In “The Matrix” trilogy, the Merovingian, who is the all-knowing broker of information inside the Matrix, says that:
“‘Why’ is what separates us from them, you from me.
‘Why’ is the only real social power, without it you are powerless.”
In networking, to know the “Why” requires that you capture every packet, with a highly precise timestamp, and its metadata in the form of VLAN tags. The LDA Neo with NetRecap can provide all of this information so your team can then determine the “Why” that will propel your business forward.
Introduction
At first glance, the LDA Neo looks like a network switch. Looks though, are deceiving; it is a fully programmable networking application platform executing on a server-class system with substantial resources. This enables Neo to not only route traffic like a switch, but it can also run multiple complex applications simultaneously. Neo performs many tasks in parallel on traffic such as Muxing, 40Gbe translation, bandwidth management, timestamping, VLAN tagging, packet cloning, and full lossless packet capture. In some use cases, Neo can compete exceptional well against existing dedicated network appliances while simultaneously outperforming them. It is not meant to replace these devices in all use cases as it has not been designed to address the many corner cases that might exist for these dedicated appliance products. LDA's NetRecap is an application for the Neo reconfigurable network platform that enables timestamping, VLAN tagging, cloning, and in some configurations, full lossless packet capture. It collects all the data required for you to answer, “Why?”
Neo, an Open Architecture Networking Platform
The LDA Neo Reconfigurable Network Platform is an open architecture built on an Intel Xeon server running Linux, with up to 128 GB of main memory, three U.2 NVMe internal drives, and a single PCIe x8 expansion slot. Being an open architecture allows LDA's customers the flexibility to use whatever hardware capture card or generic high-performance Network Interface Card (NIC) the customer is comfortable with to perform network packet capture. Typically, this NIC is an Intel E810 that supports up to 100 Gbps of network capture. The LDA team has also tested and supports Napatech capture cards with the Neo platform for lossless packet capture. It is also possible to use other high-performance NICs in your Neo from Xilinx (formerly Solarflare) and NVIDIA (formerly Mellanox). Since Neo is an open platform, customers can run third-party advanced capture software from Napatech. The is also a software only capture platform utilizing DPDK from the leader in this space, Ntop. Neo's ability to capture is limited only by the NIC's capture capabilities and software selected by the customer. In Figure 2 below, we've provided a simplified architectural block diagram showing the layout of the Neo Reconfigurable Network Platform. All the colored components below are customer configurable.
Many other appliance vendors in this market provide only closed architecture solutions that require additional licenses to enable key features. These vendors often charge premium prices for additional “qualified” memory, storage, or networking modules. Often users are even barred from upgrading the hardware or installing their applications on these appliances. LDA expects customers to use the Neo as they see fit; they bought the platform; therefore, they should be allowed to install whatever hardware or software makes them comfortable. This includes currently unsupported capture or networking cards and third party memory and NVMe drives that have not yet been qualified by LDA. The flexibility and cost savings resulting from the Neo being an open platform is one of the main features that has attracted customers to the Neo platform.
NetRecap Overview
NetRecap was designed for both 25 GbE and 10 GbE traffic analysis. By default, all traffic coming into each of the forty-eight ports on Neo receives a standard precision timestamp and a unique VLAN tag. Eight of these forty-eight ports can then be reconfigured to receive high-precision timestamps with an accuracy of 96 picoseconds for 10 GbE or 40 picoseconds for 25 GbE. Time is perhaps one of the most important metrics to track when doing network packet capture. As the Merovingian said:
“Yes, of course. Who has time? Who has time? But then if we never *take* time, how can we have time?”
Unlike most other capture solutions, Neo's accuracy is measured in 10s of picoseconds; this is like a carpenter moving from measuring wood using a tape with 1/8th inch marks to one with millimeter marks (about 1/25th of an inch). Precision is essential; actually, knowing the time between when two specific packets arrive is sometimes the whole purpose of a packet capture project.
Neo VLAN tags each packet with a port-specific value, which makes it easier to correlate traffic as it is aggregated together. Neo can then steer all ports directly to the network capture card. These cards often work with the operating system to collect packets and pass them to a capture application via various kernel bypass techniques. This allows these applications to cache network packets into the main memory until they can be inspected or permanently stored on NVMe drives. Neo uses NVMe drives with four lanes of PCIe Gen4 with an effective writing speed of 4.4 GB/sec. If the storage subsystem is properly configured, all three drives can support writing 100 Gbps of capture to disk. A second version of the Neo is available that supports up to four NVMe drives, which would push this writing capability well beyond 100 Gbps.
The Neo provides a single eight-lane PCIe slot for a NIC for capture; almost any current 10/25/100 GbE card should work. This makes it easy to fit Neo with NetRecap into your existing capture infrastructure or build a whole new, highly performant one. If you've been capturing network packets for years, then you may already have a robust infrastructure using Napatech, Solarflare, or Intel with Ntop already installed. Neo with NetRecap can be configured to fit right in using the capture NIC and software package you're most familiar. The performance of your Neo when doing packet capture is only limited by the NIC and software capture solution you select.
To read the full article, please download the PDF below.
