Packet Capture in 10-Gigabit Ethernet Environments Using Contemporary Commodity Hardware



Similar documents
Packet Capture in 10-Gigabit Ethernet Environments Using Contemporary Commodity Hardware

SIDN Server Measurements

Enabling Technologies for Distributed and Cloud Computing

Enabling Technologies for Distributed Computing

Performance evaluation of packet capturing systems for high-speed networks

Oracle Database Scalability in VMware ESX VMware ESX 3.5

Wire-speed Packet Capture and Transmission

Monitoring high-speed networks using ntop. Luca Deri

Microsoft Exchange Server 2003 Deployment Considerations

General Pipeline System Setup Information

System Requirements Table of contents

Table of Contents. Server Virtualization Peer Review cameron : modified, cameron

System Requirements. SuccessMaker 5

Cisco Prime Home 5.0 Minimum System Requirements (Standalone and High Availability)

Virtuoso and Database Scalability

Figure 1A: Dell server and accessories Figure 1B: HP server and accessories Figure 1C: IBM server and accessories

LCMON Network Traffic Analysis

Pivot3 Reference Architecture for VMware View Version 1.03

Seradex White Paper. Focus on these points for optimizing the performance of a Seradex ERP SQL database:

SERVER CLUSTERING TECHNOLOGY & CONCEPT

Brainlab Node TM Technical Specifications

Comparing and Improving Current Packet Capturing Solutions based on Commodity Hardware

D1.2 Network Load Balancing

EMC Unified Storage for Microsoft SQL Server 2008

Ignify ecommerce. Item Requirements Notes

Scaling out a SharePoint Farm and Configuring Network Load Balancing on the Web Servers. Steve Smith Combined Knowledge MVP SharePoint Server

Best Practices for Deploying SSDs in a Microsoft SQL Server 2008 OLTP Environment with Dell EqualLogic PS-Series Arrays

VMWARE WHITE PAPER 1

Virtualised MikroTik

Hardware and Software Requirements. Release 7.5.x PowerSchool Student Information System

Streaming and Virtual Hosted Desktop Study: Phase 2

Sawmill Log Analyzer Best Practices!! Page 1 of 6. Sawmill Log Analyzer Best Practices

Software and Hardware Requirements

Oracle Database Reliability, Performance and scalability on Intel Xeon platforms Mitch Shults, Intel Corporation October 2011

Introduction 1 Performance on Hosted Server 1. Benchmarks 2. System Requirements 7 Load Balancing 7

Stingray Traffic Manager Sizing Guide

Network Instruments white paper

10.2 Requirements for ShoreTel Enterprise Systems

OpenFlow with Intel Voravit Tanyingyong, Markus Hidell, Peter Sjödin

Legal Notices Introduction... 3

Exploiting Remote Memory Operations to Design Efficient Reconfiguration for Shared Data-Centers over InfiniBand

SYSTEM SETUP FOR SPE PLATFORMS

Arrow ECS sp. z o.o. Oracle Partner Academy training environment with Oracle Virtualization. Oracle Partner HUB

Boosting Data Transfer with TCP Offload Engine Technology

Large-Scale Distributed Computing VL 2010S. Thomas Perl, Stefan Kögl. Bandwidth Allocation in Clouds. Bandwidth Allocation in Clouds

Analyzing Full-Duplex Networks

Terminal Server Software and Hardware Requirements. Terminal Server. Software and Hardware Requirements. Datacolor Match Pigment Datacolor Tools

Sockets vs. RDMA Interface over 10-Gigabit Networks: An In-depth Analysis of the Memory Traffic Bottleneck

An Oracle White Paper August Oracle WebCenter Content 11gR1 Performance Testing Results

The team that wrote this redbook Comments welcome Introduction p. 1 Three phases p. 1 Netfinity Performance Lab p. 2 IBM Center for Microsoft

Adaptec: Snap Server NAS Performance Study

A Performance Monitor based on Virtual Global Time for Clusters of PCs

Parallel Processing and Software Performance. Lukáš Marek

Muse Server Sizing. 18 June Document Version Muse

Windows Compute Cluster Server Miron Krokhmal CTO

Enterprise Edition Technology Overview

Web Space Bandwidth CPU RAM / Burst IP Address Price. Economy 15GB 350GB 1GHz 384MB/512MB 1 $ Standard 50GB 750GB 1.5GHz 1GB/2GB 1 $ 39.

