KR102016627B1 - Network interface apparatus using jumbo frame - Google Patents

Abstract

A network interface device using a jumbo frame is disclosed. According to an embodiment of the present invention, the network interface device comprises: a packet receiving unit for receiving a packet through a network; a packet analyzing unit configured to analyze the received packets to generate packet analysis information; a jumbo frame generation unit including packet analysis information in a header of the received packet and generating a jumbo frame by combining received packets including the packet analysis information; and a host transmitting unit for transmitting the jumbo frame to a host.

Description

Network interface apparatus using jumbo frame

The present invention relates to traffic processing and management technology.

With the development of information and communication technology, information users are provided with convenience and convenience not only for collecting information but also for distribution, purchasing, finance, etc. in general, while delivering information such as information hacking, virus intrusion, network attack, and random spreading of harmful information. Dysfunction affects the entire information society. As such, by analyzing the information contained in the packet transmitted from the network to detect and remove the information that should not be delivered to the user in the network, a packet containing intrusion information such as a virus or information harmful to the user is detected. Perform the function of removing.

Generally, a network device largely includes a host and a network interface device. To handle these services stably and at high speeds, network devices must use high speed internal buses, high speed memory, and high speed processors. In a general network device, a packet reception and transmission method directly stores a packet received by a network interface card in a host's memory, processes it by a host processor, reads it from the host memory, and outputs the packet to the network interface card through an external network line. To send.

However, as the speed of the network interface is increased at a speed faster than the speed of the processor or the internal bus of the network device, the delay of packet transmission is inevitable by the packet reception and transmission method of the previous network device. As a result, previous network devices have made it difficult to provide high speed interfaces and high capacity services.

According to an embodiment of the present invention, a network interface device using a jumbo frame capable of increasing transmission efficiency between a network interface device and a host, transmitting and receiving information at high speed, and reducing a packet processing load of the host is proposed.

According to an embodiment, a network interface apparatus includes a packet receiver configured to receive a packet through a network, a packet analyzer configured to analyze the received packets to generate packet analysis information, and include packet analysis information in a header of the received packet and analyze the packet. Jumbo frame generation unit for generating a jumbo frame by combining the received packets including the information, and a host transmitter for transmitting the jumbo frame to the host.

The packet analysis information may be any one of packet classification information, pattern matching information, and filtering information. The jumbo frame may include one jumbo header, a header including packet analysis information per packet, and packet data.

The packet analyzer obtains 5-tuple information of each received packet through packet analysis and calculates a hash value from the 5-tuple information.The jumbo frame generator includes the calculated hash value in the header of the received packets constituting the jumbo frame. Jumbo frames may be generated by combining received packets having a hash value in the header.

The packet analysis unit compares the information of the received packet with a preset pattern and performs pattern matching to search for a predetermined pattern to obtain pattern matching information.The jumbo frame generator includes the pattern matching information in the header of the received packet. Jumbo frames may be generated by combining received packets including matching information. The pattern matching information may include a pattern matching presence and pattern matching table ID.

The packet analyzer obtains the filtering information by performing security filtering to filter the information of the received packet by comparing the information of the received packet with a preset pattern, and the jumbo frame generator includes the filtering information in the header of the received packet. Jumbo frames may be generated by combining received packets with filtering information. The filtering information may include filtering presence and pattern matching table ID at the time of filtering.

The network interface device may further include a host receiving unit receiving a jumbo frame from a host, a general packet generation unit for generating a general packet by separating the received jumbo frame, and a packet transmission unit for transmitting the generated general packet through a network. Can be.

The host transmitter may transmit jumbo frames to the host memory of the host by direct memory access (DMA).

When the network interface device transmits a packet to the host, the packet is collected and transmitted in a single jumbo frame unit, thereby increasing the transmission efficiency of the network equipment and reducing the packet processing load. Since one jumbo frame unit is composed of a plurality of received packets, it is possible to increase the number of packets transmitted at one time. In addition, jumbo frames can be collected by collecting multiple incoming packets to reduce bandwidth, allowing more information to be sent to the host.

