software defined monitoring research platform for high
play

Software Defined Monitoring: Research Platform for High Speed - PowerPoint PPT Presentation

Sep 15, 2023 •430 likes •684 views

Software Defined Monitoring: Research Platform for High Speed Network Monitoring (31st NMRG Meeting Zrich, Switzerland) Luk Kekely , Viktor Pu, Jan Ko renek (kekely,pus,korenek@cesnet.cz) 14. 10. 2013 Czech NREN Cesnet PIONEER

  1. Software Defined Monitoring: Research Platform for High Speed Network Monitoring (31st NMRG Meeting – Zürich, Switzerland) Lukáš Kekely , Viktor Puš, Jan Koˇ renek (kekely,pus,korenek@cesnet.cz) 14. 10. 2013

  2. Czech NREN Cesnet PIONEER AMS-IX NIX GEANT TELIA ACONET SANET metering points on the edges of the network (highlighted) L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 1 / 19

  3. Current Metering Point commodity server running Linux SW flow exporter (NetFlow/IPFIX) from SME Invea-Tech support for creation of traffic processing plugins our own hardware probe from COMBOv2 family PCI-Express card with two 10 GbE ports and Virtex5 FPGA HaNic over NetCope as firmware – packet capture, precise timestamps (ns), flow based traffic division . . . L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 2 / 19

  4. Motivation ⇒ We want more than that! L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 3 / 19

  5. Motivation ⇒ We want more than that! Higher speed 1 constant advances in the network bandwidth monitored links are going to be upgraded to 40/100 Gbps Higher quality 2 more than just classical NetFlow statistics flexible additional data according to actual need application protocol parsing and deep packet inspection L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 3 / 19

  6. Motivation ⇒ We want more than that! Higher speed 1 constant advances in the network bandwidth monitored links are going to be upgraded to 40/100 Gbps Higher quality 2 more than just classical NetFlow statistics flexible additional data according to actual need application protocol parsing and deep packet inspection Problem: Current CPUs are not fast enough to process whole traffic all alone! L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 3 / 19

  7. Motivation ⇒ We want more than that! Higher speed 1 constant advances in the network bandwidth monitored links are going to be upgraded to 40/100 Gbps Higher quality 2 more than just classical NetFlow statistics flexible additional data according to actual need application protocol parsing and deep packet inspection Problem: Current CPUs are not fast enough to process whole traffic all alone! Solution: We created new approach to monitoring acceleration called Software Defined Monitoring! L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 3 / 19

  8. Software Defined Monitoring What is it? new approach to acceleration of network monitoring brings HW accelerated, application controlled reduction of traffic (packet processing offload) still performs packet capture, precise timestamps, flow based traffic division What does it do? Hardware provides various methods of packet preprocessing and aggregation – The Muscles Software controls the actual usage of preprocessing on flow basis – The Controller User applications request the acceleration and perform advanced monitoring tasks – The Intelligence L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 4 / 19

  9. Software Defined Monitoring What is it? new approach to acceleration of network monitoring brings HW accelerated, application controlled reduction of traffic (packet processing offload) still performs packet capture, precise timestamps, flow based traffic division What does it do? Hardware provides various methods of packet preprocessing and aggregation – The Muscles Software controls the actual usage of preprocessing on flow basis – The Controller User applications request the acceleration and perform advanced monitoring tasks – The Intelligence Applications adjust acceleration of traffic processing according to their actual needs! L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 4 / 19

  10. Traffic Preprocessing in Hardware fully controlled by rules from software four basic methods of frames preprocessing: Send – preserve the whole frame (with payload) Extract – preserve only basic data about the frame Aggregate – update selected flow (NetFlow) record maintained in HW memory Drop – simply ignore the frame L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 5 / 19

  11. SDM Layered Scheme User Applications Software Defined Monitoring Software Layer libSDM Basic PCAP SDM Control Controller Tools SZE Data Control Path Path Firmware Layer SDM NetCOPE Acceleration (100GbE) Firmware Hardware Layer L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 6 / 19

  12. SDM Firmware Frames UH UH ETH Data UH Update Export HFE Search Link Path Action Action Rules Control SW Access Path Memory Arbiter TABLE2: TABLE1: Flow Rules Records External Memory L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 7 / 19

  13. SDM Use Cases Basic NetFlow statistics 1 Application protocol parsing 2 Specific Non-NetFlow statistics 3 Lawfull interceptions 4 Forensic analysis of network traffic 5 "zoom-in" on suspicious data Active SW networking device 6 accelerated switch, firewall, router . . . Acceleration of your research application? 7 L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 8 / 19