Open Source in Network Administration: the ntop Project

Using VMware VMotion with Oracle Database and EMC CLARiiON Storage Systems

SAN Conceptual and Design Basics

StarWind iscsi SAN: Configuring Global Deduplication May 2012

Transparent Optimization of Grid Server Selection with Real-Time Passive Network Measurements. Marcia Zangrilli and Bruce Lowekamp

Netfilter Performance Testing

Comparing the Network Performance of Windows File Sharing Environments

MedInformatix System Requirements

theguard! Service Management Center (Valid for Version 6.3 and higher)

Oracle Exadata: The World s Fastest Database Machine Exadata Database Machine Architecture

Performance Tuning and Optimizing SQL Databases 2016

Microsoft Exchange Server 2007 and Hyper-V high availability configuration on HP ProLiant BL680c G5 server blades

The new frontier of the DATA acquisition using 1 and 10 Gb/s Ethernet links. Filippo Costa on behalf of the ALICE DAQ group

Performance of Software Switching

How To Compare Two Servers For A Test On A Poweredge R710 And Poweredge G5P (Poweredge) (Power Edge) (Dell) Poweredge Poweredge And Powerpowerpoweredge (Powerpower) G5I (

Microsoft Exchange Solutions on VMware

F-Secure Internet Gatekeeper Virtual Appliance

Fluke Networks NetFlow Tracker

CMS Tier-3 cluster at NISER. Dr. Tania Moulik

Microsoft SQL Server 2012 on Cisco UCS with iscsi-based Storage Access in VMware ESX Virtualization Environment: Performance Study

OpenFlow: Load Balancing in enterprise networks using Floodlight Controller

Vendor and Hardware Platform: Fujitsu BX924 S2 Virtualization Platform: VMware ESX 4.0 Update 2 (build )

Insiders View: Network Security Devices

Convergence-A new keyword for IT infrastructure transformation

Building High-Performance iscsi SAN Configurations. An Alacritech and McDATA Technical Note

Gigabit Ethernet Design

Collecting Packet Traces at High Speed

ACANO SOLUTION VIRTUALIZED DEPLOYMENTS. White Paper. Simon Evans, Acano Chief Scientist

How To Test For Performance And Scalability On A Server With A Multi-Core Computer (For A Large Server)

Amazon EC2 XenApp Scalability Analysis

Performance Characteristics of VMFS and RDM VMware ESX Server 3.0.1

ncap: Wire-speed Packet Capture and Transmission

Performance Evaluation of Linux Bridge

Benchmarking Cassandra on Violin


TheImpactofWeightsonthe Performance of Server Load Balancing(SLB) Systems

XenDesktop 7 Database Sizing

Autodesk Revit 2016 Product Line System Requirements and Recommendations

An Oracle White Paper December Oracle Virtual Desktop Infrastructure: A Design Proposal for Hosted Virtual Desktops

Intel DPDK Boosts Server Appliance Performance White Paper

Sizing guide for SAP and VMware ESX Server running on HP ProLiant x86-64 platforms

System requirements for A+

Transcription:

Packet Capture in 1-Gigabit Ethernet Environments Using Contemporary Commodity Hardware Fabian Schneider Jörg Wallerich Anja Feldmann {fabian,joerg,anja}@net.t-labs.tu-berlin.de Technische Universtität Berlin Deutsche Telekom Laboratories Passive and Active Measurement Conference 5th April 7 Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 1 /

Introduction Motivation Motivation Example Scenario: Network security tool at the edge of your network need access to packet level data for application layer analysis High-speed networks high data and packet rate Challenge: capture full packets without missing any packet One approach: specialized hardware e.g. Monitoring cards from Endace Drawbacks: high costs, single purpose Question: Is it feasible to capture traffic with commodity hardware? Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 2 /

Outline Monitoring 1-Gigabit 1 Monitoring 1-Gigabit Approach Link Bundling 2 Comparing 1-Gigabit Monitoring Systems 3 Results 4 Summary Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 3 /

Monitoring 1-Gigabit Approach Approach for 1-Gigabit Monitoring Problem: No recent host bus or disk system can handle the bandwidth needs of 1-Gigabit environments Solution: split up traffic and distribute the load (e.g. 1-Gigabit on multiple 1-Gigabit links) Use a switch: e.g. link bundling feature Use specialized hardware Keep corresponding data together! Monitor 1GigE 1 x 1GigE Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 4 /

