Welcome!

News Feed Item

Netronome Primes High-Performance Firewalls Based on eBPF/XDP as Data Center Operators Upgrade From Iptables

RSA CONFERENCE -- Netronome, a leader in high-performance intelligent networking solutions, today announced the release of eBPF/XDP offload for Agilio SmartNICs. This provides a foundation for building high-performance, kernel-compliant firewalls, DDoS protection and load balancing products that complement and build on the momentum in the Linux community to drive highly secure, scalable applications needed to optimally secure the exponential growth of users, devices and data. The unique upstreamed, kernel-based Netronome offload and just-in-time (JIT) compiler, combined with the existing low power Agilio® CX 10/25/40GbE SmartNICs, Agilio CX 25/50GbE OCP v2.0 SmartNICs and the new Agilio FX 10/25GbE SmartNICs, allow operators building infrastructures for data center core and enterprise edge applications to marry the benefits of the eBPF framework with transparent hardware acceleration, resulting in up to 10X higher price/performance benefits and 3X power savings.

The new high-performance offload provides an interface to any technology stack that utilizes the underlying flexibility and scalability of eBPF with the performance of XDP. XDP allows users to eliminate kernel bypass through the provision of performance at the base of the kernel stack, eliminating the need for users to have to choose between scalability and performance.

“The new cloud native world of containers needs fast in-kernel networking and security policy enforcement,” said Thomas Graf, founder of the Cilium project. “Programs using eBPF can be changed on the fly and can be transparently offloaded to hardware, combining the flexibility of software-defined data planes with the efficiencies of hardware. eBPF enables Cilium to provide secure microservices with a simple and efficient way to define and enforce both network-layer and application-layer security policies based on container/pod identity.”

“Many useful eBPF networking applications have been created by the Linux community; for example DDoS mitigation apps, load balancers, and more recently, the new bpfilter project for firewalls,” said Alexei Starovoitov, upstream BPF subsystem co-maintainer. “The ability to flexibly run these applications using multiple interfaces in the kernel, and now also in hardware, opens many new possibilities in how this technology can be used in the near future.”

“eBPF is a highly exciting and rapidly growing key part of the Linux kernel. Thanks to its flexibility and performance eBPF allows for a vast number of use cases in different areas such as tracing, security and networking. In particular in networking, eBPF/XDP has become a game changing technology. By providing an in-kernel, high-performance programmable datapath with extremely low per packet costs, XDP is suitable for tailoring custom applications in the field of DDoS mitigation, firewalling, load-balancing, monitoring or any sort of networking stack pre-processing,” said Daniel Borkmann, who maintains the BPF subsystem with Mr. Starovoitov. “The ability to easily offload such eBPF programs entirely into a SmartNIC takes the performance to another level by providing line-rate processing without affecting application performance.”

“The extremely important shift to eBPF/XDP for securing valuable user data is happening now at large data centers,” said Niel Viljoen, CEO and founder of Netronome. “As one of the top networking companies contributing to the Linux community in this vital space, we are proud to be in the forefront bringing true software-defined security with hardware acceleration to the industry as it braces for the tsunami of data growth from new applications and devices.”

By using the proposed bpfilter mechanism, traditional netfilter-based approaches used for implementing security will be easily transferrable to the more flexible, higher performance BPF-based environment. This ensures compliance with existing security management and orchestration tools, yet provides the ability to change dynamically, making it more suitable for ephemeral environments like with containers and edge computing. The Linux community is actively driving these innovations, bringing significant benefits to data center operators as they upgrade their infrastructures for tighter security.

For users who do not run Linux as the host kernel, the new Agilio FX 10/25GbE SmartNIC, which combines the NFP-4000 processor with a quad-core Arm v8, makes it possible to run BPF on the NFP with the Arm running Linux. As a result, vital eBPF/XDP-based security and load balancing features can now be implemented with a broad set of host operating systems.

The Agilio SmartNIC family fully and transparently offloads virtual switch and router datapath processing for networking functions such as overlays, security, load balancing and telemetry, enabling servers used for networking and cloud computing to conserve critical CPU cores for application processing while maintaining significantly higher networking throughput.

Available today, users can download the Agilio eBPF/XDP offload solution via the Netronome support site.

Visit Netronome at the RSA Conference

Netronome will be exhibiting at the RSA Conference, April 16-20, at booth 2610 with details about the need for more dynamic and performant security solutions and how such challenges can be addressed with its Linux upstreamed eBPF/XDP solutions. Netronome will also showcase the new Agilio FX SmartNIC and its applicability toward enhancing security for bare metal servers.

