Project

General

Profile

AtelierPPS2012 » History » Version 34

Version 33 (Laurent GUERBY, 12/24/2013 12:01 PM) → Version 34/81 (Laurent GUERBY, 12/28/2013 12:52 PM)

{{>toc}}

h1. AtelierPPS2012

Une attaque sur le réseau gitoyen a eu lieu le 18 juin et une sur tetaneutral.net le 29 juin, ces deux attaques etaient en "paquet par seconde" (PPS) avec de petits paquets de 50-60 byte qui saturent les CPU des routeurs logiciels.

L'idée est d'étudier via des recherches sur le web et des laboratoires/ateliers le comportement des routeurs logiciels dans ce cas la : limites atteintes en fonction du paramétrage et du matériel (carte réseau, CPU et fréquence).

h2. Liens

* http://lists.tetaneutral.net/pipermail/technique/2012-July/000406.html
* http://guerby.org/ftp/dos-tetaneutral-20120629-12h33-13h03-pps.png
* http://networkstatic.net/the-sdn-impact-on-net-neutrality/
* http://blog.exceliance.fr/2012/04/24/hypervisors-virtual-network-performance-comparison-from-a-virtualized-load-balancer-point-of-view/
* http://www.spinics.net/lists/netdev/msg206077.html
** So with your patch, Eric's patch, and this most recent patch we are now at 11.8Mpps with 8 or 9 queues. At this point I am staring to hit the hardware limits since 82599 will typically max out at about 12Mpps w/ 9 queues.
** 12e6 * 64 byte * 8 = 6.1 Gbit/s
** PATCH Remove the ipv4 routing cache http://www.spinics.net/lists/netdev/msg205545.html
* Intel® 82599 10 Gigabit Ethernet Controller http://ark.intel.com/products/series/32609
* more interrupts (lower performance) in bare-metal compared with running VM https://lkml.org/lkml/2012/7/27/490

100 Mbit/s = 195312 frames de 64 byte/s
1000 Mbit/s = 1953125 frames de 64 byte/s
* http://dpdk.org/ml/archives/dev/2013-May/000102.html
** In case of 64 byte packets (with Ethernet CRC), (64+20)*8 = 672 bits. So line rate is 10000/672 = 14.88 Mpps.
* discussion choix d'un routeur et attaque PPS : http://www.mail-archive.com/frnog@frnog.org/msg19673.html
* projet netmap http://info.iet.unipi.it/~luigi/netmap/
** http://lwn.net/Articles/484323/
** http://info.iet.unipi.it/~luigi/papers/20120503-netmap-atc12.pdf
*** "In our prototype, a single core running at 900 MHz can send or receive 14.88 Mpps (the peak packet rate on 10 Gbit/s links). This is more than 20 times faster than conventional APIs."
** http://info.iet.unipi.it/~luigi/netmap/20110729-rizzo-infocom.pdf
** VALE, a Virtual Local Ethernet http://info.iet.unipi.it/~luigi/vale/
*** http://info.iet.unipi.it/~luigi/papers/20120608-vale.pdf
*** " Our architecture, called VALE, implements a Virtual Local Ethernet that can be used by virtual machines such as QEMU, KVM and others, as well as regular processes, to achieve over 17 million packets per second (Mpps) between host processes, and over 2 Mpps between QEMU instances, without any hardware assistance"
** Towards a Billion Routing Lookups per Second in Software http://info.iet.unipi.it/~luigi/papers/20120601-dxr.pdf
** http://info.iet.unipi.it/~luigi/netmap/talk-hp.html
** http://marc.info/?a=133836981100006&r=1&w=4
** 10 Gbit/s Line Rate Packet Processing Using Commodity Hardware: Survey and new Proposals http://luca.ntop.org/10g.pdf
* http://www.intel.com/content/www/us/en/ethernet-controllers/82599-10-gbe-controller-datasheet.html
* ipfw 9-10 Mpps http://lists.freebsd.org/pipermail/freebsd-net/2012-July/032869.html
* projet PFQ
** http://netgroup.iet.unipi.it/software/pfq/index.html
* Ubiquity EdgeMax router
** http://www.ubnt.com/edgemax
** http://forum.ubnt.com/showthread.php?t=59312
** http://dl.ubnt.com/Tolly212127UbiquitiEdgeRouterLitePricePerformance.pdf
** http://dl.ubnt.com/Tolly212128UbiquitiEdgeRouterLitePricePerformanceVsMikroTik.pdf
* http://dpdk.org/
** Intel DPDK: Data Plane Development Kit
** Intel DPDK is a set of libraries and drivers for fast packet processing on x86 platforms. It runs mostly in Linux userland.
* http://www.slideshare.net/shemminger/uio-final
** Networking in Userspace : Living on the edge
* http://tech.slashdot.org/story/13/04/17/2014206/vint-cerf-sdn-is-a-model-for-a-better-internet
** http://slashdot.org/topic/datacenter/vint-cerf-sdn-is-a-model-for-a-better-internet/
* http://www.opendaylight.org/
** OpenDaylight's mission is to facilitate a community-led, industry-supported open source framework, including code and architecture, to accelerate and advance a common, robust Software-Defined Networking platform

* http://www.packetdam.com/

* http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf

* http://osdir.com/ml/linux.drivers.e1000.devel/2007-05/msg00182.html
** "The network cards are perfectly capable of achieving much higher numbers than 135k pps. The linux network stack however is currently not."
* http://code.google.com/p/openpgm/
* http://afresh1.com/OpenBSD_49_Throughput_Latency/

* http://code.ettus.com/redmine/ettus/projects/public/wiki/Latency

* 10Gbps Open Source Routing » de Bengt Gördén, Olof Hagsand et Robert Olsson http://www.iis.se/docs/10G-OS-router_2_.pdf
* http://fr.slideshare.net/brouer/linuxcon2009-10gbits-bidirectional-routing-on-standard-hardware-running-linux
* 10 Gbit Hardware Packet Filtering Using Commodity Network Adapters http://ripe61.ripe.net/presentations/138-Deri_RIPE_61.pdf
* https://wiki.freebsd.org/NetworkPerformanceTuning

* http://wiki.networksecuritytoolkit.org/nstwiki/index.php/LAN_Ethernet_Maximum_Rates,_Generation,_Capturing_%26_Monitoring
* http://www.cisco.com/web/about/security/intelligence/network_performance_metrics.html

* http://blog.erratasec.com/2013/12/ccc-100-gbps-and-your-own-private-shodan.html
* https://github.com/robertdavidgraham/masscan
* http://www.ntop.org/products/pf_ring/

* http://routebricks.org/pubs.html

h2. Personnes interessées

# Laurent GUERBY
# Obinou (qui a déjà utilisé PF-RING et NTOP)

A priori il suffit de deux machines pour pouvoir commencer chez soi.

h2. Tests

e1000e D2500CC (squeeze) et core i5 DQ67SW (squeeze + kernel 3.2bpo)
iperf plafonne a 120-130k pps