Shulou(Shulou.com)06/01 Report--

network tap| Implementation Scheme of Traffic Collection and Distribution in High-speed Backbone Network

1 Flow collection| network tap

The so-called traffic collection means that the network traffic is analyzed and deframed through the physical layer and data link layer to obtain the original IP message. Backbone network traffic collection system is a system for obtaining and analyzing traffic of backbone network, which is mainly used in government network management, operator advertisement push, operator billing and forensics service, operator signaling monitoring service, campus network audit, public security network supervision, big data analysis and other fields.

2 High-speed network traffic acquisition system| network tap

With the application of Ethernet technology and optical fiber communication technology, the growth of backbone network bandwidth and the expansion of scale, large-scale network traffic collection is facing the challenge of large data scale and increasingly complex traffic, and the performance of traditional software-based traffic collection technology has been unable to meet the requirements. There are three kinds of traffic collection schemes: multi-core processor-based traffic collection scheme, switch chip-based traffic collection scheme and FPGA-based network traffic collection scheme.

Each option has its own characteristics, which are described below.

a) Rongteng high-speed network traffic collection system based on multi-core processors

Multi-core processors can provide powerful parallel computing capabilities. The main models used in traffic collection systems are Broadcom's XLP, XLR, XLS, Cavium's CN6880, CN5880, and Tilera's TILE-GX36. The system adopting this scheme can be programmed to realize traffic collection and modify messages, so it has very high flexibility. However, due to the limited processing capacity of CPU, it is impossible to realize line-speed processing, and the overall performance will not be very high. However, due to the participation of processor, more complex processing functions such as flow table management, application layer protocol identification, Radius online and message binding are relatively easy to realize.

Rongteng network shunt

Figure 1 CDP2000, a Cavium CN6880-based flow collector

b) High-speed network traffic collection system based on switching chips

Switch chips are cheaper and there are proven nest solutions available. However, its filtering function is very weak, only supports very simple accurate tuple filtering, cannot do Deep Package Inspection (DPI), and cannot support Ethernet interfaces such as POS and WAN, which also makes the traffic collection scheme based on switching chips limited in actual use.

c) FPGA-based high-speed network traffic acquisition system

FPGA-based solutions are few at present, mainly because FPGA chips are more expensive, and all high-speed circuits and filtering algorithms need to be designed by themselves, and the technical threshold is high, requiring deep R & D capabilities. However, it has the high flexibility of multi-core system and the high performance of switching system, and its advantages are also very obvious.

Figure 2 FPGA-based 100G network traffic acquisition system HFC602

Table 1 Comparison of three flow collection schemes

based on a multi-core processor switch chip base based on FPGA

chip prices general lower higher

hardware design ease general easier more difficult

software development ease general easier more difficult

compatibility of common network interfaces low high

Flexibility of flow acquisition high low general

Whether to realize linear speed processing no no is

The traffic collection scheme based on multi-core processor + switch chip is the most common scheme currently applied. Although the overall price of the system is slightly expensive, the software and hardware development is not difficult, and the entry threshold is low.

However, with the development of FPGA, its internal resources are increasingly rich, especially the large number of IP cores embedded in it, and the processing speed and logic capacity are continuously improved. FPGA-based schemes have received more and more attention. Many research institutions and companies at home and abroad have successively introduced FPGA-based network traffic acquisition systems.

Figure 2 shows the structure diagram of a common FPGA-based traffic collection system. The traffic collection and preprocessing platform acquires network packets sent by network ports, performs traffic statistics and analysis on the packets, and finally diverts and retransmits the network packets back to the network according to the results of traffic analysis. The system adopts the design idea of hardware and software cooperation, and the protocol analysis and data preprocessing of data packets are realized by hardware circuits; the back-end server performs specific analysis and processing of traffic. The pre-processing platform classifies and merges traffic and transmits low-load data, effectively reducing the workload of the backend server; the server processes the pre-processed data, which can effectively reduce the load overhead of the traffic processing process!

1 Summary of Rongteng Network Shunt

The 100G acquisition equipment (ATCA-NTW6401 chassis and HFC602 service processing board) launched by NDUST is the only equipment that has been verified by the real network on the market. The 10G independent chassis equipment (PET160/320) is the highest density co-conversion equipment at present. The 3G/LTE product (ATCA-NTW6402) adopts the combination of hardware and software (FPGA+NPU), and the board processing capacity reaches 40G bps. 3G GRE/160G LTE has the highest cost performance.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.