We believe that special hardware is necessary to handle the network traffic as it grows further.
Residents are getting faster and faster network connections, 10 and 100 or even 1000Mbps is already available some places [6] [7]. With all this bandwidth, there will be a new market for streaming of data. Sport events, movies, and video conferences are some of the things that come to mind that require high bandwidth. Online games, video conferences, and virtual reality applications require low latency, and network processors can help make that happen by enabling application dependent processing without full TCP/IP handling. The online games will grow, and they will need to send more and more detailed information to more and more participants.
If two players are shooting at each other, low latency is crucial. A lot of them will need the same information. Intelligent routers will help to make this more efficient and with less latency by sending the same data to all the players in the same area instead of sending the same data over again between the routers.
We have in the IXP2400 a powerful tool to do packet processing. Its large memories can hold a lot of information and it can do a lot of computing with its XScale and microengines.
Intel has put a lot of thought into this chipset. There are a lot of hardware supported features, rings and atomic memory operations which can save a lot of time designing software, and speed up execution.
It is important to get a good understanding of the system before we implement a service on the card. We need to program it so that all resources are put to good use. We have eight microengines with four or eight threads each, hardware rings, locks, and hash operations, the XScale CPU and then we have the host computer. Furthermore, we need to know what we can cut up into a pipeline and let different microengines do a part each and pass it on to the next one. We also need to consider how many pipeline stages we can use, versus how much we can parallelize. Considering memory access, we do not want many processes trying to access the same memory at the same time. We got SRAM, SDRAM, Scratch memory, and each microengines local memory on the IXP card, and local memory on the host computer. The host computer’s harddrive can also be used for storage. To make the system perform at its best, we need to think through and plan what memory to use for what and in which order. However, this is one of the coolest pieces of hardware we have seen.
Chapter 3
Related work
Here we are going to take a look a similar works. We first look at related technologies or systems. Lastly we look at other works with network processors.
3.1 Network Monitoring
3.1.1 Cisco NetFlow
Cisco has a product called NetFlow [21] [22], which is a network protocol which runs on Cisco equipment for collecting IP traffic information. According to Cisco, NetFlow can be use for network traffic accounting, usage-based network billing, network planning, security, Denial of Service monitoring capabilities, and network monitoring. From Wikipedia we see that it can give the records shown in Table 3.1.
* Version number
* Sequence number
* Input and output interface snmp indices
* Timestamps for the flow start and finish time
* Number of bytes and packets observed in the flow
* Layer 3 headers:
* Source and destination IP addresses
* Source and destination port numbers
* IP protocol
* Type of Service (ToS) value
* In the case of TCP flows, the union of all TCP flags observed over the life of the flow.
Table 3.1: The values given by NetFlow
This is pretty much the same as we are doing with our IXP card. We have not tried NetFlow, or even seen a router equipped with it, so we can not tell how it works. We believe that you can only get it on Cisco routers and not on their switches. The data is received from the router using User Datagram Protocol (UDP) or Stream Control Transmission Protocol (SCTP) by a NetFlow collector, which runs on a regular PC.
3.1.2 Fluke
Fluke has gigabit and 10 gigabit network analyzers [23]. TheirOptiView Link Analyzer is described as: “OptiView Link Analyzer provides comprehensive visibility for network and application performance troubleshooting on Ethernet networks, all in an ASIC architecture for real-time monitoring and packet capture up to line rate Gigabit speeds. Link Analyzer is rack mountable and provides 10/100 and full duplex Gigabit Ethernet network monitoring and trou-bleshooting.” We found a price for it on Internet [24], it was close to $30 000. This model has two interfaces for monitoring, both can be 1Gb/s.
They also have a 10Gb/s model called XLink Analyzer [25]. “XLink Analyzer is a solution for high speed enterprise data centers. XLink provides the means to simultaneously analyze multiple 10Gigabit or 1Gigabit Ethernet links without the risk of missing a packet. This performance helps solve network and application problems faster, while maintaining higher uptime and performance for end users.” This one is more expensive. A interface card with two 10Gb/s interfaces runs around $72 000 [26], a card with four 1Gig/s interfaces cost around $46 000 [27], and you need a chassis, the least expensive is aSingle Slot XLink Chassis that costs $7 600 [28].
3.1.3 Wildpackets
According to WildPacket, their Gigabit network solutions [29] provides real-time capture and analysis of traffic, capturing high volumes of traffic without dropping any packets and provide expert diagnostics and rich graphical data that accelerate troubleshooting. They have solutions for 1Gb/s and 10Gb/s network analysis. WildPacket’s Gigabit Analyzer Cards are hardware designed to handle Gigabit traffic analysis. When capturing packets at full line rate, the card merges both streams of the full-duplex traffic using synchronized timestamps. The card can also slice and filter packets at full line rate speed to give a better analysis.
3.1.4 Netscout
This company has 10/100/1000 Ethernet and 10 Gigabit Ethernet capture and analysis solu-tions [30]: “The nGenius InfiniStream, when combined with NetScout analysis and reporting solutions, utilizes packet/flow analysis, data mining and retrospective analysis to quickly and efficiently detect, diagnose and verify the resolution of elusive and intermittent IT service prob-lems.” They can capture data at 10Gb/s and have impressive storage configurations ranging from 2TB to 15TB. We did not find any prices for these systems, but we do not think they are cheap.
3.1.5 Summary
The proprietary gigabit analyzers are expensive, which makes it interesting to see what can be done with a regular computer and an IXP card. Another reason to use network processors are that we can program them to do what we want. If your analyzer is an ASIC, you can not change too much of it, since it is hardware. Our card can be programmed to do new and very special packet inspections. In the next section, we will look at other papers about network processors.