OVS-DPDK Port Mirroring via NIC Offloading

As SDN-based networking infrastructure continues to evolve, an increasing number of traditional network functions are deployed over virtualized network. Like traditional networks, traffic monitoring in a Software Defined Network is critical in order to ensure security and performance of the underlyi...

Full description

Saved in:
Bibliographic Details
Main Authors: Wang, Liang-Min, Miskell, Tim, Fu, Patrick, Liang, Cunming, Verplanke, Edwin
Format: Conference Proceeding
Language:English
Subjects:
Benchmark testing
Degradation
Hardware
Port-Mirroring
Ports (computers)
Security
SR-IOV
TaaS
Tap
Telecommunication traffic
Throughput
VIRTIO
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:As SDN-based networking infrastructure continues to evolve, an increasing number of traditional network functions are deployed over virtualized network. Like traditional networks, traffic monitoring in a Software Defined Network is critical in order to ensure security and performance of the underlying infrastructure. In the context of virtualized networks, deployment of a virtualized TAP service has been reported as an effective VNF that can provide the same monitoring capabilities as a physical TAP. Unfortunately, over a para-virtualization environment, e.g. OVS, where inter-VM communication is expensive it has been observed that virtual TAPs can contribute up to 70% performance degradation. In this paper, we present a hybrid approach that allows network administrators to mirror VIRTIO port traffic to another VF (SR-IOV) via NIC hardware offloading. As a result, the mirrored traffic can be viewed through a monitoring VNF in a separate VM. Through this approach, the throughput overhead can be reduced by as much as 50%.
ISSN:2374-9709
DOI:10.1109/NOMS47738.2020.9110293