초고속네트워크보안시스템설계및구현. KyoungSoo Park School of Electrical Engineering, KAIST. (Collaboration with many students & faculty members at KAIST)
|
|
- Jordan Richard
- 5 years ago
- Views:
Transcription
1 초고속네트워크보안시스템설계및구현 KyoungSoo Park School of Electrical Engineering, KAIST (Collaboration with many students & faculty members at KAIST)
2 Agenda High-performance packet processing on x86 systems Kargus High-performance network IDS [CCS 12] FloSIS Network flow capture/retrieval system [USENIX 15] mos Reusable network stack for middleboxes [NSDI 17] 2
3 Network Traffic Prediction for 2021 Global IP traffic will be 127x than that of 2005 Smartphone traffic will exceed PC traffic by 2021 Number of connected devices = 3 x populations Broadband speeds will double Business Internet traffic grow at a faster pace than WAN Need faster security monitoring at edge (10/40/100G) Data from Cisco Visual Networking Index: 3
4 Real Traffic Monitoring Is Complex Stateful Firewalls L7 protocol analyzers Network Intrusion Detection System Internet Complexity due to TCP and Application layer Can t be easily done on programmable switches or routers Commodity x86 machines are attractive but slow => However, solid design allows 10~40Gbps monitoring 4
5 Packet Capture Technology in 2005 Packet CAPture (PCAP) library Captures packets at network card Still widely used (tcpdump, Ethereal, Wireshark, Ominpeek, etc.) Performance range: 0.4 to 6.7 Gbps (on 12 core machine) Why is PCAP library SLOW? Utilizes a single CPU core per NIC even on a multi-core system Poorer performance small packets (per-packet overhead) Detailed information at PacketShader [SIGCOMM 10] Heavyweight kernel data structures Frequent memory allocation and deallocation Interrupt overhead 5
6 Packet I/O Technology in 2017 Kernel bypass packet I/O Inspired by PacketShader [SIGCOMM 10] DPDK, PSIO, Netmap, PF_Ring, etc. Common techniques Static buffers for packet content/metadata Batch processing 32 to 4096 packets Full utilization of multiple CPU cores (e.g., receive-side scaling) Performance: ~20 Gbps per CPU core (64 bytes) [Core 1] [Core 2] [Core 3] [Core 4] [Core 5] RxQ A1 RxQ B1 RxQ A2 RxQ B2 RxQ A3 RxQ B3 RxQ A4 RxQ B4 RxQ A5 RxQ B5 10 Gbps NIC A 10 Gbps NIC B 6
7 My Research for the Past 7 Years PacketShader[SIGCOMM 10]: 40G S/W router SSLShader[NSDI 11]: fastest SSL reverse proxy Kargus[CCS 12]: 33 Gbps NIDS with Snort-like ruleset Monbot[Mobisys 13]: 10G flow-level content analyzer mtcp[nsdi 14]: fastest user-level TCP stack FloSIS [USENIX 15]: 30Gbps flow capture systems APUNet[NSDI 17]: fast packet processing on AMD APU mos [NSDI 17]: a reusable network stack for middleboxes 7
8 Kargus Goal A highly-scalable software-based NIDS for high-speed network Slow software NIDS Bottlenecks Inefficient packet acquisition Expensive string & PCRE pattern matching Fast software NIDS Solutions Multi-core packet acquisition Parallel processing & GPU offloading Outcome Fastest S/W signature-based IDS: 33Gbps 100% malicious traffic: 10 Gbps Real network traffic: ~25 Gbps 8
9 Typical Signature-based NIDS alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg: possible attack attempt BACKDOOR optix runtime detection"; content:"/whitepages/page_me/100.html"; pcre:"/body=\x2521\x2521\x2521optix\s+pro\s+v\d+\x252e\d+\s+server\s+online\x2521\x2521\x2521/") Packet Acquisition Preprocessing Multi-string Pattern Matching Match Success Rule Options Evaluation Evaluation Success Output Decode Flow management Reassembly Match Failure (Innocent Flow) Evaluation Failure (Innocent Flow) Malicious Flow Bottlenecks * PCRE: Perl Compatible Regular Expression 9
10 Pattern Matching CPU intensive tasks for serial packet scanning Major bottlenecks Multi-string matching (Aho-Corasick phase) PCRE evaluation (if pcre rule option exists in rule) On an Intel Xeon X5680, 3.33 GHz, 12 MB L3 Cache Aho-Corasick analyzing bandwidth per core: 2.15 Gbps PCRE analyzing bandwidth per core: 0.52 Gbps 10
11 GPU-based Pattern Matching GPUs Containing s of SIMD processors Ideal for parallel data processing without branches DFA-based pattern matching on GPUs Multi-string matching using Aho-Corasick algorithm PCRE matching Pipelined execution in CPU/GPU Concurrent copy and execution Aho-Corasick bandwidth 2.15 Gbps 39 Gbps PCRE bandwidth 0.52 Gbps 8.9 Gbps Packet Acquisition GPU Dispatcher Thread Preprocess Engine Thread Multi-string Matching Offloading Multi-string Matching Queue Rule Option Evaluation Offloading PCRE Matching Queue GPU Multi-string Matching PCRE Matching 11
12 Alternative: Better Pattern matching algorithm: DFC [NSDI 16] 12
13 Overall Architecture of Kargus Non Uniform Memory Access (NUMA)-aware Core framework as deployed in dual hexa-core system Can be configured to various NUMA set-ups accordingly Kargus configuration on a dual NUMA hexanode machine having 4 NICs, and 2 GPUs 13
14 Innocent Traffic Performance 40 Gbps input traffic x faster than multi-core Snort w/ PF_Ring x faster than MIDeA (state-of-the-art before Kargus) Throughput (Gbps) MIDeA Snort w/ PF_Ring Kargus CPU-only Kargus CPU/GPU Packet size (Bytes) Actual payload analyzing bandwidth 14
15 Malicious Traffic Performance 5x faster than Snort Throughput (Gbps) Kargus, 25% Kargus, 50% Kargus, 100% Snort+PF_Ring, 25% Snort+PF_Ring, 50% Snort+PF_Ring, 100% Packet size (Bytes) 15
