packet capture in 10 gigabit ethernet environments using
play

Packet Capture in 10-Gigabit Ethernet Environments Using - PowerPoint PPT Presentation

Mar 05, 2024 •155 likes •415 views

Packet Capture in 10-Gigabit Ethernet Environments Using Contemporary Commodity Hardware Fabian Schneider J org Wallerich Anja Feldmann { fabian,joerg,anja } @net.t-labs.tu-berlin.de Technische Universtit at Berlin Deutsche Telekom

  1. Packet Capture in 10-Gigabit Ethernet Environments Using Contemporary Commodity Hardware Fabian Schneider J¨ org Wallerich Anja Feldmann { fabian,joerg,anja } @net.t-labs.tu-berlin.de Technische Universtit¨ at Berlin Deutsche Telekom Laboratories Passive and Active Measurement Conference 5th April 2007 Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 1 / 20

  2. Introduction Motivation Motivation Example Scenario: Network security tool at the edge of your network • need access to packet level data for application layer analysis • High-speed networks ⇒ high data and packet rate Challenge: capture full packets without missing any packet • One approach: specialized hardware • e.g. Monitoring cards from Endace • Drawbacks: high costs, single purpose Question: Is it feasible to capture traffic with commodity hardware? Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 2 / 20

  3. Monitoring 10-Gigabit Outline 1 Monitoring 10-Gigabit Approach Link Bundling 2 Comparing 1-Gigabit Monitoring Systems 3 Results 4 Summary Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 3 / 20

  4. Monitoring 10-Gigabit Approach Approach for 10-Gigabit Monitoring • Problem: No recent host bus or disk system can handle the bandwidth needs 10GigE of 10-Gigabit environments • Solution: split up traffic and distribute the load (e.g. 10-Gigabit on multiple 1-Gigabit links) • Use a switch: e.g. link bundling feature 10 x 1GigE • Use specialized hardware • Keep corresponding data together! Monitor Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 4 / 20

  5. Monitoring 10-Gigabit Link Bundling Link Bundling Feasibility Etherchannel (Cisco) feature enables link-bundling for: • higher bandwidth, redundancy, . . . • or load-balancing e. g. for Webservers Feasibility test: • Tested on a Cisco 3750 • 1-Gigabit Ethernet link split on eight FastEthernet (100 Mbit/s) links. • Assign packets to links based on both IP addresses. ⇒ It works with real traffic! Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 5 / 20

  6. Monitoring 10-Gigabit Link Bundling Link Bundling Load-Balancing • Simple switches use only MAC addresses ⇒ Not useful for a router-to-router link • On a Cisco 3750: any combination of IP and/or MAC addresses ⇒ is sufficient for our example scenario • On a Cisco 65xx: MAC’s, IP’s, and/or Port Numbers Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 6 / 20

  7. Comparing 1-Gigabit Monitoring Systems Comparing 1-Gigabit Monitoring Systems 1 Monitoring 10-Gigabit 2 Comparing 1-Gigabit Monitoring Systems Methodology System under Test Measurement Setup 3 Results 4 Summary Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 7 / 20

  8. Comparing 1-Gigabit Monitoring Systems Methodology Methodology • Comparable priced systems with • Different processor architectures • Different operating systems • Task of those systems: • Capture full packets • Do not analyze them (Out-of-Scope) • Workload: • All system are subject to identical input • Increase bandwidth up to a fully loaded Gigabit link • Realistic packet size distribution • Measurement Categories: • Capturing Rate: number of captured packets (simple libpcap app) • System Load: CPU usage while capturing (simple top like app) Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 8 / 20

  9. Comparing 1-Gigabit Monitoring Systems System under Test Systems under Test Two examples of any of the systems: • One installed with Linux • The other with FreeBSD First set of systems purchased in 2005: • 2x AMD Opteron 244 (1 MB Cache, 1.8 GHz), • 2x Intel Xeon (Netburst, 512 kB Cache, 3.06 GHz), Second set purchased in 2006: • 2x Dual Core AMD Opteron 270 (1 MB Cache, 2.0 GHz) All: 2 Gbytes of RAM, optical Intel Gigabit Ethernet card, RAID array Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 9 / 20

