Junchang Wang,Haipeng Cheng,Bei Hua,Xinan Tang

DOI: https://doi.org/10.1145/1542275.1542307

2009-01-01

Abstract:The industry wide shift to multi-core architectures arouses great interests in parallelizing sequential applications. However, it I S very difficult to parallelize fine-grained applications for multicore architectures due to insufficient hardware support of fast communication and synchronization. Fortunately, network applications can be decomposed into pipelined structures that are amenable to streaming based parallel processing. To realize the potential of pipelining on multi-core architectures, it requires reevaluating the basic tradeoffs in parallel processing, including the ones between load balance and data locality and between general lock mechanisms and special lock-free data structures. This paper presents the practice of building a high-performance multi-core based network processing platform in which connection-affinity and lock-free design principles are applied effectively for better data locality and faster core-to-core synchronization and communication.We parallelize a complete Layer 2 to Layer 7 (L2-L7) network processing system on an Intel Core 2 Quad processor, including a TCP/IP stack based on Libnids (L2-L4) and a port-independent protocol identification engine by deep packet inspection (L7+). Furthermore, we develop a compiling method to transform sequential network applications to parallel ones to enable those applications to run on multi-core architectures. Our experience suggests that (1) fine-grained pipelining can be a good software solution for parallelizing network applications on multi-core architectures if connection-affinity and lock-free are used as the first design principles; (2) a delicate partitioning scheme is required to map pipelined structures onto specific multi-core architecture; (3) an automatic parallelization approach can work if domain knowledge is considered in the parallelizing process. Our multi-core based network processing platform can deliver not only 6Gbps processing speed for large packet sizes but also more challenging 2Gbps speed for smaller packets.

Tianzhu Zhang,Leonardo Linguaglossa,Massimo Gallo,Paolo Giaccone,Dario Rossi

DOI: https://doi.org/10.23919/tma.2018.8506565

2018-01-01

Abstract:Testing experimental network devices requires deep performance analysis, which is usually performed with expensive, not flexible, hardware equipment. With the advent of highspeed packet I/O frameworks, general purpose equipments have narrowed the performance gap in respect of dedicated hardware and a variety of software-based solutions have emerged for handling traffic at very high speed. While the literature abounds with software traffic generators, existing monitoring solutions do not target worst-case scenarios (i.e., 64B packets at line rate) that are particularly relevant for stress-testing high-speed network functions, or occupy too many resources. In this paper we first analyse the design space for high-speed traffic monitoring that leads us to specific choices characterizing FlowMon-DPDK, a DPDK-based software traffic monitor that we release as an open source project. In a nutshell, FlowMon-DPDK provides tunable fine-grained statistics at both packet and flow levels. Experimental results demonstrate that our traffic monitor is able to provide per-flow statistics with 5-nines precision at high-speed (14.88 Mpps) using an exiguous amount of resources. Finally, we showcase FlowMon-DPDK usage by testing two open source prototypes for stateful flow-level end-host and in-network packet processing.

Ling Ruilin,Li Junfeng,Li Dan

DOI: https://doi.org/10.7544/issn1000-1239.2017.20160823

2017-01-01

Journal of Computer Research and Development

Abstract:With the development of Internet application and the increase of network bandwidth,security issues become increasingly serious.In addition to the spread of the virus,spams and DDoS attacks,there have been lots of strongly hidden attack methods.Network probe tools which are deployed as a bypass device at the gateway of the intranet,can collect all the traffic of the current network and analyze them.The most important module of the network probe is packet capture.In Linux network protocol stack,there are many performance bottlenecks in the procedure of packets processing which cannot meet the demand of high speed network environment.In this paper,we introduce several new packet capture engines based on zero-copy and multi-core technology.Further,we design and implement a scalable high performance packet capture framework based on Intel DPDK,which uses RSS (receiver-side scaling) to make packet capture parallelization and customize the packet processing.Additionally,this paper also discusses more effective and fair Hash function by which data packet can be deliveried to different receiving queues.In evaluation,we can see that the system can capture and process the packets in nearly line-speed and balance the load between CPU cores.

