Enabling Open-Source High Speed Network Monitoring on NetFPGA

Similar documents
Enabling Open-Source High Speed Network Monitoring on NetFPGA

基 於 SDN 與 可 程 式 化 硬 體 架 構 之 雲 端 網 路 系 統 交 換 器

How To Monitor And Test An Ethernet Network On A Computer Or Network Card

The new frontier of the DATA acquisition using 1 and 10 Gb/s Ethernet links. Filippo Costa on behalf of the ALICE DAQ group

Open Flow Controller and Switch Datasheet

Infrastructure for active and passive measurements at 10Gbps and beyond

How Router Technology Shapes Inter-Cloud Computing Service Architecture for The Future Internet

Reducing Network Traffic in CERNET

A low-cost, connection aware, load-balancing solution for distributing Gigabit Ethernet traffic between two intrusion detection systems

Stress-Testing a Gbps Intrusion Prevention Device on DETER

RTP Performance Enhancing Proxy

Precision Time Protocol (PTP/IEEE-1588)

Best Practises for LabVIEW FPGA Design Flow. uk.ni.com ireland.ni.com

Software-Defined Traffic Measurement with OpenSketch

A Wire-speed Packet Classification and Capture Module for NetFPGA

I3: Maximizing Packet Capture Performance. Andrew Brown

measurement metrics measurement techniques throughput measurement packet processing overhead packet size in real traffic

Technical Bulletin. Enabling Arista Advanced Monitoring. Overview

A Low Latency Library in FPGA Hardware for High Frequency Trading (HFT)

Networking Virtualization Using FPGAs

Distributed Monitoring Pervasive Visibility & Monitoring, Selective Drill-Down

Bro at 10 Gps: Current Testing and Plans

10 Gbit Hardware Packet Filtering Using Commodity Network Adapters. Luca Deri Joseph Gasparakis

SCAMPI Programmable hardware for network monitoring. Masaryk University

Wireshark in a Multi-Core Environment Using Hardware Acceleration Presenter: Pete Sanders, Napatech Inc. Sharkfest 2009 Stanford University

OpenFlow with Intel Voravit Tanyingyong, Markus Hidell, Peter Sjödin

PRESTA 10G Platform for High-accuracy 10-Gb/s Network Monitoring

Open-source routing at 10Gb/s

Building an Accelerated and Energy-Efficient Traffic Monitor onto the NetFPGA platform

DEVELOPMENT OF DEVICES AND METHODS FOR PHASE AND AC LINEARITY MEASUREMENTS IN DIGITIZERS

Wire-speed Packet Capture and Transmission

THe Internet provides a critical infrastructure for a

Gigabit Ethernet Packet Capture. User s Guide

Network Traffic Monitoring an architecture using associative processing.

High-Density Network Flow Monitoring

Optimizing TCP Forwarding

Development of perfsonar-measurement Archive (MA) Capability based on PRESTA 10G

Computer Architecture

Linuxflow: A High Speed Backbone Measurement Facility

UPC team: Pere Barlet-Ros Josep Solé-Pareta Josep Sanjuàs Diego Amores Intel sponsor: Gianluca Iannaccone

HANIC 100G: Hardware accelerator for 100 Gbps network traffic monitoring

Outline. Institute of Computer and Communication Network Engineering. Institute of Computer and Communication Network Engineering

Analysis of Industrial PROFINET in the Task of Controlling a Dynamic System**

FPGA-based Multithreading for In-Memory Hash Joins

C-GEP 100 Monitoring application user manual

NetFlow probe on NetFPGA

Observer Analysis Advantages

Putting it on the NIC: A Case Study on application offloading to a Network Interface Card (NIC)

Internet on Chip. Dr. Johannes Wolkerstorfer Gigabit Ethernet and Programmable Hardware. x Face. Realraum Graz, January 26th 2010

Am186ER/Am188ER AMD Continues 16-bit Innovation

Challenges in high speed packet processing

7a. System-on-chip design and prototyping platforms

Chapter 11 I/O Management and Disk Scheduling

DS1104 R&D Controller Board

Network File System (NFS) Pradipta De

IP Network Monitoring and Measurements: Techniques and Experiences

Intel DPDK Boosts Server Appliance Performance White Paper

Hardware Acceleration for High-density Datacenter Monitoring

Distributed Elastic Switch Architecture for efficient Networks-on-FPGAs

High-Performance IP Service Node with Layer 4 to 7 Packet Processing Features

Network Instruments white paper

Dynamic Network Resources Allocation in Grids through a Grid Network Resource Broker