16 FloSIS Goal A high-speed flow capture & retrieval system I II Design A pipelined parallel processing architecture A two-stage flow-level indexing & retrieval III IV Optimization Latency limitation for high zero-drop performance Deduplication for storage efficiency 36 Gbps of peak performance 5 times faster retrieval 34.5% of storage saving 16
17 Packet-based Capture Systems tcpdump, wireshark: packet capture & analysis n2disk* : high-speed packet recorder with indexing Arriving packets Packets in disk Retrieval without index Retrieval with index tt * DERI, L., CARDIGLIANO, A., AND FUSCO, F, 10gbit line rate packet-to-disk using n2disk, In proceedings of IEEE INFOCOM Workshop on Traffic Monitoring and Analysis,
18 Flow-based Capture Systems Write/read a flow at one location Arriving packets Flows in disk tt Flow retrieval Real-time flow content reassembly Payload content before writing See the content right after searching Improve storage efficiency by deduplication 18
19 Overall Architecture of FloSIS Overall architecture and thread arrangement of FloSIS 16 CPU cores, 4 10G NIC ports, 24 HDDs, and 2 SSDs 19
20 Key Ideas in FloSIS Pipelined parallel processing architecture Two-stage flow-level indexing & retrieval Low packet processing latency Direct disk I/O, sequential disk I/O User-level memory management Deduplication for storage efficiency 20
21 Packet Capture & Dumping Performance Stress test with 40 Gbps of synthetic packet workload H/W limit Sequential disk writing throughput Tcpdump not optimized for multicore environments n2disk10g and FloSIS show comparable performance 21
22 Real Traffic Processing Performance Peak & zero-drop performance with real traffic trace replay (LTE traffic) 10Gbps Peak performance is restricted by the sequential disk writing performance FloSIS shows higher zero-drop performance than n2disk10g 22
23 Flow-level Query Response Time Elapsed time for processing retrieval Search the flows by querying 10 randomly selected source IP addresses Retrieval: source IP address ,768 flows 1,668 flows 1,693 flows 185 flows 318 flows 276 flows 119 flows 137 flows 21,300 flows 4,255 flows 2~5 times faster n2disk10g FloSIS Elapsed time (sec) # of flows # of disk access Retrieval processing time 23
24 Most Middleboxes Deal with TCP Traffic TCP dominates the Internet 95+% of traffic is TCP [1] Flow-processing middleboxes Stateful firewalls Protocol analyzers Cellular data accounting Intrusion detection/prevention systems Network address translation And many others! TCP UDP etc [1] Comparison of Caching Strategies in Modern Cellular Backhaul Networks, ACM MobiSys TCP state management is complex and error-prone! 24
25 Example: Cellular Data Accounting System Custom middlebox application No open-source projects In South Korea, Celullar ISPs must not account for TCP retransmission packets Internet Gateway Data Accounting System Cellular Core Network 25
26 Programming TCP End-Host Application Typical TCP end-host applications Typical TCP middleboxes? TCP application Berkeley Socket API TCP/IP stack User level Kernel level Middlebox logic Packet processing Flow state tracking Flow reassembly Spaghetti code? No clear separation! Berkeley socket API Nice abstraction that separates flow management from application Write better code if you know TCP internals Never requires you to write TCP stack itself 26
27 mos Networking Stack Reusable networking stack for middleboxes Programming abstraction and APIs to developers Key concepts Separation of flow management from custom logic Event-based middlebox development (event/action) Per-flow flexible resource consumption Benefits Clean, modular development of stateful middleboxes Developers focus on core logic rather than flow management High performance flow management on mtcp stack 27
28 Key Abstraction: mos Monitoring Socket Represents the middlebox viewpoint on network traffic Monitors both TCP connections and IP packets Provides similar API to the Berkeley socket API User context Monitoring socket Flow context Packets Custom middlebox logic mos socket API mos stack Custom event handler Event generation Separation of flow management from custom middlebox logic! 28
29 Key Abstraction: mos Events Notable condition that merits middlebox processing Built-in event (BE) Events that happen naturally in TCP processing e.g., packet arrival, TCP connection start/teardown, retransmission User-defined event (UDE) User can define their own event (= base event + filter function) Built-in event User-defined event User-defined event New data arrival Filter (HTTP request) HTTP request arrival Packet arrival Filter (ACK packet) ACK packet arrival Filter (counter) 3 duplicate ACK arrival 29
30 mos Flow Management Dual TCP stack management Infer the states of both client and server TCP stacks mos stack emulation ESTABLISHED SYN_SENT CLOSED TCP client Client side TCP stack TCP state TCP server SYN SYN/ACK DATA/ACK Server side TCP stack TCP state Receive buffer ESTABLISHED SYN_RCVD LISTEN 30
31 Current mos stack API Socket creation and traffic filter int int int mtcp_socket(mctx_t mctx, int domain, int type, int protocol); mtcp_close(mctx_t mctx, int sock); mtcp_bind_monitor_filter(mctx_t mctx, int sock, monitor_filter_t ft); User-defined event management event_t mtcp_define_event(event_t ev, FILTER filt); int mtcp_register_callback(mctx_t mctx, int sock, event_t ev, int hook, CALLBACK cb); Per-flow user-level context management void * mtcp_get_uctx(mctx_t mctx, int sock); void mtcp_set_uctx(mctx_t mctx, int sock, void *uctx); Flow data reading ssize_t mtcp_peek(mctx_t mctx, int sock, int side, char *buf, size_t len); ssize_t mtcp_ppeek(mctx_t mctx, int sock, int side, char *buf, size_t count, off_t seq_off); 31
