Information Technology Reference
In-Depth Information
The rest of the paper is structured as follows. In section 2 we describe how the
software framework we designed few years ago could benefit from modern
NICs in particular for supporting in hardware those features we previously
implemented in software. In section 3 we position the work described in this
paper against similar efforts. Section 4 describes the design and
implementation of a new software layer that allowed us to offload traffic
filtering to modern NICs. Finally section 5 describes some common use cases
we used to evaluate the developed solution hence to demonstrate that this
work is a major step ahead with respect to existing software-only solutions.
2 Motivation and Scope of Work
The intrinsic dynamism of Internet protocols has increased the demand for
flexible monitoring frameworks designed to speed up the development of
efficient and cost effective applications capable to analyze modern network
protocols. Nowadays, most network monitoring infrastructures are built
around hybrid frameworks combining the flexibility of software and the
performance of hardware accelerators designed to offload network probes
from selected computationally expensive tasks. The design of hybrid
frameworks requires expertise in software, firmware and hardware
development, as well substantial investments that have a negative impact on
end-user prices. In fact, since the target of these devices is a niche market,
their price is in order of magnitudes higher than commodity off-the-shelf
network interfaces.
Packet capture accelerators are the most cost effective solution for improving
software based traffic monitoring applications. As packet capture is the
cornerstone of many passive monitoring application, capture accelerators have
been able to provide substantial speedups to traffic monitoring applications by
allowing incoming traffic to be copied directly into the address space of the
analysis process without any CPU assistance.
In our past research, we focused on pure-software traffic analysis frameworks.
In particular, we proposed filtering solutions that are capable to overcome the
limitations of the popular Berkley Packet Filter (BPF) [8], a rule-based traffic
filtering mechanisms provided by the majority of the operating systems. In [9]
we describe a traffic filtering mechanism that, contrary to BPF, can be
reconfigured in real-time and scale in terms of number of traffic filtering
rules. In [10] we present a traffic filtering and analysis framework named
RTC-Mon that substantially simplifies the development of modular and
efficient traffic monitoring applications. The core of the framework is a rule-
based infrastructure that allows traffic analysis components to be enabled over
the traffic matching rules. By introducing services for IP de-fragmentation,
packet parsing and maintenance of flow state statistics, the development
Search WWH ::
Custom Search