Junchang Wang,Kai Zhang,Bei Hua

DOI: https://doi.org/10.1109/chinacom.2012.6417441

2012-01-01

Abstract:Parallelizing fine-grained network applications on general-purpose multi-core architectures is a big challenge, as it requires fast core-to-core synchronization that is not supported for now. This paper proposes a methodology for parallelizing legacy sequential network applications on multi-core architectures with only minor code rewriting. Single Program Multiple Data (SPMD) parallel programming style is used to retain the control flow of sequential code, and then data structures potentially involving data racing are replaced with customized lock-free data structures based on domain knowledge. We evaluate the methodology by parallelizing a sequential TCP SYN flood detection program on Intel Quad processors, and gain inspiring results.

Luca Deri,Alfredo Cardigliano,Francesco Fusco

2024-07-23

Abstract:The exponential growth of data traffic and the increasing complexity of networked applications demand effective solutions capable of passively inspecting and analysing the network traffic for monitoring and security purposes. Implementing network probes in software using general-purpose operating systems has been made possible by advances in packet-capture technologies, such as kernel-bypass frameworks, and by multi-queue adapters designed to distribute the network workload in multi-core processors. Modern SmartNICs, in addition, have introduced stateful mechanisms to associate actions to network flows such as forwarding packets or updating traffic statistics for an individual flow. In this paper, we describe our experience in exploiting those functionalities in a modern network probe and we perform a detailed study of the performance characteristics under different scenarios. Compared to pure CPU-based solutions, SmartNICs with flow-offload technologies provide substantial benefits when implementing forwarding applications. However, the main limitation of having to keep large flow tables in the host memory remains largely unsolved for realistic monitoring and security applications.

Networking and Internet Architecture

Jordi Ros-Giralt,Alan Commike,Peter Cullen,Richard Lethin

DOI: https://doi.org/10.48550/arXiv.1711.06754

2017-11-18

Abstract:As the sheer amount of computer generated data continues to grow exponentially, new bottlenecks are unveiled that require rethinking our traditional software and hardware architectures. In this paper we present five algorithms and data structures (long queue emulation, lockless bimodal queues, tail early dropping, LFN tables, and multiresolution priority queues) designed to optimize the process of analyzing network traffic. We integrated these optimizations on R-Scope, a high performance network appliance that runs the Bro network analyzer, and present benchmarks showcasing performance speed ups of 5X at traffic rates of 10 Gbps.

Networking and Internet Architecture

Tianzhu Zhang,Leonardo Linguaglossa,Massimo Gallo,Paolo Giaccone,Dario Rossi

DOI: https://doi.org/10.1109/tnsm.2019.2913710

2019-01-01

IEEE Transactions on Network and Service Management

Abstract:In the last few years, several software-based solutions have been proved to be very efficient for high-speed packet processing, traffic generation, and monitoring, and can be considered valid alternatives to expensive and non-flexible hardware-based solutions. In this paper, we first benchmark heterogeneous design choices for software-based packet monitoring systems in terms of achievable performance and required resources (i.e., the number of CPU cores). Building on this extensive analysis we design FloWatcher-DPDK, a DPDK-based high-speed software traffic monitor we provide to the community as an open source project. In a nutshell, FloWatcher-DPDK provides tunable fine-grained statistics at packet and flow levels. Experimental results demonstrate that FloWatcher-DPDK sustains per-flow statistics with 5-nines precision at high-speed (e.g., 14.88 Mpps) using a limited amount of resources. Finally, we showcase the usage of FloWatcher-DPDK by configuring it to analyze the performance of two open source prototypes for stateful flow-level end-host and in-network packet processing.

Yunsenxiao Lin,Yu Zhou,Zhengzheng Liu,Ke Liu,Yangyang Wang,Mingwei Xu,Jun Bi,Ying Liu,Jianping Wu

