Projet

Général

Profil

AtelierPPS2012 » Historique » Version 10

Laurent GUERBY, 02/08/2012 22:38

1 1 Laurent GUERBY
{{>toc}}
2 1 Laurent GUERBY
3 1 Laurent GUERBY
h1. AtelierPPS2012
4 1 Laurent GUERBY
5 1 Laurent GUERBY
Une attaque sur le réseau gitoyen a eu lieu le 18 juin et une sur tetaneutral.net le 29 juin, ces deux attaques etaient en "paquet par seconde" (PPS) avec de petits paquets de 50-60 byte qui saturent les CPU des routeurs logiciels.
6 1 Laurent GUERBY
7 1 Laurent GUERBY
L'idée est d'étudier via des recherches sur le web et des laboratoires/ateliers le comportement des routeurs logiciels dans ce cas la : limites atteintes en fonction du paramétrage et du matériel (carte réseau, CPU et fréquence).
8 1 Laurent GUERBY
9 1 Laurent GUERBY
h2. Liens
10 1 Laurent GUERBY
11 2 Laurent GUERBY
* http://lists.tetaneutral.net/pipermail/technique/2012-July/000406.html
12 2 Laurent GUERBY
* http://guerby.org/ftp/dos-tetaneutral-20120629-12h33-13h03-pps.png
13 1 Laurent GUERBY
14 3 Laurent GUERBY
* http://www.spinics.net/lists/netdev/msg206077.html
15 3 Laurent GUERBY
** So with your patch, Eric's patch, and this most recent patch we are now at 11.8Mpps with 8 or 9 queues.  At this point I am staring to hit the hardware limits since 82599 will typically max out at about 12Mpps w/ 9 queues.
16 3 Laurent GUERBY
** 12e6 * 64 byte * 8  = 6.1 Gbit/s
17 3 Laurent GUERBY
* Intel® 82599 10 Gigabit Ethernet Controller http://ark.intel.com/products/series/32609
18 4 Laurent GUERBY
* more interrupts (lower performance) in bare-metal compared with running VM https://lkml.org/lkml/2012/7/27/490
19 3 Laurent GUERBY
20 3 Laurent GUERBY
100 Mbit/s = 195312 frames de 64 byte/s
21 3 Laurent GUERBY
1000 Mbit/s = 1953125 frames de 64 byte/s
22 3 Laurent GUERBY
23 5 Laurent GUERBY
* discussion choix d'un routeur et attaque PPS : http://www.mail-archive.com/frnog@frnog.org/msg19673.html
24 10 Laurent GUERBY
* projet netmap http://info.iet.unipi.it/~luigi/netmap/
25 10 Laurent GUERBY
** http://lwn.net/Articles/484323/
26 6 Laurent GUERBY
** http://info.iet.unipi.it/~luigi/papers/20120503-netmap-atc12.pdf
27 7 Laurent GUERBY
*** "In our prototype, a single core running at 900 MHz can send or receive 14.88 Mpps (the peak packet rate on 10 Gbit/s links). This is more than 20 times faster than conventional APIs."
28 8 Laurent GUERBY
** http://info.iet.unipi.it/~luigi/netmap/20110729-rizzo-infocom.pdf
29 8 Laurent GUERBY
** VALE, a Virtual Local Ethernet http://info.iet.unipi.it/~luigi/vale/
30 1 Laurent GUERBY
*** http://info.iet.unipi.it/~luigi/papers/20120608-vale.pdf
31 1 Laurent GUERBY
*** " Our architecture, called VALE, implements a Virtual Local Ethernet that can be used by virtual machines such as QEMU, KVM and others, as well as regular processes, to achieve over 17 million packets per second (Mpps) between host processes, and over 2 Mpps between QEMU instances, without any hardware assistance"
32 1 Laurent GUERBY
** Towards a Billion Routing Lookups per Second in Software http://info.iet.unipi.it/~luigi/papers/20120601-dxr.pdf
33 10 Laurent GUERBY
* http://www.intel.com/content/www/us/en/ethernet-controllers/82599-10-gbe-controller-datasheet.html
34 10 Laurent GUERBY
* ipfw 9-10 Mpps http://lists.freebsd.org/pipermail/freebsd-net/2012-July/032869.html
35 10 Laurent GUERBY
36 10 Laurent GUERBY
* http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf
37 8 Laurent GUERBY
38 5 Laurent GUERBY
39 1 Laurent GUERBY
h2. Personnes interessées
40 1 Laurent GUERBY
41 1 Laurent GUERBY
# Laurent GUERBY
42 1 Laurent GUERBY
# Autre
43 1 Laurent GUERBY
44 1 Laurent GUERBY
A priori il suffit de deux machines pour pouvoir commencer chez soi.