SlideShare una empresa de Scribd logo

Dpdk frame pipeline for ips ids suricata

Descargar como DOCX, PDF
Vipin Varghese
Vipin Varghese

Dpdk frame pipeline for ips ids suricata

Software
1 de 5
DPDK Frame Pipeline for IPS-IDS Suricata
Introduction Technological advancementin fixedand mobility sectorhasledtouse of smarterappliancesand servicesfordayto day taskand chores.Withrise of demandin faster,mobile andlessgeographical constraintworkplace; trafficcontenthasmovedfromprivate to publicdomainaccess.Sharingor connectingtopublicdomainalso exposesthe system toattackson Webclientandserver infrastructures. Thisbringsin the needtomonitorthe trafficbothinboundandoutbound viaIDSor IPS at line rate. Suricatais highperformance NetworkIDS,IPSandnetworkmonitoringsolution.Suricataisopensource and have the followingattributeslike  HighlyScalable  Protocol Identification  File IdentificationforMD5, Checksum&File Extraction. Abstract Thiswhite paperexaminesvarious changesand optimizationsonSuricataonvariouspacketsizes. Currentdeploymentmakesuse of workerthreadmodel. Issue Suricataperformance isaffectedbythe followingforraw socket(AF) 1. Kernel version. 2. NICdriverand ASICversion. 3. CPU affinityandloadbalance fromyaml. 4. CPU speed,architecture andmemory. 5. Availabilityof packetstructure formillionsof frames.
Solution To addressabove issuesfollowingideaswere developedfromgroundup 1. AddDPDK specificworkthreadtopoll the framesratherthan eventorinterruptcapture. 2. AllowDPDKmbuf zeropacketcopyto packetstructure. 3. Autoconfigure forinterface perspeed. 4. User optiontotriggerenable ordisable the use of DPDKworkerthreads. Functional Walk Through 1. Added“--list-dpdkintel-ports, --dpdkintel“to“usage”and 2. AddedDPDKINTELto“SCPrintBuildInfo“ 3. Added“TmModuleReceiveDpdkRegister,TmModuleDecodeDpdkRegister“to RegisterAllModules“ 4. DisabledsupportforPCAPif runmode isDPDKINTEL. 5. Addedrunmode “RUNMODE_LIST_DPDKINTEL_PORTS“viaListDpdkIntelPorts 6. Executedinmain a. dpdkEalInit b. ParseDpdkConfig c. validateMap d. dpdkConfSetup e. launchDpdkFrameParser f. rte_eal_mp_wait_lcore Design 1 Receive trafficfrominterfaceisrunonthe PacketAcquireLoopfunctionof Suricata.There are no dedicatedthreadstohandle trafficfromthe Interfaces.Schedulingof workerthreadsfetchespackets fromthe PMD interfacesinuserspace.
Design 2 Receive trafficfrominterfaceisrunondedicatedDPDKlcore.The packetsare forwardedonto PacketAcquireLoopfunctionviaRingBuffer.Thisisclose topipeline modeling;exceptthe receiving threaddoesnot runon same core viapacketaffinity(YAMLconfiguration).Schedulingof workerthreads fetchespacketsbydequeuingthe ringbufferassociatedtoworkerthreadinuserspace. Design 3 Total workerthreads,CPUaffinitywithavailablespare coresare calculatedtocheck;if enoughnumber of coresare presenttodpdkIntel Receivetrafficfrominterface isrunondedicatedDPDKlcore.The packetsare forwardedontoPacketAcquireLoopfunctionviaRingBuffer.Thisisclose topipeline modeling;exceptthe receivingthreaddoesnotrunon same core viapacketaffinity(YAML configuration).Schedulingof workerthreadsfetchespacketsbydequeuingthe ringbufferassociatedto workerthreadinuserspace. Design 4 Similartodesign3,exceptforDPDK core assignedtoper pair(intf 1 and intef2) ratherthanindividual lcore for processingreceivedtraffic.Thiscanbe furtherconfiguredforall interface touse same RXlcore or per pairuse round robintofetchtraffic. Followingare couple of validationdoneinbackground 1. Checkfor LinkspeedsetupforIPSpairs. 2. Fetchthe CPU affinityforSuricata 3. Crosscheck if CPU availabilitywithIntelCoresforDPDK. 4. Assign1 DPDK core for 10 and 100 MB interface forIPS|IDS|BYPASS. 5. Assign1 DPDK core for 10G interfaces. Application
Future Roadmap  Optimize formulti threadworkerspercore.  Allocate Deallocate“structpkt”usingmbuff private sector.  Pre parse frame toaccelerate Decode logic.  ACL rule match accelerate usingHuge page andHash IndexedACL. Conclusion UtilizingsingleDPDKworkerthread andoptimizationtechniquesspecifictothe probleminhand;we were able toaccelerate IDS-IPSprocessingof Suricataworkerthreadsaround70% and more.

