Information Technology Reference
In-Depth Information
solutions [20], researchers have demonstrated that the performance of traffic
analysis applications running on commodity hardware can be substantially
improved by properly accelerating selected operating system tasks [19, 21,
22]. However, the performance gap between pure software solutions and
hardware assisted ones has been significant. Recent advances in off-the-shelf
server technologies suggest that the gap can be substantially reduced. In fact,
modern servers are based on advanced multi-core processors featuring
integrated memory controllers and high-speed and low latency
interconnections. In addition, off-the-shelf network interface cards (NICs) are
supporting new advanced features such as message signaled interrupts (MSI-
X), multi-queue capabilities and virtualization support, which have been
designed to boost the network performance in specific scenarios. The trend is
to introduce into NICs the logic for offloading workstations from
computationally intensive network operations. With the advent of multi-core
processors, balancing the networking workload among cores is necessary in
order to increase the networking performance of network services. Therefore,
modern interface cards provide multiple independent reception (RX) and
transmission (TX) queues and hardware traffic splitting techniques to
distribute the traffic among cores.
Unfortunately, traffic monitoring software did not fully benefit from these
new breakthrough technologies. The reason is that software layers on top of
which network monitoring applications are implemented, such as network
device drivers and operating systems, are not designed for exploiting these
features for network monitoring purposes.
In this work we present a flexible and extensible framework that simplifies
the development of complex and yet efficient traffic analysis applications
running on commodity hardware. The main contribution of this work is a
novel traffic balancing and filtering networking layer optimized for traffic
analysis purposes that fully exploit advanced features implemented by modern
off-the-shelf NICs. The framework is characterized by the following
properties:
•
It provides an API for hardware-assisted traffic filtering and balancing
across cores.
•
It can be deployed on sub-1000$/port commodity network adapters which
are more than an order of magnitude cheaper than dedicated traffic
monitoring devices.
•
The filtering mechanisms are flexible and able to address common
problems monitoring scenarios such as adaptively balancing the incoming
traffic among cores or dynamically filtering incoming traffic.
•
It can be used as a building block for designing complex yet efficient
monitoring applications.
•
It is publicly available at no cost under the GNU GPL license.
Search WWH ::
Custom Search