PF_RING

How to send/receive 26Mpps using PF_RING on commodity hardware
Until last month, I have struggled to reach 7 Mpps packet capture using TNAPI. This week I see users still asking questions about how to handle 2 x 1 Gbit wire rate on commodity hardware. I believe it’s now time to move to the next level, and achieve full 10Gbit wire rate on both RX and TX, using little CPU cycles so that we can not just capture but also process traffic. Together with Silicom we have developed a 10 Gbit PF_RING DNA driver, that we’ll soon introduce to the Linux …
nProbe

NetFlow-Lite and nProbe: a Tutorial
Today we have held a webinar about NetFlow-Lite with both Cisco and Plixer. Subscribers of this blog should know by now what is NetFlow-Lite and why nProbe is necessary to exploit this technology. Nevertheless you might be interested to know more about NetFlow-Lite, both in terms of features and usage scenarios. Below you can find a could of presentations about this topic that I think are worth reading: ntop, Implementing a NetFlow Cache for NetFlow-Lite Cisco Systems, Catalyst 4948E NetFlow-lite ntop, Using nProbe as NetFlow-Lite Aggregator In interested, you can also see the video …
nProbe

Invitation to NetFlow-Lite Webinar
As most of you know, nProbe has recently added NetFlow-Lite support in 6.5 release. NetFlow-Lite is a protocol that brings you visibility into switched networks, similar to what NetFlow “classic” is doing on routed networks. As this technology is pretty new, perhaps you might be interested in hearing more about it right from the source. I would like to invite you to this free webinar that will take place later this week. Shall you be interested please register now. Cisco NetFlow-Lite: Enabling Traffic Monitoring at Data Center Access Date: May …
nProbe

Using nProbe as NetFlow-Lite Cache
As previously stated on this blog, we have worked tightly with Cisco as nProbe has been selected as reference implementation for NetFlow-Lite flow conversion. Although NetFlow-Lite support has been added to nprobe since version 6.1.4 and it’s available on all supported platforms (both Unix and Windows), with nProbe 6.5 (just released) we have moved NetFlow-Lite support to the next level. This is because nProbe now features both a Specialized plugin for NetFlow-lite flow collection that increases of 5x times the collection performance. PF_RING kernel plugin (Linux only) that can convert …
PF_RING

Going beyond RSS (Receive-Side Scaling)
When RSS was introduced some years ago, operating systems had the chance to scale also when handling network packets as RSS allowed incoming packets to be distributed across processor cores. Unfortunately RSS uses a one-way hash, that while distributes packets heavenly across queues, it has some drawbacks. The main one is that if you have a connection A <-> B, packets A->B will go on queue X, and those of B->A on queue Y, where X <> Y. This is a major issue for applications, as you cannot assume that …
PF_RING

Packet Capture Performance at 10 Gbit: PF_RING vs TNAPI
Many of you are using PF_RING and TNAPI for accelerating packet capture performance, but have probably not tested the code for a while. In the past month we have tuned PF_RING performance and squeezed some extra packets captured implementing the quick_mode in PF_RING. When you do insmod pf_ring.ko quick_mode=1, PF_RING optimizes its operations for multi-queue RX adapters and applications capturing traffic from several RX queues simultaneously. The idea behind quick_mode is that people should use it whenever they are interested just in maximum packet capture performance, and do not need …
Announce

Power to see all
Almost a decade ago Dr Ian Graham was in Europe for a series of conferences and I have met him in person along with other people from Politecnico di Torino, that were developing winpcap (one of the key guys of the group, Loris Degioanni, at that time was visiting Endace, thus was not present at the meeting. Loris later become a successful entrepreneur having founded Cace, now Riverbed). For me it was a big pleasure to have such meeting, as Endace was in the early days (and also all of …
Announce

ntop at the Nagios World Conference Europe
PRESS RELEASE Bolzano April 13th 2011 ntop at the “Nagios World Conference Europe™” on May 12th at  Bolzano/Italy Luca Deri will be among the keynote speakers at the official European edition dedicated to the well-know Open Source monitoring solution After the American edition in Sào Paolo/Brazil, the European counterpart of the Nagios World Conference™ will be held on May 12th at Bolzano/Italy. Nagios partner Würth Phoenix, who will host the event has confirmed the participation of namable speakers such as Nagios founder Ethan Galstad, Nagios Plugin coordinator Ton Voon or …
nProbe

How to Monitor Latency Using nProbe
On May 12th in Bolzano (I) at the Nagios World Conference Europe,  I will give a speech about network and application latency monitoring using nProbe. This is an hot topic, in particular for those who think of NetFlow/IPFIX as just a way to count bytes and packets. NetFlow/IPFIX instead is (this is my opinion) an open protocol that can be used to carry monitoring data from observation points to monitoring systems. The fact that many probes export you just bytes 'n packets info, it's not a protocol limitation but a probe limitation. In this respect nProbe supports many extensions such as latency monitoring, information about packets out-of-order, retransmitted, fragmented, average flow packet size and many more. In particular, latency is computed both as network and application latency: Read more
nProbe

Tuning nProbe 6.4 Scalability and Performance
Release 6.3 of nprobe targeted IPFIX compatibility. In release 6.4.x (just introduced) the main focus has been on scalability and performance. Until 6.3, the nProbe architecture was not really exploiting multicore systems, due to heritage of previous versions. With this release nProbe reaches a new level as you can see from the graph below (traffic was generated using an IXIA 400, flows last 5 seconds, and are emitted in V5 format, PF_RING 4.6.3, Intel e1000e capture adapter with PF_RING-aware driver [no TNAPI]). Both graphs depict the sustained throughput rate (Y …
PF_RING

ntop and Silicom Inc join the forces
Since a few months ntop and Silicom have started to work together on various network-related topics. The idea is to enhance PF_RING and  TNAPI in order to offer better products and support for both the community and Silicom customers. Furthermore, Silicom produces very advanced products such as the content director card and the packet processor card, that could solve various network-related tasks including: packet mirroring, tapping, duplication packet steering QoS enforcement packet traffic analysis As these activities are performed in hardware, they operate at wire-speed (at both 1 and 10 …
nProbe

nProbe complies with the IPFIX specification
Last week I have participated to an IPFIX interoperability event held in Prague, right before the IETF 80. In the picture below you can see me between Benoit Claise (Cisco, one of the IPFIX/NetFlow fathers) and Jiri Novotni (Invea-Tech). nProbe 6.3.x has been successfully tested against all the available implementations including Vermont, SiLK, nfdump/IPFIX (Cesnet). nProbe has passed all the IPFIX interoperability tests as both probe (over SCTP, UDP, and TCP) and collector (UDP), dissecting both IPv4 and IPv6 traffic, and also converting NetFlow-Lite flows into IPFIX flows. Most of you …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe