Server racks in data centers deliver features and scale related to critical applications such as network virtualization, security, load balancing and telemetry. The number or VMs and containers that can be deployed per server in the rack relates to available CPU resources and networking bandwidth. The Agilio solution used in compute node servers can significantly reduce CAPEX and power consumption per rack, while boosting performance and scalability per rack.
Micro-segmentation is a method of defining and enforcing fine-grained security policies for widely distributed applications, containers, and virtual machines at massive scale. Netronome adds value by offloading and accelerating the enforcement of the most comprehensive policies, thereby eliminating the bottlenecks associated with implementation of micro-segmentation within a server.
Netronome Agilio intelligent server adapters accelerate DPDK-based networking applications, increasing throughput (Mpps) and bandwidth (Gbps). By offloading compute intensive server-based networking functions and utilizing multi CPU socket platforms more efficiently, the performance delivered by service node applications can be significantly improved, while freeing up CPU cycles for applications.
Netronome Agilio intelligent server adapters accelerate IDS and IPS applications through tight coupling with x86 based IDS/IPS applications. IDS and IPS applications are best suited for general-purpose x86 processors due to the fluid nature of threat updates and modifications, but acceleration based on flow processing is critical to scaling these applications to 40 and 100GbE. On a per-flow basis, traffic can be steered to go through the IDS/IPS processing, be dropped, or be sent to an adjacent interface.
Netronome Agilio intelligent server adapters accelerate LI solutions through sophisticated flow management. Policies can be applied to traffic on a per-flow basis where the LI application can identify suspect flows and the match/action policy to drop or re-direct those flows happens in flow processing hardware.
Netronome Agilio intelligent server adapters accelerate DDoS solutions with the ability to apply black list and white list profiles to traffic at 40/100 GbE. Additional DDoS measures include the ability to evade SYN flood attacks (half-open attack) by monitoring flows in hardware.
OpenStack is an open source cloud-computing platform used by many telecom and data center cloud service providers in private, public and hybrid clouds for providing automated and scalable compute, storage and networking resources. Agilio intelligent server adapters (ISAs) with Agilio software provide complete integration with OpenStack to automate and accelerate VM provisioning, startup, and shutdown using SR-IOV, DPDK, enhanced VirtIO, and extended security policy rules configuration using OVS, vRouter and Linux Firewall using Connection Tracking. This extends the applicability of efficient, hardware-accelerated OpenStack networking to a significantly larger set of cloud, NFV and SDN based applications.
With the increased sprawl of VMs and containers, and with the need for zero-trust security and fast innovation, data centers are increasingly adopting server-based networking. With it, critical data center applications such as network virtualization, security, load balancing and telemetry are implemented in the server. When implemented in software on a x86 CPU, server-based networking fails to scale efficiently, resulting in higher CAPEX and power costs, insufficient security for applications, and inability to deliver fast feature rollouts without severely compromising performance. The world’s largest mega-datacenters have solved this problem through significant research and development investments and use of proprietary hardware and software solutions. Netronome’s Agilio platform, composed of Agilio CX hardware and Agilio software, is an off-the-shelf solution that solves these problem for the rest of the industry – including data center and telco service providers, and enterprises adopting hybrid and private cloud practices.
Netronome Agilio intelligent server adapters accelerate next-generation firewall (NGFW) designs by offloading a wide range of networking and security processing tasks such as the ability to detect applications and apply application-specific security policies. Additional offloads include user/identity awareness, embedded rule-based IDS/IPS for the detection of application or user based network intrusion, malware monitoring, traditional access control enforcement, as well as stateful firewall (IP flow state tracking and policy enforcement) in conjunction with L2 switching, L3 routing, and network address and port translation (NAPT).
Netronome Agilio intelligent server adapters accelerate DPI applications by using flow processing techniques to work in conjunction with x86 based DPI techniques. Initially, all packets of a flow are sent to an x86 based DPI engine for application classification through a variety of techniques. On a per-flow basis, a wide range of actions can be applied to the packets of a flow(s) after identification. Traffic can be actively or passively dropped, cut-through the from ingress to egress physical interface, redirected to different x86 applications, and load balanced across a set of x86 cores or across a set of egress interfaces, or translated via NAPT.
Virtual Evolved Packet Core (vEPC) technologies are used for provisioning of 4G LTE mobile core network services, in virtual machines implemented on COTS servers. These services include transfer of voice, data and video from a mobile device to the IP network. Netronome’s Agilio solution delivers 3-5X higher vEPC bandwidth on the same number of CPU cores by offloading the datapath involving network and VM user plane traffic. This means higher levels of mobile core network services at lower CAPEX.
Open vSwitch (OVS) is developed in openvswitch.org and enjoys the benefits of a large open source community. It has become the foundation of SDN and NFV deployments in data centers and is supported by all important cloud frameworks today. OVS has evolved rapidly with new features and continues to do so in support of new security, network virtualization and cloud orchestration-related features. The Netronome Agilio solution transparently and completely offloads the OVS datapath into the hardware, delivering significant performance and server efficiency benefits that result in more services revenue per server and lower CAPEX.