Comparative Evaluation of Packet Classification Algorithms for Implementation on Resource Constrained Systems

This paper provides a comparative evaluation of a number of known classification algorithms that have been considered for both software and hardware implementation. Differently from other sources, the comparison has been carried out on implementations based on the same principles and design choices. Performance measurements are obtained by feeding the implemented classifiers with various traffic traces in the same test scenario. The comparison also takes into account implementation feasibility of the considered algorithms in resource constrained systems (e.g. embedded processors on special purpose network platforms). In particular, the comparison focuses on achieving a good compromise between performance, memory usage, flexibility and code portability to different target platforms

Network Virtual Machine (NetVM): A New Architecture for Efficient and Portable Packet Processing Applications

A challenge facing network device designers, besides increasing the speed of network gear, is improving its programmability in order to simplify the implementation of new applications (see for example, active networks, content networking, etc). This paper presents our work on designing and implementing a virtual network processor, called NetVM, which has an instruction set optimized for packet processing applications, i.e., for handling network traffic. Similarly to a Java Virtual Machine that virtualizes a CPU, a NetVM virtualizes a network processor. The NetVM is expected to provide a compatibility layer for networking tasks (e.g., packet filtering, packet counting, string matching) performed by various packet processing applications (firewalls, network monitors, intrusion detectors) so that they can be executed on any network device, ranging from expensive routers to small appliances (e.g. smart phones). Moreover, the NetVM will provide efficient mapping of the elementary functionalities used to realize the above mentioned networking tasks upon specific hardware functional units (e.g., ASICs, FPGAs, and network processing elements) included in special purpose hardware systems possibly deployed to implement network devices

Time Driven Priority Router Implementation and First Experiments

This paper reports on the implementation of Time-Driven Priority (TDP) scheduling on a FreeBSD platform. This work is part of a TDP prototyping and demonstration project aimed at showing the implications of TDP deployment in packet-switched networks, especially benefits for real-time applications. This paper focuses on practical aspects related to the implementation of the technology on a Personal Computer (PC)-based router and presents the experimental results obtained on a testbed network. The basic building blocks of a TDP router are described and implementation choices are discussed. The relevant results achieved and here presented can be categorized into two types: qualitative results, including the successful integration of all needed blocks and the insight obtained on the complexity related to the implementation of a TDP router, and quantitative ones, including measures of achievable network utilization and of jitter experienced on a fully-loaded TDP network. The outcome demonstrates the effectiveness of the presented implementation while confirming TDP points of strengt

Vehicle Navigation Service Based on Real-Time Traffic Information

GNSS-assisted vehicle navigation services are nowadays very common in most of the developed countries. However, most of those services are either delivered through proprietary technologies, or fall short in flexibility because of the limited capability to couple road information with real-time traffic information. This paper presents the motivations and a brief summary of a vehicle navigation service based on real-time traffic information, delivered through an open protocol that is currently under standardization in the Open Mobile Alliance forum

Optimizing packet capture on symmetric multiprocessing machines

Traffic monitoring and analysis based on general purpose systems with high speed interfaces, such as Gigabit Ethernet and 10 Gigabit Ethernet, requires carefully designed software in order to achieve the needed performance. One approach to attain such a performance relies on deploying multiple processors. This work analyses some general issues in multiprocessor systems that are particularly critical in the context of packet capture and network monitoring applications. More important, a new algorithm is proposed to coordinate multiple producers concurrently accessing a shared buffer, which is instrumental in packet capture on symmetrical multiprocessor machines

Profiling and optimization of software-based network-analysis applications

A large set of tools for network monitoring and accounting, security, traffic analysis and prediction - more broadly, for network operation and management - require direct and efficient real-time access to data traveling on the network. Software tools are often preferred because of their low cost and high versatility. However, these tools are often considered to suffer from performance problems on high-speed networks. We demonstrate that, despite the common belief, the performance limits for software real-time network analysis tools are still far from being reached and it can even be improved with limited hardware support. We analyze the performance of a widely used library for network analysis, WinPcap, highlight its bottlenecks, and propose some solutions that almost double the overall speed, thus enabling the deployment of software-based tools on high speed networks

WinPcap: una libreria Open Source per l'analisi di rete

In questo articolo si presenta WinPcap, una libreria Open Source per l'analisi del traffico di rete sviluppata dal Computer Networks Group (NetGroup) presso il Politecnico di Torino. Tale libreria si e' affermata come standard de-facto nel settore degli strumenti di analisi di rete per ambienti Window

Network Virtual Machine (NetVM): Portabilità ed efficienza nell'elaborazione di pacchetti di rete

Un progettista di dispositivi di rete deve affrontare, oltre alle problematiche di prestazioni legate all'aumento della velocità di rete, anche la necessità di aumentare la programmabilità di tali dispositivi al fine di semplificare l'implementazione di applicazioni come, ad esempio, firewall e sistemi per l'individuazione di intrusioni (intrusion detection system, IDS). Questo articolo presenta la nostra attività di progettazione e realizzazione di un network processor virtuale, chiamato NetVM, che dispone di un insieme di istruzioni ottimizzate per l'elaborazione dei pacchetti. La NetVM si prefigge di fornire uno strato di compatibilità per l'elaborazione di pacchetti (come ad esempio il filtraggio, il conteggio, lo string matching) eseguiti da varie applicazioni (firewall, network monitor, IDS) così che possano essere eseguiti da un qualunque apparato di rete, dal costoso router al piccolo dispositivo (come ad esempio uno smart phone). Inoltre, la NetVM permetterà di ottenere in modo efficiente corrispondenza tra le sopracitate funzinoalità di elaborazione di pacchetti e unità hardware specifiche (come ad esempio, ASIC, FPGA, ed elementi per l'elaborazione di rete) presenti in specifici sistemi hardware, come apparati di rete o loro component