Software Datapath Acceleration for Stateless Packet Processing

Exploiting Stateful Inspection of Network Security in Reconfigurable Hardware

Gigabit Ethernet Design

Implementation and Performance Evaluation of M-VIA on AceNIC Gigabit Ethernet Card

The Bus (PCI and PCI-Express)

Traffic Trace Artifacts due to Monitoring Via Port Mirroring

Data Center Quantized Congestion Notification (QCN): Implementation and Evaluation on NetFPGA June 14th

LogiCORE IP AXI Performance Monitor v2.00.a

AFDX networks. Computers and Real-Time Group, University of Cantabria

Resource Utilization of Middleware Components in Embedded Systems

Presentation of Diagnosing performance overheads in the Xen virtual machine environment

OPTIMIZE DMA CONFIGURATION IN ENCRYPTION USE CASE. Guillène Ribière, CEO, System Architect

Chuck Cranor, Ted Johnson, Oliver Spatscheck

APRIL 2010 HIGH PERFORMANCE NETWORK SECURITY APPLIANCES

A Performance Monitor based on Virtual Global Time for Clusters of PCs

Technical Bulletin. Arista LANZ Overview. Overview

Network monitoring in high-speed links

Observer Probe Family

ORAN: OpenFlow Routers for Academic Networks

How to (passively) understand the application layer? Packet Monitoring

Experiences Deploying and Operating a Large-Scale Monitoring Infrastructure

Router Architectures

Computer Systems Structure Input/Output

How To Monitor A Network With A Network Probe

Non-Data Aided Carrier Offset Compensation for SDR Implementation

TICKETing High-Speed Traffic with Commodity Hardware and Software

QoS & Traffic Management

Precision Clock Synchronization

Hardware acceleration enhancing network security

Distributed Network Monitoring. netbeez.net Booth #2344

Implementing Open flow switch using FPGA based platform

Trading at the Speed of Light

DiCAP: Distributed Packet Capturing Architecture for High-Speed Network Links

AXI Performance Monitor v5.0

An Aggregation Technique for Traffic Monitoring. Kenjiro Cho, Ryo Kaizaki, and Akira Kato

Analyzing Full-Duplex Networks

Sockets vs. RDMA Interface over 10-Gigabit Networks: An In-depth Analysis of the Memory Traffic Bottleneck

High-Stability Time Adjustment with Real-Time Clock Module

Transcription:

Network Operations and Management Symposium (NOMS) 2012 Enabling Open-Source High Speed Network Monitoring on NetFPGA Gianni Antichi, Stefano Giordano Email: <first.last>@iet.unipi.it Department of Information Engineering University of Pisa David J. Miller, Andrew W. Moore Email: <first.last>@cl.cam.ac.uk Computer Laboratory University of Cambridge 1

Introduction Why monitor Security Billing Performance and provisioning Research Active (eg NLANR AMP project) vs passive monitoring solutions Challenges Packet loss System load Cost 2

Introduction (cont d) Challenges (con d) Series vs parallel monitoring Parallel Copper network links require an expensive active tap Passive optical splitters are inexpensive Series Cheap Offers possibility of building an Intrusion Prevention System Extra latency Risk of interruption of the link 3

The problem... is choice. Characteristics of an ideal measurement /monitoring solution: Accurate timestamps [better] Guarantee no loss of information (or at least records exactly where records have been lost) [faster] Inexpensive [cheaper] Pick any two! Software solutions are cheap adequate for low-speed networks or when timestamp accuracy not critical but don t scale. Hardware solutions are very accurate (timestamps and packet loss) scale well but can be very expensive. 4

Motivations NetFPGA platform offers a third alternative open and low-cost but with performance of hardware-based solutions including possibility of filtering unwanted traffic flexibility of parallel or series installation 5

NetFPGA platform Line rate, flexible and open platform for research and classroom experimentation NetFPGA has: Xilinx FPGA Virtex2Pro. 4 GigE copper ports. 4.5 MB of SRAM and 64MB of DRAM. 6

