Abstract
While the ultimate goal of kernel-level network stacks is to manage individual packets at line rate, the goal of user-level network monitoring applications is instead to match packets with the flow they belong to, and take actions accordingly. With current improvements in Network Interface Cards hardware and network software stacks, traffic monitors and traffic analyzers are fed with multi-Gbps streams of packets – which de facto pushes bottlenecks from kernel-level networking stack up to user-level applications. In this paper, we argue that flow management is a crucial module for any user-application that needs to process traffic at multiple Gbps, and we study the performance impact of different design choices of the flow management module by adopting a trace-driven emulation approach. While our results do not show a single “best” system settings under all circumstances, they highlight several tradeoffs, in terms of, e.g., the kind of structure, its size, and the computational complexity, that may affect system performance in a non-trivial way. We further make our software tools available to the scientific community to promote sharing of best practices.
Chapter PDF
Similar content being viewed by others
References
http://www.caida.org/tools/measurement/coralreef/dists/coral-3.9.1.tar.gz
Bonelli, N., Di Pietro, A., Giordano, S., Procissi, G.: On multi–gigabit packet capturing with multi–core commodity hardware. In: Taft, N., Ricciato, F. (eds.) PAM 2012. LNCS, vol. 7192, pp. 64–73. Springer, Heidelberg (2012)
Bonwick, J.: The slab allocator: An object-caching kernel memory allocator. In: USENIX Summer Technical Conference (1994)
Cardigliano, A., Deri, L., Gasparakis, J., Fusco, F.: vPF_RING: Towards wire-speed network monitoring using virtual machines. In: ACM IMC (2011)
Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Traffic classification through simple statistical fingerprinting. ACM SIGCOMM Comput. Commun. Rev. 37(1), 5–16 (2007)
Danelutto, M., Deri, L., De Sensi, D.: Network monitoring on multicores with algorithmic skeletons. In: International Conference on Parallel Computing, PARCO (2011)
Eckhoff, D., Limmer, T., Dressler, F.: Hash tables for efficient flow monitoring: vulnerabilities and countermeasures. In: IEEE LCN (2009)
Finamore, A., Mellia, M., Meo, M., Munafo, M., Rossi, D.: Experiences of Internet traffic monitoring with Tstat. IEEE Network 25(3), 8–14 (2011)
Fusco, F., Deri, L.: High speed network traffic analysis with commodity multi-core systems. In: ACM IMC (2010)
Han, S., Jang, K., Park, K., Moon, S.: PacketShader: a GPU-accelerated software router. In: ACM SIGCOMM (2010)
Inacio, C., Trammell, B.: YAF: yet another flowmeter. In: International Conference on Large Installation System Administration, LISA (2010)
Knuth, D.E.: The art of computer programming (1968)
Lim, Y., Kim, H., Jeong, J., Kim, C., Kwon, T., Choi, Y.: Internet traffic classification demystified: on the sources of the discriminative power. In: ACM CoNEXT (2010)
Lin, P.-C., Lee, J.-H.: Re-examining the performance bottleneck in a nids with detailed profiling. Journal of Network and Computer Applications 36(2), 768–780 (2013)
Molina, M., Niccolini, S., Duffield, N.: A comparative experimental study of hash functions applied to packet sampling. In: International Teletraffic Congress, ITC (2005)
Paxson, V.: Bro: a system for detecting network intruders in real-time. Computer Networks 31(23-24), 2435–2463 (1999)
Qi, Y., Xu, B., He, F., Yang, B., Yu, J., Li, J.: Towards high-performance flow-level packet processing on multi-core network processors. In: ACM/IEEE ANCS (2007)
Rizzo, L.: Netmap: a novel framework for fast packet I/O. In: USENIX Annual Technical Conference (2012)
Rizzo, L., Carbone, M., Catalli, G.: Transparent acceleration of software packet forwarding using netmap. In: IEEE INFOCOM (2012)
Roesch, M.: Snort - lightweight intrusion detection for networks. In: USENIX Conference on System Administration (1999)
Rossi, D., Mellia, M.: Real-time TCP/IP analysis with common hardware. In: IEEE ICC (2006)
Santiago del Río, P.M., Rossi, D., Gringoli, F., Nava, L., Salgarelli, L., Aracil, J.: Wire-speed statistical classification of network traffic on commodity hardware. In: ACM IMC (2012)
Srinivasan, D., Feng, W.: Performance analysis of multi-dimensional packet classification on programmable network processors. Computer Communications 28(15), 1752–1760 (2005)
Wang, D., Xue, Y., Dong, Y.: Memory-efficient hypercube flow table for packet processing on multi-cores. In: IEEE GLOBECOM (2011)
Zhou, D., Fan, B., Lim, H., Kaminsky, M., Andersen, D.G.: Scalable, high performance ethernet forwarding with cuckooswitch. In: ACM CoNEXT (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Nassopulos, G., Rossi, D., Gringoli, F., Nava, L., Dusi, M., Santiago del Rio, P.M. (2014). Flow Management at Multi-Gbps: Tradeoffs and Lessons Learned. In: Dainotti, A., Mahanti, A., Uhlig, S. (eds) Traffic Monitoring and Analysis. TMA 2014. Lecture Notes in Computer Science, vol 8406. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54999-1_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-54999-1_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54998-4
Online ISBN: 978-3-642-54999-1
eBook Packages: Computer ScienceComputer Science (R0)