32 Current mos stack API Packet information retrieval and modification int mtcp_getlastpkt(mctx_t mctx, int sock, int side, struct pkt_info *pinfo); int mtcp_setlastpkt(mctx_t mctx, int sock, int side, off_t offset, byte *data, uint16_t datalen, int option); Flow information retrieval and flow attribute modification int int mtcp_getsockopt(mctx_t mctx, int sock, int l, int name, void *val, socklen_t *len); mtcp_setsockopt(mctx_t mctx, int sock, int l, int name, void *val, socklen_t len); Retrieve end-node IP addresses int mtcp_getpeername(mctx_t mctx, int sock, struct sockaddr *addr, socklen_t *addrlen); Per-thread context management mctx_t int mtcp_create_context(int cpu); mtcp_destroy_context(mctx_t mctx); Initialization int mtcp_init(const char *mos_conf_fname); 32
33 Sample Code: Initialization static void thread_init(mctx_t mctx) { monitor_filter ft ={0}; int msock; event_t http_event; msock = mtcp_socket(mctx, AF_INET, MOS_SOCK_MONITOR_STREAM, 0); ft.stream_syn_filter = "dst net and dst port 80"; mtcp_bind_monitor_filter(mctx, msock, &ft); mtcp_register_callback(mctx, msock, MOS_ON_CONN_START, MOS_HK_SND,on_flow_start); } http_event = mtcp_define_event(mos_on_conn_new_data, chk_http_request); mtcp_register_callback(mctx, msock, http_event, MOS_HK_RCV, on_http_request); Sets up a traffic filter in Berkeley packet filter (BPF) syntax Defines a user-defined event that detects an HTTP request Uses a built-in event that monitors each TCP connection start event 33
34 UDE Filter Function static bool chk_http_request(mctx_t m, int sock, int side, event_t event) { struct httpbuf *p; u_char* temp; int r; if (side!= MOS_SIDE_SVR) // monitor only server-side buffer return false; if ((p = mtcp_get_uctx(m, sock)) == NULL) { p = calloc(1, sizeof(struct httpbuf)); // user-level structure mtcp_set_uctx(m, sock, p); } r = mtcp_peek(m, sock, side, p->buf + p->len, REQMAX - p->len - 1); p->len += r; p->buf[p->len] = 0; if ((temp = strstr(p->buf, "\n\n")) (temp = strstr(p->buf, "\r\n\r\n"))) { p->reqlen = temp - p->buf; return true; } return false; } Called whenever the base event is triggered If it returns TURE, UDE callback function is called 34
35 mos Stack Implementation Per-thread library TCP stack ~26K lines of C code (mtcp [1] : ~11K lines) Shared nothing parallel architecture CPU core 1 CPU core N Sender TCP stack Rx Application mos core Packet I/O Receiver TCP stack Tx.... Application mos core Symmetric RSS NIC [1] mtcp: a highly scalable user-level TCP stack for multicore systems, NSDI'14 35
36 Real-world mos Applications msnort (2,104 lines modified from 80K lines) Snort with mos flow management mabacus (561 lines vs lines) Secure cellular data accounting system mhalfback proxy (128 lines) Low-latency proxy with proactive TCP retransmission mprads (615 lines modified from 11K) Pattern matching on flow-reassembled content mndpi (765 lines modified from 25K) Pattern matching on flow-reassembled content midstat Netstat for middlebox mnat High-performance NAT 36
37 Performance Scalability on Multicores File download traffic with 192K concurrent flows Each flow downloads an X-byte content in one TCP connection A new flow is spawned when a flow terminates Two simple applications Counting packets per flow (packet arrival event) Searching for a string in flow reassembled data (full flow reassembly & DPI) Throughput (Gbps) Performance linearly scales as 53.0 # of cores are increased Counting packets (# of CPU cores) 64B file 42.5 Searching for a string 8KB file 37
38 Dynamic Event Registration Evaluation Monitor 192K concurrent flows Flow size: 4KB Searching for a string in flow reassembled data Dynamically register a new event when target string found 50% client flows have target strings 40 Naïve mos Throughput (Gbps) # of event nodes in the tree 38
39 mos Stack Is Open-Sourced Public release of mos stack/api at github mos online manual 39
40 Conclusion Fast packet processing on commodity machine Scalable system architecture is important Kargus & FloSIS Simple programming model is needed for middleboxes mos stack and API I can t build your own system but can offer consulting 40
Developing Stateful Middleboxes with the mos API KYOUNGSOO PARK & YOUNGGYOUN MOON
Developing Stateful Middleboxes with the mos API KYOUNGSOO PARK & YOUNGGYOUN MOON ASIM JAMSHED, DONGHWI KIM, & DONGSU HAN SCHOOL OF ELECTRICAL ENGINEERING, KAIST Network Middlebox Networking devices that
More information소프트웨어기반고성능침입탐지시스템설계및구현
소프트웨어기반고성능침입탐지시스템설계및구현 KyoungSoo Park Department of Electrical Engineering, KAIST M. Asim Jamshed *, Jihyung Lee*, Sangwoo Moon*, Insu Yun *, Deokjin Kim, Sungryoul Lee, Yung Yi* Department of Electrical
More informationThe Power of Batching in the Click Modular Router
The Power of Batching in the Click Modular Router Joongi Kim, Seonggu Huh, Keon Jang, * KyoungSoo Park, Sue Moon Computer Science Dept., KAIST Microsoft Research Cambridge, UK * Electrical Engineering
More informationG-NET: Effective GPU Sharing In NFV Systems
G-NET: Effective Sharing In NFV Systems Kai Zhang*, Bingsheng He^, Jiayu Hu #, Zeke Wang^, Bei Hua #, Jiayi Meng #, Lishan Yang # *Fudan University ^National University of Singapore #University of Science
More informationHardware Flow Offload. What is it? Why you should matter?
