Hashcache Core

A hardware-implemented key-value store for stateful networking and caching, with the highest speed and capacity available on a single device.

Synopsis

Introducing the Synogate HashCache IP-core

Stateful processing offers dramatically increased capabilities by providing session context to make smarter and more adaptive decisions. The catch: it requires fast state memory management

When processing large amounts of traffic at high speeds, this can pose technical, financial, and security challenges.

Synogate HashCache, our patent-pending, fully hardware-implemented algorithm using DRAM, offers previously unseen storage speed and capacity on a single device - the ideal solution for heavy-duty, internet exposed services with superior security requirements.

Extreme insert speed for low latency and DDoS-resilience
DRAM offering very large capacity at low cost
Guaranteed session retention times for best QoS

For important internet services, full visibility and control of every packet of network traffic are paramount. This requires processing packets statefully, i. e. in the context of the session they belong to. Stateful processing allows making smarter and more adaptive decisions, based on the previous behavior of the session, and offers dramatically increased capabilities. Synogate HashCache is the optimal solution for managing storage for session context at high line rates. A hardware implementation of a key-value store with cache-like storage management, it is able to handle hundreds of millions of connection requests per second using commodity DRAM with capacity for billions of concurrent connections. A novel eviction policy enables it to autonomously replace the oldest inactive entries, making it the ideal state storage for stateful firewalls, network address translators, web or database caches, and other stateful network devices which must operate and perform in untrusted networks. Inside trusted networks, Synogate HashCache can be implemented using High-Bandwidth Memory (HBM) for even higher speed.

Product Brief

Do you want to see Synogate HashCache in action?

Take a look at our

Stateful Firewall Demonstration

To book a demo, you can reach us directly by phone:

Call us: +49-30-62932062

We speak English, German, Spanish, Portuguese, and French.

You are also invited to schedule a demo or meeting directly here:

Book Meeting

Application

  • Stateful firewalls
  • Network intrusion detection systems (NIDS)
  • Carrier-grade network address translation (NAT)
  • Database acceleration
  • High frequency trading
  • Web-caches (CDN)
  • MQTT Broker
  • High bandwidth, high connection count hardware TCP server

Features

  • High read throughput
  • Superior insertion rate
  • Integrated eviction policy offering guarantees on retention time
  • Low latency, as low as 200 nano-seconds
  • Internal or external storage including DRAM support
  • Energy consumption < 1 micro-joule per request
  • Low storage overhead

Key Benefits

  • Stateful network processing at present and future line rates
  • Resilient to DDoS with crafted traffic
  • Reliably high throughput, even in write/update-heavy use cases and situations
  • Fast, granular control for best user experience
  • Low storage overhead resulting in more available storage space
  • Running on highly available and affordable hardware
  • Significant power savings resulting in reduction of Total Cost of Ownership (TCO)

Details

Why write throughput matters

The massive growth in network bandwidth of 50% per year (Nielsen’s Law) and the lack of growth in computing capabilities (Moore’s Law) pose high demands on network appliances, especially those that need to hold and manage state. Stateful network devices, such as stateful firewalls or network address translators (NATs), must store and subsequently retrieve information of previous decisions to act coherently. This retrieval, update, and potential replacement of old entries must keep pace with the throughput of the network device.

A single 100 GiB/s Ethernet connection can transfer more than 209 million packets per second in each direction. Depending on the application scenario, the rate of requests to a network device’s state storage may be the same. What makes matters even more challenging is the exposure of such network devices to untrusted networks. In these environments, a malicious attacker can craft specific traffic to trigger a state storage’s worst-case behavior on purpose in an attempt to mount a DoS attack. High‐speed network appliances often resort to stateless processing, reducing efficiency and security.

Synogate HashCache, a key-value store for FPGA and ASIC designs, solves these issues. Synogate HashCache scales to hundreds of millions of requests per second, perfectly capable of 100G Ethernet and more on modern FPGAs. A stateful network device that employs Synogate HashCache for its state storage also benefits from Synogate HashCache’s high write throughput and entry retention guarantees. Attackers attempting to mount a (D)DoS attack against the device with traffic that triggers large amounts of writes and new states, commonly a worst-case scenario for key-value stores, will find that Synogate HashCache is more than happy to service the requests while maintaining high throughput.

Synogate HashCache is the ideal key-value store for all network appliances that handle large amounts of state, especially if the state needs to be modified or created at high rate. Its high read throughput and low latency also make it an excellent choice in more read-dominated caching use cases such as web-caches, database acceleration, and high frequency trading.

High Throughput

To demonstrate the throughput, we consider the use case of a stateful firewall. Synogate HashCache is fielded using QDR2-SRAM and single channel DDR4-SDRAM, both variations implemented on an Arria 10 device. We compare against a single core linux eBPF implementation as well as a multi-core implementation with a supporting SmartNIC running on two memory channels of the same memory type.

The traffic is sourced from the CAIDA real world dataset, mixed with increasing amounts of attack traffic to simulate a DDoS.

The software implementations, even with SmartNIC support, are orders of magnitude too slow to handle 100G or even 40G. Synogate HashCache on the other hand can easily handle 100G line rate. Under full attack, even with the slower single channel DDR4-DRAM it can sustain 40G line rate. Since Synogate HashCache scales almost linearly with the number of memory channels, 100G line rate is attainable even with DDR4-DRAM by scaling to four channels.

Low Latency

In the same stateful firewall use case, we measure the latency of HashCache for different storage options and traffic patterns. The latency is expressed as the probability of a request being performed within a time frame.

For QDR2-SRAM storage, requests are performed in well under one micro-second. In caching scenarios where attack patterns are not an issue, such as high frequency trading, this latency can drop to below 200 nano-seconds.