Packet scheduling for deep packet inspection on multi-core architectures

Multi-core architectures are commonly used for network applications because the workload is highly parallelizable. Packet scheduling is a critical performance component of these applications and significantly impacts how well they scale. Deep packet inspection (DPI) applications are more complex than most network applications. This makes packet scheduling more difficult, but it can have a larger impact on performance. Also, packet latency and ordering requirements differ depending on whether the DPI application is deployed inline. Therefore, different packet scheduling tradeoffs can be made based on the deployment. In this paper, we evaluate three packet scheduling algorithms with the Protocol Analysis Module (PAM) as our DPI application using network traces acquired from production networks where intrusion prevention systems (IPS) are deployed. One of the packet scheduling algorithms we evaluate is commonly used in production applications; thus, it is useful for comparison. The other two are of our own design. Our results show that packet scheduling based on cache affinity is more important than trying to balance packets. More specifically, for the three network traces we tested, our cache affinity packet scheduler outperformed the other two schedulers increasing throughput by as much as 38%.

[1]  Gero Dittmann,et al.  Network Processor Load Balancing for High-Speed Links , 2000 .

[2]  Bin Liu,et al.  An adaptive hash-based multilayer scheduler for L7-filter on a highly threaded hierarchical multi-core server , 2009, ANCS '09.

[3]  Pawel Gburzynski,et al.  A scalable load balancer for forwarding internet traffic , 2005, 2005 Symposium on Architectures for Networking and Communications Systems (ANCS).

[4]  Pawel Gburzynski,et al.  Load balancing for parallel forwarding , 2005, IEEE/ACM Transactions on Networking.

[5]  Srikanth Kandula,et al.  Dynamic load balancing without packet reordering , 2007, CCRV.

[6]  Hao Yu,et al.  Stateful hardware decompression in networking environment , 2008, ANCS '08.

[7]  H. Franke,et al.  Introduction to the wire-speed processor and architecture , 2010, IBM J. Res. Dev..

[8]  Gang Peng,et al.  Performance guarantees for cluster-based internet services , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[9]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[10]  Hao Yu,et al.  Exploiting heterogeneous multicore-processor systems for high-performance network processing , 2010, IBM J. Res. Dev..

[11]  Mark S. Squillante,et al.  Using Processor-Cache Affinity Information in Shared-Memory Multiprocessor Scheduling , 1993, IEEE Trans. Parallel Distributed Syst..

[12]  Michael Menth,et al.  Accuracy and Dynamics of Hash-Based Load Balancing Algorithms for Multipath Internet Routing , 2006, 2006 3rd International Conference on Broadband Communications, Networks and Systems.

[13]  Craig Partridge,et al.  Packet reordering is not pathological network behavior , 1999, TNET.

[14]  Vern Paxson,et al.  An architecture for exploiting multi-core processors to parallelize network intrusion prevention , 2007, 2007 IEEE Sarnoff Symposium.

[15]  Ellen W. Zegura,et al.  Performance of hashing-based schemes for Internet load balancing , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[16]  Mark Allman,et al.  On making TCP more robust to packet reordering , 2002, CCRV.

[17]  George Kingsley Zipf,et al.  Human behavior and the principle of least effort , 1949 .

[18]  Bin Liu,et al.  A scalable multithreaded L7-filter design for multi-core servers , 2008, ANCS '08.

[19]  Lukas Kencl,et al.  Sequence-preserving adaptive load balancers , 2006, 2006 Symposium on Architecture For Networking And Communications Systems.

[20]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[21]  Raj Jain,et al.  Packet Trains-Measurements and a New Model for Computer Network Traffic , 1986, IEEE J. Sel. Areas Commun..