Say hello to Libzero

Posted · Add Comment

Last year we have introduced PF_RING DNA for implementing 0% CPU receive/transmission on commodity 1/10 Gbit network adapters. We considered DNA as a starting point, as it implemented high-speed RX/TX that was enough for most, but not all of you. This is because commodity adapters do not feature advanced packet balancing techniques as they rely on RSS, that has several limitations such as asymmetric flow balancing (i.e. the two direction of the same flow are spread onto two different cores) and inability to provide users a way to use their balancing function. Another limitation of DNA, again due to its nature that is close to the hardware, is that packets should be processed in sequence (i.e. in FIFO) whereas applications sometimes need to store packets and process them out of sequence (e.g. in case of fragmented packets, a given packet must be rebuilt with all fragments prior to process it).

Although zero-copy is often a buzzword as only a subset of packet management is really performed without copying any packets, at ntop we decided to see whether it was really possible implement zero-copy for all operations, including packet dispatching to threads and applications (including packet fan-out support), packet queuing, and forwarding across interfaces. This is what libzero is for: as its name says, we can do all these operations in zero-copy, with no performance penalty as you will still be able to reach line rate with minimal packet size (14.88 Mpps with 60+4 bytes packets).

Libzero opens up a new world of opportunities, as it enables developers to focus on their application leaving to the library the task of handling packet memory, prefetching memory to let your applications access packet payload at the same speed as counting packets. Now you can finally scale up applications, as you can for instance spawn several snort applications and, without changing a single line of its code, let each instance handle a coherent (across directions) set of packets, all at line rate. In a nutshell, the network is no longer the bottleneck nor the source of complexity.

The ball is on the software side again. You can find all details at the libzero home page.