NetFPGA architecture User datapath 8 different rx/tx queues (CPU and physical) Unified by Input Arbiter into single packet stream Demultiplexed into respective port according to Output Port Lookup 7

Our Solution (Hardware Plane) Packets time-stamped at very earliest possible moment (i.e. at the RGMII interface) to minimise jitter caused by FIFOs The Core Monitoring module performs filtering by flow 8

Pipeline Timestamps pass in a side channel parallel with the main packet data path. 9

Time-Stamping module Free-running counter? We could use a 64-bit timestamp driven by the 125MHz the system clock (naïve solution). Provides no means by which to correct oscillator frequency drift Produces time-stamps expressed in unit of 8 ns Fixed-point representation of time in seconds more useful to host A more accurate solution DDS (Direct Digital Synthesis) Technique by which arbitrary variable frequencies can be generated using FPGA-friendly purely synchronous digital logic (how DAG works). Need a time reference to correct DDS rate Optimal solution: PPS from GPS receiver 10

Independent Rate Controlled Time-stamper Two problems using the GPS: NetFPGA has no easy GPS input. The logistics of installing GPS equipment can be quite difficult. Independent Rate Controlled Time-stamper (IRCT) Two oscillators will not drift at the same time We decide to use two local, independent oscillators to estimate drift. We use one oscillator as time-stamper and the second to derive a PPS. We can implement the algorithm entirely inside the FPGA NTP would provide better long term stability at cost of short-term jitter and dealing with PCI latency 11

Filtering stage All packets received are retransmitted. While the internal NetFPGA datapath can cope with full-rate, minimum sized packets, the NetFPGA PCI interface lacks the bandwidth to record all traffic 5-Tuple filter stage Packets that match one of up to 32 filter rules are also copied verbatim, with their time-stamp prepended, to the host. We use the TCAM modules available in Xilinx CoreGen. 12 TCAMs are fast and permit on-the-fly rule updates.

Our Solution (Software Plane) We modified the NetFPGA kernel device driver to strip off the prepended timestamp and to store this timestamp in the packet s struct sk_buff before the packet is passed on. A recent 2.6 kernel that contains a ktime_t timestamp in struct sk_buff must be used to assure nanosecond granularity. We modified libpcap (and tcpdump along with it) to return struct timespecs istead of struct timevals. We provide an auxiliary command-line tool for TCAM rule management which also initialises the hardware timestamp counter with the current date and time. 13

Our Solution (Software Plane) We also provide a Statistics Daemon (with an interface for NAGIOS) which tracks captured-traffic Only traffic that matches the currently loaded rule-set. Optionally records the traffic with nanosecond time-stamps to disc in a PCAP-compatible file. The daemon keeps aggregate counts for: Total packets. Total bytes. Number of IP/non-IP packets. Number of TCP/UDP packets. Number of TCP SYN/FIN/RST and options. Mean inter-arrival time. Mean bit-rate. 14

Performance Evaluation Time-stamp accurancy We used TCPReplay with a real traffic trace as software traffic generator nf2c1 stands for one of the four physical ports of NetFPGA board eth1 is one of the ports of the NIC connected to the PC where NetFPGA is hosted 15

Performance Evaluation Comparison of the two absolute drift with the naïve time-stamping module 16

Performance Evaluation Comparison between the two oscillators with the naïve time-stamping module 17

Performance Evaluation Comparison between the two oscillator with the IRCT module -1.8 msec 60 sec 18

Conclusions and Future Works We have introduced a flexible yet cost-effective passive monitoring system based on a cooperative PC/NetFPGA architecture. Promising results and compares favourably with a widelyrecognised commercial system for traffic while having a significantly lower cost Future works: Port to the shiney new NetFPGA 10G Add support for an external time-base Expand the available pool of selection filters by replacing the TCAMbased filter with a Bloom Filter. 19

20 NetFPGA 10G!

Network Operations and Management Symposium (NOMS) 2012 Enabling Open-Source High Speed Network Monitoring on NetFPGA Gianni Antichi, Stefano Giordano Email: <first.last>@iet.unipi.it Department of Information Engineering University of Pisa David J. Miller, Andrew W. Moore Email: <first.last>@cl.cam.ac.uk Computer Laboratory University of Cambridge 21

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information