Recomendados

Kernel Recipes 2017: Using Linux perf at Netflix
Kernel Recipes 2017: Using Linux perf at NetflixKernel Recipes 2017: Using Linux perf at Netflix
Kernel Recipes 2017: Using Linux perf at NetflixBrendan Gregg
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityThomas Graf
 
Linux Kernel and Driver Development Training
Linux Kernel and Driver Development TrainingLinux Kernel and Driver Development Training
Linux Kernel and Driver Development TrainingStephan Cadene
 
DPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSDPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSVipin Varghese
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
eBPF Perf Tools 2019
eBPF Perf Tools 2019eBPF Perf Tools 2019
eBPF Perf Tools 2019Brendan Gregg
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
 

Recomendados

Kernel Recipes 2017: Using Linux perf at Netflix
Kernel Recipes 2017: Using Linux perf at NetflixKernel Recipes 2017: Using Linux perf at Netflix
Kernel Recipes 2017: Using Linux perf at NetflixBrendan Gregg
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityThomas Graf
 
Linux Kernel and Driver Development Training
Linux Kernel and Driver Development TrainingLinux Kernel and Driver Development Training
Linux Kernel and Driver Development TrainingStephan Cadene
 
DPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSDPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSVipin Varghese
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
eBPF Perf Tools 2019
eBPF Perf Tools 2019eBPF Perf Tools 2019
eBPF Perf Tools 2019Brendan Gregg
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabMichelle Holley
 
Performance Tuning EC2 Instances
Performance Tuning EC2 InstancesPerformance Tuning EC2 Instances
Performance Tuning EC2 InstancesBrendan Gregg
 
Sockets and Socket-Buffer
Sockets and Socket-BufferSockets and Socket-Buffer
Sockets and Socket-BufferSourav Punoriyar
 
Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Brendan Gregg
 
ebpf and IO Visor: The What, how, and what next!
ebpf and IO Visor: The What, how, and what next!ebpf and IO Visor: The What, how, and what next!
ebpf and IO Visor: The What, how, and what next!Affan Syed
 
ACI MultiPod Config Guide
ACI MultiPod Config GuideACI MultiPod Config Guide
ACI MultiPod Config GuideWoo Hyung Choi
 
[232] 성능어디까지쥐어짜봤니 송태웅
[232] 성능어디까지쥐어짜봤니 송태웅[232] 성능어디까지쥐어짜봤니 송태웅
[232] 성능어디까지쥐어짜봤니 송태웅NAVER D2
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
 
Linux Linux Traffic Control
Linux Linux Traffic ControlLinux Linux Traffic Control
Linux Linux Traffic ControlSUSE Labs Taipei
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingViller Hsiao
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
 
LTM essentials
LTM essentialsLTM essentials
LTM essentialsbharadwajv
 
kubernetes - minikube - getting started
kubernetes - minikube - getting startedkubernetes - minikube - getting started
kubernetes - minikube - getting startedMunish Mehta
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machineAlexei Starovoitov
 
MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)JuHwan Lee
 
Linux interview questions and answers
Linux interview questions and answersLinux interview questions and answers
Linux interview questions and answersGanapathi Raju
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
 
P4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC OffloadP4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC OffloadOpen-NFP
 
TechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined AccessTechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined AccessRobb Boyd
 
Royal Saudi Air Force - RSAF
Royal Saudi Air Force - RSAFRoyal Saudi Air Force - RSAF
Royal Saudi Air Force - RSAFCisco Case Studies
 
Ericsson Review: Software-Defined-Networking
Ericsson Review: Software-Defined-NetworkingEricsson Review: Software-Defined-Networking
Ericsson Review: Software-Defined-NetworkingEricsson
 