Hardware Offload What is it? Why you should matter? Good News: Network Speed The market is moving from 10 Gbit to 40/100 Gbit At 40 Gbit frame inter-arrival time is ~16 nsec At 100 Gbit frame inter-arrival
More informationPacketShader: A GPU-Accelerated Software Router
PacketShader: A GPU-Accelerated Software Router Sangjin Han In collaboration with: Keon Jang, KyoungSoo Park, Sue Moon Advanced Networking Lab, CS, KAIST Networked and Distributed Computing Systems Lab,
More informationPacketShader as a Future Internet Platform
PacketShader as a Future Internet Platform AsiaFI Summer School 2011.8.11. Sue Moon in collaboration with: Joongi Kim, Seonggu Huh, Sangjin Han, Keon Jang, KyoungSoo Park Advanced Networking Lab, CS, KAIST
More informationGASPP: A GPU- Accelerated Stateful Packet Processing Framework
GASPP: A GPU- Accelerated Stateful Packet Processing Framework Giorgos Vasiliadis, FORTH- ICS, Greece Lazaros Koromilas, FORTH- ICS, Greece Michalis Polychronakis, Columbia University, USA So5ris Ioannidis,
More informationRecent Advances in Software Router Technologies
Recent Advances in Software Router Technologies KRNET 2013 2013.6.24-25 COEX Sue Moon In collaboration with: Sangjin Han 1, Seungyeop Han 2, Seonggu Huh 3, Keon Jang 4, Joongi Kim, KyoungSoo Park 5 Advanced
More informationAdvanced Computer Networks. End Host Optimization
Oriana Riva, Department of Computer Science ETH Zürich 263 3501 00 End Host Optimization Patrick Stuedi Spring Semester 2017 1 Today End-host optimizations: NUMA-aware networking Kernel-bypass Remote Direct
More informationTLDK Overview. Transport Layer Development Kit Keith Wiles April Contributions from Ray Kinsella & Konstantin Ananyev
TLDK Overview Transport Layer Development Kit Keith Wiles April 2017 Contributions from Ray Kinsella & Konstantin Ananyev Notices and Disclaimers Intel technologies features and benefits depend on system
More informationNetSlices: Scalable Mul/- Core Packet Processing in User- Space
NetSlices: Scalable Mul/- Core Packet Processing in - Space Tudor Marian, Ki Suh Lee, Hakim Weatherspoon Cornell University Presented by Ki Suh Lee Packet Processors Essen/al for evolving networks Sophis/cated
More informationTLDK Overview. Transport Layer Development Kit Ray Kinsella February ray.kinsella [at] intel.com IRC: mortderire
TLDK Overview Transport Layer Development Kit Ray Kinsella February 2017 Email : ray.kinsella [at] intel.com IRC: mortderire Contributions from Keith Wiles & Konstantin Ananyev Legal Disclaimer General
More informationASPERA HIGH-SPEED TRANSFER. Moving the world s data at maximum speed
ASPERA HIGH-SPEED TRANSFER Moving the world s data at maximum speed ASPERA HIGH-SPEED FILE TRANSFER Aspera FASP Data Transfer at 80 Gbps Elimina8ng tradi8onal bo
More informationDemystifying Network Cards
Demystifying Network Cards Paul Emmerich December 27, 2017 Chair of Network Architectures and Services About me PhD student at Researching performance of software packet processing systems Mostly working
More informationmos: An open middlebox platform with programmable network stacks
mos: An open middlebox platform with programmable network stacks Shinae Woo ABSTRACT Though the growing popularity of software-based middleboxes raises new requirements for network stack functionality,
More informationIX: A Protected Dataplane Operating System for High Throughput and Low Latency
IX: A Protected Dataplane Operating System for High Throughput and Low Latency Adam Belay et al. Proc. of the 11th USENIX Symp. on OSDI, pp. 49-65, 2014. Presented by Han Zhang & Zaina Hamid Challenges
More informationPASTE: A Network Programming Interface for Non-Volatile Main Memory
PASTE: A Network Programming Interface for Non-Volatile Main Memory Michio Honda (NEC Laboratories Europe) Giuseppe Lettieri (Università di Pisa) Lars Eggert and Douglas Santry (NetApp) USENIX NSDI 2018
More informationSoftware Routers: NetMap
Software Routers: NetMap Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking October 8, 2014 Slides from the NetMap: A Novel Framework for
More informationSnort Virtual Network Function with DPI Service
The Interdisciplinary Center, Herzliya Efi Arazi School of Computer Science Snort Virtual Network Function with DPI Service M.Sc. final project submitted in partial fulfillment of the requirements towards
More informationSoftRDMA: Rekindling High Performance Software RDMA over Commodity Ethernet
SoftRDMA: Rekindling High Performance Software RDMA over Commodity Ethernet Mao Miao, Fengyuan Ren, Xiaohui Luo, Jing Xie, Qingkai Meng, Wenxue Cheng Dept. of Computer Science and Technology, Tsinghua
More informationPASTE: Fast End System Networking with netmap
PASTE: Fast End System Networking with netmap Michio Honda, Giuseppe Lettieri, Lars Eggert and Douglas Santry BSDCan 2018 Contact: @michioh, micchie@sfc.wide.ad.jp Code: https://github.com/micchie/netmap/tree/stack
More informationHigh Performance Packet Processing with FlexNIC
High Performance Packet Processing with FlexNIC Antoine Kaufmann, Naveen Kr. Sharma Thomas Anderson, Arvind Krishnamurthy University of Washington Simon Peter The University of Texas at Austin Ethernet
More informationLight: A Scalable, High-performance and Fully-compatible User-level TCP Stack. Dan Li ( 李丹 ) Tsinghua University
Light: A Scalable, High-performance and Fully-compatible User-level TCP Stack Dan Li ( 李丹 ) Tsinghua University Data Center Network Performance Hardware Capability of Modern Servers Multi-core CPU Kernel