When the network interface device transmits jumbo frames to the host, the network packet processing performance load can be reduced by including and transmitting the information required by the host. For example, prior to sending a packet to the host, the network interface device performs network security functions such as pattern matching and security filtering in advance, and includes the result of the execution in the header of the received packet to transmit to the host. This can improve the performance of network equipment.

The transmission efficiency can be increased when the network interface device transmits a packet to the host memory in a DMA manner. In addition, the DMA interrupt overhead of the host processor can be reduced to reduce the load. When the transmission efficiency is increased when the packet is transmitted to the host memory by the DMA method, the packet transmission latency can be reduced.

1 is a diagram showing the configuration of a network device according to an embodiment of the present invention;
2 is a diagram illustrating a configuration of a network interface device according to an embodiment of the present invention;
3 is a packet structure for explaining the packet transmission time when transmitting to the host for each received packet in the network interface device,
FIG. 4 is a packet structure illustrating a packet transmission time when a network interface device transmits a host to a host in a jumbo frame combining general packets.

Advantages and features of the present invention, and methods for achieving them will be apparent with reference to the embodiments described below in detail in conjunction with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but may be implemented in various forms, and only the embodiments of the present invention make the disclosure of the present invention complete and the general knowledge in the technical field to which the present invention belongs. It is provided to fully convey the scope of the invention to those skilled in the art, and the present invention is defined only by the scope of the claims. Like reference numerals refer to like elements throughout.

In describing the embodiments of the present disclosure, when it is determined that a detailed description of a known function or configuration may unnecessarily obscure the subject matter of the present disclosure, the detailed description thereof will be omitted, and the following terms are used in the embodiments of the present disclosure. Terms are defined in consideration of the function of the may vary depending on the user or operator's intention or custom. Therefore, the definition should be made based on the contents throughout the specification.

Combinations of each block of the block diagrams and respective steps of the flowcharts may be performed by computer program instructions (executable engines), which may be executed on a processor of a general purpose computer, special purpose computer, or other programmable data processing equipment. As such, instructions executed through a processor of a computer or other programmable data processing equipment create means for performing the functions described in each block of the block diagram or in each step of the flowchart.

These computer program instructions may also be stored in a computer usable or computer readable memory that can be directed to a computer or other programmable data processing equipment to implement functionality in a particular manner, and thus the computer usable or computer readable memory. The instructions stored therein may also produce an article of manufacture containing instruction means for performing the functions described in each block of the block diagram or in each step of the flowchart.

And computer program instructions can also be mounted on a computer or other programmable data processing equipment, such that a series of operating steps can be performed on the computer or other programmable data processing equipment to create a computer-implemented process that can be executed by the computer or other programmable data. Instructions for performing data processing equipment may also provide steps for performing the functions described in each block of the block diagram and in each step of the flowchart.

In addition, each block or step may represent a portion of a module, segment or code that includes one or more executable instructions for executing specific logical functions, and in some alternative embodiments referred to in blocks or steps It should be noted that the functions may occur out of order. For example, the two blocks or steps shown in succession may, in fact, be performed substantially concurrently, or the blocks or steps may be performed in the reverse order of the corresponding function, as required.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. However, embodiments of the present invention illustrated in the following may be modified in many different forms, the scope of the present invention is not limited to the embodiments described in the following. Embodiments of the present invention are provided to more fully explain the present invention to those skilled in the art.

1 is a diagram illustrating a configuration of a network device according to an embodiment of the present invention.

Referring to FIG. 1, a network device includes a network interface device 1 and a host 2.

The network interface device 1 may be a network interface card (NIC), which is referred to as a NIC for convenience in the following description. The NIC (1) is a PC hardware component called a network interface controller, network adapter, LAN card, LAN adapter, etc. that connects the PC to the Internet or the internal network. To provide a communication function As the recent 10 Gigabit Ethernet technology has become commonplace, networking protocols are being integrated over Ethernet. The NIC 1 may be mounted on the host 2, and will be mounted in the form of a peripheral component interconnect (PCI) interface, mainly if the host system is a PC.

