Research on DPDK Based High-Speed Network Traffic Analysis

下载 0

幸运号

发布于

2286

人观看

信息技术

网络流量分析的主要目的为:

商业内容分析，比如运营上的广告推荐
性能监控
信息安全

DPDK作为一个高速网络互联手段，如何分析网络流量呢？

展开查看详情

1 .Research on DPDK Based High-Speed Network Traffic Analysis Zihao Wang Network & Information Center Shanghai Jiao Tong University

2 .Outline 1 Background 2 Overview 3 DPDK Based Traffic Analysis 4 Experiment 5 Conclusion

3 . Page . 3 Usage of Traffic ▪ Business Benefit ▪ ISPs’ personalized advertising ▪ Performance Monitoring ▪ Security

4 . Page . 4 Mainstream Traffic Analysis Method ▪ Protocol Analysis ▪ Port based method ▪ Payload based method ▪ Statistical approach based method ▪ Content Analysis

5 . Page . 5 Current Packet Capture Engine ▪ Libpcap/Winpcap ▪ PF_RING ▪ Netmap

6 . Page . 6 DPDK Framework

7 . Page . 7 Why DPDK ▪ Zero Copy ▪ Poll Mode Driver Architecture ▪ Fine Hardware Support ▪ Use Pointer As Much As Possible ▪ Easy-to-use Ring Manager ▪ Packet Forwarding Algorithm Support ▪ Native IPv6 Support

8 . Page . 8 Traditional Capture Engine

9 . Page . 9 Traditional Capture Engine

10 . Page . 10 DPDK Based Traffic Analysis System ▪ Load balancing

11 . Page . 11 DPDK Based Packet Capture ▪ pdump User Space

12 . Page . 12 DPDK Based Packet Capture ▪ KNI User Space

13 . Page . 13 DPDK Based Packet Capture ▪ Pdump Based ▪ Copied by port driver ▪ Dumped by pdump program ▪ KNI Based ▪ Copied in user space ▪ Send to kernel ▪ Dumped by pcap API

14 . Page . 14 DPDK Based Packet Capture ▪ Pdump Based ▪ Easy to use ▪ Copied once ▪ KNI Based ▪ Need to create new thread ▪ Poor performance ▪ Highly customizable ▪ System API supported ▪ Recommended for bypass capture

15 . Page . 15 DPDK Based Traffic Analysis System ▪ Basic Architecture

16 . Page . 16 DPDK Based Packet Capture ▪ User Space

17 . Page . 17 Compared with DPDK Based Packet Capture ▪ Pdump Based ▪ Slow down the main business ▪ Uncompressed file IO ▪ Copy at least once ▪ KNI Based ▪ Poor performance ▪ Using kernel protocol stack ▪ More copy operation

18 . Page . 18 DPDK Based Packet Analysis

19 . Page . 19 DPDK Based Packet Analysis ▪ Multiple Producers Queue ▪ Flow Classification Support ▪ Highly customizable ▪ Improve CPU cache hit rate ▪ Avoid resource competition ▪ Expand support for both dimensions

20 . Page . 20 Detailed Design ▪ Environment Abstraction Layer ▪ Set CPU affinity ▪ Set Hugepage ▪ Reload hardware by PMD

21 . Page . 21 Detailed Design ▪ Packet Capture Layer ▪ Get device information ▪ Initialize ports ▪ RSS ▪ Producer queue ▪ Consumer queue ▪ Binding threads

22 . Page . 22 Detailed Design ▪ Packet Capture Layer ▪ Initialize ports

23 . Page . 23 Detailed Design ▪ Packet Processing Layer ▪ Consumer queue management ▪ Data analysis ▪ Software migration

24 . Page . 24 Detailed Design ▪ Packet Processing Layer ▪ Pcap compatible

25 . Page . 25 Detailed Design ▪ Packet Processing Layer ▪ IPv6 support ▪ Making use of kernel protocol stack

26 . Page . 26 Detailed Design ▪ Packet Processing Layer ▪ IPv6 support ▪ Making use of kernel protocol stack

27 . Page . 27 Detailed Design ▪ Packet Processing Layer ▪ IPv6 support ▪ Make use of DPDK IPv6 Support

28 . Page . 28 Detailed Design ▪ Packet Processing Layer ▪ IPv6 support ▪ Make use of DPDK IPv6 Support

29 . Page . 29 Performance Testing ▪ Using SJTU campus network traffic as testing background ▪ Add feature packets to the traffic ▪ Using analysis system dealing with the traffic ▪ Counting feature ones in the analysis result ▪ Comparing with the number of total feature packets, and evaluating system performance

0 点赞

0 收藏

0下载