Overview


RazorCapture is a dedicated nanoseccond hardware timestamped 10Gbit packet capture device. We built RazorCapture because all existing solutions on the market are either imprecise or extremely expensive, our goal is to provide a cost effective solution to nanoseccond precision packet capture.

Precision


Precision means different things to different people, some are happy with +/- 1 milliseccond, others happy with +/- 1 microsecconds yet our goal is to be +/- 1 nanoseccond. When the error variability is larger than your measurement, what your measuring is usually a function of somthing else. For example lets try measure a 10 microsecconds gap between packets on a 10Gbit wire using a stock Linux kerenel with tcpdump, what can go wrong?

Sources of Imprecission:
  • NIC PHY (constant)
  • NIC Processing/DMA/Buffering (variable)
  • NIC Features TSO/LFO (variable)
  • PCI Express Buffering/Contention (variable)
  • Linx Kernel Interrupts (variable)
  • Linx Context Switching (variable)
  • Linx NIC Driver Interrupt Coaleasing (variable)
  • tcpdump timmer precision (gettimeofday)

All of the above adds to +/- 100 microseccond variability in timming results using a stock kernel and NIC. If you tune the NIC and system this can be reduced to +/- 10 microseccond true accuracy which we will go into detail on how to do.

Where and why is latency introduced? lets go into more detail.

NIC PHY
This is the physical layer of the OSI model. Traditionally it converted the analoge signals into binary that gets passed to the MAC layer for framing and conversion into a packet. However for 10Gb networks the analoge conversion, the transcever, is seperated into the SFP+ module as different networks require different physical transport mediums. e.g. Transmiting signals over 100 Kilometers via fiber has different problems than sending signals 1 meter over copper. Thus we have different SFP+ standards such as 10GBASE-SR, 10GBASE-LR, 10GBASE-CX4, 10GBASE-CR. Once the SFP+ module has finished it hands a very high speed serial bit stream to the PHY to decode the digitized analoge signal into 1`s and 0`s known as serdes processing. The good news is, the introduced latency has little jitter and we can consider it a fairly constant +200ns latency.

NOTE: some NIC`s the PHY has been integrated entirely into the vendors chip sometimes called "mixed signal" designs.













info@razorstack.com