展开查看详情
1 .Research on DPDK Based High-Speed
Network Traffic Analysis
Zihao Wang
Network & Information Center
Shanghai Jiao Tong University
�
2 .Outline
1 Background
2 Overview
3 DPDK Based Traffic Analysis
4 Experiment
5 Conclusion
�
3 . Page . 3
Usage of Traffic
▪ Business Benefit
▪ ISPs’ personalized advertising
▪ Performance Monitoring
▪ Security
�
4 . Page . 4
Mainstream Traffic Analysis Method
▪ Protocol Analysis
▪ Port based method
▪ Payload based method
▪ Statistical approach based method
▪ Content Analysis
�
5 . Page . 5
Current Packet Capture Engine
▪ Libpcap/Winpcap
▪ PF_RING
▪ Netmap
�
6 . Page . 6
DPDK Framework
�
7 . Page . 7
Why DPDK
▪ Zero Copy
▪ Poll Mode Driver Architecture
▪ Fine Hardware Support
▪ Use Pointer As Much As Possible
▪ Easy-to-use Ring Manager
▪ Packet Forwarding Algorithm Support
▪ Native IPv6 Support
�
8 . Page . 8
Traditional Capture Engine
�
9 . Page . 9
Traditional Capture Engine
�
10 . Page . 10
DPDK Based Traffic Analysis System
▪ Load balancing
�
11 . Page . 11
DPDK Based Packet Capture
▪ pdump
User Space
�
12 . Page . 12
DPDK Based Packet Capture
▪ KNI
User Space
�
13 . Page . 13
DPDK Based Packet Capture
▪ Pdump Based
▪ Copied by port driver
▪ Dumped by pdump program
▪ KNI Based
▪ Copied in user space
▪ Send to kernel
▪ Dumped by pcap API
�
14 . Page . 14
DPDK Based Packet Capture
▪ Pdump Based
▪ Easy to use
▪ Copied once
▪ KNI Based
▪ Need to create new thread
▪ Poor performance
▪ Highly customizable
▪ System API supported
▪ Recommended for bypass capture
�
15 . Page . 15
DPDK Based Traffic Analysis System
▪ Basic Architecture
�
16 . Page . 16
DPDK Based Packet Capture
▪ User Space
�
17 . Page . 17
Compared with DPDK Based Packet Capture
▪ Pdump Based
▪ Slow down the main business
▪ Uncompressed file IO
▪ Copy at least once
▪ KNI Based
▪ Poor performance
▪ Using kernel protocol stack
▪ More copy operation
�
18 . Page . 18
DPDK Based Packet Analysis
�
19 . Page . 19
DPDK Based Packet Analysis
▪ Multiple Producers Queue
▪ Flow Classification Support
▪ Highly customizable
▪ Improve CPU cache hit rate
▪ Avoid resource competition
▪ Expand support for both dimensions
�
20 . Page . 20
Detailed Design
▪ Environment Abstraction Layer
▪ Set CPU affinity
▪ Set Hugepage
▪ Reload hardware by PMD
�
21 . Page . 21
Detailed Design
▪ Packet Capture Layer
▪ Get device information
▪ Initialize ports
▪ RSS
▪ Producer queue
▪ Consumer queue
▪ Binding threads
�
22 . Page . 22
Detailed Design
▪ Packet Capture Layer
▪ Initialize ports
�
23 . Page . 23
Detailed Design
▪ Packet Processing Layer
▪ Consumer queue management
▪ Data analysis
▪ Software migration
�
24 . Page . 24
Detailed Design
▪ Packet Processing Layer
▪ Pcap compatible
�
25 . Page . 25
Detailed Design
▪ Packet Processing Layer
▪ IPv6 support
▪ Making use of kernel protocol stack
�
26 . Page . 26
Detailed Design
▪ Packet Processing Layer
▪ IPv6 support
▪ Making use of kernel protocol stack
�
27 . Page . 27
Detailed Design
▪ Packet Processing Layer
▪ IPv6 support
▪ Make use of DPDK IPv6 Support
�
28 . Page . 28
Detailed Design
▪ Packet Processing Layer
▪ IPv6 support
▪ Make use of DPDK IPv6 Support
�
29 . Page . 29
Performance Testing
▪ Using SJTU campus network traffic as testing background
▪ Add feature packets to the traffic
▪ Using analysis system dealing with the traffic
▪ Counting feature ones in the analysis result
▪ Comparing with the number of total feature packets, and
evaluating system performance
�
