Skip to content

3x n2disk™ Performance Increase

Napatech Link-Capture™ Software
for Napatech SmartNICs

Solution Description

Napatech Link-Capture™ Software for Napatech SmartNICs
n2disk™ is a powerful network traffic recorder application that enables users to capture and store network packets at multi-gigabit rate from a live network. n2disk™ allows security teams to seize, store and retrieve all network data on demand, providing retrospective PCAP evidence for vector identification, forensic analysis or operational troubleshooting.

n2disk™ effectively performs numerous tasks, including:

• Offline network packet analysis by feeding specialized IDS tools like Snort and Suricata n2disk Throughput
• Reconstruction of specific communication flows or network activities
• Reproduction of previously captured traffic to a different network interface
• Ability to output PCAP files so the output can be easily integrated with analysis tools (e.g. Wireshark)

As capable as n2disk™ is at recording network traffic, however, it will only be as effective as its implementation. A prerequisite for n2disk™ to be successful is that all network packets are captured with zero loss. But with a multi-gigabit traffic load, standard server deployments struggle to keep up.

In addressing this challenge, Napatech has created a hardware acceleration solution, based on the Napatech Link-Capture™ Software, that alleviates the load on the CPU and thereby greatly increases application performance.

The Napatech difference
The Napatech Link-Capture™ Software is uniquely suited for lossless acceleration of n2disk™. Optimized to capture all network traffic at full line rate, with almost no CPU load on the host server (all frame sizes), the solution demonstrates lossless performance advantages for n2diskTM compared to a standard Network Interface Card (NIC):

• Up to 3x lossless packet to disk performance
• Guaranteed capture to disk even for large packet bursts of minimum size packets

Turning Acceleration into Value
These performance advantages ultimately allow you to:

• Maximize your server performance by improving CPU utilization
• Minimize your TCO by reducing number of servers, thus optimizing rack space, power, cooling and operational expenses
• Diminish your time-to-resolution, thereby enabling greatly increased efficiency

Outstanding Lossless Performance
The outstanding improvements achieved with this solution were demonstrated by comparing n2disk™ performance running on a Dell PowerEdge R740 with a standard 40G NIC card and the Napatech NT200 SmartNIC with LinkTM Capture Software.

n2disk Throughput

Throughput (Gbps)

Frame Size

Throughput Test
The outstanding improvements achieved with this solution were demonstrated by comparing n2disk™ performance running on a Dell PowerEdge R740 with a standard 40G NIC card and the Napatech NT200 SmartNIC with Link-Capture™ Software.

To eliminate the storage subsystem as a potential limiting factor, n2disk™ performance was measured in disk simulation mode, using a RAM disk to emulate an infinitely fast disk. Ethernet frames of specific sizes from 64B to 1518B were sent with minimum inter-frame gaps to the device under test, and the n2disk™ receive packet rate was recorded as the throughput value.

The test revealed that the Napatech NT200 SmartNIC with Napatech Link-Capture™ Software provides 3x higher throughput for small packets compared to a standard NIC.

Test Configuration
The test configuration was based on a dual-socket Dell R740 with Intel® Xeon® Gold 6138 2.0 GHz, 128GB RAM running CentOS 7.5.

Key Features
• Line rate network throughput for all packet sizes
• Lossless capture for perfect inspection and detection
• Onboard packet buffering during micro-burst or PCI Express bus congestion scenarios
• Advanced host memory buffer management for ultra-high CPU cache performance
• Packet classification, match/action filtering and zero-copy forwarding

Napatech Link-Capture™ Software
The stunning benchmarks for ntop n2disk™ were achieved by deploying Napatech’s Reconfigurable Computing Platform™, based on FPGA-based Link-Capture™ Software and Napatech SmartNIC hardware.

Napatech’s Reconfigurable Computing Platform flexibly offloads, accelerates and secures open, standard, high-volume and low-cost server platforms allowing them to meet the performance requirements for networking, communications and cybersecurity applications.

ntop n2disk™
n2disk™ is a network traffic recorder application that allows users to capture full-sized network packets to disk at multi-gigabit rate from a live network interface. n2disk™ uses the industry standard PCAP file format to dump packets into files so the resulting output can be easily integrated with existing third party or open source analysis tools (e.g. Wireshark).

n2disk™ is an ideal example of the type of critical enterprise security application that can achieve better performance through hardware acceleration.