DOI: https://doi.org/10.1016/j.comnet.2020.107386

IF: 5.493

2020-10-01

Computer Networks

Abstract:<p>Network telemetry is to collect information (<em>e.g.</em>, hop latency, throughput) from network devices. Network-wide telemetry is critical for operators to understand the quality of network performance and to diagnose on-going failures. The state-of-the-art telemetry approaches are far from ideal as they are unable to fully satisfy diverse requirements of operators, specifically for <em>on-demand, full coverage</em>, and <em>scalable</em> telemetry.</p><p>In this paper, we provide a new framework of network telemetry for data center networks, called <em>NetView</em>. NetView can support various telemetry applications and telemetry frequencies <em>on demand</em>, monitoring each device via proactively sending dedicated probes while only one vantage server is required. Technically, NetView divides the probe into a forwarding stack and a telemetry stack, which are respectively responsible for flexible forwarding and network status monitoring, achieving full <em>coverage</em> and visibility. Besides, a series of probe generation algorithms and update algorithms largely reduce probe number, providing high <em>scalability</em>. The evaluation shows that NetView reduces the bandwidth occupancy by more than two orders of magnitude compared with Pingmesh and INT-path, and conducts network-wide telemetry for the data center network with thousands of switches using only one vantage server, without bringing about resources bottleneck.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Chuwen Zhang,Boyang Zhou,Zerui Tian,Liang Cheng,Yuxi Liu,Huayu Zhang,Song Chen,Ying Wan,Wenquan Xu,Tian Pan,Yang Xu,Yi Wang,Hailong Zhu,Bin Liu

DOI: https://doi.org/10.1109/ICNP55882.2022.9940335

2022-01-01

Abstract:Time-Sensitive Networking (TSN) is proposed in recent years to satisfy the strict performance requirements of time-sensitive traffic in a growing number of emerging applications. Even though several traffic scheduling algorithms have been standardized for TSN to pursue this goal, time-sensitive flows may not be forwarded as planned and thus fail to achieve the expected performance in real networks. The fundamental cause lies in the fact that static offline planning cannot adapt to the intrinsic dynamic factors in TSN (e.g., time-synchronization error) at runtime. Hence, next-generation TSN will benefit from a closed-loop design where a performance monitoring system provides feedback of real-time packet-forwarding information. In our research, TSN-Peeper, a light-weight, fast-response and full-coverage TSN performance monitoring system, is designed and evaluated. This paper describes its architecture design and data collection mechanisms that enable timely identification and collection of packet-forwarding misbehavior at low-cost in TSN. TSN-Peeper offloads the misbehavior identification in the switch to relieve the burden on the controller and network bandwidth. To reduce the interruption frequency to the controller, it uses probe packets to collect misbehavior information in aggregation with optimized path planning. To realize controllable reporting delays, it optimizes the sending moments of probe packets according to the flow settings. Experimental results verify that TSN-Peeper offers fast response with low cost while providing full coverage and being scalable.

Michael Kallitsis,Stilian Stoev,Shrijita Bhattacharya,George Michailidis

DOI: https://doi.org/10.48550/arXiv.1509.00268

2016-01-27

Abstract:The Internet, as a global system of interconnected networks, carries an extensive array of information resources and services. Key requirements include good quality-of-service and protection of the infrastructure from nefarious activity (e.g. distributed denial of service--DDoS--attacks). Network monitoring is essential to network engineering, capacity planning and prevention / mitigation of threats. We develop an open source architecture, AMON (All-packet MONitor), for online monitoring and analysis of multi-gigabit network streams. It leverages the high-performance packet monitor PF RING and is readily deployable on commodity hardware. AMON examines all packets, partitions traffic into sub-streams by using rapid hashing and computes certain real-time data products. The resulting data structures provide views of the intensity and connectivity structure of network traffic at the time-scale of routing. The proposed integrated framework includes modules for the identification of heavy-hitters as well as for visualization and statistical detection at the time-of-onset of high impact events such as DDoS. This allows operators to quickly visualize and diagnose attacks, and limit offline and time consuming post-mortem analysis. We demonstrate our system in the context of real-world attack incidents, and validate it against state-of-the-art alternatives. AMON has been deployed and is currently processing 10Gbps+ live Internet traffic at Merit Network. It is extensible and allows the addition of further statistical and filtering modules for real-time forensics.

Networking and Internet Architecture,Probability,Statistics Theory

李庆海,张德运,张勇,孙朝晖

DOI: https://doi.org/10.3321/j.issn:0253-987X.2003.02.014

2003-01-01

Abstract:Network monitoring and data collection are basic for network usage accounting, network auditing, intrusion detection, protocol analysis, flow statistics and other essential network applications. A parallel model for network monitoring and data collection is proposed to accomplish the mentioned tasks by configuring more than one monitoring agent to monitor the network traffic in a dominant zone. The management agent is to account the data disposed by monitoring agent, the communications between monitoring agent and management agent and the management tasks when something is wrong with monitoring agent. A selected packet algorithm is designed to balance the traffic among monitoring agents, which hashes the crucial fields in packets and keeps the session which the packets belong to. In combination with the parallel agent technology, the efficiency and reliability of network monitoring and data collection are realized by the uniform control of management agents. Theoretic analysis and experiments demonstrate that the parallel strategy is effective for the improvement of network monitoring performance in a broadband network.

