Pedro M. Santiago del Rio
ABSTRACT
In this paper we present a software-based traffic classification engine running on commodity multi-core hardware, able to process in real-time aggregates of up to 14.2 Mpps over a single 10 Gbps interface -- i.e., the maximum possible packet rate over a 10 Gbps Ethernet links given the minimum frame size of 64 Bytes.
This significant advance with respect to the current state of the art in terms of achieved classification rates are made possible by:(i) the use of an improved network driver, PacketShader, to efficiently move batches of packets from the NIC to the main CPU;(ii) the use of lightweight statistical classification techniques exploiting the size of the first few packets of every observed flow;(iii) a careful tuning of critical parameters of the hardware environment and the software application itself.
Supplemental Material
Available for Download
Summary Review Documentation for "Wire-speed Statistical Classification of Network Traffic on Commodity Hardware", Authors: P. Ró, D. Rossi, F. Gringoli, L. Nava, L. Salgarelli, J. Aracil
- L. Bernaille, R. Teixeira, and K. Salamatian. Early application identification. In ACM CoNEXT 2006. Google Scholar
Digital Library
- N. Bonelli, A. Di Pietro, S. Giordano, and G. Procissi. On multi-gigabit packet capturing with multi-core commodity hardware. In Passive and Active Measurement (PAM) 2012. Google ScholarDigital Library
- J. Bonwick. The slab allocator: An object-caching kernel memory allocator. In USENIX Summer Technical Conference 1994. Google ScholarDigital Library
- A. Cardigliano, J. Gasparakis, and F. Fusco. vPF\_RING: Towards wire-speed network monitoring using virtual machines. In ACM IMC 2011. Google ScholarDigital Library
- M. Crotti, M. Dusi, F. Gringoli, and L. Salgarelli. Traffic classification through simple statistical fingerprinting. ACM SIGCOMM Comput. Commun. Rev., 37(1):5--16, 2007. Google ScholarDigital Library
- A. Dainotti, A. Pescape, and K. Claffy. Issues and future directions in traffic classification. Network, IEEE, 26(1):35 --40, 2012. Google ScholarDigital Library
- M. Danelutto, L. Deri, and D. De Sensi. Network monitoring on multicores with algorithmic skeletons. In International Conference on Parallel Computing (PARCO) 2011.Google Scholar
- L. Deri. IP traffic monitoring at 10 Gbit and above. http://www.terena.org/activities/ngn-ws/ws2/deri-10g.pdf.Google Scholar
- A. Finamore, M. Mellia, M. Meo, M. Munafo, and D. Rossi. Experiences of Internet traffic monitoring with Tstat. Network, IEEE, 25(3):8--14, 2011.Google ScholarCross Ref
- F. Fusco and L. Deri. High speed network traffic analysis with commodity multi-core systems. In ACM IMC 2010. Google ScholarDigital Library
- S. Han, K. Jang, K. Park, and S. Moon. PacketShader: a GPU-accelerated software router. In ACM SIGCOMM Comput. Commun. Rev., volume 40, pages 195--206, 2010. Google ScholarDigital Library
- C. Inacio and B. Trammell. YAF: yet another flowmeter. In International conference on Large installation system administration (LISA) 2010. Google ScholarDigital Library
- Intel. Intel ® 82599 10 GbE Controller Datasheet. October, (December), 2010.Google Scholar
- H. Kim, K. Claffy, M. Fomenkov, D. Barman, M. Faloutsos, and K. Lee. Internet traffic classification demystified: myths, caveats, and the best practices. In ACM CoNEXT 2008. Google ScholarDigital Library
- A. Lim and R. Kinsella. Data plane packet processing on embedded intel architecture platforms. http://download.intel.com/design/intarch/papers/322516.pdf.Google Scholar
- Y. Lim, H. Kim, J. Jeong, C. Kim, T. Kwon, and Y. Choi. Internet traffic classification demystified: on the sources of the discriminative power. In ACM CoNEXT 2010. Google ScholarDigital Library
- Y. Liu, D. Xu, L. Sun, and D. Liu. Accurate traffic classification with multi-threaded processors. In IEEE International Symposium on Knowledge Acquisition and Modeling Workshop (KAM) 2008.Google ScholarCross Ref