More informationASPERA HIGH-SPEED TRANSFER. Moving the world s data at maximum speed
ASPERA HIGH-SPEED TRANSFER Moving the world s data at maximum speed ASPERA HIGH-SPEED FILE TRANSFER 80 GBIT/S OVER IP USING DPDK Performance, Code, and Architecture Charles Shiflett Developer of next-generation
More informationUsing (Suricata over) PF_RING for NIC-Independent Acceleration
Using (Suricata over) PF_RING for NIC-Independent Acceleration Luca Deri Alfredo Cardigliano Outlook About ntop. Introduction to PF_RING. Integrating PF_RING with
More informationResearch on DPDK Based High-Speed Network Traffic Analysis. Zihao Wang Network & Information Center Shanghai Jiao Tong University
Research on DPDK Based High-Speed Network Traffic Analysis Zihao Wang Network & Information Center Shanghai Jiao Tong University Outline 1 Background 2 Overview 3 DPDK Based Traffic Analysis 4 Experiment
More informationEnabling Fast, Dynamic Network Processing with ClickOS
Enabling Fast, Dynamic Network Processing with ClickOS Joao Martins*, Mohamed Ahmed*, Costin Raiciu, Roberto Bifulco*, Vladimir Olteanu, Michio Honda*, Felipe Huici* * NEC Labs Europe, Heidelberg, Germany
More informationlibvnf: building VNFs made easy
libvnf: building VNFs made easy Priyanka Naik, Akash Kanase, Trishal Patel, Mythili Vutukuru Dept. of Computer Science and Engineering Indian Institute of Technology, Bombay SoCC 18 11 th October, 2018
More informationGASPP: A GPU-Accelerated Stateful Packet Processing Framework
GASPP: A GPU-Accelerated Stateful Packet Processing Framework Giorgos Vasiliadis and Lazaros Koromilas, FORTH-ICS; Michalis Polychronakis, Columbia University; Sotiris Ioannidis, FORTH-ICS https://www.usenix.org/conference/atc14/technical-sessions/presentation/vasiliadis
More informationEvolution of the netmap architecture
L < > T H local Evolution of the netmap architecture Evolution of the netmap architecture -- Page 1/21 Evolution of the netmap architecture Luigi Rizzo, Università di Pisa http://info.iet.unipi.it/~luigi/vale/
More informationGPGPU introduction and network applications. PacketShaders, SSLShader
GPGPU introduction and network applications PacketShaders, SSLShader Agenda GPGPU Introduction Computer graphics background GPGPUs past, present and future PacketShader A GPU-Accelerated Software Router
More informationMaximum Performance. How to get it and how to avoid pitfalls. Christoph Lameter, PhD
Maximum Performance How to get it and how to avoid pitfalls Christoph Lameter, PhD cl@linux.com Performance Just push a button? Systems are optimized by default for good general performance in all areas.
More informationSpeeding up Linux TCP/IP with a Fast Packet I/O Framework
Speeding up Linux TCP/IP with a Fast Packet I/O Framework Michio Honda Advanced Technology Group, NetApp michio@netapp.com With acknowledge to Kenichi Yasukata, Douglas Santry and Lars Eggert 1 Motivation
More informationRDMA and Hardware Support
RDMA and Hardware Support SIGCOMM Topic Preview 2018 Yibo Zhu Microsoft Research 1 The (Traditional) Journey of Data How app developers see the network Under the hood This architecture had been working
More informationFast packet processing in the cloud. Dániel Géhberger Ericsson Research
Fast packet processing in the cloud Dániel Géhberger Ericsson Research Outline Motivation Service chains Hardware related topics, acceleration Virtualization basics Software performance and acceleration
More informationBringing&the&Performance&to&the& Cloud &
Bringing&the&Performance&to&the& Cloud & Dongsu&Han& KAIST & Department&of&Electrical&Engineering& Graduate&School&of&InformaAon&Security& & The&Era&of&Cloud&CompuAng& Datacenters&at&Amazon,&Google,&Facebook&
More informationIsoStack Highly Efficient Network Processing on Dedicated Cores
IsoStack Highly Efficient Network Processing on Dedicated Cores Leah Shalev Eran Borovik, Julian Satran, Muli Ben-Yehuda Outline Motivation IsoStack architecture Prototype TCP/IP over 10GE on a single
More informationNetworked Applications: Sockets. End System: Computer on the Net
Networked Applications: Sockets Topics Programmer s view of the Internet Sockets interface End System: Computer on the Net Internet Also known as a host 2 Page 1 Clients and Servers Client program Running
More informationAccelerating String Matching Algorithms on Multicore Processors Cheng-Hung Lin
Accelerating String Matching Algorithms on Multicore Processors Cheng-Hung Lin Department of Electrical Engineering, National Taiwan Normal University, Taipei, Taiwan Abstract String matching is the most
More informationLearning with Purpose
Network Measurement for 100Gbps Links Using Multicore Processors Xiaoban Wu, Dr. Peilong Li, Dr. Yongyi Ran, Prof. Yan Luo Department of Electrical and Computer Engineering University of Massachusetts
More informationImproving the Database Logging Performance of the Snort Network Intrusion Detection Sensor
-0- Improving the Database Logging Performance of the Snort Network Intrusion Detection Sensor Lambert Schaelicke, Matthew R. Geiger, Curt J. Freeland Department of Computer Science and Engineering University
More informationXen Network I/O Performance Analysis and Opportunities for Improvement
Xen Network I/O Performance Analysis and Opportunities for Improvement J. Renato Santos G. (John) Janakiraman Yoshio Turner HP Labs Xen Summit April 17-18, 27 23 Hewlett-Packard Development Company, L.P.