Francisco Pereira,Fernando M. V. Ramos,Luis Pedrosa

2023-10-13

Abstract:Software network functions (NFs) trade-off flexibility and ease of deployment for an increased challenge of performance. The traditional way to increase NF performance is by distributing traffic to multiple CPU cores, but this poses a significant challenge: how to parallelize an NF without breaking its semantics? We propose Maestro, a tool that analyzes a sequential implementation of an NF and automatically generates an enhanced parallel version that carefully configures the NIC's Receive Side Scaling mechanism to distribute traffic across cores, while preserving semantics. When possible, Maestro orchestrates a shared-nothing architecture, with each core operating independently without shared memory coordination, maximizing performance. Otherwise, Maestro choreographs a fine-grained read-write locking mechanism that optimizes operation for typical Internet traffic. We parallelized 8 software NFs and show that they generally scale-up linearly until bottlenecked by PCIe when using small packets or by 100Gbps line-rate with typical Internet traffic. Maestro further outperforms modern hardware-based transactional memory mechanisms, even for challenging parallel-unfriendly workloads.

Networking and Internet Architecture

Xinming Chen,Yiyao Wu,Lianghong Xu,Y. Xue

2009-01-01

Abstract:As security threats and network bandwidth increase in a very fast pace, there is a growing interest in designing highperformance network intrusion detection system (NIDS). This paper presents a parallelization strategy for the popular open-source Snort to build a high performance NIDS on multi-core IA platform. A modular design of parallel NIDS based on Snort is proposed in this paper. Named Para-Snort, it enables flexible and easy module design. This paper also analyzed the performance impact of load balancing and multi-pattern matching. Modified-JSQ and AC-WM algorithms are implemented in order to resolve the bottlenecks and improve the performance of the system. Experimental results show that Para-Snort achieves significant speedup of 4 to 6 times for various traces with a 7-thread parallelizing test setup.

Shir Landau Feibish,Zaoxing Liu,Jennifer Rexford

2023-11-05

Abstract:Collecting and analyzing of network traffic data (network telemetry) plays a critical role in managing modern networks. Network administrators analyze their traffic to troubleshoot performance and reliability problems, and to detect and block cyberattacks. However, conventional traffic-measurement techniques offer limited visibility into network conditions and rely on offline analysis. Fortunately, network devices such as switches and network interface cards, are increasingly programmable at the packet level, enabling flexible analysis of the traffic in place, as the packets fly by. However, to operate at high speed, these devices have limited memory and computational resources, leading to trade-offs between accuracy and overhead. In response, an exciting research area emerged, bringing ideas from compact data structures and streaming algorithms to bear on important networking telemetry applications and the unique characteristics of high-speed network devices. In this paper, we review the research on compact data structures for network telemetry and discuss promising directions for future research.

Networking and Internet Architecture

Yang Wu,Xiao-Chun Yun

DOI: https://doi.org/10.1007/978-3-540-30582-8_6

2005-01-01

Abstract:This paper presents and implements a high-performance network monitoring platform (HPNMP) for high bandwidth network intrusion detection system (NIDS). The traffic load on a single machine is heavily reduced in an operation mode of parallel cluster. An efficient user-level messaging mechanism is implemented and a multi-rule packet filter is built at user layer. The results of experiments indicate that HPNMP is capable of reducing the using rate of CPU while improving the efficiency of data collection in NIDS so as to save much more system resources for complex data analysis in NIDS. ...

