It is a challenge to effectively process all the traffic on modern high-speed links. The volume of network traffic is so huge that it is not possible to process it all in software. Though all the traffic can be transferred to memories of the host system, it is not possible to perform a non-trivial task with each packet due to the speed of today’s networks. Real-time processing of 100G traffic is too much to handle even for the most powerful CPUs.


Looking at the structure of network traffic, we can see a heavy-tailed distribution where 80% of traffic is transferred in 20% of network flows. This 80% of traffic mostly comprises real-time entertainment and streaming video and audio from, for example, Netflix, YouTube, marketplaces like Apple iTunes, file-sharing servers//websites, social networks, etc. Depending on the use case, these categories of network traffic are often not interesting to us and they only waste processing power. Addressing this issue was the primary motivator for designing a smart technique called Software Defined Monitoring (SDM).

In SDM, a piece of hardware driven by a software application is used as a preprocessor of network traffic. The hardware part is able to process packets at wire speed, while the software part is able to analyze the content of packets and instruct the hardware on which part of the traffic is to be offloaded. Such division of labor between the hardware part and the software part allows each part to do its job in an effective manner. Netcope Session Filter (NSF) is an implementation of the SDM concept. It leverages FPGA-based cards and their on-board memories to track network flows and apply actions committed through the NSF API at run time.

