Corpus ID: 14061661

Scalable TCP Session Monitoring with Symmetric Receive-side Scaling

  title={Scalable TCP Session Monitoring with Symmetric Receive-side Scaling},
  author={S. Woo and KyoungSoo Park},
Receive-side scaling (RSS) is a technique that stores the arriving IP packets in the same flow into the same hardware queue of a modern network interface card (NIC). It allows scalable processing of the received packets by allowing exclusive access to the NIC queues by each CPU core. This removes the lock contention when accessing the NIC queue, and it allows concurrent access to different queues by multiple CPU cores. One problem with the existing RSS mechanism, however, is that it maps the IP… Expand

Figures and Tables from this paper

Comparison of caching strategies in modern cellular backhaul networks
This work provides insight into flow and content-level characteristics of modern 3G traffic at a large cellular ISP in South Korea, and develops a scalable deep flow inspection (DFI) system that can manage hundreds of thousands of concurrent TCP flows on a commodity multicore server. Expand
Traffic capture beyond 10 Gbps: Linear scaling with multiple network interface cards on commodity servers
This paper brings out through experimental setup and observations the issues involved in linear scaling of performance with additional NICs on commodity Non Uniform Memory Access (NUMA) servers and shows that linear scaling requires optimum configurations of compute, memory and network resources especially affinity of NICs to NUMA nodes. Expand
Traffic Analysis with Off-the-Shelf Hardware: Challenges and Lessons Learned
This work presents and discusses design choices to enable a STA to collects hundreds of per-flow metrics at a multi-10-Gb/s line rate, and outlines the principles to design an optimized STA, and implements them to engineer D PDKStat, a solution combining the Intel DPDK framework with the traffic analyzer Tstat. Expand
Packet Fan-Out Extension for the pcap Library
This paper introduces a novel version of the pcap library for the Linux operating system that enables transparent application level parallelism and supports fan–out operations for both multi–threaded and multi–process applications. Expand
Don't share, Don't lock: Large-scale Software Connection Tracking with Krononat
Krononat is presented, a distributed software NAT that runs on a cluster of commodity servers, providing a cost-efficient solution with an excellent reliability, and relies on 3 key ideas: sharding the connection tracking state across multiple servers, down to the core level, and steering traffic exploiting the features of entry-level switches. Expand
Scalable TCP Throughput Limitation Monitoring
A multi-threaded TCP throughput limitation monitoring framework providing scalability due to fully parallelized analysis pipelines and to scale up linearly and to be capable of monitoring workloads of several Gbit/s distributed on several ten thousands of concurrent flows on commodity hardware is presented. Expand
Network Traffic Processing With PFQ
The results show that the flexibility and the backward compatibility provided by PFQ do not impact its processing performance that reaches line rate figures in the cases of pure speed tests and real practical monitoring use cases on 10+ Gb/s links. Expand
Research and Implementation of High Performance Traffic Processing Based on Intel DPDK
A packet capture method based on DPDK platform is studied, and the processing of hash value in RSS is used to improve the efficiency of data packet distribution, which realizes the process from performance acquisition to efficiently multi-core parallel processing. Expand
Wormhole: a novel big data platform for 100 Gbit/s network monitoring and beyond
Wormhole is created, a streaming engine that circumvents existing limitations by distributing the input messages/packets coherently among different off-the-shelf analysis equipment, thus reducing costs and equipment. Expand
Scap: stream-oriented network traffic capture and analysis for high-speed networks
The Stream capture library (Scap), a network monitoring framework built from the ground up for stream-oriented traffic processing, is presented, which inherently supports parallel processing on multi-core architectures, and uses advanced capabilities of modern network cards. Expand


MIDeA: a multi-parallel intrusion detection architecture
This paper presents a multi-parallel intrusion detection architecture tailored for high speed networks that parallelizes network traffic processing and analysis at three levels, using multi-queue NICs, multiple CPUs, and multiple GPUs. Expand
EndRE: An End-System Redundancy Elimination Service for Enterprises
A new fingerprinting scheme called SampleByte is designed that is much faster than Rabin fingerprinting while delivering similar compression gains and can also adapt its CPU usage depending on server load. Expand
Kargus: a highly-scalable software-based intrusion detection system
Kargus is presented, a highly-scalable software-based IDS that exploits the full potential of commodity computing hardware and is designed to be compatible with the most popular software IDS, Snort. Expand
SmartRE: an architecture for coordinated network-wide redundancy elimination
SmartRE is presented, a practical and efficient architecture for network-wide Redundancy Elimination that can enable more effective utilization of the available resources at network devices, and thus can magnify the overall benefits of network- wide RE. Expand
LFSR-based Hashing and Authentication
The characterization of the properties required from a family of hash functions in order to be secure for authentication when combined with a (secure) stream cipher is characterization. Expand
Snort: Lightweight Intrusion Detection for Networks
Snort provides a layer of defense which monitors network traffic for predefined suspicious activity or patterns, and alert system administrators when potential hostile traffic is detected. Expand
Lightweight Intrusion Detection for Networks
  • In Proceedings of the 13th USENIX Conference on System Administration,
  • 1999
Introduction to Receive-Side Scaling.
  • Introduction to Receive-Side Scaling.
  • 2012