The host 2 includes a high speed host memory 210 and a host processor 220. The host processor 220 may be a CPU, a single core processor having one CPU, or a multi core processor having multiple CPUs. The host 2 may further include a bus arbiter 230, an I / O bus controller 240, and an I / O bus interface 250. They perform input and output of signals and data, bus license control, and so on.

Referring to the packet transmission / reception scheme in the network device having the above-described configuration, first, the NIC 1 collects packets received from a network line and generates a jumbo frame in jumbo frame units. Deliver packets to host 2. When the NIC 1 transmits a packet to the host 2 in a jumbo frame unit, it is possible to increase the transmission efficiency of the network equipment and reduce the packet transmission latency. Since a single jumbo frame unit is composed of a plurality of received packets, it is possible to increase the number of packets transmitted at one time and to save the packet transmission time. In addition, jumbo frames can be collected by collecting several received packets, thereby reducing the bandwidth and transmitting more information to the host 2. If the packet transmission time is saved, the packet can be transmitted between the NIC 1 and the host 2 at high speed, and the overall packet processing capability of the host 2 can be improved.

The host 2 receiving the jumbo frame analyzes the packet stored in the host memory 210 through the host processor 220 to determine how to process the packet including whether the packet is blocked or forwarded. Packet analysis and packet processing of the host 2 For example, a detailed packet analysis of the received packet is performed to determine whether the packet is infected with malicious code, access to a harmful site, and whether to block or forward the packet according to the determination result. Decide Thereafter, a jumbo frame composed of packets for which packet processing determination is completed is transmitted to the NIC 1. In the example of an intrusion protection system (IPS), the host processor 200 of the host 2 analyzes the packets stored in the host memory 210 to determine how to process the packets, and to determine the packet processing decision. A jumbo frame composed of packets is sent to the NIC 1. The NIC 1 receives the jumbo frame from the host 2, separates the jumbo frame, generates a normal packet, and transmits the generated normal packet to a network line.

2 is a diagram illustrating a configuration of a NIC according to an embodiment of the present invention.

1 and 2, the NIC 1 includes a packet receiver 100, a packet analyzer 102, a jumbo frame generator 104, a host transmitter 106, a host receiver 108, and a general packet generator. A unit 110 and a packet transmitter 112 is included. The packet analyzer 102, the jumbo frame generator 104, and the general packet generator 110 may be embedded in a processor constituting the NIC 1, and the NIC processor may be a multi-core processor.

The packet receiving unit 100 and the packet transmitting unit 112 are network interface configurations for transmitting and receiving packets to and from the outside through a network line. The network interface including the packet receiver 100 and the packet transmitter 112 is connected inline with the network to transmit and receive packets from the network. In this case, a multi-gigabit (Gbps) network inline line may be accommodated. For example, the network interface has 10 Gbps Ethernet 2 lines (4 ports).

The host transmitter 106 and the host receiver 108 are host interface configurations that connect to the host 2 and transmit and receive information with the host 2. The interface method follows the interface method supported by the host 2 such as PCIe and USB interface methods.

The packet analyzer 102 generates packet analysis information by analyzing received packets. The packet analysis information may be packet classification information, pattern matching information, filtering information, and the like. The packet analysis unit 102 primarily analyzes the packet, generates packet analysis information which is helpful for the second packet analysis of the host 2, and transmits the packet analysis information to the host 2 to load the host 2. This can improve performance of network devices.

The packet analyzer 102 performs a high performance network security and information protection function. Examples of high performance network security and information protection functions include pattern matching, security filtering, and the like. To this end, the NIC 1 embeds a network security engine with pattern matching and security filtering into the processor in the NIC. Pattern matching includes Perl Compatible Regular Expressions (PCRE) / YARA pattern matching. Security filtering includes an access control list (ACL), a uniform resource locator (URL) / Internet protocol (IP) filtering, and the like. It supports pattern matching and security filtering based on L2 / L3 / L4 and L7 deep packet analysis technology of packets.

The jumbo frame generation unit 104 includes packet analysis information in the header of the received packet, and generates a jumbo frame by combining the received packets including the packet analysis information. A jumbo frame includes one jumbo header, a header including packet analysis information per packet, and packet data. The structure of the jumbo frame will be described later with reference to FIG. 4.

The host transmitter 106 transmits a jumbo frame to the host 2 when connected to the host 2. When transmitting the jumbo frame, the jumbo frame may be transmitted to the host memory 210 of the host 2 by a direct memory access (DMA) method. DMA allows information to be moved without executing a program by the host processor 220. When the NIC 1 transmits a packet to the host memory 210 of the host 2 in a DMA manner, the transmission efficiency can be increased. In addition, the load may be reduced by reducing the DMA interrupt overhead of the host processor 220. In addition, when the transmission efficiency is increased when the packet is transmitted to the host memory 210 in the DMA method, the packet transmission delay may be reduced.

Hereinafter, the packet analysis unit 102 analyzes the received packet to obtain packet analysis information, and the jumbo frame generation unit 104 adds the packet analysis information to the header of the received packet, and the packet analysis information is added to the header. Various embodiments of the configuration of collecting packets to generate one jumbo frame and the configuration of transmitting the jumbo frame to the host 2 by the host transmitter 106 will be described in detail below.

The packet analyzer 102 according to an embodiment obtains 5-tuple information of each received packet through packet analysis and calculates a hash value from 5-tuple information. The 5-tuple information includes a source address (SIP), a destination address (DIP), a protocol (Protocol), a destination port (DP) and a source port (SP). The hash value is calculated using the IP, protocol, and port information of the 5-tuple packet, and the hash value is used to distinguish the packet. The jumbo frame generator 104 includes the hash value calculated by the packet analyzer 102 in the header of the received packet, generates a jumbo frame by combining received packets including the hash value in the header into one. The host transmitter 106 transmits the jumbo frame generated through the jumbo frame generator 104 to the host 2.

When the host processor 220 is a multi-core processor, it is advantageous for packet analysis to process packets of the same session for each core processor. Packets in the same session may be sessions with the same hash value. When the NIC 1 sends jumbo frames to the host 2, the hash value is included in the header of the received packet and transmitted to the host 2. When the host 2 distributes the received packet to the multi-core processor, the hash value is transmitted. The packets with the same hash value are distributed to the same core processor. Accordingly, the host 2 may achieve load balancing of the host processor 220 and maintain the flow connection on the same core processor. Load balancing means equalizing the processing of tasks among multiple core processors.

The host 2 may distribute a packet received from the NIC 1 to the multicore processor by supporting a receiver side scaling (RSS) function for high speed parallel packet processing using the multicore processor. When the packet analyzer 102 of the NIC 1 calculates the 5-tuple hash value, RSS specifies that packets having the same hash value are distributed to the same core processor.

The packet analyzer 102 according to another embodiment performs pattern matching to obtain pattern matching information. The jumbo frame generator 104 includes the pattern matching information in the header of the received packet, and combines the received packets including the pattern matching information in the header to generate one jumbo frame. The host transmitter 106 transmits the jumbo frame generated through the jumbo frame generator 104 to the host 2. The pattern matching information may include a pattern matching presence and pattern matching table ID.

As an example of pattern matching, the packet analyzer 102 searches for a predetermined pattern by comparing and analyzing the information of the received packet with a preset pattern. Through pattern matching, pattern matching information including pattern matching and a pattern matching table ID at the time of pattern matching can be obtained. Jumbo frame generation unit 104 includes the pattern matching information in the header of the received packets constituting the jumbo frame.

Hereinafter, the pattern matching of the packet analyzer 102 will be described in detail. Network security systems such as intrusion detection systems (IPS / IDS), information security, or APTs require the ability to detect user-defined signature patterns in real time to defend against zero-day attacks. The NIC 1 according to an embodiment provides a pattern matching acceleration function that is compatible with the PCRE / YARA standard to search for a user-defined pattern at a speed of 10 Gbps. Generally, DFA (Deterministic Finite Automata) and NFA (Nondeterministic Finite Automata) algorithms are used for pattern matching. The packet analyzer 102 according to an embodiment supports high-speed real-time PCRE / YARA pattern matching performance using a Hyper Finite Automata (HFA) pattern matching processor. As an example of pattern matching, the packet analyzer 102 tracks a TCP stateful flow including an SSL encrypted packet that is input, and finds in real time whether a PCRE / YARA signature represented by RegEx exists in the contents transmitted by decrypting and decrypting. Performs pattern matching function to provide high speed packet processing performance.