  14. UC1: Details of SDM Usage Basic NetFlow statistics useless payload of frames, but must have information about all incoming frames default: use Extract on all traffic rules: use Aggregate for selected (the heaviest) flows CPU performance savings: no packet parsing at all NetFlow aggregation computed only partially need to decide when to use NetFlow in HW based on the first X packets of flows L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 9 / 19

  15. UC1: Results 100 90 80 Aggregated in HW [%] 70 60 Packets 50 Flows 40 30 20 10 0 0 5 10 15 20 25 30 35 40 45 50 Decision time [packets] the number of frames reduced to 1 1 5 and data load to 100 L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 10 / 19

  16. UC2: Details of SDM Usage Application protocol parsing needs payload of selected frames, but do not have to see all incoming frames default: use Send on interesting traffic, Drop the rest rules: Drop rules for already processed flows CPU performance savings: processing of interesting flows only not all packets from interesting flows must be processed easy deployment in combination with UC1 L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 11 / 19

  17. UC2: Results 100 80 Packets [%] Drop 60 Aggregate Extract 40 Send 20 0 HTTP+ NetFlow HTTP DNS NetFlow HTTP : 1 4 of frames and 1 4 of data load 1 1 DNS : 100 of frames and 200 of data load L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 12 / 19

  18. UC3: SDM Firmware as Processor HFE Search SDM Update Instruction Decoder Reserve M ... e Instr 1 Instr 2 Instr n m Arbiter o r Merge y Output L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 13 / 19

  19. UC3: Monitoring Instructions update of stored record based on the frame data consist of operation code and record address delimited by 2 memory accesses (read and write back) update process can vary new instructions without changes in existing modules new instructions created in C/C++ with HLS consumes less time and allows faster implementation verification during implementation even software guy can create accelerated solutions L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 14 / 19

  20. UC3: Demonstration Instructions NetFlow (I1) basic NetFlow aggregation (basic Aggregate) packet/byte counters, start/end timestamps, TCP flags part of the basic SDM infrastructure NetFlow Extended (I2) I1 with TCP flags of the first 5 packets of the flow demonstrates easy NetFlow extending using plain C TCP Flag Counters (I3) (Non-NetFlow) counts the number of observed TCP flags support advanced flow analysis Timestamp Diff (I4) (Non-NetFlow) inter-arrival times of the first 11 packets flow based classification or identification of L7 protocols L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 15 / 19

  21. UC3: Results Instruction Regs LUTs Freq. [MHz] (I1)NetFlow (handmade) 1754 325 425.134 (I1)NetFlow 1846 824 308.641 (I2)NetFlow Extended 2070 1113 308.641 (I3)TCP Flag Counters 0 1046 327.868 (I4)Timestamp Diff 5199 2556 306.748 all modules meet the frequency requirement for 100 Gb/s HLS do not beat hand-written VHDL, but is good enough instruction creation in C/C++ is very simple and fast even non-VHDL programmer can accelerate his monitoring L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 16 / 19

  22. New Metering Point commodity server running Linux SW flow exporter (NetFlow/IPFIX) from SME Invea-Tech support for creation of traffic processing plugins plugins utilizing the SDM acceleration capabilities our own hardware probe for up to 100 GbE new PCI-Express card with powerful Virtex7 FPGA 1 × 100 GbE or 2 × 40 GbE or 8 × 10 GbE interfaces SDM over NetCope as firmware L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 17 / 19

  23. Future NREN Cesnet PIONEER SDM SDM SDM SDM SDM SDM SDM SDM AMS-IX SDM SDM NIX SDM SDM SDM SDM GEANT TELIA ACONET SANET all metering points doubled (production and testing) L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 18 / 19

  24. Thank you for your attention. L. Kekely SDM: Platform for Network Monitoring 14. 10. 2013 19 / 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Efficient implementation of a spectrum scanner on a software-defined radio platform Franois

Efficient implementation of a spectrum scanner on a software-defined radio platform Franois

Efficient implementation of a spectrum scanner on a software-defined radio platform Franois Quitin, Riccardo Pace Universit libre de Bruxelles (ULB), Belgium 1 Context and objectives Regulators need to detect abusive usage of RF spectrum

379 views • 21 slides
Revisiting Routing Control Platforms with the Eyes and Muscles of Software-Defined Networking

Revisiting Routing Control Platforms with the Eyes and Muscles of Software-Defined Networking

Revisiting Routing Control Platforms with the Eyes and Muscles of Software-Defined Networking ACM SIGCOMM HotSDN' 12 Workshop Helsinki, Finland, 13 August 2012 Agenda Research in scope and contribution RouteFlow Control Platform

