2002 Articles
xPF: Packet Filtering for Low-Cost Network Monitoring
The ever-increasing complexity in network infrastructures is making critical the demand for network monitoring tools. While the majority of network operators rely on low-cost open-source tools based on commodity hardware and operating systems, the increasing link speeds and complexity of network monitoring applications have revealed inefficiencies in the existing software organization, which may prohibit the use of such tools in high-speed networks. Although several new architectures have been proposed to address these problems, they require significant effort in re-engineering the existing body of applications. We present an alternative approach that addresses the primary sources of inefficiency without significantly altering the software structure. Specifically, we enhance the computational model of the Berkeley packet filter (BPF) to move much of the processing associated with monitoring into the kernel, thereby removing the overhead associated with context switching between kernel and applications. The resulting packet filter, called xPF, allows new tools to be more efficiently implemented and existing tools to be easily optimized for high-speed networks. We present the design and implementation of xPF as well as several example applications that demonstrate the efficiency of our approach.
Subjects
Files
- xpf.pdf application/pdf 58 KB Download File
Also Published In
- Title
- HPSR2002: Workshop on High Performance Switching and Routing: proceedings: merging optical and IP technologies: May 26-29, 2002, Kobe, Japan
- Publisher
- Institute of Electronics, Information and Communications Engineers
- DOI
- https://doi.org/10.1109/HPSR.2002.1024219
More About This Work
- Academic Units
- Computer Science
- Published Here
- July 12, 2012