Loading…
FloCon 2016 has ended
Open Forum for Large-Scale Network Analytics
Thursday, January 14 • 9:00am - 9:30am
Towards 100-Gbit Flow-Based Network Monitoring

Sign up or log in to save this to your schedule and see who's attending!

Monitoring a 100-Gbit network is a challenging activity, both in terms of packets per second and number of concurrent flows. Although computing performance has greatly increased over the past few years, it is not easy to adapt existing 10-Gbit probes' design at 100 Gbit. The demand of DPI-based traffic classification, as well the ability to combine on the same physical box both a flow-based probe and additional applications (e.g., an IDS), makes this task even more challenging. It is challenging because network administrators often combine network visibility with in-depth analysis of selected traffic flows (e.g., produced by compromised hosts or critical network resources). This presentation covers the design and implementation of nProbe "cento," a software probe designed from scratch to tackle new monitoring challenges that arose with the advent of 100-Gbit networks. Based on 10 years of lessons learned while developing nProbe, a popular software-based probe, cento has been designed from scratch to guarantee maximum packet processing performance and a clean design not affected by existing legacy software components. It can operate both on commodity hardware for multi-10-Gbit flow monitoring, and can exploit modern FPGA-based NICs for native 100-Gbit monitoring. Cento integrates a lightweight DPI layer as well zero-copy packet forwarding capabilities to steer selected packets’ egress from ethernet interfaces or applications running on the same box. This approach enables network administrators to combine onto a single box functionalities that are often implemented with multiple servers, thus saving money on costly high-speed network adapters and reducing the number of monitoring components.

Speakers
AC

Alfredo Cardigliano

Principal Engineer, ntop
Alfredo is a high-performance software specialist, working as Principal Engineer at ntop, where he leads the development of network monitoring technologies. In the past 5+ years at ntop, he matured strong experience in network programming, kernel hacking, and device drivers. Alfredo's current interests include the development of high-performance network monitoring and in... Read More →
LD

Luca Deri

ntop
Luca is the leader of the ntop project, which is aimed at developing an open-source monitoring platform for high-speed traffic analysis. He shares his time between the ntop project, the Italian DNS Registry (Registro.it), and the University of Pisa where he has been appointed as a lecturer at the Computer Science Depar... Read More →



Thursday January 14, 2016 9:00am - 9:30am
Coquina Ballroom D

Attendees (5)