Information Technology Reference
In-Depth Information
FPGA layer and allow the traffic to be split among cores within a multi-core
processor. As for traffic filtering, dynamically updating the traffic balancing
policies at run-time is in practice unfeasible as a card reconfiguration may
require seconds if not minutes.
4 Framework Design
In our past research, we developed an extensible traffic analysis framework
implemented under the Linux Kernel called PF_RING [11] which accelerates
packet capture and implements packet parsing and filtering by means of
dynamically loadable kernel plugins. A user space library called libpfring
provides an easy to use API that allows user space applications to interact
with the framework.
Fig. 1. PF_RING Monitoring Framework.
PF_RING runs on top of commodity network interface cards and can use both
standard NIC drivers or PF_RING optimized drivers. These drivers, available
for popular 1 and 10 Gbit adapters produced by vendors such as Intel and
Broadcom, push incoming packets directly to PF_RING without passing
through the standard kernel mechanisms hence accelerating capture speed.
PF_RING provides a flexible rule-based mechanism that allows users to
assign packets to kernel plugins which are then responsible to dissect, order in
flows, and compute flow metrics (e.g. voice quality) directly at the kernel
layer without copying packets to user space. For example, it is possible to
configure PF_RING to dispatch TCP packets on port 80 to the HTTP plugin,
and UDP packets on port 5060 to the SIP plugin. The same rule-based
mechanism can be used for filtering out from PF_RING analysis unwanted
packets (e.g. discard packets coming from a specific host or port) similar to
what the firewalling layer does at an operating system level.
Search WWH ::
Custom Search