  10. Comparing 1-Gigabit Monitoring Systems Measurement Setup Measurement Setup eth0 SNMP Interface Generator Counter Queries (LKPG) eth2 eth1 Cisco C3500XL Workload -> optical Splitter (mulitiplies every Signal) Linux/ Linux/ FreeBSD/ FreeBSD/ AMD Opteron Intel Xeon AMD Opteron Intel Xeon (Netburst) (Netburst) Control Network Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 10 / 20

  11. Results 1 Monitoring 10-Gigabit 2 Comparing 1-Gigabit Monitoring Systems 3 Results Using multiple processors? � first set of systems Increasing buffer sizes measurements Additional Insights (I) Write to disk � second set of systems Additional Insights (II) measurements 4 Summary Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 11 / 20

  12. Results Using multiple processors? Linux/AMD (32) no SMP, no HT, std. buffers, 1 app, no filter, no load Linux/Intel FreeBSD/AMD Single processor, 1 st Set FreeBSD/Intel Capturing Rate [%] CPU usage [%] Upper Part: 100 90 Capturing Rate 80 Capturing Rate [%] 70 60 50 40 30 Lower Part: CPU Usage 20 10 SP: 100% corresponds to one fully utilised processor 0 100 90 MP: 50% corresponds to one fully utilised processor 80 70 CPU usage [%] 60 50 40 30 X-Axis: Generated Bandwidth 20 10 0 50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 Datarate [Mbit/s] Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 12 / 20

  13. Results Using multiple processors? Linux/AMD (32) no SMP, no HT, std. buffers, 1 app, no filter, no load Linux/Intel FreeBSD/AMD Single processor, 1 st Set FreeBSD/Intel Capturing Rate [%] CPU usage [%] 100 90 80 Capturing Rate [%] 70 60 50 40 30 20 10 0 100 90 80 70 CPU usage [%] 60 50 40 30 20 10 0 50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 Datarate [Mbit/s] Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 12 / 20

  14. Results Using multiple processors? Linux/AMD (32) no SMP, no HT, std. buffers, 1 app, no filter, no load Linux/Intel FreeBSD/AMD Single processor, 1 st Set FreeBSD/Intel Capturing Rate [%] CPU usage [%] 100 90 80 Capturing Rate [%] 70 60 50 40 30 Sharp decline at high data rates 20 10 0 100 90 80 Opteron/FreeBSD system performs best 70 CPU usage [%] 60 50 40 30 20 10 0 50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 Datarate [Mbit/s] Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 12 / 20

  15. Results Using multiple processors? Linux/AMD (31) SMP, no HT, std. buffers, 1 app, no filter, no load Linux/Intel FreeBSD/AMD Multiprocessor (SMP), 1 st Set FreeBSD/Intel Capturing Rate [%] CPU usage [%] 100 90 80 Capturing Rate [%] 70 60 50 40 30 20 10 0 100 90 80 70 CPU usage [%] 60 50 40 30 20 10 0 50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 Datarate [Mbit/s] Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 13 / 20

  16. Results Using multiple processors? Linux/AMD (31) SMP, no HT, std. buffers, 1 app, no filter, no load Linux/Intel FreeBSD/AMD Multiprocessor (SMP), 1 st Set FreeBSD/Intel Capturing Rate [%] CPU usage [%] 100 90 80 Capturing Rate [%] 70 60 All systems are benefitting . . . 50 40 30 20 10 . . . even though the second 0 100 90 processor is not used extensively 80 70 CPU usage [%] 60 50 40 30 20 10 0 50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 Datarate [Mbit/s] Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 13 / 20

  17. Results Increasing buffer sizes Increasing Buffer Sizes ? Setup: • First Set of systems • Dual processor • Increased buffer sizes Operating system buffers: FreeBSD 6.x: sysctl ’s net.bpf.bufsize and net.bpf.maxbufsize FreeBSD 5.x: sysctl ’s debug.bpf bufsize and debug.maxbpf bufsize Linux: /proc/sys/net/core/rmem default , /proc/sys/net/core/rmem max , and /proc/sys/net/core/netdev max backlog Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 14 / 20

