Napatech's Family of In-Line Network Adapters: A Solution for Intrusion Prevention

With the transition to 10 Gbps networks, the focus on performance of Intrusion (News - Alert) Prevention Systems (IPS) to keep up with higher data rates is increasing.

High-Performance IPS provides in-line processing of network traffic in real-time and has always required expensive systems based on proprietary hardware platforms.

With Napatech’s (News - Alert) family of In-line network adapters, an alternative approach based on standard off-the-shelf server hardware was made possible. This reduces the time, cost and technical risk associated with development of high-performance IPS.

Napatech’s In-line adapters provide multi-port 1 Gbps and 10 Gbps packet reception and transmission at full line-rate. Based on PCI (News - Alert)-Express, the network adapters can be deployed in standard x86 servers to provide a powerful, full throughput platform for high-performance IPS solutions.

“We have seen a lot of traction with IPS system vendors interested in improving their overall IPS system throughput performance,” said Erik Norup, president, Napatech, Inc., in a release. “One of the bottlenecks is pure data input/output performance and this is where Napatech network adapters excel.”

 

“Another feature, however, is proving to be just as important in improving overall sustained system performance and that is our multi-CPU support,” he continued. “Napatech network adapters have the unique capability to identify and distribute flows on an intelligent basis to up to 32 CPU cores. This allows massive parallel processing of data and thereby improved system throughput performance.”

With Napatech In-line adapters and standard off-the-shelf server hardware there is no need to develop customized hardware to achieve high throughput performance. This allows vendors to focus on application software improvements, leading to faster time-to-market, lower development costs and less technical risk.

Napatech’s In-line adapters offer sustained full line-rate 1Gbps and 10Gbps throughput for every port both on reception and transmission of packets. The adapter recognizes layer 2 through 4 protocols and can compute 17 different types of hash-keys. With the computed hash-key or an equal distribution method, flows can be distributed across 32 CPU cores, allowing parallel processing, allowing the application to utilize available CPU cores.