Facebooktwittergoogle_pluspinterestlinkedinmailFacebooktwittergoogle_pluspinterestlinkedinmail

Literally anything you might want to see—and some things you don’t—is available online. Just as not every book is for every person, neither is every type of web content. To help shield users from unwanted content, organizations use web filters. 

Filtering at High Speed

As internet traffic increases, networks need to increase their speed to ensure service level and capacity. In telecom networks, to serve hundreds of thousands of users, 100 Gbps network links are being introduced to keep up with the demand. Today, the market has reached a state of maturity regarding solutions for web content filtering at 1 Gbps and 10 Gbps, but filtering at 100 Gbps poses a whole set of new challenges.

Filtering web content at 100 Gbps requires a huge supply of processing power. Furthermore, there is a need for distribution of traffic across available processing resources. This is usually achieved with hash-based 2-tuple or 5-tuple flow distribution on subscriber IP addresses. In telecom core networks, subscriber IP addresses are carried inside GTP tunnels and, consequently, support for GTP is required for efficient load distribution when filtering traffic in telecom core networks.

Building a Filter

There are two main approaches to processing resources and providing load distribution.

The Stacked, Distributed Server Solution

This approach is comprised of standard COTS servers equipped with several 10 Gbps standard NICs and a high-end load balancer. The load balancer connects in-line with the 100 Gbps link and load-distributes traffic to 10 Gbps ports on the standard servers. The load balancer must support GTP and flow distribution based on subscriber IP addresses. Because the load balancer cannot guarantee 100% even load distribution, there is a need for overcapacity on the distribution side. A reasonable solution comprises 24 x 10 Gbps links. For this solution, three standard servers, each equipped with four 2 x 10 Gbps standard NICs, in total provide the 240 Gbps traffic capacity (3 x 4 x 2 x 10 Gbps).

This approach requires an expensive load balancer. However, the initial cost is offset by the reasonable price of the standard COTS servers and standard NICs. The solution involves many components and complex cabling. Furthermore, the rack space required is relatively large, and system management is complex due to the multi-chassis design.

As mentioned above, this approach requires a high-end load balancer, three standard COTS servers, a dozen 2 x 10 Gbps standard NICs and 24 cables for 10 Gbps links.

The Single, Consolidated Server Solution

This approach consolidates 100G network connectivity, load distribution and the total processing power in a single server. The solution requires a COTS server and 100G Smart NICs. Since up to 200 Gbps of traffic needs to be processed within the same server system, the server must be equipped with multiple cores for parallel processing. For example, a server with 48 CPU cores can run up to 96 flow processing threads in parallel using hyper-threading. To fully use CPU cores, the Smart NIC must support load distribution to as many threads as the server system provides. Also, to ensure balanced use of CPU cores, the Smart NIC must support GTP tunneling. The Smart NIC should also support these features at full throughput and full duplex 100 Gbps traffic load, for any packet size.

This approach is advantageous in several ways. Because of its single component usage, the cabling is simple. It provides a one-shop system management, where there are no complex dependencies between multiple chassis. The footprint in the server rack is very low, thereby reducing rack space hosting expenses.

Equipment for the single server approach is basic: a COTS server and two 1 x 100 Gbps Smart NICs.

Choosing a Solution

There are two key considerations when selecting a solution for 100 Gbps web content filtering. The technical solution is obviously important, but the total cost of ownership should be a serious consideration. Here are some significant parameters for operations expenditure (OPEX) and capital expenditure (CAPEX) calculations:

OPEX

  • Power consumption, including cooling
    • Servers
    • NICs
    • Load balancers
  • Rackspace hosting expenses
  • Warranty and support

CAPEX

  • Cost of smart NICs or standard NICs
  • Cost of software
  • Cost of servers

Consideration of these parameters, in addition to the specific needs of the organization, will reveal which solution is the best choice. Each solution has very different costs associated with it, so the right approach will be the one that makes sense based on estimated application CPU requirements.

Consider Smart NICs to support load distribution and full throughput 100 Gbps if your goal is a simpler, consolidated approach for web content filtering at this high speed.

To learn how Best-in-Class organizations overcome poor internet reliability and become leaders in the modern hybrid world, check out this comprehensive report from Aberdeen Senior Research Analyst Jim Rapoza.

 

Sven Olav Lund is a Senior Product Manager at Napatech

 

Facebooktwittergoogle_pluspinterestlinkedinmailFacebooktwittergoogle_pluspinterestlinkedinmail
Subscribe To Our Newsletter Today and Receive the Latest Content From Our Team!

Subscribe To Our Newsletter Today and Receive the Latest Content From Our Team!

You have Successfully Subscribed!