  18. Results Increasing buffer sizes Linux/AMD (17) SMP, no HT, inc. buffers, 1 app, no filter, no load Linux/Intel FreeBSD/AMD increased buffers, 1 st Set FreeBSD/Intel Capturing Rate [%] CPU usage [%] 100 90 80 Capturing Rate [%] 70 60 50 40 30 20 10 0 100 90 80 70 CPU usage [%] 60 50 40 30 20 10 0 50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 Datarate [Mbit/s] Schneider, Wallerich, Feldmann (TU Berlin/DT Labs) Packet Capturing on 10-Gigabit Ethernet Links PAM 2007 15 / 20

Recommend

Gigabit Ethernet Gigabit Ethernet implementation for implementation for FPGAs FPGAs Grzegorz

Gigabit Ethernet Gigabit Ethernet implementation for implementation for FPGAs FPGAs Grzegorz

Gigabit Ethernet Gigabit Ethernet implementation for implementation for FPGAs FPGAs Grzegorz Korcyl - Jagiellonian University, Krakw Grzegorz Korcyl PANDA TDAQ Workshop, Giessen April 2010 Outline Motivation 1. 2. General structure

292 views • 16 slides
Modifying existing applications for 100 Gigabit Ethernet Jelte Fennema University of Amsterdam

Modifying existing applications for 100 Gigabit Ethernet Jelte Fennema University of Amsterdam

Modifying existing applications for 100 Gigabit Ethernet Jelte Fennema University of Amsterdam 29th June 2016 Introduction Approach Results Conclusion Introduction 100 Gigabit Ethernet (100GbE) is becoming common Measuring the

601 views • 30 slides
Cisco IOS Embedded Packet Capture (EPC) Cisco IOS Embedded Packet Capture (EPC) The Cisco IOS

Cisco IOS Embedded Packet Capture (EPC) Cisco IOS Embedded Packet Capture (EPC) The Cisco IOS

Cisco IOS Embedded Packet Capture (EPC) Cisco IOS Embedded Packet Capture (EPC) The Cisco IOS Embedded Packet Capture (EPC) delivers a powerful troubleshooting and tracing tool. The feature allows for network administrators to capture data

518 views • 24 slides
IEEE 802.3ae* standard The Architectural components 10 Gigabit Ethernet Technology of the 802.3ae*

IEEE 802.3ae* standard The Architectural components 10 Gigabit Ethernet Technology of the 802.3ae*

1/12/2012 Ethernets popularity 1) Low implementation cost 10 Gigabit Ethernet 2) Reliability 40GbE and 100 GbE 3) Relative simplicity of installation and maintenance TCP Offload Engine iWARP RDMAoE IEEE 802.3ae* standard The Architectural

267 views • 6 slides
Quality of Service on Gigabit Ethernet for Event Builder Y.Yasu (1) , Y.Nagasaka (2) , H.Hasegawa

Quality of Service on Gigabit Ethernet for Event Builder Y.Yasu (1) , Y.Nagasaka (2) , H.Hasegawa

DAQ2000, Lyon ATLAS-Japan DAQ Group Quality of Service on Gigabit Ethernet for Event Builder Y.Yasu (1) , Y.Nagasaka (2) , H.Hasegawa (3) , A.Manabe (1) , M.Nomachi (4) , H.Fujii (1) , Y.Watase (1) (1)High Energy Accelerator Research

393 views • 22 slides
UDP Performance and PCI-X Activity of the Intel 10 Gigabit Ethernet Adapter on: HP rx2600 Dual

UDP Performance and PCI-X Activity of the Intel 10 Gigabit Ethernet Adapter on: HP rx2600 Dual

UDP Performance and PCI-X Activity of the Intel 10 Gigabit Ethernet Adapter on: HP rx2600 Dual Itanium 2 SuperMicro P4DP8-2G Dual Xenon Dell Poweredge 2650 Dual Xenon Richard Hughes-Jones Many people helped including: Sverre Jarp and Glen

196 views • 15 slides
Gigabit Ethernet Interface for the MSR Fred Kuhns Applied Research Laboratory Washington

