Dpdk – IoT packet analyzer
Download as PPTX, PDF2 likes684 views
The document outlines the design considerations for an IoT packet analyzer using DPDK, highlighting advantages such as reduced latency and capital/operational expenses by utilizing a single PC architecture with multiple network interface cards (NICs). It discusses various design approaches for processing high-speed GTP traffic while comparing traditional smart NICs and suggesting enhancements for better traffic handling and scaling. Additionally, it emphasizes the integration of Suricata for threat analysis and the customization of worker threads for optimal performance.
Dpdk – IoT packet analyzer
- 1. DPDK – IoT Packet Analyzer INITIAL DESIGN CONSIDERATION
- 2. Use Case IoT Packet Analayzer 2
- 4. SMART NIC Based Design IoT Packet Analayzer 4
- 5. IoT Packet Analayzer 580G GTP Traffic
- 6. DPDK Based Design IoT Packet Analayzer 6
- 7. Design Proposal Using IA Single PC ( 2 physical core) & 2 40G NIC 40G Traffic 40G Traffic IoT Packet Analayzer 7
- 8. Advantage over like smart Nic, FPGA, • SINGLE PC WITH 2 SOCKET INTEL ARCHITECTURE. • DISTRIBUTED LCORE AND NIC PER NUMA. IE: SINGLE SOCKET INTERFACES SINGLE NIC (4 * 10G). • 2 DPDK CORES FOR PROCESSING 40G GTP TRAFFIC. REMAINING FOR SURICATA AND OS PER NUMA. • SINGLE MACHINE FOR GTP PROCESSING, FILTER, FLOW AND SURICATA ALERT. • DPDK AND SURICATA COMBINED AS SINGLE PROCESS. • CUSTOM SECONDARY PROCESS TO FETCH LINK, PROCESS, SURICATA & DEBUG COUTNERS • CAN BE SCALED IN FORMS OF 10G, 20G, 40G, 80G, 120G,. • REDUCED PACKET LATENCY, SINCE THERE NO INTER NIC-NIC TRANSMISSION. • LOCALIZED USER DPDK AND CUSTOM SURICATA AVOIDS KERNEL-USER MEM- COPY. • CUSTOM SURICATA WORKER THREADS PINNED PER NUMA. • Example: Suricata threads is 12; • On 2 NUMA sockets its divided as 6-6. • On 4 NUMA sockets its divided as 4-4-4-4 • REDUCED CAPEX AND OPEX FROM OVERALL DEPLOYMENT WITH MULTIPLE HSTA (HIGH SPEED THREAT ANALYZER) IoT Packet Analayzer 8
- 9. Comparison of Designs Smart NIC (Filter) vs Smart NIC (Filter + Suricata) vs DPDK IoT Packet Analayzer 9
- 10. Approach 1 & 2 Comparison 1 * 80G via PCIe plane Suricata Suricata capture interface does not have PCIe access PCIe interface has to integrated with 2* 40 NIC, 8 *10G NIC to send traffic to PC with same NIC configuration for Suricata Alternate approach is make use of DPDK PCIe PMD (developed as POC) to interface directly to CPU 2 * 80G via PCIe plane Suricata Use 4 *10G on each TILERA to accept 40G GTP traffic. Use other 4*10G interface to connect to standalone PC with 8 * 10G interface Single instance of Suricata can not scale for 80G PF_RING or DPDK based Suricata with worker threads needs to excerised
- 11. Approach 1-2 & 3 Comparison SMART NIC with Suricata Traffic has to spread via MPIPE to make best of Multi core Async processing via tstack calls needs to be integrate for drop, processing and GTP process The IP-TEID or IP-IMSI map need to be shared from Tilera to Suricata PC. Suricata has to be modified to accept 80G traffic from TILERA via PCIe or NIC DPDK-Suricata 1 PC Use 2 or 4 NUMA socket CPU for processing incoming 80G traffic Allow traffic to PMD via DPDK with GTP processing core Assume 2 Core per NUMA is sufficient for 20G traffic. Queue traffic to Suricata threads running per NUMA socket.