Monitoring 1-Gigabit Link Bundling Link Bundling Feasibility Etherchannel (Cisco) feature enables link-bundling for: higher bandwidth, redundancy,... or load-balancing e. g. for Webservers Feasibility test: Tested on a Cisco 375 1-Gigabit Ethernet link split on eight FastEthernet (1 Mbit/s) links. Assign packets to links based on both IP addresses. It works with real traffic! Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 5 /

Monitoring 1-Gigabit Link Bundling Link Bundling Load-Balancing Simple switches use only MAC addresses Not useful for a router-to-router link On a Cisco 375: any combination of IP and/or MAC addresses is sufficient for our example scenario On a Cisco 65xx: MAC s, IP s, and/or Port Numbers Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 6 /

Comparing 1-Gigabit Monitoring Systems Comparing 1-Gigabit Monitoring Systems 1 Monitoring 1-Gigabit 2 Comparing 1-Gigabit Monitoring Systems Methodology System under Test Measurement Setup 3 Results 4 Summary Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 7 /

Methodology Comparing 1-Gigabit Monitoring Systems Methodology Comparable priced systems with Different processor architectures Different operating systems Task of those systems: Capture full packets Do not analyze them (Out-of-Scope) Workload: All system are subject to identical input Increase bandwidth up to a fully loaded Gigabit link Realistic packet size distribution Measurement Categories: Capturing Rate: number of captured packets (simple libpcap app) System Load: CPU usage while capturing (simple top like app) Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 8 /

Comparing 1-Gigabit Monitoring Systems System under Test Systems under Test Two examples of any of the systems: One installed with Linux The other with FreeBSD First set of systems purchased in 5: 2x AMD Opteron 244 (1 MB Cache, 1.8 GHz), 2x Intel Xeon (Netburst, 512 kb Cache, 3.6 GHz), Second set purchased in 6: 2x Dual Core AMD Opteron 27 (1 MB Cache, 2. GHz) All: 2 Gbytes of RAM, optical Intel Gigabit Ethernet card, RAID array Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 9 /

Comparing 1-Gigabit Monitoring Systems Measurement Setup Measurement Setup Generator (LKPG) eth SNMP Interface Counter Queries eth2 eth1 Workload -> Cisco C35XL optical Splitter (mulitiplies every Signal) Linux/ AMD Opteron Linux/ Intel Xeon (Netburst) FreeBSD/ AMD Opteron FreeBSD/ Intel Xeon (Netburst) Control Network Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 1 /

1 Monitoring 1-Gigabit 2 Comparing 1-Gigabit Monitoring Systems 3 Results Using multiple processors? Increasing buffer sizes Additional Insights (I) Write to disk Additional Insights (II) } first set of systems measurements } second set of systems measurements 4 Summary Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 11 /

Using multiple processors? 1 9 8 7 6 5 4 1 (32) no SMP, no HT, std. buffers, 1 app, no filter, no load Single processor, 1 st Set Upper Part: Capturing Rate Linux/AMD Linux/Intel FreeBSD/AMD FreeBSD/Intel Lower Part: CPU Usage SP: 1% corresponds to one fully utilised processor MP: 5% corresponds to one fully utilised processor X-Axis: Generated Bandwidth 5 1 15 25 35 4 45 5 55 6 65 7 75 8 85 9 95 Datarate [Mbit/s] Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 12 / 1 9 8 7 6 5 4 1

Using multiple processors? 1 9 8 7 6 5 4 1 (32) no SMP, no HT, std. buffers, 1 app, no filter, no load Single processor, 1 st Set Linux/AMD Linux/Intel FreeBSD/AMD FreeBSD/Intel 5 1 15 25 35 4 45 5 55 6 65 7 75 8 85 9 95 Datarate [Mbit/s] Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 12 / 1 9 8 7 6 5 4 1

Using multiple processors? 1 9 8 7 6 5 4 1 (32) no SMP, no HT, std. buffers, 1 app, no filter, no load Single processor, 1 st Set Sharp decline at high data rates Linux/AMD Linux/Intel FreeBSD/AMD FreeBSD/Intel Opteron/FreeBSD system performs best 5 1 15 25 35 4 45 5 55 6 65 7 75 8 85 9 95 Datarate [Mbit/s] Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 12 / 1 9 8 7 6 5 4 1

Using multiple processors? 1 9 8 7 6 5 4 1 (31) SMP, no HT, std. buffers, 1 app, no filter, no load Multiprocessor (SMP), 1 st Set Linux/AMD Linux/Intel FreeBSD/AMD FreeBSD/Intel 5 1 15 25 35 4 45 5 55 6 65 7 75 8 85 9 95 Datarate [Mbit/s] Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 13 / 1 9 8 7 6 5 4 1

