Research on DPDK Based High-Speed Network Traffic Analysis. Zihao Wang Network & Information Center Shanghai Jiao Tong University

Similar documents
ntop Users Group Meeting

Software Routers: NetMap

Light: A Scalable, High-performance and Fully-compatible User-level TCP Stack. Dan Li ( 李丹 ) Tsinghua University

Light & NOS. Dan Li Tsinghua University

FlexNIC: Rethinking Network DMA

Learning with Purpose

A Look at Intel s Dataplane Development Kit

Yahoo Traffic Server -a Powerful Cloud Gatekeeper

Speeding up Linux TCP/IP with a Fast Packet I/O Framework

Supporting Fine-Grained Network Functions through Intel DPDK

The Power of Batching in the Click Modular Router

PVPP: A Programmable Vector Packet Processor. Sean Choi, Xiang Long, Muhammad Shahbaz, Skip Booth, Andy Keep, John Marshall, Changhoon Kim

Title Text. What s New? Since Last Sharkfest

소프트웨어기반고성능침입탐지시스템설계및구현

IsoStack Highly Efficient Network Processing on Dedicated Cores

An FPGA-Based Optical IOH Architecture for Embedded System

PISCES: A Programmable, Protocol-Independent Software Switch

New Approach to OVS Datapath Performance. Founder of CloudNetEngine Jun Xiao

CSE398: Network Systems Design

NetSlices: Scalable Mul/- Core Packet Processing in User- Space

SANGFOR AD Product Series

DPDK Summit China 2017

libvnf: building VNFs made easy

DPDK Tools User Guides. Release

An Experimental review on Intel DPDK L2 Forwarding

ADX Software Updates and the Application Resource Broker (ARB) Introduction

초고속네트워크보안시스템설계및구현. KyoungSoo Park School of Electrical Engineering, KAIST. (Collaboration with many students & faculty members at KAIST)

Experiences in Building a 100 Gbps (D)DoS Traffic Generator

DPDK Roadmap. Tim O Driscoll & Chris Wright Open Networking Summit 2017

SANGFOR AD Product Series

SmartNIC Programming Models

DPDK Integration within F5 BIG-IP BRENT BLOOD, SR MANAGER SOFTWARE ENGINEERING VIJAY MANICKAM, SR SOFTWARE ENGINEER

OpenDataPlane: network packet journey

Packet Sniffing and Spoofing

Announcements. Operating Systems. Autumn CS4023

Super Fast Packet Filtering with ebpf and XDP Helen Tabunshchyk, Systems Engineer, Cloudflare

High Performance Packet Processing with FlexNIC

CMX Dashboard Visitor Connect

Container Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center

Hardware Acceleration in Computer Networks. Jan Kořenek Conference IT4Innovations, Ostrava

Suricata Performance with a S like Security

RouteBricks: Exploiting Parallelism To Scale Software Routers

Programmable Software Switches. Lecture 11, Computer Networks (198:552)

Achieve Low Latency NFV with Openstack*

A Resource Management Mechanism and Its Implementation for Virtual Machines

Demystifying Network Cards

Networking in a Vertically Scaled World

IBM Security QRadar Deployment Intelligence app IBM

Network virtualisation using Crossbow Technology

DYNAMIC SERVICE CHAINING DYSCO WITH. forcing packets through middleboxes for security, optimizing performance, enhancing reachability, etc.

DPDK Load Balancers RSS H/W LOAD BALANCER DPDK S/W LOAD BALANCER L4 LOAD BALANCERS L7 LOAD BALANCERS NOV 2018

Internet Technology. 06. Exam 1 Review Paul Krzyzanowski. Rutgers University. Spring 2016

PASTE: Fast End System Networking with netmap

Network packet analyzer Wireshark

Internet Technology 3/2/2016

Bringing the Power of ebpf to Open vswitch. Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.

Table of Contents. Cisco Buffer Tuning for all Cisco Routers

SmartNIC Programming Models

Introduction Mobility Support Handover Management Conclutions. Mobility in IPv6. Thomas Liske. Dresden University of Technology

KillTest ᦝ䬺 䬽䭶䭱䮱䮍䭪䎃䎃䎃ᦝ䬺 䬽䭼䯃䮚䮀 㗴 㓸 NZZV ]]] QORRZKYZ PV ٶ瀂䐘މ悹伥濴瀦濮瀃瀆ݕ 濴瀦

Chapter 6: Network Layer. Introduction to Networks v5.1

DPDK Summit 2016 OpenContrail vrouter / DPDK Architecture. Raja Sivaramakrishnan, Distinguished Engineer Aniket Daptari, Sr.

