xPF: Packet Filtering for Low-Cost Network Monitoring

Ioannidis, Sotiris; Anagnostakis, Kostas G.; Ioannidis, John; Keromytis, Angelos D.

The ever-increasing complexity in network infrastructures is making critical the demand for network monitoring tools. While the majority of network operators rely on low-cost open-source tools based on commodity hardware and operating systems, the increasing link speeds and complexity of network monitoring applications have revealed inefficiencies in the existing software organization, which may prohibit the use of such tools in high-speed networks. Although several new architectures have been proposed to address these problems, they require significant effort in re-engineering the existing body of applications. We present an alternative approach that addresses the primary sources of inefficiency without significantly altering the software structure. Specifically, we enhance the computational model of the Berkeley packet filter (BPF) to move much of the processing associated with monitoring into the kernel, thereby removing the overhead associated with context switching between kernel and applications. The resulting packet filter, called xPF, allows new tools to be more efficiently implemented and existing tools to be easily optimized for high-speed networks. We present the design and implementation of xPF as well as several example applications that demonstrate the efficiency of our approach.



Also Published In

HPSR2002: Workshop on High Performance Switching and Routing: proceedings: merging optical and IP technologies: May 26-29, 2002, Kobe, Japan
Institute of Electronics, Information and Communications Engineers

More About This Work

Academic Units
Computer Science
Published Here
July 12, 2012