Information Technology Reference
In-Depth Information
3 Related Work
The industry followed three paths for accelerating software applications by
means of specialized hardware while preserving the software flexibility:
•
Accelerate the capture process via packet capture accelerators [3, 4] that
allow incoming packets to be copied directly to the address space of
monitoring applications without any CPU intervention.
•
Split the monitoring workload among different network probes using smart
traffic balancers [5] so that each probe receives and analyzes a portion of
the traffic.
•
Run traffic analysis software on programmable network cards based on
network processors [6] or massive parallel architectures [7]. Programmable
network cards are massive parallel architectures on a NIC. Monitoring
applications are implemented in C and executed on these device [7] that run
a modified version of Linux which simplifies the porting of existing
applications on top of this special purpose architecture. However, even if
they have been able to substantially simplify the development compared to
network processors based cards, the porting is still not trivial.
Most general purpose operating systems support rule based filtering
mechanisms such as the BPF where filtering expressions are compiled into an
intermediate language and interpreted by a virtual machine running at the
kernel layer. PF_RING [11] is an advanced network monitoring framework
enhancing Linux with more flexible filtering mechanisms implemented in
software by means of kernel modules. NetVM [15, 16] is a virtual machine
designed to simplify the development and maintenance of complex and yet
efficient packet processing applications running on top of heterogeneous
network devices. FFPF [17] is an extensible and high-performance packet
capture and filtering architecture based on Linux. Contrary to our work, FFPF
does not leverage modern multi-core or multi-queue interfaces. The SCAMPI
project [18] provides a feature rich monitoring API but it has been designed to
run on top of specialized monitoring devices and therefore it yields poor
performance when running over commodity hardware. [22] describes a
framework for high-speed networks monitoring that provides features such as
IP defragmentation and flow reassembly, that relies on a pure-software
implementation of a packet scheduling algorithm proposed in [23]. Our work
instead, exposes to the software layers an API to design hardware assisted
packet schedulers.
Capture accelerators based on FPGA, implement filtering mechanisms at the
network layer by means of rule sets (usually limited to 32 or 64) similar to
BPF. Filtering runs at wire-speed. As the rule set is not meant to be changed
at runtime, its scope of application is drastically limited. Often traffic filtering
is used to mark packets and balance them across DMA engines. Traffic
balancing policies are similar to RSS and are usually implemented at the
Search WWH ::
Custom Search