Packet capture – grabbing every data packet on a network for analysis – is becoming increasingly important, not just for specialist latency measurement but for higher level monitoring and management of trading and compliance functions. IntelligentTradingTechnology.com spoke to Solarflare’s Bruce Tolley how and why it is being integrated into the company’s network interface cards.
Q: Solarflare has an increasing focus on packet capture. What are drivers for this trend in the financial markets?
A: The British physicist Lord Kelvin (aka William Thomson) said that if you cannot measure something, you cannot improve it. The management consultant Peter Drucker extended this notion to say, if you cannot measure a thing, you cannot manage it. With the pressure on financial institutions not only to measure and improve the performance of their applications and networks, there is an increasing need for financial intuitions, banks, and exchanges to capture and record information for internal audits and regulatory compliance.
Q: What products do you now offer to allow packet capture across servers?
A: Solarflare recently launched a complete family of SolarCapture network recording products. At the low end, we offer a basic version at no cost, which captures data and records that data to disk. The next step up, SolarCapture Pro not only captures data, but also time stamps the data with sub 10-nanosecond resolution. The Pro version can also pass that data to other applications for analysis or aggregation through a standard interface called libpcap. At the top of the line is AOE SolarCapture Pro, which supports all the functions of its two siblings but uses an onboard FPGA, the Solarflare ApplicationOnload Engine (AOE), to off load the host processor by decreasing host CPU and memory utilisation, thereby providing 100% lossless capture on outgoing as well as incoming data.
Q: How does Solarflare’s offering simplify the process of network monitoring, analysis or security? What kind of set up would it typically replace?
A: SolarCapture does not so much replace any existing process or product as it does augment current models of network monitoring, analysis, and security. Now any server can be turned into a packet capture device. And perhaps more important, the packet capture enabled server can now be managed just like any other server in the enterprise or service provider network. There is no need to invest in specialised dedicated appliances. Moreover, existing third-party tools can use the SolarCapture interfaces and recording functionality to yield more precise and complete data. Third-party tools can also take that data captured by SolarCapture, analyse it and present it for actions by management. And with SolarCapture Pro, the server adapter can be used simultaneously for packet capture and standard network traffic if required.
Q: What is the relationship between SolarCapture and your established IEEE 1588 precision time protocol (PTP) products? How do they relate to one another and to the time stamp oscillators that are found in your time synchronisation products?
A: All of our recently launched SFN7000 series server adapters have a precision oscillator on board. The SFN7000 adapters can be field upgraded to full PTP functionality via a software download. Additionally, the host clock can be synchronised by the adapters. This provides a very precise time stamp for the captured packets which increases measurement and forensic accuracy. We call this application flexibility AppFlex. SolarCapture also works elegantly in networks where the customer wants the 10GbE network switch to perform the precision time stamp function. We have a partnership with Arista Networks to enable exactly this scenario. See Solarflare SolarCapture + Arista 7150S at: http://www.aristanetworks.com/en/products/eos/danz
Q: How do Solarflare’s products work with other packet capture and network monitoring offerings from the likes of Splunk, TS Associates, and Packets2Disk? Are they complementary? Is there overlap and how is this managed?
A: Solarflare SolarCapture does not provide analytical or network aggregation functionality at this time because the primary goal was to provide an accurate, flexible, and easy to use 10GbE packet capture platform for these types of applications. We have a very successful partnership world wide with TS Associates and are working with several large customers and various partners such as Splunk, Packets2Disk, and others to provide this type of functionality. By using libpcap or the C and Python libraries included with PacketCapture Pro, customers and partners can build connectors to various applications developed in-house or to other third party tools used to provide analysis and aggregation.
Q: Over the next 12 to 18 months, where do you see over packet capture being deployed in the financial services and banking segment?
A: Performance monitoring, security, audits, and regulatory compliance are driving the electronic trading segment to high-speed packet capture and network monitoring. The big banks and exchanges are also building out proof of concept tests (POCs) with the latest cloud and software defined networking (SDN) technologies. These architectures have demanding requirements for performance monitoring, instrumentation, and the measurement of SLAs. They will need not just sensors, taps, and aggregation to collect OpenFlow and other statistics as well as instrumentation and analytics to determine whether they can deliver the performance and reliability required to support mission-critical applications.
Solarflare is well known for high performance networking software and hardware including the acceleration of network data and applications. With SolarCapture, we are extending our reach into the monitoring of data and applications. In addition to helping customers instrument their SDN POCs, we will be talking more about hardening hosts with augmentations to our middleware stacks in the near future.