A Kernel-Level Monitor over Multiprocessor Architectures for High-Performance Network Analysis with Commodity Hardware

Traffic monitoring is an increasingly important discipline for nowadays networking, as Accounting, Security and also Quality of Service (QoS) lay on it. Besides, traffic bandwidth has increased exponentially in the last few years, and high-speed network monitoring is a challenging aim. Performance requirements are highly relevant for monitoring systems. A low-level study of the capturing stages on a traffic analysis system (TAS) has shown room for improvement. We provide an architecture able to cope with high-speed traffic monitoring using commodity hardware. Our design is also intended to exploit the parallelism available in up-to-date workstations. This paper presents a kernel-level monitoring system (ksensor) that, keeping the previous requirements, removes some issues from user-level processing, improving the overall performance.

[1]  K. K. Ramakrishnan,et al.  Eliminating receive livelock in an interrupt-driven kernel , 1996, TOCS.

[2]  Fidel Liberal,et al.  An analytical model for loss estimation in network traffic analysis systems , 2006, J. Comput. Syst. Sci..

[3]  Klaus Wehrle,et al.  The Linux networking architecture : design and implementation of network protocols in the Linux kernel , 2005 .

[4]  Fulvio Risso,et al.  Optimizing packet capture on symmetric multiprocessing machines , 2003, Proceedings. 15th Symposium on Computer Architecture and High Performance Computing.

[5]  Laurent Lefèvre,et al.  Packet classification in the NIC for improved SMP-based Internet servers , 2003 .

[6]  Mats Björkman,et al.  Performance modeling of multiprocessor implementations of protocols , 1998, TNET.

[7]  Steven McCanne,et al.  The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.

[8]  Guiran Chang,et al.  Research and Implementation of Zero-Copy Technology Based on Device Driver in Linux , 2006, First International Multi-Symposiums on Computer and Computational Sciences (IMSCCS'06).

[9]  Ian Graham,et al.  Design principles for accurate passive measurement , 2000 .

[10]  Liu Zhi-qing Operating System Support for High-performance Networking: a Survey , 2004 .

[11]  Cristina Perfecto,et al.  Network Traffic Sensor for Multiprocessor Architectures: Design Improvement Proposals , 2004, SAPIR.

[12]  Amitava Biswas,et al.  Efficient real-time Linux interface for PCI devices: A study on hardening a Network Intrusion Detection System , 2006 .

[13]  L. Deri Improving Passive Packet Capture : Beyond Device Polling , 2003 .

[14]  Ning Yang,et al.  An Architecture for Distributed Real-Time Passive Network Measurement , 2006, 14th IEEE International Symposium on Modeling, Analysis, and Simulation.

[15]  Will E. Leland,et al.  High time-resolution measurement and analysis of LAN traffic: Implications for LAN interconnection , 1991, IEEE INFCOM '91. The conference on Computer Communications. Tenth Annual Joint Comference of the IEEE Computer and Communications Societies Proceedings.