1/10/2024 0 Comments Netmap emulation mode![]() Our goal is to build a layer 2 mesh network that only uses directly connected hardware acceleration cards that perform packet processing instead of routers and switches. As our first contribution, we propose a resilient and highly performant fabric network architecture. We compare software and hardware packet processing solutions based on different criteria and we discuss their integration possibilities in virtualized environments, their constraints and their requirements. Furthermore, we explore other software solutions which are not based on the Click modular router. Some of the solutions are based on the Click modular router which offloads its functions on different types of hardware like GPUs, FPGAs or different cores among different servers with parallel execution. In this thesis, we investigate various approaches that strive to improve packet processing performance on server-class network hosts, either by using software, hardware, or the combination of the two. The networking stack of an operating system is not conceived for high-speed networking applications but rather for general purpose communications. For this reason, many software-based and hardware-based solutions have emerged recently with a goal of increasing packet processing speeds. Nevertheless, there is a great need for a speedup in the forwarding engine, which is the most important part of a high-speed router. On the other hand, such high interface throughputs do not guarantee higher packet processing speeds which are limited due to the overheads imposed by the architecture of the network stack. Network interface throughputs supported today are in the range of 40Gbps and higher. This brings about a vast amount of advancements in the networking field. The amount of traffic in data centers is growing exponentially and it is not expected to stop growing any time soon. We demonstrated forwarding 64 million packets per second using only six CPU cores while performing independent lookups for each packet in three large LPM databases created by aggregating malicious IP addresses or by mapping different geolocation identifiers to IPv4 prefixes. ![]() A showcase datapath we propose can evaluate multiple queries in large separate LPM databases for each forwarded 64-byte packet, while sustaining 10 Gbps line rate on a single CPU core, with a healthy scaling potential due to its lockless architecture and small memory footprint of LPM structures. ![]() Can software-based packet filters effectively dampen volumetric distributed denial-of-service (DDoS) streams in an era when 10 Gbps links are considered slow? The potential of longest prefix matching (LPM) for enforcing precise DDoS scrubbing policies seems to be overlooked in contemporary packet filtering datapaths, and in this paper, we argue that this should not be the case by showing that effective whitelist / blacklist LPM-based filtering can be performed with commodity hardware.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |