It is often hard to figure out the truth after reading the datasheets of Cubro competitors because there is too much information which can be misleading. The facts are mixed and presented in the wrong context, or the information related to performance is dependent upon many factors which are not clearly explained. This makes the data unreliable.
A typical network packet broker (NPB) based on a commodity chipset can only perform L2-L4 functions at line rate (deterministic output*). These functions include filtering, aggregation, and sometimes simple tagging and encapsulation/tunnel removal. A CPU is a non-deterministic device, and therefore the performance is relative to the application, the bandwidth of the processed traffic and the type of the processed traffic.
What does this actually mean?
Consider you have an NPB with 40 x 10 Gbit ports (400 Gbit input) and a CPU which can typically handle 20 Gbit (depends on the application). This means it is possible to handle 400 Gbit in L4 function and 20 Gbit in a higher layer function, but usually only one function.
The datasheet lists many functions, but fails to mention the fact that these functions cannot all be active at the same time, because they all share the same CPU resources.
Another limiting factor is the interconnect (backplane) between the part that handles the L2-L4 functions (ASIC, FPGA) and the CPU that handles the L5+ functions. The bandwidth capacity of the backplane is often not mentioned in the datasheet but is an important figure to ask your vendor about.
Many functions that cannot be simultaneously used and a bandwidth constrained backplane are the primary factors in determining the true performance of the device. These vital details are usually not mentioned, and therefore the customers do not see the actual picture.
The advantage of Cubro is that many of these upper layer functions can be handled by our advanced chipset deterministically where other vendors require a non-deterministic CPU to accomplish the same function. Cubro’s advantage in this area is a true differentiator and also helps to reduce the cost to the end user. For instance, Cubro NPB can perform packet slicing in multiple 100 Gbit in-line rates.
The only limiting factor is the physical connection and, to be fair, this approach has functional limits as well. These functional limits, however, are known, precalculated, and proofed. The limitation is usually defined not in bandwidth, but in packets per second. If the specifications say 100 million packets per second this could mean different bandwidths relative to the size of the packets. For example, 100 million packets/sec could mean 4 x 100 Gbps links or it could be too low for even 1 link depending on packet size.
See the table below:
The primary reason that reliable performance figures cannot be calculated for a non-deterministic system is that the traffic itself is both the most important factor and unknown. For example, in an application where traffic is being filtered by regex matching the most performance-limiting factor is the rate at which traffic is being matched. For example, if the regex application is filtering 20 Gbps (5 million packets/sec) and the match rate is 5% then the application will work with only one CPU. If the match rate increased to 50%, however, a single CPU would no longer be sufficient for the given application. In both cases the amount of traffic is the same; the only thing that changes is the rate at which the traffic matches the filter criteria.
*deterministic means that “the function is processed in an exact described manner within an exact defined time frame – no matter how many packets are processed.”
* non-deterministic means that “the function is more complex, and performance is relative to multiple factors. Therefore, it is really impossible to estimate accurate performance figures for general use.”
Tip – “Don’t ask your vendor for bandwidth capacity, ask for packets per second performance. This is the real performance figure!“
Contact us and find out the business benefits of using Cubro products