A single physical machine provides multiple network monitoring and analysis services (e.g., IDS, QoS) which are installed on the same operating system. Isolation between services is weak and it is difficult to decide the optimum allocation of resources for each service. This paper presents a virtual-machine-based architecture for network traffic monitoring and analysis. Through virtualization, a machine under the architecture logically is divided into one host, one virtual machine monitor (VMM) and multiple virtual machines. The host is responsible for capturing network traffic, and multiplexing it to multiple virtual machines. Each virtual machine hosts a service. VMM performs functions such as isolating services and resolving the conflict between services. Compared with Xen, KVM is chosen as a VMM to implement the architecture. Some network optimizations of the architecture are given. Our evaluation results show that these optimizations can multiplex network traffic received by the host to all services, and improve the data receive performance of services by 67% compared to the architecture in which the traffic is directly transferred to virtual machines, instead of the host, and optimized methods are not adopted.
[1]
Georg Carle,et al.
HISTORY – High-Speed Network Monitoring and Analysis
,
2005
.
[2]
Beng-Hong Lim,et al.
Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor
,
2001,
USENIX Annual Technical Conference, General Track.
[3]
R. P. Goldberg,et al.
Virtual Machine Technology: A Bridge From Large Mainframes To Networks Of Small Computers
,
1979
.
[4]
Andrew Warfield,et al.
Xen and the art of virtualization
,
2003,
SOSP '03.
[5]
Amin Vahdat,et al.
When Virtual is Harder than Real : Resource Allocation Challenges in Virtual Machine Based IT Environments
,
2007
.
[6]
Fabrice Bellard,et al.
QEMU, a Fast and Portable Dynamic Translator
,
2005,
USENIX ATC, FREENIX Track.
[7]
Robert P. Goldberg,et al.
Survey of virtual machine research
,
1974,
Computer.
[8]
Nick McKeown,et al.
Monitoring very high speed links
,
2001,
IMW '01.
[9]
Tal Garfinkel,et al.
Virtual machine monitors: current technology and future trends
,
2005,
Computer.