今天,翻译了一些PF_RING DNA方面的资料看看,以更深入了解DNA的机制。
Direct NIC Access 直接网卡访问
Gigabit and 10 Gigabit Ethernet Line-Rate Packet Capture and Injection
PF_RING™ DNA (Direct NIC Access) is a way to map NIC memory and registers to userland so that there is no additional packet copy besides the DMA transfer done by the NIC NPU (Network Process Unit), unlike what happens with NAPI. This results in better performance as CPU cycles are used uniquely for consuming packets and not for moving them off the adapter. The drawback is that only one application at time can open the DMA ring (note that modern NICs can have multiple RX/TX queues thus you can start simultaneously one application per queue), or in other words that applications in userland need to talk each other in order to distribute packets.
PF_RING™ DNA(直接网卡访问)是一种映射网卡内存和寄存器到用户态的方法,因此除了由网卡的网络处理单元完成DMA传输之外,没有任何额外的数据包复制,不像NAPI那样会发生数据包复制。这将性能更好,因为CPU周期的仅用于消耗数据包,而不是把数据包从网卡挪走。其缺点是,只有一个应用可以在某个时间打开DMA ring(请注意,现在的网卡可以具有多个RX / TX队列,从而就可以在每个队列上同时一个应用程序),换而言之,用户态的多个应用需要彼此沟通才能分发数据包。
In a nutshell if you like flexibility you should use PF_RING™, if you want pure speed PF_RING™ DNA is the solution. Please note that in DNA mode NAPI polling does not take place, hence PF_RING™ features such as reflection and packet filtering are not supported.
简而言之,如果你喜欢灵活,你应该使用PF_RING™;如果你喜欢高速,那PF_RING™DNA是解决方案。请注意,在DNA模式NAPI polling机制不会生效,从而导致不会支持PF_RING™特性,如反射和包过滤。
Benchmarking PF_RING DNA
For years networking companies have used the buzzword zero-copy to qualify those hardware/software solutions that allow applications to play with packets without the need to copy them at all. Zero-copy needs DMA (Direct Memory Access) for operating so that applications do not get a (shallow) copy of packets but they actually get the pointer to the packet. As you probably know, PF_RING DNA allows applications to access packets in zero-copy so that in the pfring_recv() call you get a pointer to the packet just receive. Whereas in traditional PF_RING you always get a copy of a packet portion (limited to the snaplen) sitting on a memory ring living on the kernel that is accessed in DMA.
多年来,网络公司已经使用流行的零拷贝技术来实现多种硬件/软件解决方案,它们允许应用程序不经复制就可以处理数据包。零拷贝技术需要DMA(直接内存访问)的操作,因为应用程序没有得到数据包的(浅)的副本,但他们实际得到的指针数据包。正如你可能知道的,PF_RING DNA允许应用程序零拷贝访问数据包,这样在pfring_recv( )调用中你会得到一个指针来指向刚刚接收的数据包。而在传统的PF_RING你总是得到内核里面memory ring中的通过DMA访问的一个数据包的部分内容的一个副本(限制在snaplen长度)。
In DNA, zero-copy applies not just to packet capture but also to packet transmission, and bouncing (i.e. you receive a packet on one interface and forward it to another interface). All those who have tested DNA have realized that an old Core2Duo 1.86 GHz is enough for handling TX line rate at 10G, so in general if you own an adequate server, DNA can solve all your RX and TX needs.
在DNA方案中,零拷贝不仅用于数据包捕获,还用于包传输和弹射(比如,你在一个接口上收到一个数据包,然后将其转发到其他接口)。所有已经测试了DNA的那些人已经意识到一个老旧的Core 2 Duo1.86 GHz的处理器是足够的处理发送线速10G。所以一般来说,如果你拥有基本的服务器,DNA可以解决你所有的接收和发送的需求。
Over the past 6 months we have made many changes to DNA, in particular for making it more flexible not just for packet capture but also for packet processing. We have then decided to run some new performance tests in order to position DNA with similar solution such as netmap, and Intel DPDK that is probably the reference software in terms of packet processing on commodity hardware.
在过去的6个月中,为了使它更灵活的捕获数据包捕获和处理数据包,我们已经对DNA做了很多改变。我们已经决定开展一些新的性能测试,让DNA能与类似的解决方案相媲美,比如netmap和Intel DPDK能在普通硬件上处理数据包的优秀软件。
For our tests we used a entry-level server Supermicro X9SCL powered by a Xeon E31230 (4 cores + HyperThreading) fitted with two dual 10 Gbit NICs. For traffic generator we used a Spirent (4 x 10 Gbit ports) kindly provided by Silicom. For packet capture we used pfcount, and for packet receive+forwarding we have used pfdnabounce with a pre-release version of the libzero that will be releasing soon and that allows to operate in zero-copy across network interfaces.
对于我们的测试中,我们采用了入门级服务器超微X9SCL搭载了至强E31230(4核+超线程),配有两个双10千兆网卡。对于流量产生工具,我们使用了由Silicom的友情提供Spirent(4×10千兆位端口)。对于数据包捕获,我们使用pfcount,并为数据包接收+转发,我们使用pfdnabounce与即将发布的libzero的预发布版本,它允许在网络接口之间零拷贝操作。
浙公网安备 33010602011771号