Netronome® Agilio™ SmartNIC accelerate DPDK - based networking applications, increasing throughput (Mpps) and bandwidth (Gb/s). By offloading compute intensive server-based networking functions and utilizing multi CPU socket platforms more efficiently, the performance delivered by service node applications can be significantly improved, while freeing up CPU cycles for applications.
Netronome Agilio LX ISAs accelerate next generation firewall (NGFW) designs by offloading a wide range of networking and security processing tasks while leveraging x86 processors for other aspects of the NGFW solution. Critical functions like stateful firewall (IP flow state tracking and policy enforcement) in conjunction with L2 switching, L3 routing and Network Address and Port Translation (NAPT), IP VPN termination, application-specific security policies enforcement, and intelligent load balancing are performed on the Agilio LX ISA. Other functions such as the ability to detect applications (DPI), user/identity awareness, embedded rule-based IDS/IPS for the detection of application or user based network intrusion, and malware monitoring are accomplished on the NGFW x86 processors in a unique workload specific processing architecture.
Netronome Agilio LX SmartNIC accelerate IDS and IPS applications through tight coupling with x86 based processors over a DPDK poll mode driver (PMD). IDS and IPS applications are best suited for general-purpose x86 processors due to the fluid nature of threat updates and modifications, but acceleration based on flow processing is critical to scaling these applications to 40 GbE and 100GbE. On a per-flow basis, traffic can be intelligently steered to go through the IDS/IPS processing, dropped, rate limited, or sent to an adjacent interface to the network.
Netronome Agilio LX SmartNIC accelerate DPI applications by using flow-processing techniques to work in conjunction with x86 based DPI techniques. Initially, all packets of a flow are sent to an x86 based DPI engine for application classification through a variety of techniques. On a per-flow basis, a wide range of actions can be applied to the packets of a flow(s) after identification. Traffic can be actively or passively dropped, cut-through the appliance from ingress to egress physical interface, redirected to different x86 applications, load-balanced across a set of x86 cores or a set of egress interfaces, encrypted/decrypted, inserted into a tunnel (IPsec, SSL, IP in IP, GRE), QoS/rate limiting applied, or translated via NAPT.
Netronome Agilio LX SmartNIC accelerate DDoS solutions with the ability to apply black list and white list profiles to traffic at 40/100GbE. Additional DDoS measures include the ability to evade SYN flood attacks (half open attack) by monitoring flows in hardware.
Netronome Agilio LX SmartNIC accelerate LI solutions through sophisticated flow management. Policies can be applied to traffic on a per-flow basis where the LI application can identify suspect flows and the match-action policy to drop or re-direct those flows that occur in flow processing hardware.