More informationRobust TCP Stream Reassembly In the Presence of Adversaries
Robust TCP Stream Reassembly In the Presence of Adversaries Sarang Dharmapurikar and Vern Paxson Washington Univ. UC Berkeley Usenix Security 2005 Presented by N. Sertac Artan Motivation TCP Reassembly
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
NET1343BU NSX Performance Samuel Kommu #VMworld #NET1343BU Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no
More informationReliably Scalable Name Prefix Lookup! Haowei Yuan and Patrick Crowley! Washington University in St. Louis!! ANCS 2015! 5/8/2015!
Reliably Scalable Name Prefix Lookup! Haowei Yuan and Patrick Crowley! Washington University in St. Louis!! ANCS 2015! 5/8/2015! ! My Topic for Today! Goal: a reliable longest name prefix lookup performance
More informationWhat s an API? Do we need standardization?
Network Interface z The network protocol stack is a part of the OS z Need an API to interface applications to the protocol stack. What s an API? Do we need standardization? z The socket interface is the
More informationAccelerating String Matching Using Multi-threaded Algorithm
Accelerating String Matching Using Multi-threaded Algorithm on GPU Cheng-Hung Lin*, Sheng-Yu Tsai**, Chen-Hsiung Liu**, Shih-Chieh Chang**, Jyuo-Min Shyu** *National Taiwan Normal University, Taiwan **National
More informationPrimavera Compression Server 5.0 Service Pack 1 Concept and Performance Results
- 1 - Primavera Compression Server 5.0 Service Pack 1 Concept and Performance Results 1. Business Problem The current Project Management application is a fat client. By fat client we mean that most of
More informationntop Users Group Meeting
ntop Users Group Meeting PF_RING Tutorial Alfredo Cardigliano Overview Introduction Installation Configuration Tuning Use cases PF_RING Open source packet processing framework for
More informationNBA (Network Balancing Act): A High-performance Packet Processing Framework for Heterogeneous Processors
NBA (Network Balancing Act): A High-performance Packet Processing Framework for Heterogeneous Processors Joongi Kim Keon Jang Keunhong Lee Sangwook Ma Junhyun Shim Sue Moon KAIST {joongi, keonjang, keunhong,
More informationTCP Tuning for the Web
TCP Tuning for the Web Jason Cook - @macros - jason@fastly.com Me Co-founder and Operations at Fastly Former Operations Engineer at Wikia Lots of Sysadmin and Linux consulting The Goal Make the best use
More informationFUJITSU Software Interstage Information Integrator V11
FUJITSU Software V11 An Innovative WAN optimization solution to bring out maximum network performance October, 2013 Fujitsu Limited Contents Overview Key technologies Supported network characteristics
More informationQuestion Score 1 / 19 2 / 19 3 / 16 4 / 29 5 / 17 Total / 100
NAME: Login name: Computer Science 461 Midterm Exam March 10, 2010 3:00-4:20pm This test has five (5) questions. Put your name on every page, and write out and sign the Honor Code pledge before turning
More informationBe Fast, Cheap and in Control with SwitchKV. Xiaozhou Li
Be Fast, Cheap and in Control with SwitchKV Xiaozhou Li Goal: fast and cost-efficient key-value store Store, retrieve, manage key-value objects Get(key)/Put(key,value)/Delete(key) Target: cluster-level
More informationTRex Realistic Traffic Generator
DEVNET-1120 TRex Realistic Traffic Generator Hanoch Haim, Principal Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco
More informationContainers Do Not Need Network Stacks
s Do Not Need Network Stacks Ryo Nakamura iijlab seminar 2018/10/16 Based on Ryo Nakamura, Yuji Sekiya, and Hajime Tazaki. 2018. Grafting Sockets for Fast Networking. In ANCS 18: Symposium on Architectures
More informationThe Network Stack. Chapter Network stack functions 216 CHAPTER 21. THE NETWORK STACK
216 CHAPTER 21. THE NETWORK STACK 21.1 Network stack functions Chapter 21 The Network Stack In comparison with some other parts of OS design, networking has very little (if any) basis in formalism or algorithms
More informationSuricata Performance with a S like Security
Suricata Performance with a S like Security É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata Performance with a S like Security July. 03, 2018 1 / 31 1 Introduction Features
More informationContents Overview of the Compression Server White Paper... 5 Business Problem... 7
P6 Professional Compression Server White Paper for On-Premises Version 17 July 2017 Contents Overview of the Compression Server White Paper... 5 Business Problem... 7 P6 Compression Server vs. Citrix...