Más contenido relacionado

La actualidad más candente

DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabMichelle Holley
 
Performance Tuning EC2 Instances
Performance Tuning EC2 InstancesPerformance Tuning EC2 Instances
Performance Tuning EC2 InstancesBrendan Gregg
 
Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Brendan Gregg
 
ebpf and IO Visor: The What, how, and what next!
ebpf and IO Visor: The What, how, and what next!ebpf and IO Visor: The What, how, and what next!
ebpf and IO Visor: The What, how, and what next!Affan Syed
 
ACI MultiPod Config Guide
ACI MultiPod Config GuideACI MultiPod Config Guide
ACI MultiPod Config GuideWoo Hyung Choi
 
[232] 성능어디까지쥐어짜봤니 송태웅
[232] 성능어디까지쥐어짜봤니 송태웅[232] 성능어디까지쥐어짜봤니 송태웅
[232] 성능어디까지쥐어짜봤니 송태웅NAVER D2
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
 
Linux Linux Traffic Control
Linux Linux Traffic ControlLinux Linux Traffic Control
Linux Linux Traffic ControlSUSE Labs Taipei
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingViller Hsiao
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
 
LTM essentials
LTM essentialsLTM essentials
LTM essentialsbharadwajv
 
kubernetes - minikube - getting started
kubernetes - minikube - getting startedkubernetes - minikube - getting started
kubernetes - minikube - getting startedMunish Mehta
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machineAlexei Starovoitov
 
MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)JuHwan Lee
 
Linux interview questions and answers
Linux interview questions and answersLinux interview questions and answers
Linux interview questions and answersGanapathi Raju
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
 
P4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC OffloadP4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC OffloadOpen-NFP
 
TechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined AccessTechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined AccessRobb Boyd
 

La actualidad más candente (20)

DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on Lab
 
Performance Tuning EC2 Instances
Performance Tuning EC2 InstancesPerformance Tuning EC2 Instances
Performance Tuning EC2 Instances
 
Sockets and Socket-Buffer
Sockets and Socket-BufferSockets and Socket-Buffer
Sockets and Socket-Buffer
 
Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)
 
ebpf and IO Visor: The What, how, and what next!
ebpf and IO Visor: The What, how, and what next!ebpf and IO Visor: The What, how, and what next!
ebpf and IO Visor: The What, how, and what next!
 
ACI MultiPod Config Guide
ACI MultiPod Config GuideACI MultiPod Config Guide
ACI MultiPod Config Guide
 
[232] 성능어디까지쥐어짜봤니 송태웅
[232] 성능어디까지쥐어짜봤니 송태웅[232] 성능어디까지쥐어짜봤니 송태웅
[232] 성능어디까지쥐어짜봤니 송태웅
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
 
Linux Linux Traffic Control
Linux Linux Traffic ControlLinux Linux Traffic Control
Linux Linux Traffic Control
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracing
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
 
LTM essentials
LTM essentialsLTM essentials
LTM essentials
 
kubernetes - minikube - getting started
kubernetes - minikube - getting startedkubernetes - minikube - getting started
kubernetes - minikube - getting started
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machine
 
MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)
 
Linux interview questions and answers
Linux interview questions and answersLinux interview questions and answers
Linux interview questions and answers
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
 
P4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC OffloadP4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC Offload
 
TechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined AccessTechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined Access
 

Similar a Dpdk frame pipeline for ips ids suricata

Ericsson Review: Software-Defined-Networking
Ericsson Review: Software-Defined-NetworkingEricsson Review: Software-Defined-Networking
Ericsson Review: Software-Defined-NetworkingEricsson
 
Cisco SD-Wan introduction and caracteristics.pdf
Cisco SD-Wan introduction and caracteristics.pdfCisco SD-Wan introduction and caracteristics.pdf
Cisco SD-Wan introduction and caracteristics.pdfssuser8cfe271
 
Gef 2012 InduSoft Presentation
Gef 2012 InduSoft PresentationGef 2012 InduSoft Presentation
Gef 2012 InduSoft PresentationAVEVA
 
