Month Archives: September 2010

nProbe

Introducing nProbe v6
Today the new nProbe v6 has been released. It includes several improvements with respect to the previous version including: Full IPFIX support: PEN (Private Enterprise Numbers) and Variable length encoding. Ability to natively dump flows in FastBit format that allows to outperform relational and raw flow-based collectors. Ability to collect sFlow flows and turn them into flows (v5/v9/IPFIX). Collection of Cisco ASA flows and conversion in ‘standard’ flows. New nprobe architecture for better performance and exploitation of multicore architectures. Support of tunneled (including GRE, PPP and GTP) traffic and ability to export in flows inner/outer envelope/packet information. …
nProbe

nProbe Internals
nProbe is an efficient processing engine able to produce flows based on captured packets, converts flow format (e.g. from NetFlow v5 to v9), or from sFlow to NetFlow. Its engine is fully extensible by means of plugins, and it can handle many application-level protocols. This short document gives an overview of the nProbe internals and it describes the nProbe plugins structure. …
PF_RING

10 Gbit Hardware Packet Filtering Using Commodity Network Adapters
The promise of filtering packets in hardware is not new. Unfortunately filtering network adapters are pretty expensive, not to mention if they run at 10 Gbit. Furthermore many commercial FPGA-based NICs feature hardware packet filtering, but often require card reconfiguration whenever flow rules are added/removed and have a limited set of rules that can be configured. The release of Intel X520, the first NIC based on the 82599-controller, has triggered my interest as this controller is much more powerful than what Linux can do with it. Thanks to support from …
PF_RING

PF_RING/TNAPI-based 10 Gbit Network Monitoring on Multicore Systems
Over the past couple of years, PF_RING has been enhanced to exploit innovations in computer hardware. In particular the availability of multicore systems and efficient controllers such as those introduced by Intel with the i7 family (in particular Nehelem and Sandy Bridge) has allowed applications to spread their load across all available processors (24 cores in dual-CPU Westmere systems). In addition to this, modern 82599-based 10 Gbit network adapters feature hardware-based packet filtering and prioritization across RX queues, have opened up a whole world of opportunities. For this reason in …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe