Author: Alfredo Cardigliano

  • Home
  • Articles by: Alfredo Cardigliano
PF_RING

PF_RING 5.5.2 Released
Changelog Fix for corrupted VLAN tagged packets Userspace bpf support (when using dna) PF_RING-aware igb default moved to 4.0.17 Flow Control  rx/tx automatically disabled by the driver Added DAQ drivers into RPM (http://packages.ntop.org) New pfring_open() flag PF_RING_DNA_FIXED_RSS_Q_0 to send all traffic to queue 0 and select other queues with hw filters (DNA cards with hw filtering only) Added check for modern libc versions New pfdnacluster_mt_rss_frwd sample app (packet forwarding using libzero dna cluster for rx/balancing and standard dna with zero-copy on rss queues for tx) Added ability to create a …
PF_RING

PF_RING 5.5.1 Released
ChangeLog Updated PF_RING-aware ixgbe driver (3.11.33). Update PF_RING-aware igb (4.0.17). Fixed bug that was causing ixgbe driver not to disable interrupts. This was causing a high load on the core handling the interrupts for ixgbe-based card. libzero: various hugepages improvements and bug fixes. Added ability to specify PF_RING_RX_PACKET_BOUNCE in pfring_open(). Fixed minor PF_RING memory leak. Various improvements to support of hardware timestamp on Silicom Intel-based 10 Gbit adapters. DNA Bouncer: added direction to pfring_dna_bouncer_decision_func callback (useful in bidirectional mode). DNA Cluster: added dna_cluster_set_hugepages_mountpoint() to manually select the hugepages mount point when several …
PF_RING

PF_RING 5.5.0 Released
New libzero features DNA Cluster: number of per-consumer rx/tx queue slots and number of additional buffers can be configured via dna_cluster_low_level_settings() hugepages support (pfdnacluster_master/pfdnacluster_multithread -u option) New PF_RING-aware libpcap features added PF_RING_ACTIVE_POLL environmental variable to enable active polling when defined to 1 enable rehash rss setting env var PF_RING_RSS_REHASH=1 cluster type selectable via env vars: PCAP_PF_RING_USE_CLUSTER_PER_FLOW PCAP_PF_RING_USE_CLUSTER_PER_FLOW_2_TUPLE PCAP_PF_RING_USE_CLUSTER_PER_FLOW_4_TUPLE PCAP_PF_RING_USE_CLUSTER_PER_FLOW_TCP_5_TUPLE PCAP_PF_RING_USE_CLUSTER_PER_FLOW_5_TUPLE New PF_RING-aware drivers Updated Intel drivers to make them compatible with newer kernels New PF_RING library features new pfring_open() flag PF_RING_HW_TIMESTAMP for enabling hw timestamp New PF_RING kernel module features …
n2disk

Using n2disk for 10 Gbit line-rate packet-to-disk
Packet-to-disk is the ability to dump network packets to disk. This activity is important for implementing a sort of “network time machine” so that when something unexpected happens, you have the ability to access the raw packets and thus inspect the cause of the problems. Implementing efficient packet-to-disk requires high-speed packet capture, speedy disks, and efficient packet dump software. We started to work on this field, a few years ago when creating a packet-to-disk application for 1 Gbit networks, named n2disk. Today we are introducing the second generation of n2disk …
PF_RING

Accelerating Snort with PF_RING DNA
Since some time, PF_RING includes a DAQ (Data AcQuisition library) module for the popular Snort IDS/IPS. With respect to Linux AF_PACKET, the use of PF_RING significantly accelerates all snort operations. We have recently created a new DAQ module that adds native PF_RING DNA support, further accelerating the vanilla PF_RING DAQ module from 20 to 50%. The support of DNA in addition to greater speed, also has the advantage of exploiting symmetric RSS, so that you can run one snort instance per RX queue and be sure that such instance will …
PF_RING

Using PF_RING DAQ for high-performance 1/10 Gbit Snort-based IDS/IPS
Months ago we have started to design a new PF_RING DAQ module for snort. We decided to do this project with ENEO Tecnologia who has both sponsored the development and helped us to implement all those tiny features that turned PF_RING DAQ from a simple DAQ adapter to a full fledged module. One of the decisions we made, was to make this new DAQ module able to operate on vanilla PF_RING and also DNA (so that everyone could benefit), and to support complex topologies. In non-DNA mode, we leveraged on …
PF_RING

PF_RING DNA/Libzero vs Intel DPDK
From time to time, we receive inquiries asking us to position PF_RING (DNA and Libzero) against Intel DPDK (Data Plane Development Kit). As we have no access to DPDK, all we can do is to compare these two technologies by looking at the documents about DPDK we can find on the Internet. The first difference is that PF_RING is an open technology, whereas DPDK is available only to licensees. Looking at DPDK performance reports, PF_RING seems to be slightly more efficient (you can run DNA tests yourself using the companion demo applications) than …
PF_RING

Hardware-based Symmetric Flow Balancing in DNA
Years ago, Microsoft defined RSS (Receive-Side Scaling) with the goal of improving packet processing by enabling multiple cores to process packets concurrently. Today RSS is implemented in modern 1-10 Gbit network adapters as a way to distribute packets across RX queues. When incoming packets are received, network adapters (in hardware) decode the packet and hash the main packet header fields (e.g. IP address and port). The hash result is used to identify into which ingress RX queue the packet will be queued. In order to balance the traffic evenly on …
PF_RING

Say hello to Libzero
Last year we have introduced PF_RING DNA for implementing 0% CPU receive/transmission on commodity 1/10 Gbit network adapters. We considered DNA as a starting point, as it implemented high-speed RX/TX that was enough for most, but not all of you. This is because commodity adapters do not feature advanced packet balancing techniques as they rely on RSS, that has several limitations such as asymmetric flow balancing (i.e. the two direction of the same flow are spread onto two different cores) and inability to provide users a way to use their …
PF_RING

PF_RING DNA RFC 2544 Benchmark
Over the past couple of weeks we have further improved the DNA performance, and thus we have decided to test its performance. In order to do reproducible measurements we decided to adopt the benchmark specified in RFC 2544. You can find the complete test details and results on this document: DNA_ip_forward_RFC2544. As you can read we used a low-end single-CPU Supermicro server X9SCM, Linux Fedora Core 15, and a Spirent SRC-2002HS 10 Gbit traffic generator. On a nutshell DNA has not lost a single packet, even with 64 bytes (60 bytes …
PF_RING

Benchmarking PF_RING DNA
For years networking companies have used the buzzword zero-copy to qualify those hardware/software solutions that allow applications to play with packets without the need to copy them at all. Zero-copy needs DMA (Direct Memory Access) for operating so that applications do not get a (shallow) copy of packets but they actually get the pointer to the packet. As you probably know, PF_RING DNA allows applications to access packets in zero-copy so that in the pfring_recv() call you get a pointer to the packet just receive. Whereas in traditional PF_RING you always get …
Announce

PF_RING 5.0 Introduced: DNA 1/10 Gbit and vPF_RING
We’ve just cut the code of PF_RING 5.0. As it contains many changes with respect to the previous version, it deserved a major version number. We refreshed our DNA drivers to 1 Gbit Intel NICs (e1000e and igb families) in addition to the existing 10 Gbit DNA driver. All the DNA drivers source code is stored inside the PF_RING SVN. You can just install the DNA driver, and use our test applications (pfcount for receiving packets, and pfsend for generating/reproducing traffic) for enjoying 1/10 Gbit RX/TX wire-speed using commodity adapters. …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe