KNOM Review

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

Design and Implementation of eBPF-based Virtual TAP for Inter-VM Traffic Monitoring

가상 네트워크 트래픽 모니터링을 위한 eBPF 기반 Virtual TAP 설계 및 구현

  • Hong, Jibum (Pohang University of Science and Technology Department of Computer Science Engineering) ;
  • Jeong, Seyeon (Pohang University of Science and Technology Department of Computer Science Engineering) ;
  • Yoo, Jae-Hyung (Pohang University of Science and Technology Graduate school of Information Technology) ;
  • Hong, James Won-Ki (Pohang University of Science and Technology Department of Computer Science Engineering)
  • Received : 2018.12.08
  • Accepted : 2018.12.21
  • Published : 2018.12.31
⟨ Previous Next ⟩

Abstract

With the proliferation of cloud computing and services, the internet traffic and the demand for better quality of service are increasing. For this reason, server virtualization and network virtualization technology, which uses the resources of internal servers in the data center more efficiently, is receiving increased attention. However, the existing hardware Test Access Port (TAP) equipment is unfit for deployment in the virtual datapaths configured for server virtualization. Virtual TAP (vTAP), which is a software version of the hardware TAP, overcomes this problem by duplicating packets in a virtual switch. However, implementation of vTAP in a virtual switch has a performance problem because it shares the computing resources of the host machines with virtual switch and other VMs. We propose a vTAP implementation technique based on the extended Berkeley Packet Filter (eBPF), which is a high-speed packet processing technology, and compare its performance with that of the existing vTAP.

클라우드 컴퓨팅 및 서비스의 확산으로 인터넷 트래픽과 서비스 품질 향상에 대한 요구가 증가하면서 데이터 센터 내부 서버의 리소스를 보다 효율적으로 사용하는 서버 가상화와 네트워크 가상화 기술에 대한 관심이 증가하고 있다. 트래픽 모니터링을 위해 패킷을 복제하는 기존의 하드웨어 TAP (Test Access Port) 장비는 서버 가상화 환경에서 구성된 가상 데이터 경로 (datapath)에 적합하지 않기 때문에 하드웨어 TAP 장비를 소프트웨어로 구현한 Virtual TAP (vTAP)을 통해 가상 스위치에서 패킷을 복제한다. 그러나 가상 스위치에서 vTAP을 구현하면 호스트 머신의 컴퓨팅 리소스를 가상 스위치 및 가상 머신과 공유하기 때문에 성능 저하 문제가 발생한다. 이 문제를 극복하기 위해 고속 패킷 처리 기술인 eBPF (Extended Berkeley Packet Filter) 기반의 vTAP 구현 기술을 제안하고 기존 방법과 성능을 비교한다.

Keywords

Acknowledgement

Grant : 글로벌 SDN/NFV 공개소프트웨어 핵심 모듈/기능 개발, 인공지능 기반 가상 네트워크 관리 기술 개발

Supported by : 정보통신기술진흥센터

References

  1. O. Sefraoui, M. Aissaoui, and M. Eleuldj, "Open-stack: Toward an open-source solution for cloud computing," Int. J. Comp. Appl. (0975-8887), vol. 55(03), October 2012.
  2. IO Visor Project, "extended Berkeley Packet Filter." [Online]. Available at https://www.iovisor.org/technology/ebpf.
  3. Ben Pfaff et al., "The design and implementation of Open vSwitch," In 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI '15) , 2015, pp. 117-130.
  4. VeryX, "Veryx vTAP datasheet," Tech. Report, 2017. [Online]. Available at http://www.veryxtech.com/wp-content/uploads/2017/11/Datasheet-Veryx-vTAP_20171115.pdf.
  5. Gigamon, "GigaVUE-VM datasheet," Tech. Report, 2016. [Online]. Available at https://www.gigamon.com/content/dam/resource-library/english/data-sheet/ds-gigavue-vm-virtual-machine.pdf.
  6. IXIA, "Ixia Panthom vTAP with tapflow filtering," Tech. Report, 2016. [Online]. Available at https://www.viavisolutions.com/pt-br/literature/ixia-phantom-vtap-tapflow-filtering-data-sheet-en.pdf.
  7. J. Rasley et al., "Planck: Millisecond-scale monitoring and control for commodity networks," In ACM Conference on SIGCOMM, 2014, pp. 407-418.
  8. G. Liu and T. Wood, "Cloud-scale application performance monitoring with SDN and NFV," In 2015 IEEE International Conference on Cloud Engineering, Tempe, AZ, 2015, pp. 440-445.
  9. P. Amaral, J. Dinis, P. Pinto, L. Bernardo, J. Tavares, and H. S. Mamede, "Machine learning in software defined networks: Data collection and traffic classification," In 2016 IEEE 24th International Conference on Network Protocols (ICNP), Singapore, 2016, pp. 1-5.
  10. A. Abubakar and B. Pranggono, "Machine learning based intrusion detection system for software defined networks," In 2017 Seventh International Conference on Emerging Security Technologies (EST), Canter- bury, 2017, pp. 138-143.
  11. S. Jeong, D. Lee, J. Li, and J. W. Hong, "OpenFlow-based virtual TAP using open vSwitch and DPDK," In 2018 IEEE/IFIP Network Operations and Management Symposium, Taipei, 2018, pp. 1-9.
  12. Robert Olsson, "Pktgen the linux packet generator," In Proceedings of the Linux Symposium, Ottawa, Canada, 2005, p. 11-24.
  13. Suricata, "Open source IDS/IPS/NSM engine." [Online]. Available at https://suricata-ids.org/.
  14. pytbull, "IDS/IPS testing framework." [Online]. Available at http://pytbull.sourceforge.net/?page=documentation.
  15. Tcpreplay, "Pcap editing and replaying utilities." [Online]. Available at https://tcpreplay.appneta.com/wiki/overview.html.
  16. IO Visor Project, "eXpress data path." [Online]. Available at https://www.iovisor.org/technology/xdp.