identify flows of interest for further processing and instructs hardware through API on how to deal with each flow. In other words, it allows you to zoom in interesting traffic, drop the traffic of no interest and gather statistical information about the rest of the traffic.

NSF provides many ways to handle network flows in hardware. Autonomous in-hardware processing tracks the flows and gathers statistical information about the flow: communicating endpoints (IP addresses, TCP/UDP ports, L4 protocol), timestamps of beginning and end of the communication, number of transferred bytes and packets etc. In case in-software processing is required, NSF can transfer the packets of a network flow to SW in form of whole packets, packets cropped to specified length, or extracted header fields only, depending on the requirements and complexity of processing of the software application.

FEATURES

• Models for 100G, 40G, and 10G Ethernet available
• Wire-speed traffic processing including the shortest packets
• Hardware flow cache with hundreds of thousands of flow records
• ​Intelligent packet transfer to SW
  • Flow-aware distribution over multiple CPU cores
  • IP fragmentation handling
• Field upgradable
• Runs on the family of Netcope FPGA Boards
• Interconnection of two cards to achieve overall throughput of 200Gbps to software with load balancing​

• Hardware packet processing based on flow records
  • Update per-flow statistics
  • Transfer per-flow statistics to SW
  • Transfer whole or cropped packet to SW
  • Extract and transfer packet header fields to SW
  • Drop packet