Chelsio Traffic Classification and Filtering Solution Overview

The Terminator 5 (T5) and Terminator 6 (T6) ASICs from Chelsio Communications, Inc., are highly integrated, hyper-virtualized 1/10/25/40/50/100Gb Ethernet controllers with full offload support for a complete Unified Wire solution, including storage and networking protocols operating over Ethernet (iSCSI, SMB3.x, iWARP, NVMe over Fabrics, Crypto and FCoE).

Figure 1 – Chelsio Classification and Filtering Solution

Chelsio’s solution is known to scale to true 100 Gigabit line rate operation, from a single TCP connection to thousands of connections. Integrated Network Packet Classification and Filtering capabilities of T5 and T6 ASIC based adapters enable a set of functions, which not only enhances the network performance but also enables intrusion detection, prevention and monitoring. Furthermore, the adapters save a great amount of host compute power by processing these functions on the controller.

Integrated Network Packet Classification and Filtering capabilities of T5 and T6 ASIC based adapters support the following key functions:

  • Network Packet Filtering
  • Network Packet Steering
  • Network Packet Replication
  • Network Packet Tracking and Sniffing

Network Packet Filtering

Chelsio Classification and Filtering feature enhances network performance and security by controlling incoming traffic based on source and destination addresses, protocol, source and receiving ports, or some status bits in the packet.

Figure 2 – Classification and Filtering Actions

This feature can be used in the ingress path to:

  • Steer ingress packets that meet ACL (Access Control List) accept criteria.
  • Switch (proxy) ingress packets that meet ACL accept criteria to a desired output port.
  • Drop ingress packets that meet ACL accept criteria.

Based on data attributes, packets are passed onto the host, routed somewhere else or dropped. Full parsing of TCP/IP, UDP/IP, OvS, OpenFlow, DPDK and IPsec/TLS/SSL/DTLS Crypto traffic is supported for both IPv4 and IPv6 networks.

Network Packet Steering

Packet steering capabilities of Chelsio T5 and T6 adapters support traffic steering to one of the 1K queues available in ASIC, or back out to one of the MAC port based on a variety of criteria. Each packet goes through a classification step, followed by further parsing for lookup.

  • If the packet matches a filter in the Lookup Engine, it will be steered (or dropped) accordingly.
  • It is also possible to steer all ingress traffic on one port/channel to another port/channel.

Network Packet Replication

Chelsio T5 and T6 based 1/10/25/40/50/100Gb Unified Ethernet adapters support Packet Replication feature which enables the following functionalities:

  • Port mirroring
  • Intrusion detection and monitoring
  • Directed packet tracing

This capability is built upon packet replication and filtering in the ingress direction, and packet tracing in the egress direction. This feature is supported for both offloaded and non-offloaded network traffic and allows all ingress traffic matching specific classification entries to be replicated, and a copy to be delivered to a vNIC interface.

Network Packet Tracing and Sniffing

Chelsio T5 and T6 packet tracing solution supports the following functions:

  • Independent configuration for transmit and receive interfaces.
  • Each of the interfaces independently programmable to capture packets.
  • Support for different packet size or entire packet.

The packet tracing feature can be configured to capture all packets that match the filter, or capture all packets that do NOT match the filter.

Supported Adapters and Operating Systems

Chelsio Traffic Classification and Filtering capabilities are supported by all T5 and T6 adapters and available for standard Linux and FreeBSD Platforms.

Chelsio Traffic Classification and Filtering solution delivers a programable interface to enable all the functions and commits a high performance, integrated and secure network fabric for today’s software defined datacenters.

