Multi-Gbps HTTP Traffic Analysis in Commodity Hardware Based on Local Knowledge of TCP Streams

In this paper we propose and implement novel techniques for performance evaluation of web traffic (response time, response code, etc.), with no reassembly of the underlying TCP connection, which severely restricts the traffic analysis throughput. Furthermore, our proposed software for HTTP traffic analysis runs in standard hardware, which is very cost-effective. Besides, we present sub-TCP connection load balancing techniques that significantly increase throughput at the expense of losing very few HTTP transactions. Such techniques provide performance evaluation statistics which are indistinguishable from the single-threaded alternative with full TCP connection reassembly.

[1]  Angela Orebaugh,et al.  Wireshark & Ethereal Network Protocol Analyzer Toolkit , 2007 .

[2]  Steven McCanne,et al.  The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.

[3]  Xinan Tang,et al.  Building High-Performance Application Protocol Parsers on Multi-core Architectures , 2011, 2011 IEEE 17th International Conference on Parallel and Distributed Systems.

[4]  Javier Aracil,et al.  On the duration and spatial characteristics of internet traffic measurement experiments , 2008, IEEE Communications Magazine.

[5]  S. Sudarshan,et al.  Database System Concepts, 4th Edition , 2001 .

[6]  Javier Aracil,et al.  Multi‐granular, multi‐purpose and multi‐Gb/s monitoring on off‐the‐shelf systems , 2014, Int. J. Netw. Manag..

[7]  A Saritha,et al.  A system for detecting network intruders in real-time , 2016 .

[8]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.

[9]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[10]  David Mosberger,et al.  httperf—a tool for measuring web server performance , 1998, PERV.

[11]  José Luis García-Dorado,et al.  Low-cost and high-performance: VoIP monitoring and full-data retention at multi-Gb/s rates using commodity hardware , 2014, Int. J. Netw. Manag..

[12]  Angela Orebaugh,et al.  Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security) , 2006 .

[13]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[14]  David Plonka,et al.  FlowScan: A Network Traffic Flow Reporting and Visualization Tool , 2000, LISA.

[15]  Wei Liu,et al.  Towards High-Speed Real-Time HTTP Traffic Analysis on the Tilera Many-Core Platform , 2013, 2013 IEEE 10th International Conference on High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing.

[16]  Pawel Gburzynski,et al.  An Adaptive Load Balancer for Multiprocessor Routers , 2006, Simul..

[17]  Gustavo Sutter,et al.  TNT10G: A high-accuracy 10 GbE traffic player and recorder for multi-Terabyte traces , 2014, 2014 International Conference on ReConFigurable Computing and FPGAs (ReConFig14).