Information Technology Reference
In-Depth Information
filters with almost no latency is a key factor for using effectively 82599 in
cases where filter setup latency is crucial as with RTC-Mon.
5.2 Network Troubleshooting
Troubleshooting a heavily loaded 10 Gbit link using popular tools such as
tcpdump and wireshark [24] is almost impossible due to severe packet capture
loss. Furthermore, most commercial tools are not distributed with source
code, hence it is not possible to recompile them in order to take advantage of
PF_RING flow affinity filters. In this case, we used PF_RING's
/proc
interface for setting a few traffic filtering rules that discard in hardware
unwanted traffic, hence pass to the Linux kernel only those packets that must
reach network monitoring applications. This solution has the advantage that
existing applications do not need to be modified, and PF_RING is used just
for allowing the network administrator to easily configure (e.g. using a shell
script) flow affinity filters without having to code a C/C++ application sitting
on top of libpfring.
5.3 Traffic Classification and Balancing
In case monitoring applications do not run on the same box where an 82599
based NIC is installed (e.g. because they run on a non-Linux OS such as
Windows), it is possible to create a traffic filtering box using the pfreflect
application part of PF_RING, that filters incoming packets and copies them
onto one or more NICs based on the PF_RING filters configuration. As
PF_RING filters (hence flow affinity filters) are evaluated before reflection
(i.e. packet bridging in PF_RING parlance), this application can be used for
creating an inexpensive traffic filtering box that can be used for reducing the
amount of traffic to analyze. If the filtered traffic is less than one Gbit it can
be forwarded onto a 1 Gbit card so that legacy measurements box do not need
to be updated to 10 Gbit. Furthermore as PF_RING supports traffic balancing,
it is possible to forward filtered traffic onto several output interfaces by
balancing each RX queue of 82599 onto a different output interface. This
solution allows high-speed links to be monitored and troubleshooted without
having to purchase costly 10 Gbit measurement boxes.
5.4 Lawful Interception of Internet Traffic
Since the approval of the wiretapping in the US in 1984, lawful interception
(LI) has become very popular. In LI a lawful authority requires to intercept
and store specific traffic for the purpose of analysis or evidence. In IP
Search WWH ::
Custom Search