The packet analyzer 102 according to another embodiment performs security filtering to obtain filtering information. The jumbo frame generation unit 104 includes filtering information in the header of the received packet and combines the received packets including the filtering information in the header to generate one jumbo frame. The host transmitter 106 transmits the jumbo frame generated through the jumbo frame generator 104 to the host 2. The filtering information may include filtering presence and pattern matching table ID at the time of filtering.

As an example of security filtering, the packet analyzer 102 filters information of a predetermined received packet through comparative analysis of the information of the received packet and a preset pattern. Through filtering, filtering information including the presence of filtering and the pattern matching table ID at the time of filtering can be obtained. Jumbo frame generation unit 104 includes the filtering information in the header of the received packets constituting the jumbo frame.

Hereinafter, the security filtering will be described in detail. Examples of security filtering include ACLs and URL / IP filtering. The network security system should perform detailed packet analysis on the L2 / L3 / L4 / L7 layer for incoming packets to determine whether the packet is infected with malicious code or access to harmful sites. You need to implement a policy, such as a mirror. The NIC 1 according to an embodiment provides ACL and URL / IP filter functions to relieve the load of the packet detailed analysis of the host 2. For example, the packet analyzer 102 checks the URL information as the L7 address of the received packet to determine whether the packet is included in the harmful traffic list. do.

If the NIC 1 performs the pattern matching and security filtering function in advance before transmitting the packet to the host 2 and the result is included in the header of the received packet and transmitted to the host 2, the host processor 220 You can improve the performance of your network equipment by offloading the load.

As described above, packet classification information (hash value), pattern matching information, and filtering information have been described as examples of packet analysis information added to a header of a received packet during jumbo frame transmission. However, the packet analysis information is not limited thereto, and any information required by the host processor 220 may be used. Such information may be information that can reduce the packet processing load of the host processor 220. For example, coloring information, sampling information, TCP / IP offload information, high-definition deep packet inspection (DPI) offload ( DPI offload) information.

As described above, the packet transmitter 112 adds the analysis information obtained by the packet analyzer 102 to the packet received through the packet receiver 100 and transmits it to the host 2. In this case, a higher transmission bandwidth may be required than when receiving a packet through the packet receiver 100. However, according to an exemplary embodiment, the NIC 1 may collect a plurality of received packets through the jumbo frame generator 104 to make a jumbo frame and transmit the same through the host transmitter 106, thereby greatly reducing the transmission bandwidth. . Therefore, the packet receiver 100 can transmit more information to the host 2 at the same speed as when the packet receiver 100 receives the packet.

Jumbo frames sent to the host 2 are stored in the host memory 210 of the host 2. The host processor 220 of the host 2 analyzes the packets stored in the host memory 210 and then determines how to process the packets according to the analysis result, collects the packets from which the packet processing decision is made, and generates a jumbo frame. The jumbo frame to the NIC 1. The host receiver 108 receives jumbo frames from the host 2. The general packet generation unit 110 generates a general packet by separating the received jumbo frame. Generating normal packets by separating jumbo frames is a reverse process of generating jumbo frames by combining normal packets. The packet transmitter 112 transmits the general packet generated through the general packet generator 110 to the outside through a network.

3 is a packet structure for explaining the packet transmission time when transmitting to the host for each received packet in the NIC.

