Web Content Filtering at 100G

Which Approach Is Right for You?


Subscribers of cable or satellite TV services now have literally hundreds of channels to choose from. Sports, classic movies, cooking shows, design competitions, history and more – not everyone is going to want to watch the same kind of programming.

The same holds true for the internet. Not everyone wants the same content. For this reason, organizations use web filters; they have the ability to block unwanted web content such as pornography or advertising. However, this presents a performance challenge that must be overcome to ensure a quality customer experience.

Ensuring Performance

Providers must meet their service level agreements and meet capacity requirements as internet traffic increases. This requires higher-speed networks. In telecom networks, to serve hundreds of thousands of users, 100 Gbps network links are introduced to keep up with the demand. Today, the market has reached a state of maturity regarding solutions for web content filtering at 1 Gbps and 10 Gbps, but filtering at 100 Gbps poses a whole set of new challenges.

First of all, it takes an enormous amount of processing power to filter web content at 100 Gbps. Furthermore, there is a need for distribution of traffic across available processing resources. This is usually achieved with hash-based 2-tuple or 5-tuple flow distribution on subscriber IP addresses. In telecom core networks, subscriber IP addresses are carried inside GTP tunnels and, consequently, support for GTP is required for efficient load distribution when filtering traffic in telecom core networks.

Two Ways to Build a Filtering Architecture

So then, providers need to be able to quickly process resources and provide load distribution. There are two ways to achieve this. The first way is a stacked, distributed server solution.

In this method, there is an expensive load balancer paired with standard COTS servers, which are equipped with several 10 Gbps standard NICs. The load balancer connects in-line with the 100 Gbps link and load distributes traffic to 10 Gbps ports on the standard servers. The load balancer must support GTP and flow distribution based on subscriber IP addresses. Because the load balancer cannot guarantee 100 percent even load distribution, there is a need for overcapacity on the distribution side. A reasonable solution comprises 24 x 10 Gbps links. For this solution, three standard servers, each equipped with four 2 x 10 Gbps standard NICs, in total provide the 240 Gbps traffic capacity (3 x 4 x 2 x 10 Gbps).

The load balancer carries a hefty price tag, but this expense is offset by the reasonable cost of the standard COTS servers and standard NICs. The solution involves many components and complex cabling. Furthermore, the rack space required is relatively large, and system management is complex due to the multi-chassis design.

To recap, this method requires the following components: a high-end load balancer, three standard COTS servers, a dozen 2 x 10 Gbps standard NICs and 24 cables for 10 Gbps links.

The second approach is a single, consolidated server solution that, as its name implies, consolidates load distribution, 100G network connectivity and the total processing power in a single server. This solution requires a COTS server and 100G Smart NICs. Since up to 200 Gbps traffic needs to be processed within the same server system, the server must be equipped with multiple cores for parallel processing. For example, a server with 48 CPU cores can run up to 96 flow processing threads in parallel using hyper-threading. To fully use CPU cores, the Smart NIC must support load distribution to as many threads as the server system provides. Also, to ensure balanced use of CPU cores, the Smart NIC must support GTP tunneling. The Smart NIC should also support these features at full throughput and full duplex 100 Gbps traffic load, for any packet size.

This approach has several things to recommend it. The footprint in the server rack is very low, thereby reducing rack space hosting expenses. The cabling is simple due to single component usage. It provides a one-shop system management, where there are no complex dependencies between multiple chassis.

The components for this method are a COTS server and two 1 x 100 Gbps Smart NICs.

Finding What Works

It’s necessary to consider the technical portion of a 100 Gbps web content filtering solution, but the total cost of ownership should be a serious consideration. Here are some significant parameters for operations expenditure (OPEX) and capital expenditure (CAPEX) calculations:


  • Rackspace hosting expenses
  • Warranty and support
  • Power consumption, including cooling
    • - Servers
    • - NICs
    • - Load balancers


  • Cost of software
  • Cost of servers
  • Cost of smart NICs or standard NICs

What is your use case? That will reveal which server model is best. Because these two solutions differ greatly in cost, the choice should be determined by estimating application CPU requirements. Smart NICs support load distribution and full-throughput 100 Gbps, making them a simpler, consolidated approach for web content filtering at this high speed. If Smart NICs serve your use case, they could help you save money while meeting service level agreements.

Looking small

Read next:

Expert Insight: 'An Effective Visualization Results From A Great Deal Of Curiosity And Exploration'