Raw packet capture is necessary for network monitoring and troubleshooting. With the advent of fast networks, the PF_RING framework has been introduced to accelerate packet capture and transmission on commodity hardware. This talk aims to introduce PF_RING with an eye on containers and namespaces.
Raw packet capture is necessary for network monitoring and troubleshooting, however considering modern networks it is not possible to capture and transmit packets at wire-speed using general-purpose operating systems. For this reason, about a decade ago, PF_RING has been introduced to accelerate packet capture and analysis on commodity hardware. Today PF_RING has a modular architecture, supporting almost all network adapters, including commercial network adapters specialised in packet capture activities.
With the advent of containers, processes isolation has become extremely easy and effective, to the point that also the use of ordinary virtual machines has been in some case reconsidered. Containers is an operating-system level virtualization method for running multiple isolated Linux systems on a single host. Isolation is provided by features like namespaces in the Linux kernel. Namespaces isolate system resources including network, in addition to process IDs, hostnames, user IDs, filesystems.
This talk aims to introduce the PF_RING framework, with an eye on containers, to see what exactly happens under the hood with respect to raw packet capture and network namespaces.
Containers
45 min
English
Advanced