SYS-CON MEDIA Authors: Yeshim Deniz, Carmen Gonzalez, Liz McMillan, Elizabeth White, Pat Romanski

News Feed Item

Netronome Primes High-Performance Firewalls Based on eBPF/XDP as Data Center Operators Upgrade From Iptables

RSA CONFERENCE -- Netronome, a leader in high-performance intelligent networking solutions, today announced the release of eBPF/XDP offload for Agilio SmartNICs. This provides a foundation for building high-performance, kernel-compliant firewalls, DDoS protection and load balancing products that complement and build on the momentum in the Linux community to drive highly secure, scalable applications needed to optimally secure the exponential growth of users, devices and data. The unique upstreamed, kernel-based Netronome offload and just-in-time (JIT) compiler, combined with the existing low power Agilio® CX 10/25/40GbE SmartNICs, Agilio CX 25/50GbE OCP v2.0 SmartNICs and the new Agilio FX 10/25GbE SmartNICs, allow operators building infrastructures for data center core and enterprise edge applications to marry the benefits of the eBPF framework with transparent hardware acceleration, resulting in up to 10X higher price/performance benefits and 3X power savings.

The new high-performance offload provides an interface to any technology stack that utilizes the underlying flexibility and scalability of eBPF with the performance of XDP. XDP allows users to eliminate kernel bypass through the provision of performance at the base of the kernel stack, eliminating the need for users to have to choose between scalability and performance.

“The new cloud native world of containers needs fast in-kernel networking and security policy enforcement,” said Thomas Graf, founder of the Cilium project. “Programs using eBPF can be changed on the fly and can be transparently offloaded to hardware, combining the flexibility of software-defined data planes with the efficiencies of hardware. eBPF enables Cilium to provide secure microservices with a simple and efficient way to define and enforce both network-layer and application-layer security policies based on container/pod identity.”

“Many useful eBPF networking applications have been created by the Linux community; for example DDoS mitigation apps, load balancers, and more recently, the new bpfilter project for firewalls,” said Alexei Starovoitov, upstream BPF subsystem co-maintainer. “The ability to flexibly run these applications using multiple interfaces in the kernel, and now also in hardware, opens many new possibilities in how this technology can be used in the near future.”

“eBPF is a highly exciting and rapidly growing key part of the Linux kernel. Thanks to its flexibility and performance eBPF allows for a vast number of use cases in different areas such as tracing, security and networking. In particular in networking, eBPF/XDP has become a game changing technology. By providing an in-kernel, high-performance programmable datapath with extremely low per packet costs, XDP is suitable for tailoring custom applications in the field of DDoS mitigation, firewalling, load-balancing, monitoring or any sort of networking stack pre-processing,” said Daniel Borkmann, who maintains the BPF subsystem with Mr. Starovoitov. “The ability to easily offload such eBPF programs entirely into a SmartNIC takes the performance to another level by providing line-rate processing without affecting application performance.”

“The extremely important shift to eBPF/XDP for securing valuable user data is happening now at large data centers,” said Niel Viljoen, CEO and founder of Netronome. “As one of the top networking companies contributing to the Linux community in this vital space, we are proud to be in the forefront bringing true software-defined security with hardware acceleration to the industry as it braces for the tsunami of data growth from new applications and devices.”

By using the proposed bpfilter mechanism, traditional netfilter-based approaches used for implementing security will be easily transferrable to the more flexible, higher performance BPF-based environment. This ensures compliance with existing security management and orchestration tools, yet provides the ability to change dynamically, making it more suitable for ephemeral environments like with containers and edge computing. The Linux community is actively driving these innovations, bringing significant benefits to data center operators as they upgrade their infrastructures for tighter security.

For users who do not run Linux as the host kernel, the new Agilio FX 10/25GbE SmartNIC, which combines the NFP-4000 processor with a quad-core Arm v8, makes it possible to run BPF on the NFP with the Arm running Linux. As a result, vital eBPF/XDP-based security and load balancing features can now be implemented with a broad set of host operating systems.

The Agilio SmartNIC family fully and transparently offloads virtual switch and router datapath processing for networking functions such as overlays, security, load balancing and telemetry, enabling servers used for networking and cloud computing to conserve critical CPU cores for application processing while maintaining significantly higher networking throughput.

Available today, users can download the Agilio eBPF/XDP offload solution via the Netronome support site.

Visit Netronome at the RSA Conference

Netronome will be exhibiting at the RSA Conference, April 16-20, at booth 2610 with details about the need for more dynamic and performant security solutions and how such challenges can be addressed with its Linux upstreamed eBPF/XDP solutions. Netronome will also showcase the new Agilio FX SmartNIC and its applicability toward enhancing security for bare metal servers.

Supporting Resources

About Netronome

Netronome enables customers to increase the efficiency of their modern data center infrastructure, reducing total cost of ownership (TCO) and driving significantly higher revenue per server. Server-based networking has enabled rapid innovation and transformed the economics for data center compute and networking. However, such deployments are facing significant scaling and efficiency challenges with the rapid adoption of 10GbE and higher bandwidth network infrastructure. Netronome brings back much-needed scale and efficiency, without compromising flexibility or the speed of innovation needed in today’s cloud networks running businesses of all sizes. Netronome is headquartered in Santa Clara, CA. To learn more about Netronome and its products, please visit www.netronome.com.