Gigabit Ethernet Interface for the MSR Fred Kuhns Applied Research Laboratory Washington

Gigabit Ethernet Interface for the MSR Fred Kuhns Applied Research Laboratory Washington University St. Louis Mo. Washington fredk@arl.wustl.edu WASHINGTON UNIVERSITY IN ST LOUIS Overview Two Example Ethernet Scenarios Relevant

675 views • 28 slides
POF Knowledge Development EMC Lessons Learnt on Gigabit Ethernet Implementation for ADAS & AV

POF Knowledge Development EMC Lessons Learnt on Gigabit Ethernet Implementation for ADAS & AV

POF Knowledge Development EMC Lessons Learnt on Gigabit Ethernet Implementation for ADAS & AV Rubn Prez-Aranda (rubenpda@kdpof.com) AESIN CONFERENCE | 2 nd Oct 2018 POF KDPOF in a nutshell Knowledge Development Fabless silicon

488 views • 21 slides
Gigabit Broadband, Interconnec1on proposi1ons, and the Challenge of Managing Expecta1ons Steven

Gigabit Broadband, Interconnec1on proposi1ons, and the Challenge of Managing Expecta1ons Steven

Gigabit Broadband, Interconnec1on proposi1ons, and the Challenge of Managing Expecta1ons Steven Bauer William Lehr Shirley Hung MassachuseCs Ins1tute of Technology Dec 17, 2015 How would Google Fibers Gigabit Ethernet Product look in

612 views • 21 slides
Packet Validation in the Network Environments Yingdi Yu UCLA 1 Packet Authentication How

Packet Validation in the Network Environments Yingdi Yu UCLA 1 Packet Authentication How

Packet Validation in the Network Environments Yingdi Yu UCLA 1 Packet Authentication How to authenticate a data packet containing the electricity usage of a room at certain time? Data is signed, but how to verify the signature?

224 views • 19 slides
The Packet ADM Making Ethernet Services Economically Viable Gady Rosenfeld Director, St rategic

The Packet ADM Making Ethernet Services Economically Viable Gady Rosenfeld Director, St rategic

The Packet ADM Making Ethernet Services Economically Viable Gady Rosenfeld Director, St rategic Marketing Corrigent Systems gadyr@corrigent .com Agenda Why offer Ethernet as a service? How Ethernet services are defined Compelling

359 views • 24 slides
Gigabit Ethernet Adapter (GigE) Version 1 Architecture William D. Richard, Ph.D. Washington

Gigabit Ethernet Adapter (GigE) Version 1 Architecture William D. Richard, Ph.D. Washington

Gigabit Ethernet Adapter (GigE) Version 1 Architecture William D. Richard, Ph.D. Washington wdr@ee.wustl.edu WASHINGTON UNIVERSITY IN ST LOUIS GigE Design Team William D. Richard Hardware Design Fred Kuhns Protocol Design

818 views • 20 slides
Chapter 7 Packet-Switching Networks Routing in Packet Networks Shortest Path Routing Chapter 7

Chapter 7 Packet-Switching Networks Routing in Packet Networks Shortest Path Routing Chapter 7

Chapter 7 Packet-Switching Networks Routing in Packet Networks Shortest Path Routing Chapter 7 Packet-Switching Networks Routing in Packet Networks IP in Ethernet Frame Ethernet frame IP packet (if Ether type is 0800 in hex)

1.05k views • 61 slides
An innovative low-cost Classification Scheme for combined multi-Gigabit IP and Ethernet Networks

An innovative low-cost Classification Scheme for combined multi-Gigabit IP and Ethernet Networks

An innovative low-cost Classification Scheme for combined multi-Gigabit IP and Ethernet Networks Ioannis Papaefstathiou Vassilis Papaefstathiou Inst. of Computer Science (ICS), Foundation for Research Inst. of Computer Science (ICS), Foundation

229 views • 6 slides
Ethernet CS/ECE 438: Spring 2014 Instructor: Matthew Caesar

Ethernet CS/ECE 438: Spring 2014 Instructor: Matthew Caesar

Ethernet CS/ECE 438: Spring 2014 Instructor: Matthew Caesar http://courses.engr.illinois.edu/cs438/ Some History Ethernet was invented as a broadcast technology Each packet received by all attached hosts Easy to set up, cheap to