More informationExperiences in Building a 100 Gbps (D)DoS Traffic Generator
Experiences in Building a 100 Gbps (D)DoS Traffic Generator DIY with a Single Commodity-off-the-shelf (COTS) Server March 31, 2018 Umeda Sky Building Escalators Surasak Sanguanpong Surasak.S@ku.ac.th About
More informationSwitch Configuration message sent 1 (1, 0, 1) 2
UNIVESITY COLLEGE LONON EPATMENT OF COMPUTE SCIENCE COMP00: Networked Systems Problem Set istributed: nd November 08 NOT ASSESSE, model answers released: 9th November 08 Instructions: This problem set
More informationCh. 13: Measuring Performance
Ch. 13: Measuring Performance Kenneth Mitchell School of Computing & Engineering, University of Missouri-Kansas City, Kansas City, MO 64110 Kenneth Mitchell, CS & EE dept., SCE, UMKC p. 1/3 Introduction
More informationMuch Faster Networking
Much Faster Networking David Riddoch driddoch@solarflare.com Copyright 2016 Solarflare Communications, Inc. All rights reserved. What is kernel bypass? The standard receive path The standard receive path
More informationTolerating Malicious Drivers in Linux. Silas Boyd-Wickizer and Nickolai Zeldovich
XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory,...
More informationLecture 2: Layering & End-to-End
Lecture 2: Layering & End-to-End CSE 222A: Computer Communication Networks Alex C. Snoeren Thanks: Mike Freedman & Amin Vahdat Lecture 2 Overview Layering Application interface Transport services Discussion
More informationDPDK Summit China 2017
Summit China 2017 Embedded Network Architecture Optimization Based on Lin Hao T1 Networks Agenda Our History What is an embedded network device Challenge to us Requirements for device today Our solution
More informationPacket-Level Network Analytics without Compromises NANOG 73, June 26th 2018, Denver, CO. Oliver Michel
Packet-Level Network Analytics without Compromises NANOG 73, June 26th 2018, Denver, CO Oliver Michel Network monitoring is important Security issues Performance issues Equipment failure Analytics Platform
More informationAccelerating 4G Network Performance
WHITE PAPER Accelerating 4G Network Performance OFFLOADING VIRTUALIZED EPC TRAFFIC ON AN OVS-ENABLED NETRONOME SMARTNIC NETRONOME AGILIO SMARTNICS PROVIDE A 5X INCREASE IN vepc BANDWIDTH ON THE SAME NUMBER
More informationUNIX Sockets. Developed for the Azera Group By: Joseph D. Fournier B.Sc.E.E., M.Sc.E.E.
UNIX Sockets Developed for the Azera Group By: Joseph D. Fournier B.Sc.E.E., M.Sc.E.E. Socket and Process Communication application layer User Process Socket transport layer (TCP/UDP) network layer (IP)
More informationIntel PRO/1000 PT and PF Quad Port Bypass Server Adapters for In-line Server Appliances
Technology Brief Intel PRO/1000 PT and PF Quad Port Bypass Server Adapters for In-line Server Appliances Intel PRO/1000 PT and PF Quad Port Bypass Server Adapters for In-line Server Appliances The world
More informationLecture 2. Outline. Layering and Protocols. Network Architecture. Layering and Protocols. Layering and Protocols. Chapter 1 - Foundation
Lecture 2 Outline Wireshark Project 1 posted, due in a week Lab from a different textbook Work through the lab and answer questions at the end Chapter 1 - Foundation 1.1 Applications 1.2 Requirements 1.3
More informationSafeBricks: Shielding Network Functions in the Cloud
SafeBricks: Shielding Network Functions in the Cloud Rishabh Poddar, Chang Lan, Raluca Ada Popa, Sylvia Ratnasamy UC Berkeley Network Functions (NFs) in the cloud Clients 2 Enterprise Destination Network
More informationA Look at Intel s Dataplane Development Kit
A Look at Intel s Dataplane Development Kit Dominik Scholz Chair for Network Architectures and Services Department for Computer Science Technische Universität München June 13, 2014 Dominik Scholz: A Look
More informationProgrammable NICs. Lecture 14, Computer Networks (198:552)
Programmable NICs Lecture 14, Computer Networks (198:552) Network Interface Cards (NICs) The physical interface between a machine and the wire Life of a transmitted packet Userspace application NIC Transport
More informationvnetwork Future Direction Howie Xu, VMware R&D November 4, 2008
vnetwork Future Direction Howie Xu, VMware R&D November 4, 2008 Virtual Datacenter OS from VMware Infrastructure vservices and Cloud vservices Existing New - roadmap Virtual Datacenter OS from VMware Agenda
More informationA Passive Network Appliance for Real-Time Network Monitoring
A Passive Network Appliance for Real-Time Network Monitoring Michael J Schultz, Ben Wun, and Patrick Crowley Applied Research Laboratory Washington University in Saint Louis This material is based upon
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 12
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 12 Announcements Project 2 is on the web. Due: March 15th Send groups to Jeff Vaughan (vaughan2@seas) by Thurs. Feb. 22nd. Plan for
More informationExploring Alternative Routes Using Multipath TCP
Exploring Alternative Routes Using Multipath TCP 1/51 Exploring Alternative Routes Using Multipath TCP Stephen Brennan Case Western Reserve University June 5, 2017 Exploring Alternative Routes Using Multipath
More informationAn In-depth Study of LTE: Effect of Network Protocol and Application Behavior on Performance
An In-depth Study of LTE: Effect of Network Protocol and Application Behavior on Performance Authors: Junxian Huang, Feng Qian, Yihua Guo, Yuanyuan Zhou, Qiang Xu, Z. Morley Mao, Subhabrata Sen, Oliver
