XDP Accelerator
*******************

By combining XDP (eXpress Data Path) and eBPF (extended Berkeley Packet Filter),
a program can be written that outsources the filtering of network traffic to the NIC driver (Network Interface Card)
for lighning fast packet processing.
The eBPF program is attached directly to the NIC driver to process network data at a very low level.
eBPF is used to implement the network traffic logic.

This allows network data processing to be performed directly in the NIC driver without the data having to traverse the entire Linux kernel,
resulting in faster processing and better performance.

.. image:: ../img/XDP-Stack.png
    :width: 100%
    :align: center
    :alt: XDP Stack

VT AIR XDP is an add-on to nftables and accelerates connections by a **factor of 5** after they have been confirmed and allowed by the firewall rules.
This allows for the traditional and comprehensive protection of nftables and the speed of XDP, the best of both worlds.

Our VTAIR XDP/eBPF offloader is a powerful tool that can handle a variety of network traffic scenarios.
It supports both TCP and UDP traffic, the two most common protocols on the Internet.
This means that the offloader can handle a wide range of applications such as web browsing, file transfers, and video streaming.

In addition, VT AIR XDP can handle **SNAT** (Source Network Address Translation),
**DNAT** (Destination Network Address Translation) and **routing**.
SNAT and DNAT are techniques to modify the source and destination addresses of network packets, respectively,
while routing is the function that directs the packets between different networks.
By supporting these features, our offloader provides flexible and powerful network filtering capabilities.

VT AIR XDP also supports **VLAN** (Virtual LAN), **QinQ** (Dual Tagged VLAN) and **PPPoE** (Point-to-Point Protocol over Ethernet) connections.

.. image:: ../img/XDP-Int_Stacking.png
    :width: 100%
    :align: center
    :alt: XDP Interface Stacking

VT AIR XDP Speedups
----------------------------

We tested our VT AIR XDP against a normal nftables firewall.
For the test we used three different devices on three different architectures.

+---------------------+---------------------+--------------+----------------+-------------------------+
| Device              | CPUs                | NFTables pps | VT AIR XDP pps | Speedup                 |
+---------------------+---------------------+--------------+----------------+-------------------------+
| VT AIR 100 (armhf)  | 2x Cortex v7        | 146 Kpps     | 775 Kpps       | 5,3                     |
+---------------------+---------------------+--------------+----------------+-------------------------+
| VT AIR 600 (arm64)  | 4x A72              | 594 Kpps     | 2840 Kpps      | 4,8                     |
+---------------------+---------------------+--------------+----------------+-------------------------+
| VT AIR 500 (x86)    | 4x Intel Atom C3558 | 659 Kpps     | 3192 Kpps      | 4,8                     |
+---------------------+---------------------+--------------+----------------+-------------------------+

.. image:: ../img/XDP-Speedup.png
    :width: 100%
    :align: center
    :alt: XDP Speedup

VT AIR XDP DDoS Protection
----------------------------

VTAIR XDP is also capable of blocking DDoS traffic at very high rates.
This is an important capability for networks at high risk of DDoS attacks, such as hosting environments or critical infrastructure,
popular websites, or other high-value targets.
By using our offloader to block DDoS attacks, network operators can help keep their networks running smoothly and avoid costly downtime.