ZC

Last year Intel announced a new family of 100 Gigabit network adapters, code-name Columbiaville. These new adapters, based on the new Intel Ethernet Controller E810, support 10/25/50/100 Gbps link speeds and provide programmable offload capabilities. Programmability 800 Series adapters implement new features to improve connectivity, storage protocols, and programmability, also thanks to the Dynamic Device Personalization (DDP) technology which adds support for a programmable pipeline. In fact, with DDP, a parser embedded in the controller can support the software parsing custom protocols and manipulating outgoing packets, paving the way to …

As you know we’re working at 100 Gbit for a while, not just in terms of network speed, but also in terms of redesigning existing applications for being more efficient and powerful (BTW stay tuned as very soon we will introduce nProbe Cento). With the introduction of the new Intel FM10K ethernet controller family, it is now possible to support 10/25/40/100 Gbit using one single NIC (just replace QSFP+ to change network speed) on a product that is in the 1k USD range for dual port. Another major feature of this product is the embedded programmable …

Zero copy technologies such as PF_RING ZC allow applications to read packets in memory without any actor involved, being it the kernel or a memory copy. This is the reason why using ZC you can easily fill up a 10 Gbit line using a single thread and a single network card queue. The drawback of zero copy is that applications must be well behaved as the same packet is shared across multiple applications and thus if one application pollutes the packet memory, this problem affects all the consumers. The same …

We have already discussed on the first and second part of this post some common issues that might be encountered while doing high-performance packet processing. Most of the problems are related to multi-CPU servers (NUMA) and memory configuration. We have spent a lot of time creating the nBox web-GUI that is not just a graphical interface, but it is a way to automatically configure ntop applications as well report common configuration issues. For those who want to live without it, we have some additional lessons learnt to share. Lesson 1: Make sure all …

Since the introduction of PF_RING ZC (Zero Copy), we have received many inquiries about migrating from DNA/LibZero to ZC. Said that at the moment we do not plan to discontinue DNA/LibZero, we would like to summarise the differences and ease you the migration: In PF_RING 5.x (pre-ZC) there were two driver families: DNA-drivers and PF_RING-aware drivers. With the former you could operate at line-rate with DNA/LibZero, with the latter the speed was limited and you were not able to use the packets from LibZero. In ZC, there is one driver family …

NOTE: The new PF_RING home is hereAfter almost 18 months of development, we are pleased to announce the release of PF_RING ZC (Zero Copy). Based on the lessons learnt with DNA and libzero, we have decided to redesign from scratch a new consistent zero-copy API that implements popular network patterns. The goal is to offer you a simple API, able to deliver line-rate performance (from 1 to multi-10 Gbit) to network application developers. We have hidden you all the internals and low-level details, in order to create a developer-centric API …

Below you can find an excerpt of the “Suricata (and the grand slam of) Open Source IDPS” article written by our friend Peter Manev (Suricata core team) describing how to install and configure PF_RING, DNA and Suricata. The original blog entries can be found at Part One – PF_RING and Part Two – DNA. ————- Part One – PF_RING If you have pf_ring already installed, you might want to do: sudo rmmod pf_ring If you are not sure if you have pf_ring installed , you can do: sudo modinfo pf_ring …

Introduction For years network adapter manufacturer companies have educated their customers that network monitoring applications can’t live without hardware packet timestamps (i.e. the ability for the network adapter to report to the driver the time a given packet was sent or received). State of the art FPGA-based network adapters [1, 2, 3] have hardware timestamps with a resolution of +/- ~10 nsec and accuracy of +/- ~50 nsec so that monitoring applications can safely assume an accuracy of  100 nsec in measurements, for sub-usec measurements. Commodity adapters such as Intel 1 …

Some time ago, we discussed on the first part of this post, why not all servers spot the same performance with DNA. The conclusion was that beside the CPU, you need a great memory bandwidth in order to move packets from/to the NIC. So in essence CPU+memory bandwidth are necessary for granting line-rate performance. In this post we want to add some lessons learnt while playing with DNA on modern servers. Lesson 1: Not all PCIe slots are alike With the advent of PCIe gen3, computer manufacturers started to mix …