621 views • 31 slides
Revisiting Routing Control Platforms with the Eyes and Muscles of Software-Defined Networking

Revisiting Routing Control Platforms with the Eyes and Muscles of Software-Defined Networking

Revisiting Routing Control Platforms with the Eyes and Muscles of Software-Defined Networking ACM SIGCOMM HotSDN' 12 Workshop Helsinki, Finland, 13 August 2012 Agenda Research in scope and contribution RouteFlow Control Platform

709 views • 26 slides
Software-Defined Network Exchanges (SDXs) and Software-Defined Infrastructure (SDI) Joe

Software-Defined Network Exchanges (SDXs) and Software-Defined Infrastructure (SDI) Joe

Software-Defined Network Exchanges (SDXs) and Software-Defined Infrastructure (SDI) Joe Mambretti, Director, (j-mambretti@northwestern.edu) International Center for Advanced Internet Research (www.icair.org) Northwestern University Director,

442 views • 23 slides
A software platform for high-load video streaming projects of any scale About the

A software platform for high-load video streaming projects of any scale About the

A software platform for high-load video streaming projects of any scale About the Product Flussonic Media Server is a server software that helps you capture, transcode, record, protect, and deliver video to users across multiple

381 views • 11 slides
Telephone Monitoring and Management Software Telephone Monitoring and Management Software

Telephone Monitoring and Management Software Telephone Monitoring and Management Software

Telephone Monitoring and Management Software Telephone Monitoring and Management Software TELECHECK is a PC based call monitoring system, adds utility to your customer by capturing and managing outgoing telephone calls data. It speedily provides

184 views • 16 slides
Virtex-7 FPGAs Target Software Virtex-7 FPGAs Target Software Defined Radio Applications Defined

Virtex-7 FPGAs Target Software Virtex-7 FPGAs Target Software Defined Radio Applications Defined

Virtex-7 FPGAs Target Software Virtex-7 FPGAs Target Software Defined Radio Applications Defined Radio Applications Rodger Hosking Rodger Hosking 1 Software Defined Radio Needs High-Performance Signal Processing DSP: filtering, FFTs,

859 views • 26 slides
HIGH SPEED HIGH AVAILABILITY Software Defined Networking DATA SWITCHING AGGREGATED SWITCHING

HIGH SPEED HIGH AVAILABILITY Software Defined Networking DATA SWITCHING AGGREGATED SWITCHING

HIGH SPEED HIGH AVAILABILITY Software Defined Networking DATA SWITCHING AGGREGATED SWITCHING With the arrival new cloud based applications; user demands for faster & more sophisticated data requirements as well as arrival of 5G

623 views • 9 slides
The WINLAB Cognitive Radio Platform IAB Meeting, Fall 2007 Rutgers, The State University of New

The WINLAB Cognitive Radio Platform IAB Meeting, Fall 2007 Rutgers, The State University of New

The WINLAB Cognitive Radio Platform IAB Meeting, Fall 2007 Rutgers, The State University of New Jersey Ivan Seskar Software Defined Radio/ Cognitive Radio Terminology Software Defined Radio (SDR) is any radio that uses software to perform

438 views • 19 slides
software defined networking CS 6410 Fall 2017 Eric Campbell and Rolph Recto software defined

software defined networking CS 6410 Fall 2017 Eric Campbell and Rolph Recto software defined

software defined networking CS 6410 Fall 2017 Eric Campbell and Rolph Recto software defined networking software defined networking (OpenFlow, originally) Stanford computer scientist Nick McKeown and colleagues developed a standard called

1.13k views • 77 slides
Software Defined Radios RABC Conference Ottawa, 3 March 2004 www.crc.ca / rmsc Software Defined

Software Defined Radios RABC Conference Ottawa, 3 March 2004 www.crc.ca / rmsc Software Defined

Software Defined Radios RABC Conference Ottawa, 3 March 2004 www.crc.ca / rmsc Software Defined Radio A wireless system whose operating modes and parameters can be changed or augmented post- manufacturing, via software. Based on an

703 views • 22 slides
OSiRIS Distributed Ceph and Software Defined Networking for Multi-Institutional Research Benjeman

OSiRIS Distributed Ceph and Software Defined Networking for Multi-Institutional Research Benjeman

OSiRIS Distributed Ceph and Software Defined Networking for Multi-Institutional Research Benjeman Meekhof University of Michigan Advanced Research Computing Technology Services October 6, 2016 Project and participants Latency and

571 views • 30 slides
Networks in the Software Software Age Defined Clouds and Internet Ravinder Shergill of

Networks in the Software Software Age Defined Clouds and Internet Ravinder Shergill of