Supporting Resources

About Netronome

Netronome enables customers to increase the efficiency of their modern data center infrastructure, reducing total cost of ownership (TCO) and driving significantly higher revenue per server. Server-based networking has enabled rapid innovation and transformed the economics for data center compute and networking. However, such deployments are facing significant scaling and efficiency challenges with the rapid adoption of 10GbE and higher bandwidth network infrastructure. Netronome brings back much-needed scale and efficiency, without compromising flexibility or the speed of innovation needed in today’s cloud networks running businesses of all sizes. Netronome is headquartered in Santa Clara, CA. To learn more about Netronome and its products, please visit www.netronome.com.

Netronome, the Netronome logo, and Agilio are trademarks or registered trademarks of Netronome Systems, Inc. All other trademarks mentioned are registered trademarks or trademarks of their respective owners in the United States and other countries.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
DXWorldEXPO LLC announced today that Dez Blanchfield joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Dez is a strategic leader in business and digital transformation with 25 years of experience in the IT and telecommunications industries developing strategies and implementing business initiatives. He has a breadth of expertise spanning technologies such as cloud computing, big data and analytics, cognitive computing, m...
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory?
In past @ThingsExpo presentations, Joseph di Paolantonio has explored how various Internet of Things (IoT) and data management and analytics (DMA) solution spaces will come together as sensor analytics ecosystems. This year, in his session at @ThingsExpo, Joseph di Paolantonio from DataArchon, added the numerous Transportation areas, from autonomous vehicles to “Uber for containers.” While IoT data in any one area of Transportation will have a huge impact in that area, combining sensor analytic...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Michael Maximilien, better known as max or Dr. Max, is a computer scientist with IBM. At IBM Research Triangle Park, he was a principal engineer for the worldwide industry point-of-sale standard: JavaPOS. At IBM Research, some highlights include pioneering research on semantic Web services, mashups, and cloud computing, and platform-as-a-service. He joined the IBM Cloud Labs in 2014 and works closely with Pivotal Inc., to help make the Cloud Found the best PaaS.
It is of utmost importance for the future success of WebRTC to ensure that interoperability is operational between web browsers and any WebRTC-compliant client. To be guaranteed as operational and effective, interoperability must be tested extensively by establishing WebRTC data and media connections between different web browsers running on different devices and operating systems. In his session at WebRTC Summit at @ThingsExpo, Dr. Alex Gouaillard, CEO and Founder of CoSMo Software, presented ...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
One of the biggest challenges with adopting a DevOps mentality is: new applications are easily adapted to cloud-native, microservice-based, or containerized architectures - they can be built for them - but old applications need complex refactoring. On the other hand, these new technologies can require relearning or adapting new, oftentimes more complex, methodologies and tools to be ready for production. In his general session at @DevOpsSummit at 20th Cloud Expo, Chris Brown, Solutions Marketi...
In a world where the internet rules all, where 94% of business buyers conduct online research, and where e-commerce sales are poised to fall between $427 billion and $443 billion by the end of this year, we think it's safe to say that your website is a vital part of your business strategy. Whether you're a B2B company, a local business, or an e-commerce site, digital presence is key to maintain in your drive towards success. Digital Performance will take priority in 2018 for the following reason...
At the keynote this morning we spoke about the value proposition of Nutanix, of having a DevOps culture and a mindset, and the business outcomes of achieving agility and scale, which everybody here is trying to accomplish," noted Mark Lavi, DevOps Solution Architect at Nutanix, in this SYS-CON.tv interview at @DevOpsSummit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
I think DevOps is now a rambunctious teenager - it's starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
What's the role of an IT self-service portal when you get to continuous delivery and Infrastructure as Code? This general session showed how to create the continuous delivery culture and eight accelerators for leading the change. Don Demcsak is a DevOps and Cloud Native Modernization Principal for Dell EMC based out of New Jersey. He is a former, long time, Microsoft Most Valuable Professional, specializing in building and architecting Application Delivery Pipelines for hybrid legacy, and cloud ...
In this presentation, you will learn first hand what works and what doesn't while architecting and deploying OpenStack. Some of the topics will include:- best practices for creating repeatable deployments of OpenStack- multi-site considerations- how to customize OpenStack to integrate with your existing systems and security best practices.