SYS-CON MEDIA Authors: Yeshim Deniz, Elizabeth White, Pat Romanski, Liz McMillan, William Schmarzo

News Feed Item

Netronome Primes High-Performance Firewalls Based on eBPF/XDP as Data Center Operators Upgrade From Iptables

RSA CONFERENCE -- Netronome, a leader in high-performance intelligent networking solutions, today announced the release of eBPF/XDP offload for Agilio SmartNICs. This provides a foundation for building high-performance, kernel-compliant firewalls, DDoS protection and load balancing products that complement and build on the momentum in the Linux community to drive highly secure, scalable applications needed to optimally secure the exponential growth of users, devices and data. The unique upstreamed, kernel-based Netronome offload and just-in-time (JIT) compiler, combined with the existing low power Agilio® CX 10/25/40GbE SmartNICs, Agilio CX 25/50GbE OCP v2.0 SmartNICs and the new Agilio FX 10/25GbE SmartNICs, allow operators building infrastructures for data center core and enterprise edge applications to marry the benefits of the eBPF framework with transparent hardware acceleration, resulting in up to 10X higher price/performance benefits and 3X power savings.

The new high-performance offload provides an interface to any technology stack that utilizes the underlying flexibility and scalability of eBPF with the performance of XDP. XDP allows users to eliminate kernel bypass through the provision of performance at the base of the kernel stack, eliminating the need for users to have to choose between scalability and performance.

“The new cloud native world of containers needs fast in-kernel networking and security policy enforcement,” said Thomas Graf, founder of the Cilium project. “Programs using eBPF can be changed on the fly and can be transparently offloaded to hardware, combining the flexibility of software-defined data planes with the efficiencies of hardware. eBPF enables Cilium to provide secure microservices with a simple and efficient way to define and enforce both network-layer and application-layer security policies based on container/pod identity.”

“Many useful eBPF networking applications have been created by the Linux community; for example DDoS mitigation apps, load balancers, and more recently, the new bpfilter project for firewalls,” said Alexei Starovoitov, upstream BPF subsystem co-maintainer. “The ability to flexibly run these applications using multiple interfaces in the kernel, and now also in hardware, opens many new possibilities in how this technology can be used in the near future.”

“eBPF is a highly exciting and rapidly growing key part of the Linux kernel. Thanks to its flexibility and performance eBPF allows for a vast number of use cases in different areas such as tracing, security and networking. In particular in networking, eBPF/XDP has become a game changing technology. By providing an in-kernel, high-performance programmable datapath with extremely low per packet costs, XDP is suitable for tailoring custom applications in the field of DDoS mitigation, firewalling, load-balancing, monitoring or any sort of networking stack pre-processing,” said Daniel Borkmann, who maintains the BPF subsystem with Mr. Starovoitov. “The ability to easily offload such eBPF programs entirely into a SmartNIC takes the performance to another level by providing line-rate processing without affecting application performance.”

“The extremely important shift to eBPF/XDP for securing valuable user data is happening now at large data centers,” said Niel Viljoen, CEO and founder of Netronome. “As one of the top networking companies contributing to the Linux community in this vital space, we are proud to be in the forefront bringing true software-defined security with hardware acceleration to the industry as it braces for the tsunami of data growth from new applications and devices.”

By using the proposed bpfilter mechanism, traditional netfilter-based approaches used for implementing security will be easily transferrable to the more flexible, higher performance BPF-based environment. This ensures compliance with existing security management and orchestration tools, yet provides the ability to change dynamically, making it more suitable for ephemeral environments like with containers and edge computing. The Linux community is actively driving these innovations, bringing significant benefits to data center operators as they upgrade their infrastructures for tighter security.

For users who do not run Linux as the host kernel, the new Agilio FX 10/25GbE SmartNIC, which combines the NFP-4000 processor with a quad-core Arm v8, makes it possible to run BPF on the NFP with the Arm running Linux. As a result, vital eBPF/XDP-based security and load balancing features can now be implemented with a broad set of host operating systems.

The Agilio SmartNIC family fully and transparently offloads virtual switch and router datapath processing for networking functions such as overlays, security, load balancing and telemetry, enabling servers used for networking and cloud computing to conserve critical CPU cores for application processing while maintaining significantly higher networking throughput.

Available today, users can download the Agilio eBPF/XDP offload solution via the Netronome support site.

Visit Netronome at the RSA Conference

Netronome will be exhibiting at the RSA Conference, April 16-20, at booth 2610 with details about the need for more dynamic and performant security solutions and how such challenges can be addressed with its Linux upstreamed eBPF/XDP solutions. Netronome will also showcase the new Agilio FX SmartNIC and its applicability toward enhancing security for bare metal servers.