Networks in the Software Software Age Defined Clouds and Internet Ravinder Shergill of Things Principal Architect Technology Strategy, TELUS June 06, 2016 TELUS RESTRICTED Storyboard Generational changes via Software Defined

601 views • 18 slides
Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Infrastructure Architecture for a Cloud IaaS Provider Software Defined Networking and Network Virtualization Network Monitoring Security Enforcement Inter-Domain Routing for Virtualized Networks Security Monitoring and Enforcement for the

795 views • 42 slides
OSiRIS Distributed Ceph and Software Defined Networking for Multi-Institutional Research Benjeman

OSiRIS Distributed Ceph and Software Defined Networking for Multi-Institutional Research Benjeman

OSiRIS Distributed Ceph and Software Defined Networking for Multi-Institutional Research Benjeman Meekhof University of Michigan Advanced Research Computing Technology Services May 11, 2016 About OSiRIS Status Today

581 views • 27 slides
The Bro Monitoring Platform Adam Slagell National Center for Supercomputing Applications Borrowed

The Bro Monitoring Platform Adam Slagell National Center for Supercomputing Applications Borrowed

The Bro Monitoring Platform Adam Slagell National Center for Supercomputing Applications Borrowed from Robin Sommer International Computer Science Institute The Bro Monitoring Platform What Is Bro? Packet Capture Traffic Inspection

523 views • 36 slides
00

00

449 views • 10 slides
Testing with volcanoes Fuego + LAVA Embedded testing going distributed Jan-Simon Mller ,

Testing with volcanoes Fuego + LAVA Embedded testing going distributed Jan-Simon Mller ,

Testing with volcanoes Fuego + LAVA Embedded testing going distributed Jan-Simon Mller , 'dl9pf' jsmoeller@linuxfoundation.org /me Dipl.-Ing. Jan-Simon Mller dl9pf@gmx.de , jsmoeller@linuxfoundation.org Release Manager & CI and

359 views • 24 slides
Medium Access Control and WPAN Technologies 01204525 Wireless Sensor Networks and Internet of

Medium Access Control and WPAN Technologies 01204525 Wireless Sensor Networks and Internet of

Medium Access Control and WPAN Technologies 01204525 Wireless Sensor Networks and Internet of Things Chaiporn Ja Jaikaeo (c (chaiporn.j@ku.ac.th) Department of f Computer Engineering Kasetsart University Materials taken from lecture slides

597 views • 42 slides
Ad hoc TCP: achieving fairness with Active Neighbor Estimation Kaixin Xu and Mario Gerla

Ad hoc TCP: achieving fairness with Active Neighbor Estimation Kaixin Xu and Mario Gerla

Ad hoc TCP: achieving fairness with Active Neighbor Estimation Kaixin Xu and Mario Gerla Computer Science Department, UCLA gerla@cs.ucla.edu www.cs.ucla.edu/NRL Ad Hoc TCP design challenge 802.11 Binary Exp Backoff (BEB) scheme: when

638 views • 31 slides
Normalized Polish Expression Draw slicing floorplan based on: Initial PE: P 1 =

Normalized Polish Expression Draw slicing floorplan based on: Initial PE: P 1 =

Normalized Polish Expression Draw slicing floorplan based on: Initial PE: P 1 = 25V1H374VH6V8VH Dimensions: (2,4), (1,3), (3,3), (3,5), (3,2), (5,3), (1,2), (2,4) Practical Problems in VLSI Physical Design Polish Expression (1/8) M1

347 views • 8 slides
Objectives You should be able to ... Regular Languages Use the syntax of regular expressions

Objectives You should be able to ... Regular Languages Use the syntax of regular expressions

Objectives Regular Expressions Syntax of Regular Expressions Objectives Regular Expressions Syntax of Regular Expressions Objectives You should be able to ... Regular Languages Use the syntax of regular expressions to model a given set

447 views • 3 slides
Computational Expression Classes Janyl Jumadinova 21 October, 2019 Janyl Jumadinova

Computational Expression Classes Janyl Jumadinova 21 October, 2019 Janyl Jumadinova

Computational Expression Classes Janyl Jumadinova 21 October, 2019 Janyl Jumadinova Computational Expression 21 October, 2019 1 / 13 Classes Most of our previous programs all just had a main() method in one file. Janyl Jumadinova

607 views • 25 slides
Postfix (and prefix) notation Evaluating postfix expressions Also called reverse Polish

Postfix (and prefix) notation Evaluating postfix expressions Also called reverse Polish

Postfix (and prefix) notation Evaluating postfix expressions Also called reverse Polish reversed form of Algorithm (start with an empty stack): notation devised by mathematician named Jan while expression has tokens {

269 views • 3 slides

More recommend