TRex Realistic Traffic Generator

Configuring Outlook from an Off-Campus Location to Use Enterprise Exchange

Chapter 6: Network Layer

nbox User s Guide ntop Software Web Management Version 2.7 Dec

It's kind of fun to do the impossible with DPDK Yoshihiro Nakajima, Hirokazu Takahashi, Kunihiro Ishiguro, Koji Yamazaki NTT Labs

Accelerating VM networking through XDP. Jason Wang Red Hat

Open vswitch in Neutron

Chapter 13: I/O Systems

Memory Management Strategies for Data Serving with RDMA

OpenDataplane project

BEng. (Hons) Telecommunications. Examinations for / Semester 2

A Look at Intel s Dataplane Development Kit

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Agilio CX 2x40GbE with OVS-TC

Bringing&the&Performance&to&the& Cloud &

Motivation. Threads. Multithreaded Server Architecture. Thread of execution. Chapter 4

Foundations of Python

Windows Server System Center Azure Pack

Vhost dataplane in Qemu. Jason Wang Red Hat

S 3 : the Small Scheme Stack A Scheme TCP/IP Stack Targeting Small Embedded Applications

Suricata IDPS and Linux kernel

Web Development I PRECISION EXAMS DESCRIPTION. EXAM INFORMATION Items

Evolution of the netmap architecture

How to Configure Route 53 for F-Series Firewalls in AWS

High-Speed Forwarding: A P4 Compiler with a Hardware Abstraction Library for Intel DPDK

Network Implementation

Next Gen Virtual Switch. CloudNetEngine Founder & CTO Jun Xiao

Improving the DragonFlyBSD Network Stack

Programmable NICs. Lecture 14, Computer Networks (198:552)

FreeBSD Network Stack Optimizations for Modern Hardware

Flexible network monitoring at 100Gbps. and beyond

Computer Science 461 Midterm Exam March 14, :00-10:50am

Event Device Drivers. Release rc1

OpenFlow Software Switch & Intel DPDK. performance analysis

TOWARDS FAST IP FORWARDING

Packet-Level Network Analytics without Compromises NANOG 73, June 26th 2018, Denver, CO. Oliver Michel

Pflua. Filtering packets with LuaJIT FOSDEM 2015 Andy Wingo.

Improve VNF safety with Vhost-User/DPDK IOMMU support

Transcription:

Research on DPDK Based High-Speed Network Traffic Analysis Zihao Wang Network & Information Center Shanghai Jiao Tong University

Outline 1 Background 2 Overview 3 DPDK Based Traffic Analysis 4 Experiment 5 Conclusion

Page. 3 Usage of Traffic Business Benefit ISPs personalized advertising Performance Monitoring Security

Page. 4 Mainstream Traffic Analysis Method Protocol Analysis Port based method Payload based method Statistical approach based method Content Analysis

Page. 5 Current Packet Capture Engine Libpcap/Winpcap PF_RING Netmap

DPDK Framework Page. 6

Page. 7 Why DPDK Zero Copy Poll Mode Driver Architecture Fine Hardware Support Use Pointer As Much As Possible Easy-to-use Ring Manager Packet Forwarding Algorithm Support Native IPv6 Support

Traditional Capture Engine Page. 8

Traditional Capture Engine Page. 9

Page. 10 DPDK Based Traffic Analysis System Load balancing

Page. 11 DPDK Based Packet Capture pdump User Space

Page. 12 DPDK Based Packet Capture KNI User Space

Page. 13 DPDK Based Packet Capture Pdump Based Copied by port driver Dumped by pdump program KNI Based Copied in user space Send to kernel Dumped by pcap API

Page. 14 DPDK Based Packet Capture Pdump Based Easy to use Copied once KNI Based Need to create new thread Poor performance Highly customizable System API supported Recommended for bypass capture

