Hardware Flow Offload

Flow offload is a great feature for cutting the CPU load when processing traffic with Cento at high rates, as it’s possible to let the network card classify packets and update the flow table (update flow statistics), as soon as Cento has done with the processing of the initial packets of a flow (including the application protocol detection by leveraging on the nDPI Deep Packet Inspection engine). This saves CPU for the DPI processing (which has to be done in software) or for running multiple applications on the same box (e.g. Cento as Netflow probe, and n2disk as traffic recorder).

_images/hardware_flow_offload.png

Flow offload is currently supported by Accolade Technology adapters (e.g. ANIC-Ku Series, including ANIC-20/40Ku and ANIC-80Ku) when used with PF_RING as specified at https://www.ntop.org/guides/pf_ring/modules/accolade.html. In order to enable it on supported adapter, the --flow-offload option should be added to the configuration file, no additional configuration is required.

Example:

cento --flow-offload -i anic:0 -9 192.168.1.10:2055 -D 2