Qun Huang,Haifeng Sun,Patrick P. C. Lee,Wei Bai,Feng Zhu,Yungang Bao

DOI: https://doi.org/10.1145/3387514.3405877

2020-01-01

Abstract:Network telemetry is essential for administrators to monitor massive data traffic in a network-wide manner. Existing telemetry solutions often face the dilemma between resource efficiency (i.e., low CPU, memory, and bandwidth overhead) and full accuracy (i.e., error-free and holistic measurement). We break this dilemma via a network-wide architectural design OmniMon, which simultaneously achieves resource efficiency and full accuracy in flow-level telemetry for large-scale data centers. OmniMon carefully coordinates the collaboration among different types of entities in the whole network to execute telemetry operations, such that the resource constraints of each entity are satisfied without compromising full accuracy. It further addresses consistency in network-wide epoch synchronization and accountability in error-free packet loss inference. We prototype OmniMon in DPDK and P4. Testbed experiments on commodity servers and Tofino switches demonstrate the effectiveness of OmniMon over state-of-the-art telemetry designs.

Xiaomin Chen,Admela Jukan,Muriel Médard

DOI: https://doi.org/10.48550/arXiv.1304.0637

2013-04-02

Abstract:Parallel transmission, as defined in high-speed Ethernet standards, enables to use less expensive optoelectronics and offers backwards compatibility with legacy Optical Transport Network (OTN) infrastructure. However, optimal parallel transmission does not scale to large networks, as it requires computationally expensive multipath routing algorithms to minimize differential delay, and thus the required buffer size, optimize traffic splitting ratio, and ensure frame synchronization. In this paper, we propose a novel framework for high-speed Ethernet, which we refer to as network coded parallel transmission, capable of effective buffer management and frame synchronization without the need for complex multipath algorithms in the OTN layer. We show that using network coding can reduce the delay caused by packet reordering at the receiver, thus requiring a smaller overall buffer size, while improving the network throughput. We design the framework in full compliance with high-speed Ethernet standards specified in IEEE802.3ba and present solutions for network encoding, data structure of coded parallel transmission, buffer management and decoding at the receiver side. The proposed network coded parallel transmission framework is simple to implement and represents a potential major breakthrough in the system design of future high-speed Ethernet.

Networking and Internet Architecture

Kai Gao,Qiao Xiang,Xin Wang,Yang Richard Yang,Jun Bi

DOI: https://doi.org/10.1109/tnet.2019.2899905

2019-01-01

IEEE/ACM Transactions on Networking

Abstract:Revealing an abstract view of the network is essential for the new paradigm of developing network-aware adaptive applications that can fully leverage the available computation and storage resources and achieve better business values. In this paper, we introduce ONV, a novel abstraction of flow-based on-demand network view. The ONV models network views as linear constraints on network-related variables in application-layer objective functions, and provides "equivalent" network views that allow applications to achieve the same optimal objectives as if they have the global information. We prove the lower bound for the number of links contained in an equivalent network view, and propose two algorithms to effectively calculate on-demand equivalent network views. We evaluate the efficacy and the efficiency of our algorithms extensively with real-world topologies. Evaluations demonstrate that the ONV can simplify the network up to 80% while maintaining an equivalent view of the network. Even for a large network with more than 25 000 links and a request containing 3000 flows, the result can be effectively computed in less than 1 min on a commodity server.

Zhen Chen,Xi Shi,Ling-Yun Ruan,Feng Xie,Jun Li

DOI: https://doi.org/10.1109/ICCCN.2012.6289215

2012-01-01

Abstract:Archiving Internet traffic is an essential function for retrospective network event analysis. The state-of-art approach for network monitoring and analysis is storing and analyzing the statistics of network flows. However this approach loses much valuable information inside Internet traffic. With the advancement of commodity hardware, especially the volume of storage device and the speed of interconnect technologies used in network adapter card, now it is practical to capture 10Gbps real-time network traffic with a commodity computer. In this context, this paper presents the design and implementation of a novel system for archiving and querying network flows. A flow granularity indexing and storage mechanism is proposed, and the bitmap index database is utilized to store index information. Based on real network traces, we demonstrate that the system has a higher performance in storing and querying with respect to both time and space metrics compared with traditional methods.

Fengyu Wang,Xiaochun Yun,Weidong Shen

DOI: https://doi.org/10.3321/j.issn:1002-0470.2006.03.003

2006-01-01

Abstract:Through analyzing the problems of traditional network traffic measurement system, a passive network traffic measurement system is designed based on zero-copy packet capture, raw device storage and so on. The performance and the precision of network traffic measurement are improved greatly. This system is suitable for the traffic measurement of 1 Gb/s network.