Page. 15 DPDK Based Traffic Analysis System Basic Architecture

Page. 16 DPDK Based Packet Capture User Space

Page. 17 Compared with DPDK Based Packet Capture Pdump Based Slow down the main business Uncompressed file IO Copy at least once KNI Based Poor performance Using kernel protocol stack More copy operation

DPDK Based Packet Analysis Page. 18

Page. 19 DPDK Based Packet Analysis Multiple Producers Queue Flow Classification Support Highly customizable Improve CPU cache hit rate Avoid resource competition Expand support for both dimensions

Page. 20 Detailed Design Environment Abstraction Layer Set CPU affinity Set Hugepage Reload hardware by PMD

Page. 21 Detailed Design Packet Capture Layer Get device information Initialize ports RSS Producer queue Consumer queue Binding threads

Page. 22 Detailed Design Packet Capture Layer Initialize ports

Page. 23 Detailed Design Packet Processing Layer Consumer queue management Data analysis Software migration

Page. 24 Detailed Design Packet Processing Layer Pcap compatible

Page. 25 Detailed Design Packet Processing Layer IPv6 support Making use of kernel protocol stack

Page. 26 Detailed Design Packet Processing Layer IPv6 support Making use of kernel protocol stack

Page. 27 Detailed Design Packet Processing Layer IPv6 support Make use of DPDK IPv6 Support

Page. 28 Detailed Design Packet Processing Layer IPv6 support Make use of DPDK IPv6 Support

Page. 29 Performance Testing Using SJTU campus network traffic as testing background Add feature packets to the traffic Using analysis system dealing with the traffic Counting feature ones in the analysis result Comparing with the number of total feature packets, and evaluating system performance

Page. 30 Performance Testing The number of total feature packets is N "#$%&' The number of feature packets in the result is N $&()*+ Packet loss rate = 8 9:;<=>?8 ;=@ABC 8 9:;<=> The number of requests is N $&D)&(+ The number of requests succeed is N $&(EFG(&' N "#$%&' = N IJKLMNKJO + N $&D)&(+

Page. 31 Performance comparison Network Layer Analysis Input: Analyzable Packets Output: Application layer analysis result 1. Parse network layer header 2. Analysis key information and save

Page. 32 Performance comparison Packet loss rate DPDK libpcap PF_RING 45.00% 40.00% 39.50% 35.00% 30.00% 27.15% 25.00% 20.00% 15.00% 10.00% 4.69% 5.00% 4.09% 0.00% 0.00% 0.00% 7 8 9 Background Traffic (Gbps) Packet loss rate 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% DPDK libpcap PF_RING 40.18% 38.00% 16.06% 8.00% 0.06% 0.17% 12 13 14 15 Background Traffic (Gbps)

Page. 33 Performance comparison Application layer Analysis Input: Analyzable Packets Output: Application layer analysis result 1. Set TCP filter 2. Parse network layer header 3. IP Reassembly 4. Parse application layer header 5. Analyze HTTP portal 6. Analyze key information and save

Page. 34 Performance comparison Packet loss rate DPDK libpcap PF_RING 40.00% 35.00% 33.59% 30.00% 25.00% 20.00% 15.14% 15.00% 10.00% 0.36% 0.30% 5.00% 0.00% 0.00% 0.06% 0.00% 0.17% 6 7 8 9 Background Traffic (Gbps) Packet loss rate 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% DPDK libpcap PF_RING 42.25% 38.40% 33.37% 19.94% 15.14% 3.18% 0.50% 0.87% 0.24% 12 13 14 15 16 17 Background traffic (Gbps)

Page. 35 Performance comparison 2.00% Packet loss rate 1.50% 1.00% 0.50% 0.00% 1 2 3 4 5 6 1 2 3 4 5 6 8 7 Cores for analysis Cores for capture 0.00%-0.50% 0.50%-1.00% 1.00%-1.50% 1.50%-2.00%

Page. 36 Network Traffic Analysis System Distributed storage module HDFS Put file import mount export Data temporary store locally

Page. 37 Network Traffic Analysis System Distributed storage module One Month IP log 3 TB 40 billion HTTP log 6 TB 20 billion DNS log 2 TB 20 billion

Page. 38 Network Traffic Analysis System Analysis result UI Module

Page. 39 Network Traffic Analysis System Analysis result UI Module

Thanks

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback