Netcope Session Filter

Netcope Session Filter (NSF) is a session-oriented packet capture solution that leverages the hardware platform composed of Netcope FPGA Boards to accelerate per-packet processing and flow-based stateful filtering, which leaves more CPU performance for complex processing of network traffic, such as DPI. The cooperation of hardware and software makes it possible to build a powerful solution even for 100G Ethernet networks based on commodity multi-core servers.

NSF-100G2  Features 

Session Filter

handle the network flows in hardware

A key feature of NSF is stateful filtering-based packet manipulation, which offers a significant advantage over per-packet stateless processing. NSF perceives network traffic as a set of network flows and it is able to track hundreds of thousands of network flows directly in hardware. Software applications leverage hardware preprocessing of network flows to identify flows of interest for further processing and instructs the hardware through the API on how to deal with each flow. In other words, it allows you to zoom in on interesting traffic, drop traffic that is of no interest and gather statistical information about the remaining traffic.

NSF provides many ways to handle network flows in hardware. Autonomous in-hardware processing tracks flows and gathers statistical information about the flows: communicating endpoints (IP addresses, TCP/UDP ports, L4 protocol), timestamps of the beginning and end of the communication, the number of transferred bytes and packets, etc. In the event that in-software processing is required, NSF can transfer the packets of a network flow to SW in the form of whole packets, packets cropped to a specified length or extracted header fields only, depending on the requirements and complexity of processing of the software application. 

 

Features

  • Models for 100G, 40G, and 10G Ethernet available

  • Wire-speed traffic processing including the shortest packets

  • Hardware flow cache with hundreds of thousands of flow records

  • ​Intelligent packet transfer to SW

    • Flow-aware distribution over multiple CPU cores

    • IP fragmentation handling

  • Field upgradable

  • Interconnection of two cards to achieve overall throughput of 200Gbps to software with load balancing​

  • Hardware packet processing based on flow records

    • Update of per-flow statistics

    • Transfer of per-flow statistics to SW

    • Transfer of whole or cropped packet to SW

    • Extraction and transfer of packet header fields to SW

    • Packet dropping

Use Cases

  • Acceleration of DPI-based (deep packet inspection) systems (IDS, IPS, UTM...)

  • Application-specific statistics (time-based, TCP flags, etc.)

  • Acceleration of lawful interception systems

  • Acceleration of DDoS mitigators

  • Forensic analysis of network traffic (dynamic zoom-in)
  • In-hardware stateful firewall

  • 200Gbps software load balancing

Learn more about NSF

Netcope Session Filter is available for 100G Ethernet technologies. Download product the brief to learn more or contact us if you prefer to discuss your needs directly. We are looking forward to hearing from you and answering your questions!


NSF-100G2

"Netcope’s 100G-ready NSF allows for the early classification and hardware offload of sessions that are not relevant to Intrusion Protection using all remaining power to analyse the remaining traffic for Intrusion candidates. Netcope’s Hardware Session-based Offloading coupled with inter-adapter load-balancing of full-duplex links, means that we can deliver 200 Gbps of DPI analyses using standard server configurations.“

Martin Hayes, CTO of Picomass


Learn more about this deployment in our Case Study

Explore more Netcope products

Netcope P4

Netcope P4

P4 is a high-level language for programming protocol-independent packet processing. It has been d...

Netcope Packet Capture (NPC)

Netcope Packet Capture (NPC)

Learn more about the network solution for wire-speed, low-latency packet processing.

Netcope FPGA Boards (NFB)

Netcope FPGA Boards (NFB)

High-performance appliances designed for the development of hardware-accelerated applications.

Netcope Success Stories

NSF-100G2-Picomass-Netcope

NSF-100G2-Picomass-Netcope Network Traffic Monitoring

Picomass uses Netcope Session Filter in the IPS200 DPI solution because NSF is capable of offloading traffic to hardware. This makes real-time DPI on 100G networks possible.

Flowmon Networks

Flowmon Networks Network Traffic Monitoring

Flowmon Networks aims to develop a new generation of NetFlow/IPFIX probes that can monitor and process traffic of 100GE high-speed networks. Because of that, Flowmon Networks needs to find a network card that would be able of handling 100 GE monitoring requirements.

U.S. trading firm deploys Tradecope

U.S. trading firm deploys Tradecope Electronic Stock Trading

For successful trading on electronic exchanges today, it is not enough to come up with the smartest strategy anymore. Learn more about how U.S trading firm deployed FPGA-based Tradecope solution to increase hit rate of the trading strategy.