More informationTitle Text. What s New? Since Last Sharkfest
Title Text What s New? Since Last Sharkfest ntopng Grafana datasource plugin officially released Device discovery to find unknown active and silent devices plugged to the network ARP scanning, SSDP, MDNS,
More informationA First Look at Traffic on Smartphones
A First Look at Traffic on Smartphones by Falaki et al. Andrew Zafft CS Department Agenda Objective Study Structure Outcomes & Observations Future Work / Citations Conclusions 2 Objective Statistics Why
More informationManaging Latency in IPS Networks
Revision C McAfee Network Security Platform (Managing Latency in IPS Networks) Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended settings
More informationThe Challenges of XDP Hardware Offload
FOSDEM 18 Brussels, 2018-02-03 The Challenges of XDP Hardware Offload Quentin Monnet @qeole ebpf and XDP Q. Monnet XDP Hardware Offload 2/29 ebpf, extended Berkeley Packet
More informationEbbRT: A Framework for Building Per-Application Library Operating Systems
EbbRT: A Framework for Building Per-Application Library Operating Systems Overview Motivation Objectives System design Implementation Evaluation Conclusion Motivation Emphasis on CPU performance and software
More informationPerformance Tuning Snort. Steve Sturges SANS Incident Detection Summit 9 December
Performance Tuning Snort Steve Sturges SANS Incident Detection Summit 9 December Agenda Goals of Performance Tuning Snort Techniques Perfmon Preprocessor Preprocessor Profiling Rule Profiling White papers
More informationI/O Systems. Amir H. Payberah. Amirkabir University of Technology (Tehran Polytechnic)
I/O Systems Amir H. Payberah amir@sics.se Amirkabir University of Technology (Tehran Polytechnic) Amir H. Payberah (Tehran Polytechnic) I/O Systems 1393/9/15 1 / 57 Motivation Amir H. Payberah (Tehran
More informationMemory Management Strategies for Data Serving with RDMA
Memory Management Strategies for Data Serving with RDMA Dennis Dalessandro and Pete Wyckoff (presenting) Ohio Supercomputer Center {dennis,pw}@osc.edu HotI'07 23 August 2007 Motivation Increasing demands
More informationNFVnice: Dynamic Backpressure and Scheduling for NFV Service Chains
NFVnice: Dynamic Backpressure and Scheduling for NFV Service Chains Sameer G Kulkarni 1, Wei Zhang 2, Jinho Hwang 3, Shriram Rajagopalan 3, K.K. Ramakrishnan 4, Timothy Wood 2, Mayutan Arumaithurai 1 &
More informationStateless Network Functions:
Stateless Network Functions: Breaking the Tight Coupling of State and Processing Murad Kablan, Azzam Alsudais, Eric Keller, Franck Le University of Colorado IBM Networks Need Network Functions Firewall
More informationCLIENT-SIDE PROGRAMMING
CLIENT-SIDE PROGRAMMING George Porter Apr 11, 2018 ATTRIBUTION These slides are released under an Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0) Creative Commons license These slides
More informationSpark Over RDMA: Accelerate Big Data SC Asia 2018 Ido Shamay Mellanox Technologies
Spark Over RDMA: Accelerate Big Data SC Asia 2018 Ido Shamay 1 Apache Spark - Intro Spark within the Big Data ecosystem Data Sources Data Acquisition / ETL Data Storage Data Analysis / ML Serving 3 Apache
More informationTOWARDS FAST IP FORWARDING
TOWARDS FAST IP FORWARDING IP FORWARDING PERFORMANCE IMPROVEMENT AND MEASUREMENT IN FREEBSD Nanako Momiyama Keio University 25th September 2016 EuroBSDcon 2016 OUTLINE Motivation Design and implementation
More informationMegaPipe: A New Programming Interface for Scalable Network I/O
MegaPipe: A New Programming Interface for Scalable Network I/O Sangjin Han in collabora=on with Sco? Marshall Byung- Gon Chun Sylvia Ratnasamy University of California, Berkeley Yahoo! Research tl;dr?
More informationECE 650 Systems Programming & Engineering. Spring 2018
ECE 650 Systems Programming & Engineering Spring 2018 Networking Transport Layer Tyler Bletsch Duke University Slides are adapted from Brian Rogers (Duke) TCP/IP Model 2 Transport Layer Problem solved:
More informationP6 Compression Server White Paper Release 8.2 December 2011 Copyright Oracle Primavera P6 Compression Server White Paper Copyright 2005, 2011, Oracle and/or its affiliates. All rights reserved. Oracle
More informationCS370 Operating Systems
CS370 Operating Systems Colorado State University Yashwant K Malaiya Spring 2018 Lecture 2 Slides based on Text by Silberschatz, Galvin, Gagne Various sources 1 1 2 What is an Operating System? What is
More informationVirtualization, Xen and Denali
Virtualization, Xen and Denali Susmit Shannigrahi November 9, 2011 Susmit Shannigrahi () Virtualization, Xen and Denali November 9, 2011 1 / 70 Introduction Virtualization is the technology to allow two
More informationProject 3. Reliable Data Transfer over UDP. NTU CSIE Computer Networks 2011 Spring
Project 3 Reliable Data Transfer over UDP NTU CSIE Computer Networks 2011 Spring Project Goal In Project 3, students are asked to understand and implement reliable data transfer mechanism over UDP. UDP
More informationLecture 10: Cache Coherence: Part I. Parallel Computer Architecture and Programming CMU , Spring 2013
Lecture 10: Cache Coherence: Part I Parallel Computer Architecture and Programming Cache design review Let s say your code executes int x = 1; (Assume for simplicity x corresponds to the address 0x12345604
More information