How to use SDN to Innovate, Expand and Deliver for your business
How to use SDN to Innovate, Expand and Deliver for your businessHow to use SDN to Innovate, Expand and Deliver for your business
How to use SDN to Innovate, Expand and Deliver for your businessNapier University
 
Software Defined Networking (SDN): A Revolution in Computer Network
Software Defined Networking (SDN): A Revolution in Computer NetworkSoftware Defined Networking (SDN): A Revolution in Computer Network
Software Defined Networking (SDN): A Revolution in Computer NetworkIOSR Journals
 
Achieve high throughput: A case study using a Pensando Distributed Services C...
Achieve high throughput: A case study using a Pensando Distributed Services C...Achieve high throughput: A case study using a Pensando Distributed Services C...
Achieve high throughput: A case study using a Pensando Distributed Services C...Principled Technologies
 
Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...
Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...
Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...Corsa Technology
 
IRJET- Build SDN with Openflow Controller
IRJET- Build SDN with Openflow ControllerIRJET- Build SDN with Openflow Controller
IRJET- Build SDN with Openflow ControllerIRJET Journal
 
Resume_Brad_Harrell
Resume_Brad_HarrellResume_Brad_Harrell
Resume_Brad_HarrellBrad Harrell
 
Cisco storage networking protect scale-simplify_dec_2016
Cisco storage networking protect scale-simplify_dec_2016Cisco storage networking protect scale-simplify_dec_2016
Cisco storage networking protect scale-simplify_dec_2016Tony Antony
 
Cisco Connect 2018 Thailand - Software defined access a transformational appr...
Cisco Connect 2018 Thailand - Software defined access a transformational appr...Cisco Connect 2018 Thailand - Software defined access a transformational appr...
Cisco Connect 2018 Thailand - Software defined access a transformational appr...NetworkCollaborators
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco Canada
 
Cto’s guide to sdn, nfv and vnf
Cto’s guide to sdn, nfv and vnfCto’s guide to sdn, nfv and vnf
Cto’s guide to sdn, nfv and vnfPaulo R
 

Similar a Dpdk frame pipeline for ips ids suricata (20)

Royal Saudi Air Force - RSAF
Royal Saudi Air Force - RSAFRoyal Saudi Air Force - RSAF
Royal Saudi Air Force - RSAF
 
Ericsson Review: Software-Defined-Networking
Ericsson Review: Software-Defined-NetworkingEricsson Review: Software-Defined-Networking
Ericsson Review: Software-Defined-Networking
 
Software Defined Networking – Virtualization of Traffic Engineering
Software Defined Networking – Virtualization of Traffic EngineeringSoftware Defined Networking – Virtualization of Traffic Engineering
Software Defined Networking – Virtualization of Traffic Engineering
 
Cisco SD-Wan introduction and caracteristics.pdf
Cisco SD-Wan introduction and caracteristics.pdfCisco SD-Wan introduction and caracteristics.pdf
Cisco SD-Wan introduction and caracteristics.pdf
 
Gef 2012 InduSoft Presentation
Gef 2012 InduSoft PresentationGef 2012 InduSoft Presentation
Gef 2012 InduSoft Presentation
 
How to use SDN to Innovate, Expand and Deliver for your business
How to use SDN to Innovate, Expand and Deliver for your businessHow to use SDN to Innovate, Expand and Deliver for your business
How to use SDN to Innovate, Expand and Deliver for your business
 
Mudher alattar resume
Mudher alattar resumeMudher alattar resume
Mudher alattar resume
 
Software Defined Networking (SDN): A Revolution in Computer Network
Software Defined Networking (SDN): A Revolution in Computer NetworkSoftware Defined Networking (SDN): A Revolution in Computer Network
Software Defined Networking (SDN): A Revolution in Computer Network
 
Achieve high throughput: A case study using a Pensando Distributed Services C...
Achieve high throughput: A case study using a Pensando Distributed Services C...Achieve high throughput: A case study using a Pensando Distributed Services C...
Achieve high throughput: A case study using a Pensando Distributed Services C...
 
Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...
Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...
Corsa Technology DP2000: Open Programmable Networking & Virtualizing Network ...
 