Using multiple processors? 1 9 8 7 6 5 4 1 (31) SMP, no HT, std. buffers, 1 app, no filter, no load Multiprocessor (SMP), 1 st Set All systems are benefitting...... even though the second processor is not used extensively Linux/AMD Linux/Intel FreeBSD/AMD FreeBSD/Intel 5 1 15 25 35 4 45 5 55 6 65 7 75 8 85 9 95 Datarate [Mbit/s] Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 13 / 1 9 8 7 6 5 4 1

Increasing buffer sizes Increasing Buffer Sizes? Setup: First Set of systems Dual processor Increased buffer sizes Operating system buffers: FreeBSD 6.x: sysctl s net.bpf.bufsize and net.bpf.maxbufsize FreeBSD 5.x: sysctl s debug.bpf bufsize and debug.maxbpf bufsize Linux: /proc/sys/net/core/rmem default, /proc/sys/net/core/rmem max, and /proc/sys/net/core/netdev max backlog Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 14 /

Increasing buffer sizes 1 9 8 7 6 5 4 1 (17) SMP, no HT, inc. buffers, 1 app, no filter, no load increased buffers, 1 st Set Linux/AMD Linux/Intel FreeBSD/AMD FreeBSD/Intel 5 1 15 25 35 4 45 5 55 6 65 7 75 8 85 9 95 Datarate [Mbit/s] Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 15 / 1 9 8 7 6 5 4 1

Increasing buffer sizes 1 9 8 7 6 5 4 1 (17) SMP, no HT, inc. buffers, 1 app, no filter, no load increased buffers, 1 st Set Linux/AMD Linux/Intel FreeBSD/AMD FreeBSD/Intel The capturing rate could be increased again 5 1 15 25 35 4 45 5 55 6 65 7 75 8 85 9 95 Datarate [Mbit/s] Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 15 / 1 9 8 7 6 5 4 1

Additional Insights (I) Additional Insights First set of measurements Filtering is cheap with respect to its benefit (reduced packet processing) Running multiple capturing applications concurrently leads to bad performance. Measurement with additional compression show some advantage for Intel Systems Intel Hyperthreading does not change the performance using the memory-map patch from Phil Woods (Linux only) does help Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 16 /

Write to disk Writing packets to disk? preliminary measurements have shown that newer system do not lose any packet: with buffers, SMP, etc. disk writing speed is not the bottleneck Setup: Newer systems: 2x dual core AMD systems CPU usage: 25% correspond to one fully utilized processor Increased buffer sizes No filter Linux vs. FreeBSD 32bit vs. 64bit OS es Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 17 /

Write to disk 1 9 8 7 6 5 4 1 (2-8) SMP, no HT, inc. buffers, 1 app, no filter, writing to disk Writing to disk, 2 nd Set 32bit FreeBSD/Opteron 64bit FreeBSD/Opteron 32bit Linux/Opteron 64bit Linux/Opteron 5 1 15 25 35 4 45 5 55 6 65 7 75 8 85 9 95 1 9 8 7 6 5 4 1 Datarate [Mbit/s] Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 18 /

Write to disk 1 9 8 7 6 5 4 1 (2-8) SMP, no HT, inc. buffers, 1 app, no filter, writing to disk Writing to disk, 2 nd Set Feasible up to 6-7 Mbit/s! 32bit FreeBSD/Opteron 64bit FreeBSD/Opteron 32bit Linux/Opteron 64bit Linux/Opteron 5 1 15 25 35 4 45 5 55 6 65 7 75 8 85 9 95 1 9 8 7 6 5 4 1 Datarate [Mbit/s] Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 18 /

Additional Insights (II) Additional Insights Second set of measurements additional load (copying the packets in memory) shows significantly better performance for FreeBSD 64bit systems drop more packets Using 4 cores (2x Dual Core) is slightly better than 2 cores (1x Dual Core) Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 19 /

Summary Summary Split up 1-Gigabit on multiple 1-Gigabit monitoring systems FreeBSD/AMD Opteron combination in general performs best Utilizing multiple processors proves to be benefitting Choosing large enough buffer size is important Capturing full traces to disk is feasible up to about 6-7 Mbit/s For further information see: High Performance Packet Capture http://www.net.t-labs.tu-berlin.de/research/hppc/ Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 1-Gigabit Ethernet Links PAM 7 /

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information