Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Lab Exercises: Lab 5 (Deep Packet Inspection)

Slides:

Advertisements

Similar presentations

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.

Advertisements

Unix Systems Performance Tuning Project of COSC 513 Name: Qinghui Mu Instructor: Prof. Anvari.

Virtual Machine Queue Architecture Review Ali Dabagh Architect Windows Core Networking Don Stanwyck Sr. Program Manager NDIS Virtualization.

A Search Memory Substrate for High Throughput and Low Power Packet Processing Sangyeun Cho, Michel Hanna and Rami Melhem Dept. of Computer Science University.

A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.

Multi-granular, multi-purpose and multi-Gb/s monitoring on off-the-shelf systems TELE9752 Group 3.

Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Lab Exercises.

Study of Hurricane and Tornado Operating Systems By Shubhanan Bakre.

NSF/TCPP Early Adopter Experience at Jackson State University Computer Science Department.

© 2006 Cisco Systems, Inc. All rights reserved. Module 4: Implement the DiffServ QoS Model Lesson 4.8: Understanding WAN Link Efficiency Mechanisms.

Chapter 7 Protocol Software On A Conventional Processor.

ECE 526 – Network Processing Systems Design Software-based Protocol Processing Chapter 7: D. E. Comer.

Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Dr. Abdul Waheed.

1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.

CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 23 Introduction to Computer Networks.

1 Multi-Core Architecture on FPGA for Large Dictionary String Matching Department of Computer Science and Information Engineering National Cheng Kung University,

Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Mid-Semester Presentation Spring 2005 Network Sniffer.

Informationsteknologi Tuesday, October 9, 2007Computer Systems/Operating Systems - Class 141 Today’s class Scheduling.

FreeBSD Network Stack Performance Srinivas Krishnan University of North Carolina at Chapel Hill.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) Programming with Libpcap.

CMPT 471 Networking II Address Resolution IPv6 Neighbor Discovery 1© Janice Regan, 2012.

Prentice HallHigh Performance TCP/IP Networking, Hassan-Jain Chapter 3 Performance Measurement of TCP/IP Networks.

Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Lab Exercises.

Small Form Computing A bump in the wire. The questions ● What can we do with an inexpensive small computer? ● Can we make it a part of a seamless wireless.

13/09/2015 Michael Chai; Behrouz Forouzan Staffordshire University School of Computing Transport layer and Application Layer Slide 1.

UKERNA IP Multicast Mini Workshop Intra-domain Multicast Hands-on Lab Exercises Networkshop 2006.

High Performance Computing & Communication Research Laboratory 12/11/1997 [1] Hyok Kim Performance Analysis of TCP/IP Data.

MIDeA :A Multi-Parallel Instrusion Detection Architecture Author: Giorgos Vasiliadis, Michalis Polychronakis,Sotiris Ioannidis Publisher: CCS’11, October.

Para-Snort : A Multi-thread Snort on Multi-Core IA Platform Tsinghua University PDCS 2009 November 3, 2009 Xinming Chen, Yiyao Wu, Lianghong Xu, Yibo Xue.

Uncovering the Multicore Processor Bottlenecks Server Design Summit Shay Gal-On Director of Technology, EEMBC.

TILEmpower-Gx36 - Architecture overview & performance benchmarks – Presented by Younghyun Jo 2013/12/18.

Timothy Whelan Supervisor: Mr Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University Hardware based packet filtering.

Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Lab Exercises.

Scalable Web Server on Heterogeneous Cluster CHEN Ge.

A performance evaluation approach openModeller: A Framework for species distribution Modelling.

Building a Parallel File System Simulator E Molina-Estolano, C Maltzahn, etc. UCSC Lab, UC Santa Cruz. Published in Journal of Physics, 2009.

Raw Sockets Vivek Ramachandran. A day in the life of Network Packet.

Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:

Chapter 101 Multiprocessor and Real- Time Scheduling Chapter 10.

1 Multiprocessor and Real-Time Scheduling Chapter 10 Real-Time scheduling will be covered in SYSC3303.

Srihari Makineni & Ravi Iyer Communications Technology Lab

Para-Snort : A Multi-thread Snort on Multi-Core IA Platform Tsinghua University PDCS 2009 November 3, 2009 Xinming Chen, Yiyao Wu, Lianghong Xu, Yibo Xue.

Parallelization and Characterization of Pattern Matching using GPUs Author: Giorgos Vasiliadis 、 Michalis Polychronakis 、 Sotiris Ioannidis Publisher:

SAM-21 Fortress Model and Defense in Depth Some revision on Computer Architecture.

Click to edit Master subtitle style

Chapter 9 Hardware Address & Frame Type Identification Hardware address of frame Addressing schemes Ethernet Frame header format.

An Architecture and Prototype Implementation for TCP/IP Hardware Support Mirko Benz Dresden University of Technology, Germany TERENA 2001.

Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Lab Exercises (Lab 2: Sorting)

Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007.

DBS A Bit-level Heuristic Packet Classification Algorithm for High Speed Network Author : Baohua Yang, Xiang Wang, Yibo Xue, Jun Li Publisher : th.

LRPC Firefly RPC, Lightweight RPC, Winsock Direct and VIA.

Authors: Danhua Guo 、 Guangdeng Liao 、 Laxmi N. Bhuyan 、 Bin Liu 、 Jianxun Jason Ding Conf. : The 4th ACM/IEEE Symposium on Architectures for Networking.

Tracking Millions of Flows In High Speed Networks for Application Identification Tian Pan, Xiaoyu Guo, Chenhui Zhang, Junchen Jiang, Hao Wu and Bin Liut.