1.57k views • 123 slides
How to (passively) measure? Packet Monitoring 1 What to expect? Overview / What is packet

How to (passively) measure? Packet Monitoring 1 What to expect? Overview / What is packet

How to (passively) measure? Packet Monitoring 1 What to expect? Overview / What is packet monitor? How to acquire the data Handling performance bottlenecks Case Study: Packet Capture Performance Analyzing the transport and

487 views • 37 slides
Network Network sniffing sniffing packet capture and analysis packet

Network Network sniffing sniffing packet capture and analysis packet

Network Network sniffing sniffing packet capture and analysis packet capture and analysis October 2, 2020 Administrative submittal instructions submittal instructions Administrative answer the lab

366 views • 17 slides
Packet Coalescing for Dual-Mode Energy Efficient Ethernet: A Simulation Study Mehrgan Mostowfi

Packet Coalescing for Dual-Mode Energy Efficient Ethernet: A Simulation Study Mehrgan Mostowfi

Packet Coalescing for Dual-Mode Energy Efficient Ethernet: A Simulation Study Mehrgan Mostowfi School of Mathematical Sciences University of Northern Colorado Greeley, Colorado, USA mehrgan.mostowfi@unco.edu Slide 1 of 11 Packet Coalescing for

254 views • 11 slides
TCP/Generic Segmentation Offload and Its Application in Xen Herbert Xu Principal Software

TCP/Generic Segmentation Offload and Its Application in Xen Herbert Xu Principal Software

TCP/Generic Segmentation Offload and Its Application in Xen Herbert Xu Principal Software Engineer Red Hat Asia Pacific What is TSO? Faster Ethernet (Gigabit) => higher CPU load: 1500-byte Ethernet MTU set in 70's. Amount of data

279 views • 13 slides
Hacking Hands on with wireless LAN routers, packet capture and wireless security Organised by

Hacking Hands on with wireless LAN routers, packet capture and wireless security Organised by

Free Technology Workshop Hacking Hands on with wireless LAN routers, packet capture and wireless security Organised by Steven Gordon Bangkadi 3 rd floor IT Lab 10:30-13:30 Friday 18 July 2014 http://ict.siit.tu.ac.th/moodle/ _______

795 views • 48 slides
Carrier Ethernet A Wave is Building Provider Backbone Bridges with Traffic Engineering

Carrier Ethernet A Wave is Building Provider Backbone Bridges with Traffic Engineering

Carrier Ethernet A Wave is Building Provider Backbone Bridges with Traffic Engineering (PBB-TE) D. Kent Stevens Western Region Optical Architect kesteven@nortel.com 714-803-1050 Next Generation Packet Metro Ethernet Interface is the

446 views • 27 slides
Ethernet broadband or baseband signalling Hub and repeaters Ethernet switches and

Ethernet broadband or baseband signalling Hub and repeaters Ethernet switches and

Ethernet broadband or baseband signalling Hub and repeaters Ethernet switches and bridges: Ethernet packets Ethernet topologies Bus, star, tree. Carrier-Sense Multiple Access with Collision Detection (CSMA/CD) All nodes

499 views • 27 slides
A Guide to Todays Class Quick Ethernet Overview Basic Data Structures Break

A Guide to Todays Class Quick Ethernet Overview Basic Data Structures Break

A Guide to Todays Class Quick Ethernet Overview Basic Data Structures Break Device Startup and Initialization Break Packet Reception Packet Transmission Break Device Control Special Features George

677 views • 67 slides
Less is More with Intelligent Packet Capture RANDY CALDEJON FLOCON 2020 Objectives Consider

Less is More with Intelligent Packet Capture RANDY CALDEJON FLOCON 2020 Objectives Consider

Less is More with Intelligent Packet Capture RANDY CALDEJON FLOCON 2020 Objectives Consider merits of streaming analytics Expose to advanced open source tools Encourage to experiment with OpenArgus 2 2 Streaming Analytics

581 views • 36 slides

More recommend