Comparing IO Visor and Pcap for Security Inspection of Traced Packets from SmartX Box
With the dawn of distributed cloud computing technology running on hyper-converged box-style hardware, infrastructure operators are facing two challenges of minimizing resource overhead and ensuring infrastructure security. In this paper, we try to compare IO Visor-based and pcap-based packet tracing for security inspection of traced packets from Linux-based hyper-converged SmartX Box. For security inspection, we implement the integration of IO Visor packet tracing with Bro IDS by employing customized scripting and experimentally validate the security inspection performance.
KeywordsInfrastructure security Packet tracing and collection Intrusion detection system IO visor kernel-level tracing
This work was supported by Institute for Information & Communications Technology Promotion (IITP) grants funded by the Korea government (MSIT) (No. 2015-0-00575, Global SDN/NFV Open-Source Software Core Module/Function Development) and (No. 2017-0-00368, Hyper-Fast & Visible Data Transport with Software/Hardware Co-design based on Open-Source IO Visor Inter-connect).
- 1.Gregg, B.: Linux 4. X Tracing Tools: Using BPF Superpowers (2016)Google Scholar
- 2.Nam, T., et al.: Open-Source IO Visor eBPF-based Packet Tracing on Multiple Network Interfaces of Linux Boxes (2017, in press)Google Scholar
- 3.Corbet, J.: Extending extended BPF, 2 July 2014. https://lwn.net/Articles/603983/
- 4.IOVisor community. BPF-based Linux IO analysis, networking, monitoring. https://github.com/iovisor/bcc
- 6.Risdianto, A.C., Na, T., Kim, J.: Running lifecycle experiments over SDN-enabled OF@ TEIN testbed. In: 2014 IEEE Fifth International Conference on Communications and Electronics (ICCE), pp. 194–198. IEEE, July 2014Google Scholar
- 7.Lee, J., et al.: IO Visor-based Packet Tracing and Collection over Distributed SmartX Server-Switch Boxes (2017, in press)Google Scholar
- 8.OpenStack Open Source Cloud Computing Software, 15 August 2017. https://openstack.org