Referring to FIG. 3, in general, when a packet is transmitted, an interpacket gap (IPG) and a preamble are attached to each packet. The interval between packets is also called an interframe gap (IFG), and means a specific time interval between packets during packet transmission. With an idle period between packet transmissions, a short recovery time between packets allows the device to prepare for receipt of the next packet. The standard minimum packet spacing for transmission is 12B (bytes). The preamble is a bit string transmitted before each frame, and contains information necessary for synchronization or other communication. The size of the preamble is 8B (bytes). Accordingly, the sum of the intervals between the packets and the preamble is 20B (byte), and when the N packets are transmitted one by one, a packet transmission time of 20B × (N-1) is additionally generated.

FIG. 4 is a packet structure illustrating a packet transmission time when transmitting to a host in one jumbo frame combining general packets in a NIC according to an embodiment of the present invention.

4, a jumbo frame includes one jumbo header and packets (packet 1, packet 2, ..., packet N). Each packet (packet 1, packet 2, ..., packet N) includes a header and data, and the header includes packet analysis information (PA 1, PA 2, ..., PA N). The packet analysis information PA 1, PA 2,..., PA N may be packet classification information, pattern matching information, filtering information, and the like. Jumbo headers are added one per jumbo frame and include DMAC, SMAC, and Type information, and may have a size of 14B.

Referring to FIGS. 3 and 4, the packet transmission time when transmitting by packet (FIG. 3) and the packet transmission time when transmitting one jumbo frame (FIG. 4) are compared. The packet transmission time saved when one jumbo frame is transmitted is 20B x (N-1)-(Jumbo header size). For example, in the case of 128 64B packets and jumbo header: 14B, the saved packet transmission time is 20B × (128-1)-(14B) = 2526B. That is, it can be seen that the size time of 2,526B is saved. The 64B packet consists of 46B data and 18B header, and the packet analysis information is included in the 18B header.

So far, the present invention has been described with reference to the embodiments. Those skilled in the art will appreciate that the present invention can be implemented in a modified form without departing from the essential features of the present invention. Therefore, the disclosed embodiments should be considered in descriptive sense only and not for purposes of limitation. The scope of the present invention is shown in the claims rather than the foregoing description, and all differences within the scope will be construed as being included in the present invention.

Claims (10)

A packet receiver for receiving a packet through a network;
A packet analyzer configured to primarily analyze received packets to generate packet analysis information;
A jumbo frame generation unit including packet analysis information in a header of the received packet and generating one jumbo frame by combining received packets including the packet analysis information; And
A host transmitter for transmitting jumbo frames to the host; Including;
A jumbo frame includes a jumbo header, a header including packet analysis information per packet, and packet data. The method of claim 1, wherein the packet analysis information
And any one of packet classification information, pattern matching information, and filtering information. delete The method of claim 1, wherein the packet analysis unit
Packet analysis obtains 5-tuple information of each received packet, calculates hash value from 5-tuple information,
The jumbo frame generation unit
And calculating the jumbo frame by including the calculated hash value in the header of the received packets constituting the jumbo frame and combining the received packets including the hash value in the header. The method of claim 1, wherein the packet analysis unit
Pattern matching information is obtained by comparing and analyzing the information of the received packet with a preset pattern to search for a predetermined pattern,
The jumbo frame generation unit
And including the pattern matching information in the header of the received packet and generating the jumbo frame by combining the received packets including the pattern matching information in the header. The method of claim 5, wherein the pattern matching information is
A network interface device comprising a pattern matching presence and pattern matching table ID. The method of claim 1, wherein the packet analysis unit
Obtains filtering information by performing security filtering to filter information of a predetermined received packet by comparing the information of the received packet with a preset pattern,
The jumbo frame generation unit
And a jumbo frame by including the filtering information in the header of the received packet and combining the received packets including the filtering information in the header. 8. The method of claim 7, wherein the filtering information is
And a pattern matching table ID at the time of filtering. The apparatus of claim 1, wherein the network interface device is
A host receiver configured to receive jumbo frames from a host;
A general packet generation unit for generating a general packet by separating the received jumbo frames; And
A packet transmitter for transmitting the generated general packet through a network;
Network interface device further comprises. The method of claim 1, wherein the host transmitter is
A network interface device for transferring jumbo frames to a host memory of a host by direct memory access (DMA).

Images