IRJET- Build SDN with Openflow Controller
IRJET- Build SDN with Openflow ControllerIRJET- Build SDN with Openflow Controller
IRJET- Build SDN with Openflow Controller
 
Resume_Brad_Harrell
Resume_Brad_HarrellResume_Brad_Harrell
Resume_Brad_Harrell
 
CI.pdf
CI.pdfCI.pdf
CI.pdf
 
Sunoltech
SunoltechSunoltech
Sunoltech
 
Resume
ResumeResume
Resume
 
Cisco storage networking protect scale-simplify_dec_2016
Cisco storage networking protect scale-simplify_dec_2016Cisco storage networking protect scale-simplify_dec_2016
Cisco storage networking protect scale-simplify_dec_2016
 
Cisco Connect 2018 Thailand - Software defined access a transformational appr...
Cisco Connect 2018 Thailand - Software defined access a transformational appr...Cisco Connect 2018 Thailand - Software defined access a transformational appr...
Cisco Connect 2018 Thailand - Software defined access a transformational appr...
 
En35793797
En35793797En35793797
En35793797
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
 
Cto’s guide to sdn, nfv and vnf
Cto’s guide to sdn, nfv and vnfCto’s guide to sdn, nfv and vnf
Cto’s guide to sdn, nfv and vnf
 

Más de Vipin Varghese

Debug dpdk process bottleneck & painpoints
Debug dpdk process bottleneck & painpointsDebug dpdk process bottleneck & painpoints
Debug dpdk process bottleneck & painpointsVipin Varghese
 
Dpdk – IoT packet analyzer
Dpdk – IoT packet analyzerDpdk – IoT packet analyzer
Dpdk – IoT packet analyzerVipin Varghese
 
Poll mode driver integration into dpdk
Poll mode driver integration into dpdkPoll mode driver integration into dpdk
Poll mode driver integration into dpdkVipin Varghese
 
Optimizations for ssl tls certificate lookup
Optimizations for ssl tls certificate lookupOptimizations for ssl tls certificate lookup
Optimizations for ssl tls certificate lookupVipin Varghese
 
Optimizations for ssl tls certificate caching on multicore
Optimizations for ssl tls certificate caching on multicoreOptimizations for ssl tls certificate caching on multicore
Optimizations for ssl tls certificate caching on multicoreVipin Varghese
 
Fast i pv4 lookup using local memory
Fast i pv4 lookup using local memoryFast i pv4 lookup using local memory
Fast i pv4 lookup using local memoryVipin Varghese
 

Más de Vipin Varghese (10)

Dynamic user trace
Dynamic user traceDynamic user trace
Dynamic user trace
 
Dpdk applications
Dpdk applicationsDpdk applications
Dpdk applications
 
Debug dpdk process bottleneck & painpoints
Debug dpdk process bottleneck & painpointsDebug dpdk process bottleneck & painpoints
Debug dpdk process bottleneck & painpoints
 
Debug generic process
Debug generic processDebug generic process
Debug generic process
 
Dpdk – IoT packet analyzer
Dpdk – IoT packet analyzerDpdk – IoT packet analyzer
Dpdk – IoT packet analyzer
 
Mmap failure analysis
Mmap failure analysisMmap failure analysis
Mmap failure analysis
 
Poll mode driver integration into dpdk
Poll mode driver integration into dpdkPoll mode driver integration into dpdk
Poll mode driver integration into dpdk
 
Optimizations for ssl tls certificate lookup
Optimizations for ssl tls certificate lookupOptimizations for ssl tls certificate lookup
Optimizations for ssl tls certificate lookup
 
Optimizations for ssl tls certificate caching on multicore
Optimizations for ssl tls certificate caching on multicoreOptimizations for ssl tls certificate caching on multicore
Optimizations for ssl tls certificate caching on multicore
 
Fast i pv4 lookup using local memory
Fast i pv4 lookup using local memoryFast i pv4 lookup using local memory
Fast i pv4 lookup using local memory
 

Último

Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 

Último (20)

Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 

Dpdk frame pipeline for ips ids suricata

  • 1. DPDK Frame Pipeline for IPS-IDS Suricata
  • 2. Introduction Technological advancementin fixedand mobility sectorhasledtouse of smarterappliancesand servicesfordayto day taskand chores.Withrise of demandin faster,mobile andlessgeographical constraintworkplace; trafficcontenthasmovedfromprivate to publicdomainaccess.Sharingor connectingtopublicdomainalso exposesthe system toattackson Webclientandserver infrastructures. Thisbringsin the needtomonitorthe trafficbothinboundandoutbound viaIDSor IPS at line rate. Suricatais highperformance NetworkIDS,IPSandnetworkmonitoringsolution.Suricataisopensource and have the followingattributeslike  HighlyScalable  Protocol Identification  File IdentificationforMD5, Checksum&File Extraction. Abstract Thiswhite paperexaminesvarious changesand optimizationsonSuricataonvariouspacketsizes. Currentdeploymentmakesuse of workerthreadmodel. Issue Suricataperformance isaffectedbythe followingforraw socket(AF) 1. Kernel version. 2. NICdriverand ASICversion. 3. CPU affinityandloadbalance fromyaml. 4. CPU speed,architecture andmemory. 5. Availabilityof packetstructure formillionsof frames.
  • 3. Solution To addressabove issuesfollowingideaswere developedfromgroundup 1. AddDPDK specificworkthreadtopoll the framesratherthan eventorinterruptcapture. 2. AllowDPDKmbuf zeropacketcopyto packetstructure. 3. Autoconfigure forinterface perspeed. 4. User optiontotriggerenable ordisable the use of DPDKworkerthreads. Functional Walk Through 1. Added“--list-dpdkintel-ports, --dpdkintel“to“usage”and 2. AddedDPDKINTELto“SCPrintBuildInfo“ 3. Added“TmModuleReceiveDpdkRegister,TmModuleDecodeDpdkRegister“to RegisterAllModules“ 4. DisabledsupportforPCAPif runmode isDPDKINTEL. 5. Addedrunmode “RUNMODE_LIST_DPDKINTEL_PORTS“viaListDpdkIntelPorts 6. Executedinmain a. dpdkEalInit b. ParseDpdkConfig c. validateMap d. dpdkConfSetup e. launchDpdkFrameParser f. rte_eal_mp_wait_lcore Design 1 Receive trafficfrominterfaceisrunonthe PacketAcquireLoopfunctionof Suricata.There are no dedicatedthreadstohandle trafficfromthe Interfaces.Schedulingof workerthreadsfetchespackets fromthe PMD interfacesinuserspace.
  • 4. Design 2 Receive trafficfrominterfaceisrunondedicatedDPDKlcore.The packetsare forwardedonto PacketAcquireLoopfunctionviaRingBuffer.Thisisclose topipeline modeling;exceptthe receiving threaddoesnot runon same core viapacketaffinity(YAMLconfiguration).Schedulingof workerthreads fetchespacketsbydequeuingthe ringbufferassociatedtoworkerthreadinuserspace. Design 3 Total workerthreads,CPUaffinitywithavailablespare coresare calculatedtocheck;if enoughnumber of coresare presenttodpdkIntel Receivetrafficfrominterface isrunondedicatedDPDKlcore.The packetsare forwardedontoPacketAcquireLoopfunctionviaRingBuffer.Thisisclose topipeline modeling;exceptthe receivingthreaddoesnotrunon same core viapacketaffinity(YAML configuration).Schedulingof workerthreadsfetchespacketsbydequeuingthe ringbufferassociatedto workerthreadinuserspace. Design 4 Similartodesign3,exceptforDPDK core assignedtoper pair(intf 1 and intef2) ratherthanindividual lcore for processingreceivedtraffic.Thiscanbe furtherconfiguredforall interface touse same RXlcore or per pairuse round robintofetchtraffic. Followingare couple of validationdoneinbackground 1. Checkfor LinkspeedsetupforIPSpairs. 2. Fetchthe CPU affinityforSuricata 3. Crosscheck if CPU availabilitywithIntelCoresforDPDK. 4. Assign1 DPDK core for 10 and 100 MB interface forIPS|IDS|BYPASS. 5. Assign1 DPDK core for 10G interfaces. Application
  • 5. Future Roadmap  Optimize formulti threadworkerspercore.  Allocate Deallocate“structpkt”usingmbuff private sector.  Pre parse frame toaccelerate Decode logic.  ACL rule match accelerate usingHuge page andHash IndexedACL. Conclusion UtilizingsingleDPDKworkerthread andoptimizationtechniquesspecifictothe probleminhand;we were able toaccelerate IDS-IPSprocessingof Suricataworkerthreadsaround70% and more.