Netronome, the Netronome logo, and Agilio are trademarks or registered trademarks of Netronome Systems, Inc. All other trademarks mentioned are registered trademarks or trademarks of their respective owners in the United States and other countries.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Cloud is the motor for innovation and digital transformation. CIOs will run 25% of total application workloads in the cloud by the end of 2018, based on recent Morgan Stanley report. Having the right enterprise cloud strategy in place, often in a multi cloud environment, also helps companies become a more intelligent business. Companies that master this path have something in common: they create a culture of continuous innovation. In his presentation, Dilipkumar Khandelwal outlined the latest...
Data center, on-premise, public-cloud, private-cloud, multi-cloud, hybrid-cloud, IoT, AI, edge, SaaS, PaaS... it's an availability, security, performance and integration nightmare even for the best of the best IT experts. Organizations realize the tremendous benefits of everything the digital transformation has to offer. Cloud adoption rates are increasing significantly, and IT budgets are morphing to follow suit. But distributing applications and infrastructure around increases risk, introdu...
DevOps has long focused on reinventing the SDLC (e.g. with CI/CD, ARA, pipeline automation etc.), while reinvention of IT Ops has lagged. However, new approaches like Site Reliability Engineering, Observability, Containerization, Operations Analytics, and ML/AI are driving a resurgence of IT Ops. In this session our expert panel will focus on how these new ideas are [putting the Ops back in DevOps orbringing modern IT Ops to DevOps].
Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software with the simplicity and reach of the open web. With staff in 10 timezones, Isomorphic provides a global network of services related to our technology, with offerings ranging from turnkey application development to SLA-backed enterprise support. Leadin...
FinTech is a disruptive innovation that denotes the adoption of technologies that have changed how traditional financial services work. While FinTech is now embedded deeply into the financial services ecosystem, the rise of digital age has paved way to FinTech 2.0 - which is rolling out innovative solutions through emerging technologies at a disruptive pace while maintaining the tenets of security and compliances. Blockchain as a technology has started seeing pilot adoption in FinTech around ...
Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation. DX encompasses the continuing technology revolution, and is addressing society's most important issues throughout the entire $78 trillion 21st-century global economy. DXWorldEXPO® has organized these issues along 10 tracks, 22 keynotes and general sessions, and a faculty of 222 of the world's top speakers.
On-premise or off, you have powerful tools available to maximize the value of your infrastructure and you demand more visibility and operational control. Fortunately, data center management tools keep a vigil on memory contestation, power, thermal consumption, server health, and utilization, allowing better control no matter your cloud's shape. In this session, learn how Intel software tools enable real-time monitoring and precise management to lower operational costs and optimize infrastructure...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
SUSE is a German-based, multinational, open-source software company that develops and sells Linux products to business customers. Founded in 1992, it was the first company to market Linux for the enterprise. Founded in 1992, SUSE is the world's first provider of an Enterprise Linux distribution.
Artifex Software began 25-years ago with Ghostscript, a page description language (PDL) interpreter software prevalent in printing and related applications requiring rendering and/or conversion from one software language to another. Founded by renowned computer scientist Dr. L. Peter Deutsch, our company has thrived on the basis of our sharp focus on this area of expertise, a zealous commitment to quality and a strong customer service orientation. Over 100 OEM partners representing some of th...
Blockchain has shifted from hype to reality across many industries including Financial Services, Supply Chain, Retail, Healthcare and Government. While traditional tech and crypto organizations are generally male dominated, women have embraced blockchain technology from its inception. This is no more evident than at companies where women occupy many of the blockchain roles and leadership positions. Join this panel to hear three women in blockchain share their experience and their POV on the futu...
In an age of borderless networks, security for the cloud and security for the corporate network can no longer be separated. Security teams are now presented with the challenge of monitoring and controlling access to these cloud environments, as they represent yet another frontier for cyber-attacks. Complete visibility has never been more important-or more difficult. Powered by AI, Darktrace's Enterprise Immune System technology is the only solution to offer real-time visibility and insight into ...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the competition, or worse, just keep up. Each new opportunity, whether embracing machine learning, IoT, or a cloud migration, seems to bring new development, deployment, and management models. The results are more diverse and federated computing models than any time in our history.
Alan Hase is Vice President of Engineering and Chief Development Officer at Big Switch. Alan has more than 20 years of experience in the networking industry and leading global engineering teams which have delivered industry leading innovation in high end routing, security, fabric and wireless technologies. Alan joined Big Switch from Extreme Networks where he was responsible for product strategy for its secure campus switching, intelligent mobility and campus orchestration products. Prior to Ext...
In today's always-on world, customer expectations have changed. Competitive differentiation is delivered through rapid software innovations, the ability to respond to issues quickly and by releasing high-quality code with minimal interruptions. DevOps isn't some far off goal; it's methodologies and practices are a response to this demand. The demand to go faster. The demand for more uptime. The demand to innovate. In this keynote, we will cover the Nutanix Developer Stack. Built from the foundat...