- A. Mitra, W. Najjar, and L. Bhuyan. Compiling PCRE to FPGA for accelerating SNORT IDS. In ACM/IEEE Symposium on Architecture for networking and communications systems (ANCS) 2007. Google ScholarDigital Library
- D. Moore, K. Keys, R. Koga, E. Lagache, and K. C. Claffy. The CoralReef software suite as a tool for system and network administrators. In USENIX conference on System administration 2001. Google ScholarDigital Library
- T. Nguyen and G. Armitage. A survey of techniques for Internet traffic classification using machine learning. Communications Surveys & Tutorials, IEEE, 10(4):56--76, 2008. Google ScholarDigital Library
- NVIDIA Corporation. NVIDIA GPUDirect Technology. http://developer.download.nvidia.com/devzone//devcenter/cuda/docs/GPUDirect_Technology_Overview.pdf.Google Scholar
- Y. Qi, B. Xu, F. He, B. Yang, J. Yu, and J. Li. Towards high-performance flow-level packet processing on multi-core network processors. In ACM/IEEE Symposium on Architecture for networking and communications systems (ANCS) 2007. Google ScholarDigital Library
- L. Rizzo. netmap: a novel framework for fast packet I/O. In USENIX Annual Technical Conference 2012. Google ScholarDigital Library
- L. Rizzo, M. Carbone, and G. Catalli. Transparent acceleration of software packet forwarding using netmap. In IEEE INFOCOM 2012.Google ScholarCross Ref
- D. Rossi and M. Mellia. Real-time TCP/IP analysis with common hardware. In IEEE ICC 2006.Google ScholarCross Ref
- D. Rossi, S. Valenti, P. Veglia, D. Bonfiglio, M. Mellia, and M. Meo. Pictures from the Skype. ACM Performance Evaluation Review (PER), 36(2):83--86, 2008. Google ScholarDigital Library
- G. Szabó, I. Gódor, A. Veres, S. Malomsoky, and S. Molnár. Traffic classification over Gbit speed with commodity hardware. IEEE J. Communications Software and Systems, 5, 2010.Google Scholar
- G. Vasiliadis, M. Polychronakis, and S. Ioannidis. MIDeA: a multi-parallel intrusion detection architecture. In ACM conference on Computer and communications security (CSS) 2011. Google ScholarDigital Library
- C. Walsworth, E. Aben, k. claffy, and D. Andersen. The CAIDA anonymized 2009 Internet traces. http://www.caida.org/data/passive/passive_2009_dataset.xml.Google Scholar
- D. Wang, Y. Xue, and Y. D. Memory-efficient hypercube flow table for packet processing on multi-cores. In IEEE GLOBECOM 2011.Google Scholar
- W. Wu, P. DeMar, and M. Crawford. Why can some advanced Ethernet NICs cause packet reordering? IEEE Communications Letters, 15(2):253--255, 2011.Google ScholarCross Ref
Index Terms
- Wire-speed statistical classification of network traffic on commodity hardware
Recommendations
Performance comparison of hardware virtualization platforms
NETWORKING'11: Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part IHosting virtual servers on a shared physical hardware by means of hardware virtualization is common use at data centers, web hosters, and research facilities. All platforms include isolation techniques that restrict resource consumption of the virtual ...
Hardware implementation of configurable bandwidth estimation module in high speed networks
ACOS'07: Proceedings of the 6th Conference on WSEAS International Conference on Applied Computer Science - Volume 6The purpose of self-sizing networks is to provide efficient utilization of network resources while ensuring appropriate Quality of Service (QoS) for each class of traffic. Bandwidth estimation, which estimates the amount of a traffic bandwidth, is ...
A platform for high performance and flexible virtual routers on commodity hardware
Multi-core CPUs, along with recent advances in memory and buses, render commodity hardware a strong candidate for software router virtualization. In this context, we present the design of a new platform for virtual routers on modern PC hardware. We ...
Comments