Shulou(Shulou.com)06/01 Report--

Network shunt | implementation scheme of traffic collection and shunt in high-speed backbone network

1 Traffic collection | Network shunt

The so-called traffic collection is to parse and de-frame the network traffic through the physical layer and data link layer to achieve the acquisition of IP original messages. Backbone network traffic collection system is a system for traffic acquisition and analysis of backbone networks. it is mainly used in government network management, operator advertising push, operator billing and forensics service, operator signaling monitoring service, campus network audit, public security network supervision, big data analysis and other fields.

2 High-speed network traffic acquisition system | Network shunt

With the application of Ethernet technology and optical fiber communication technology, the growth of backbone network bandwidth and the expansion of scale, large-scale network traffic collection is facing the challenge of large data scale and increasingly complex traffic. The performance of traditional software-based traffic collection technology has been unable to meet the requirements. The existing traffic collection schemes of high-speed backbone network are mainly divided into three categories: traffic collection scheme based on multi-core processor, traffic collection scheme based on switch chip, and network traffic collection scheme based on FPGA.

Each scheme has its own characteristics, which will be described below.

A) Rong Teng high-speed network traffic acquisition system based on multi-core processor

Multi-core processors can provide powerful parallel computing capabilities. The main models used in traffic acquisition systems are Broadcom's XLP, XLR, XLS,Cavium 's CN6880, CN5880, and Tilera's TILE-GX36. The system using this scheme can realize flow collection and modify the message, so it has high flexibility. However, the processing capacity of the system CPU is limited, which can not really achieve line-speed processing, and the overall performance will not be very high. However, due to the participation of processors, more complex processing, such as flow table management, application layer protocol identification, Radius online and message binding and other functions are easy to implement.

Fig. 1 CDP2000, a traffic collector based on Cavium CN6880

B) High-speed network traffic acquisition system based on switching chip

The price of switching chip is cheaper, and there are mature chip solutions for reference. However, its filtering function is very weak, it only supports very simple accurate multivariate group filtering, can not do deep message detection (DPI: Deep Package Inspection), and can not support Ethernet interfaces such as POS and WAN, which limits the actual application range of the traffic collection scheme based on switch chip.

C) High-speed network traffic acquisition system based on FPGA

At present, there are few solutions based on FPGA, mainly because the price of FPGA chip is expensive, and all the high-speed circuits and filtering algorithms need to be designed by ourselves, so the technical threshold is high and requires deep R & D capability. However, it has both the high flexibility of multi-core system and the high performance of switching system, the advantage is also very obvious.

Fig. 2 100G Rongteng network traffic collection system HFC602 based on FPGA

Table 1 comparison of three traffic collection schemes

Based on multi-core processor, based on switch chip and based on FPGA

Chip prices are generally lower and higher.

The difficulty of hardware design is generally easier and more difficult

The difficulty of software development is generally easier and harder.

The compatibility of common network interfaces is low and high

The flexibility of traffic collection is high and low.

Whether to achieve wire speed processing? yes or no.

The flow acquisition scheme based on multi-core processor + switch chip is the most widely used scheme at present. Although the overall price of the system is a little expensive, it is not difficult to open the software and hardware, and the entry threshold is low.

However, with the development of FPGA, its internal resources are becoming more and more abundant, especially a large number of IP cores are embedded inside, and the processing speed and logic capacity are constantly improved. the scheme based on FPGA has received more and more attention. Many research institutions and companies at home and abroad have launched a network traffic collection system based on FPGA.

Figure 2 shows the structure diagram of the common FPGA-based traffic collection system. The traffic collection and preprocessing platform obtains the network data packets sent by the network port, and carries on the traffic statistics and analysis of the data packets. Finally, according to the results of the traffic analysis, the network data packets are diverted and forwarded back to the network. The design idea of the system is realized by the cooperation of hardware and software, the protocol analysis and data preprocessing of the data packet are realized by the hardware circuit, and the back-end server carries on the specific analysis and processing of the traffic. Through the preprocessing platform for traffic classification and merging and low-load data transmission, the workload of the back-end server is effectively reduced; the server processing the preprocessed data can effectively reduce the load overhead of the traffic processing process.

3 summary

The 100G acquisition device (using ATCA-NTW6401 chassis and HFC602 service processing board) launched by Rong Teng Network is the only device on the market that has been verified by the real network. 10G independent chassis device (PET160/320) is the highest density cooperative transfer device at present. 3G/LTE product (ATCA-NTW6402) due to the combination of software and hardware (FPGA+NPU), the single board processing capacity reaches 40G bps 3G GRE/ 160g LTE, with the highest performance-to-price ratio. | Network shunt

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.