Supporting Resources

About Netronome

Netronome enables customers to increase the efficiency of their modern data center infrastructure, reducing total cost of ownership (TCO) and driving significantly higher revenue per server. Server-based networking has enabled rapid innovation and transformed the economics for data center compute and networking. However, such deployments are facing significant scaling and efficiency challenges with the rapid adoption of 10GbE and higher bandwidth network infrastructure. Netronome brings back much-needed scale and efficiency, without compromising flexibility or the speed of innovation needed in today’s cloud networks running businesses of all sizes. Netronome is headquartered in Santa Clara, CA. To learn more about Netronome and its products, please visit www.netronome.com.

Netronome, the Netronome logo, and Agilio are trademarks or registered trademarks of Netronome Systems, Inc. All other trademarks mentioned are registered trademarks or trademarks of their respective owners in the United States and other countries.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
The Transparent Cloud-computing Consortium (T-Cloud) is a neutral organization for researching new computing models and business opportunities in IoT era. In his session, Ikuo Nakagawa, Co-Founder and Board Member at Transparent Cloud Computing Consortium, will introduce the big change toward the "connected-economy" in the digital age. He'll introduce and describe some leading-edge business cases from his original points of view, and discuss models & strategies in the connected-economy. Nowad...
Founded in 2002 and headquartered in Chicago, Nexum® takes a comprehensive approach to security. Nexum approaches business with one simple statement: “Do what’s right for the customer and success will follow.” Nexum helps you mitigate risks, protect your data, increase business continuity and meet your unique business objectives by: Detecting and preventing network threats, intrusions and disruptions Equipping you with the information, tools, training and resources you need to effectively m...
Doug was appointed CEO of Big Switch in 2013 to lead the company on its mission to provide modern cloud and data center networking solutions capable of disrupting the stronghold by legacy vendors. Under his guidance, Big Switch has experienced 30+% average QoQ growth for the last 16 quarters; more than quadrupled headcount; successfully shifted to a software-only and subscription-based recurring revenue model; solidified key partnerships with Accton/Edgecore, Dell EMC, HPE, Nutanix, RedHat and V...
Having been in the web hosting industry since 2002, dhosting has gained a great deal of experience while working on a wide range of projects. This experience has enabled the company to develop our amazing new product, which they are now excited to present! Among dHosting's greatest achievements, they can include the development of their own hosting panel, the building of their fully redundant server system, and the creation of dhHosting's unique product, Dynamic Edge.
Digital transformation is about embracing digital technologies into a company's culture to better connect with its customers, automate processes, create better tools, enter new markets, etc. Such a transformation requires continuous orchestration across teams and an environment based on open collaboration and daily experiments. In his session at 21st Cloud Expo, Alex Casalboni, Technical (Cloud) Evangelist at Cloud Academy, explored and discussed the most urgent unsolved challenges to achieve fu...
PCCW Global is a leading telecommunications provider, offering the latest voice and data solutions to multi-national enterprises and communication service providers. Our truly global coverage combined with local, on the ground knowledge has helped us build best in class connections across the globe; and especially in some of the remotest, hard-to-reach areas in exciting growth markets across Asia, Africa, Latin America and the Middle East.
NanoVMs is the only production ready unikernel infrastructure solution on the market today. Unikernels prevent server intrusions by isolating applications to one virtual machine with no users, no shells and no way to run other programs on them. Unikernels run faster and are lighter than even docker containers.
Public clouds dominate IT conversations but the next phase of cloud evolutions are "multi" hybrid cloud environments. The winners in the cloud services industry will be those organizations that understand how to leverage these technologies as complete service solutions for specific customer verticals. In turn, both business and IT actors throughout the enterprise will need to increase their engagement with multi-cloud deployments today while planning a technology strategy that will constitute a ...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the most comprehensive program and with 222 rockstar speakers throughout our industry presenting 22 Keynotes and General Sessions, 250 Breakout Sessions along 10 Tracks, as well as our signature Power Panels. Our Expo Floor will bring together the leading global 200 companies throughout the world of Cloud Computing, DevOps, IoT, Smart Cities, FinTech, Digital Transformation, and all they entail. As ...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the most comprehensive program and with 222 rockstar speakers throughout our industry presenting 22 Keynotes and General Sessions, 250 Breakout Sessions along 10 Tracks, as well as our signature Power Panels. Our Expo Floor will bring together the leading global 200 companies throughout the world of Cloud Computing, DevOps, IoT, Smart Cities, FinTech, Digital Transformation, and all they entail.
SUSE is a German-based, multinational, open-source software company that develops and sells Linux products to business customers. Founded in 1992, it was the first company to market Linux for the enterprise. Founded in 1992, SUSE is the world’s first provider of an Enterprise Linux distribution. Today, thousands of businesses worldwide rely on SUSE for their mission-critical computing and IT management needs.
Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes. We are offering early bird savings...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
Only Adobe gives everyone - from emerging artists to global brands - everything they need to design and deliver exceptional digital experiences. Adobe Systems Incorporated develops, markets, and supports computer software products and technologies. The Company's products allow users to express and use information across all print and electronic media. The Company's Digital Media segment provides tools and solutions that enable individuals, small and medium businesses and enterprises to cre...