Alfredo Cardigliano is a high-performance software specialist, working as Principal Engineer at ntop, where he leads the development of network monitoring technologies. In the past 6+ years at ntop he matured strong experience in network programming, kernel hacking and device drivers. Alfredo’s current interests include the development of high-performance network monitoring and inline packet processing applications based on commodity hardware. He received his master degree at the University of Pisa with a thesis about packet capture acceleration for network monitoring on Virtual Machines. He also spent a few months at the Uppsala University where he gained experience with modern multi-core architectures.
|2017||Raw Packet Capture in the Cloud: PF_RING and Network Namespaces|
Raw packet capture is necessary for network monitoring and troubleshooting. With the advent of fast networks, the PF_RING framework has been introduced to accelerate packet capture and transmission on commodity hardware. This talk aims to introduce PF_RING with an eye on containers and namespaces. Raw packet capture is necessary for network monitoring and troubleshooting, however considering modern networks it is not possible to capture and transmit packets at wire-speed using general-purpose operating systems. For this reason, about a decade ago, PF_RING has been introduced to accelerate packet capture and analysis on commodity hardware. Today PF_RING has a modular architecture, supporting almost all network adapters, including commercial network adapters specialised in packet capture activities. With the advent of containers, processes isolation has become extremely easy and effective, to the point that also the use of ordinary virtual machines has been in some case reconsidered. Containers is an operating-system level virtualization method for running multiple isolated Linux systems on a single host. Isolation is provided by features like namespaces in the Linux kernel. Namespaces isolate system resources including network, in addition to process IDs, hostnames, user IDs, filesystems. This talk aims to introduce the PF_RING framework, with an eye on containers, to see what exactly happens under the hood with respect to raw packet capture and network namespaces.