Lecture 27 Multiprocessor Scheduling. Last lecture: VMM Two old problems: CPU virtualization and memory virtualization I/O virtualization Today Issues.

Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Lab Exercises: Lab 4 (Network Packet Filtering)

Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Lab Exercises: Lab 1 (Performance measurement)

Architecture of a Proactive Security Tool Vivek Ramachandran.

WIRESHARK Lab#3. Computer Network Monitoring  Port Scanning  Keystroke Monitoring  Packet sniffers  takes advantage of “friendly” nature of net. 

VIRTUAL NETWORK PIPELINE PROCESSOR Design and Implementation Department of Communication System Engineering Presented by: Mark Yufit Rami Siadous.

Author Name Security and Networks Research Group Department of Computer Science Rhodes University SNRG SLIDE TEMPLATE.

Snort – IDS / IPS.

Introduction An introduction to the software and organization of the Internet Lab.

ARP and RARP Objectives Chapter 7 Upon completion you will be able to:

Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Lab Exercises.

Wireshark Lab#3.

Task Scheduling for Multicore CPUs and NUMA Systems

CS703 - Advanced Operating Systems

2019/10/19 Efficient Software Packet Processing on Heterogeneous and Asymmetric Hardware Architectures Author: Eva Papadogiannaki, Lazaros Koromilas, Giorgos.

Presentation transcript:

Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Lab Exercises: Lab 5 (Deep Packet Inspection)

5-2 Lab # 5: Deep Packet Inspection An overview

5-3 Lab Goals Objective Learning parallel programming using threads Utilizing many core systems efficiently Performance measurement Packet capture / filter / analyze - A case study We will use series of labs to achieve our objectives. Today’s lab is about deep packet inspection

5-4 Prerequisites Sniffing Capturing of network packets arriving or departing from a network interface Mechanism We use raw sockets as follows rawSock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)) This system call picks every packet going out or coming in on an Ethernet interface

5-5 Prerequisites Testing You can use loop back device as a network interface Use Netperf or MPAC for traffic generation on the network interface

5-6 Lab Setup SenderReceiver Packet Sniffer 1 GigE Link System 1System 2 Data Packets Core Packet Mapping to Cores

5-7 Sniffing Labs Framework Sniffing One thread, called the dispatcher, sniffs the packets from the interface and puts it in one of the workers’ queues Filtering / Analysis Any kind of processing on a packet is the responsibility of the workers Each worker has its own queue or shared queue depending on sniffer application architecture Dispatcher assigns packets to worker queues

5-8 Lab 5 – Deep Packet Inspection Objective A user provided string will be searched in the TCP based application payload Mechanisms Same as Lab 4 except each worker now finds a string in the application payload String to find is provided by the user

5-9 Lab 5 – Deep Packet Inspection Observations Observer the throughput performance with increasing number of threads Compare the throughput with lab 3 and 4 throughput Use core affinity and observer performance

5-10 Sniffer Application Architecture MPAC packet sniffer version 1 Single queue Dispatcher can access whole queue Each worker thread can access only dedicated locations In-situ sniffing No copying from dispatcher to worker space Each location access is mutually exclusive Controlled by a flag per location No locking overhead Get packet, if flag = 1 (workers) Location Access Function = Put packet, if flag = 0 (Dispatcher)

5-11 T1T1 T0T0 T N-1 T1T1 T0T0 T1T1 T0T0 T1T1 T0T0 Dispatcher putting space Dispatcher putting direction Workers getting direction TNTN Worker Threads MPAC Packet Sniffer (Version 1)

5-12 Compile and Run $ cd / /mpac_1.2/apps/sniffer/sniffer_1Q/ $ make clean $ make $ netserver $ netperf $./mpac_sniffer_app – n – d – f – e 5

5-13 Throughput Bottlenecks Scanning of whole queue according to the status of flag Large stride size Needed more cache coherency

5-14 Sniffer Application Architecture MPAC Sniffer Version 2 Queue size distributed between worker threads Dispatcher can access whole queue Each worker thread can access only dedicated sub-queue In-situ sniffing No copying from dispatcher to worker space Mutually exclusion is assured by get and set indices ( get chases set ) Location access directions No locking overhead Get packet, if get < set (workers) Location Access Function = Put packet, if get ≤ set ( Dispatcher) Wait, otherwise

5-15 Dispatcher putting direction Workers getting direction TNTN Worker Threads T N-1 T2T2 T1T1 T0T0 Dispatcher putting space MPAC Packet Sniffer (Version 2 & 3)

5-16 Compile and Run $ cd / /mpac_1.2/apps/sniffer/sniffer_MQ/ $ make clean $ make $ netserver $ netperf $./mpac_sniffer_app – n – d – f – e 5

5-17 Throughput Bottlenecks Sniffing functions try to get a packet (of specific type) on their own Duplicate capturing Sniffing functions have high coupling and low cohesion

5-18 Sniffer Application Architecture MPAC Packet Sniffer Version 3 Data structures and algorithm same as that of version 2 Packet sniffing functions are optimized for maximum throughput No duplicate sniffing Packet type (IP, ARP, etc.) identification removed from these functions Conditionally perform computations on available packet Main logic responsible for packet type checking

5-19 Compile and Run $ cd / /mpac_1.2/apps/sniffer/sniffer_MQ_optimized/ $ make clean $ make $ netserver $ netperf $./mpac_sniffer_app – n – d – f – e 5

5-20 Lab 5 – String Matching in Payload (MPAC sniffer version 3)