Shulou(Shulou.com)06/01 Report--

Network shunt is a kind of network traffic filtering and collection equipment, which works in the third and fourth layers, and is specially used in the field of Internet traffic analysis. It is a kind of equipment for traffic filtering, attenuation, switching and shunt in order to reduce back-end analysis. At present, the existing Rong Teng shunt includes gigabit, 10 gigabit (POS, WAN, LAN), 40G (POS, LAN), 100G Ethernet, PON (EPON, GPON), WIFI, 3G and LTE.

1. Introduction

Due to IPTV, video-on-demand and other services, remote storage, mobile broadband services, × × services and other widespread applications, the traffic of operators' backbone network continues to increase, and the demand for high bandwidth by Internet service providers (ISP) and network service providers (NSP) is increasing. At present, the customer-to-operator connection has been rapidly expanded to the 10GE. Typically, the backbone network connection requires 4 to 10 times the customer connection to ensure adequate performance.

With the development of multi-core processing, virtualization, network storage and other technologies, enterprise computing environment and backbone links have higher and higher requirements for link bandwidth. The 100G interface is used for the 10G Ethernet computer equipment in the current data center and the switch-to-switch connection for 40G Ethernet in the future. The same requirement is also available at ISP. 100g is the perfect solution for Internt interconnection and new services and consumer and business users in the future.

two。 Challenges

In the future, 100G shunt will be widely used in network monitoring, signaling analysis, big data analysis, IDC protection, real-time advertising bidding and other fields. However, 100G shunt is not just a problem of link bandwidth upgrade, to perform traffic analysis on 100G links, the following challenges must be addressed:

(1) density, volume and power consumption of equipment: as 100G optical transmission is still expensive, this kind of equipment is usually deployed in the operator's computer room, where space is limited and usually requires layers of approval. If the density of the equipment can be increased, the size and power consumption can be reduced, it will be beneficial to the deployment and implementation of the equipment.

(2) the cost of equipment: the bandwidth of 100G link is 10 times that of 10 Gigabit link. At present, the price of 10 gigabit shunt is relatively cheap, but if 10G equipment is deployed in the convergence layer of the operator, too much link splicing will bring construction problems. Splitting on 100G Ethernet can reduce the difficulty of construction, but the cost of the equipment itself can not be much higher than 10 10 Gigabit links, otherwise users are more likely to use 10 Gigabit shunts.

(3) finer traffic classification: the high bandwidth brought by 100G link increases the pressure on the back-end analysis server, and the traditional multi-group-based traffic attenuation method has been unable to meet the requirements. The perfect solution is to perform DFI (deep flow inspection, a more specific form of DPI) on the shunt to filter out unconcerned protocol messages and messages sent by specific websites. At present, the commercial DPI capacity veneer does not exceed 40Gbps, and the combination of multi-group and DPI traffic filtering is a technical problem that must be solved.

(4) the stability of the equipment: as the equipment is more deployed in the operator rather than the user test, the maintenance of the shunt will be more difficult, the use of ATCA equipment is an effective solution, and better stability design, stricter component selection and aging experiments can ensure that the reliability of the equipment can reach more than 99.999%.

3. Solution

The 100G shunt should take full account of the density, size, power consumption and cost of the equipment, and can perform more detailed traffic classification. The following solutions can be adopted: 100G line card itself completes input and output, performs multigroup filtering, partial output of multituple filtered traffic, partial discarding, and traffic requiring in-depth detection is transmitted to a special DPI board for deep traffic detection. To meet this requirement, Hunan Rong Teng Network Technology Co., Ltd. (www.rtnetworks.com.cn) adopts the design scheme shown in figure 1. The optical interface uses commercial 100GE CFP or CFP2 optical module to realize the conversion of 100GE optical signal to CAUI electrical interface. Different optical modules can support 100GBASE-SR10, 100GBASE-LR4, 100GBASE-ER4 and other applications. The optical module outputs 10-channel 10Gbps data and then carries on the subsequent processing.

In 100G traffic acquisition, there are three modules: PMA, PCS and MAC. PMA implements the media interface of 100GE, which is realized by high-speed SERDES of high-performance FPGA. A 100GE interface requires 10 high-speed SERDES, and each SERDES converts the serial data of 10Gb/s into relatively low-speed 40-Bits parallel data.

The PCS module is fully compatible with the 802.3ba specification. The main functions implemented are as follows:

1 interface between 10*40-Bit and PMA

2 Multichannel distribution (MLD) mechanism to support 100Gbps data transmission

3 periodically aligned marker insertion / stripping

4 data scrambling or descrambling

5 64b/66b encode / decode

6 66b-40b data width conversion gearbox function.

7 384-bit@260MHz MAC data interface

QQ Picture 20150721110934.png

(1) when DPI and DFI are not needed, a two-slot ATCA chassis can be used. The veneer itself supports redundant traffic output to meet the needs of network monitoring, signaling analysis, big data analysis, IDC protection, real-time advertising bidding and other fields.

Fig. 2 solution of two-slot 100G shunt

(2) when DPI and DFI are to be executed, a 14-slot chassis can be used to send messages to a dedicated DPI board to perform deep flow detection through exchange. The detection mode can be a string or regular expression, and when output is needed, it can still be output through the 10 Gigabit interface of 100G board (HFC602) itself.

Fig. 3 14-slot 100G shunt solution

4. Conclusion

In the high-speed network environment, with the rapid increase of backbone network bandwidth and traffic, complex network applications emerge in endlessly. Traditional network forensics systems face great challenges in data capture and data processing.

Rong Teng 100G shunt is a complex system. The design and implementation of such a system requires comprehensive consideration of cost, size, power consumption, density and fine shunt functions.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.