ZC

nProbe

10 Gbit (Line Rate) NetFlow Traffic Analysis using nProbe and DNA
In the past couple of years, 10 Gbit networks are gradually replacing multi-1 Gbit links. Traffic analysis is also increasingly demanding as “legacy” NetFlow v5 flows are not enough to network administrators who want to know much more of their network than simple packets/bytes accounting. In order to satisfy these needs, we have added in the latest nProbe 6.9.x releases many new features including: Flow application detection (via nDPI) Network/application latency Support of encapsulations such as GTP/Mobile IP/GRE Various metrics for computing network user-experience Extension to plugins to provide even …
PF_RING

PF_RING DNA/Libzero vs Intel DPDK
From time to time, we receive inquiries asking us to position PF_RING (DNA and Libzero) against Intel DPDK (Data Plane Development Kit). As we have no access to DPDK, all we can do is to compare these two technologies by looking at the documents about DPDK we can find on the Internet. The first difference is that PF_RING is an open technology, whereas DPDK is available only to licensees. Looking at DPDK performance reports, PF_RING seems to be slightly more efficient (you can run DNA tests yourself using the companion demo applications) than …
PF_RING

Hardware-based Symmetric Flow Balancing in DNA
Years ago, Microsoft defined RSS (Receive-Side Scaling) with the goal of improving packet processing by enabling multiple cores to process packets concurrently. Today RSS is implemented in modern 1-10 Gbit network adapters as a way to distribute packets across RX queues. When incoming packets are received, network adapters (in hardware) decode the packet and hash the main packet header fields (e.g. IP address and port). The hash result is used to identify into which ingress RX queue the packet will be queued. In order to balance the traffic evenly on …
PF_RING

Say hello to Libzero
Last year we have introduced PF_RING DNA for implementing 0% CPU receive/transmission on commodity 1/10 Gbit network adapters. We considered DNA as a starting point, as it implemented high-speed RX/TX that was enough for most, but not all of you. This is because commodity adapters do not feature advanced packet balancing techniques as they rely on RSS, that has several limitations such as asymmetric flow balancing (i.e. the two direction of the same flow are spread onto two different cores) and inability to provide users a way to use their …
PF_RING

PF_RING DNA RFC 2544 Benchmark
Over the past couple of weeks we have further improved the DNA performance, and thus we have decided to test its performance. In order to do reproducible measurements we decided to adopt the benchmark specified in RFC 2544. You can find the complete test details and results on this document: DNA_ip_forward_RFC2544. As you can read we used a low-end single-CPU Supermicro server X9SCM, Linux Fedora Core 15, and a Spirent SRC-2002HS 10 Gbit traffic generator. On a nutshell DNA has not lost a single packet, even with 64 bytes (60 bytes …
PF_RING

Benchmarking PF_RING DNA
For years networking companies have used the buzzword zero-copy to qualify those hardware/software solutions that allow applications to play with packets without the need to copy them at all. Zero-copy needs DMA (Direct Memory Access) for operating so that applications do not get a (shallow) copy of packets but they actually get the pointer to the packet. As you probably know, PF_RING DNA allows applications to access packets in zero-copy so that in the pfring_recv() call you get a pointer to the packet just receive. Whereas in traditional PF_RING you always get …
PF_RING

Precise Interface Merging Without Hardware Timestamps
In network monitoring it is very common to use taps for duplicating network traffic (RX and TX directions). Taps are important as they allow network probes to operate passively without interfering with network operations. The two traffic directions (A to B and B to A) are plugged into two network ports of the probe. Having the two directions separated has advantages (e.g. packets are not mixed across directions) and disadvantages. The main disadvantage is that when reading packets from the two interfaces, it is not possible to know which packet …
PF_RING

DNA vs netmap
In the past months I have received a few emails about how to position DNA with respect to netmap. To many people they look like two competing solutions, but in reality they are just two solutions to the same problem. Yesterday I had a nice meeting with Luigi Rizzo, the author of netmap. I personally know Luigi since almost 15 years as we both live pretty close. The first time I saw him (1999 or so) he was hacking a driver for a CD-ROM drive on FreeBSD while speaking with …
PF_RING

PF_RING in 2012
From time to time the kernel folks are sick and tired of people saying PF_RING is better than what we have upstream, it really isn’t. Fortunately (for PF_RING) the story is a bit different not to mention that some of PF_RING features such as clustering have probably inspired AF_PACKET too. For 2012 we have planned to make some enhancements to PF_RING and (we’ll be doing much more but this is just the next thing that will see the light) add one of the last missing features you can find on costly FPGA-based …
PF_RING

Exploiting Hardware Filtering in PF_RING-aware apps, Snort…
Introduction PF_RING filters have been designed to be efficient and versatile. PF_RING-based applications can use them for both reducing the amount of packets they need to process, and passing incoming packets to kernel plugins for further processing. Years ago, hardware packet filtering was limited to costly FPGA-based NICs, whereas today it is available also on commodity adapters such as Silicom 1/10 Gbit Director card, and Intel 82599-based 10 Gbit network adapters.   Filtering in PF_RING 5.2 Although past PF_RING versions supported limited hardware filtering, in PF_RING 5.2 we have completely …
PF_RING

Released PF_RING 5.1 and TNAPIv2
PF_RING 5.1 is a maintenance release that addresses some issues we identified in 5.0 that we released early this month. We have listen to your comments and tried to improve our software applications both in terms of stability and speed. In this release we introduce (PF_RING 5.0 was lacking TNAPI as we were busy coding this new TNAPIv2) a new version of TNAPI (v2) that has been completely rewritten based on the lessons learnt with DNA. The performance improvement with respect to v1 has been major. Just to give you …
ZC

Low RX/TX Latency with DNA
One of the great consequences of the DNA design, is that user-space applications can now transmit and receive packets without going through the kernel TCP/IP stack at all. This can be profitably used to reduce network latency bypassing the stack, and reading the number of user-space stacks that have been developed in the past years (e.g. OpenOnload) it seems that low-latency is becoming increasingly important these days. In particular there are specific markets such as finance and trading, where all the operators need to have the same chance to trade …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe