KR20080102889A - Traffic partition processing apparatus and method thereof, multiprocessing system - Google Patents

Abstract

A traffic division processing unit, a method and an apparatus thereof including a multiprocessing system are provided to improve the packet process performance of entire system by simultaneously performing a packet analysis software in two or more processes. A dividing unit(120) classifies a received packet. An I/O bus processing unit(130) performs DMA(Direct Memory Access) to a packet memory of two or more packet memory in the classified host. The packet is classified according to predefined method according to a kind of application. A network interface unit receives a packet from network and outputted to the dividing unit. The host includes a plurality of processes and packet memory.

Description

Traffic partition processing apparatus and method, and multiprocessing system including same apparatus

1 is a block diagram of a conventional multiprocessing system.

2 is a block diagram of a multi-processing system according to the present invention.

3 is a block diagram of a traffic splitting apparatus according to the present invention;

4 is a flowchart of a traffic segmentation processing method according to the present invention;

The present invention relates to a symmetric multiprocessing (SMP) system, and more particularly, to an apparatus and method for processing high-speed network traffic in an SMP system.

The SMP system is a system that improves the performance of the overall system by distributing the processing in the system by installing multiple processors that share memory, and is applied to most server systems on the market. In SMP systems, processors share memory, input and output buses, and data paths. In addition, one processor manages processors installed in the SMP system, so that one processor is viewed as one system. Such an SMP system has the advantage of improving performance because a large number of users or tasks need to be performed, so that different users or tasks can be divided into different processors.

However, the disadvantage of the SMP system developed so far is that the partition unit for each task is limited to a process or thread unit. That is, one application program does not run simultaneously using several processes, and at one point in time, one program runs only on one processor. In order to solve this problem, a lot of researches have been conducted in the field of parallel programs or parallel systems to execute a program on multiple processors.

In addition to improving the performance of the processor as described above, the system has been developed to improve the performance of the system by mounting several processors in a single system. The network communication technology is also continuously developing and transmitting and receiving several tens of Gbps of traffic. A transmission technology that can be used is commercially used.

As network communication technology becomes faster, network systems are required to handle more traffic. When using a server platform using an SMP system having a flexible structure that is processed by software rather than a hardware-based processing system due to the complexity and variability of requirements. There are many.

However, the network system of the software method using the SMP server platform has a limitation of the multiprocessing system described above, that is, in order to process the traffic received through the network interface, the received packet must be processed sequentially in one process. The performance of is limited by the performance of one processor rather than the sum of the multiple processors mounted on the server platform.

Due to the performance limitations of these processors, network systems using existing SMP server platforms can only handle traffic under several Gbps. For this reason, although a conventional software network system has a large number of processors, it cannot analyze and process traffic of more than 10 Gbps.

1 is a block diagram of a conventional network security system.

The SMP server platform is equipped with two processors (processor 0 and processor 1), and one network interface card (NIC) is mounted through the server system's PCI bus. When the packet received by the network interface card is transferred to the packet memory area of the system through DMA (Direct Memory Access), the packet processing software reads and processes the packet, and the packet processing software executes the processor 0. Alternatively, only one processor of processor 1 is mounted.

In this network security system architecture, although the SMP system is equipped with two processors, the packet analysis software does not use both processors but uses only one processor.

SUMMARY OF THE INVENTION The present invention was derived from this background, and an object thereof is to provide a traffic splitting processing apparatus and method for supporting high speed traffic analysis and processing, and a multiprocessing system including the apparatus.

The above technical problem is classified according to the present invention; And an input / output bus processing unit for directing DMA to the corresponding packet memory among two or more packet memories of the host.

The division unit may classify the packet in a predefined manner according to the type of application executed in the host.

The traffic partition processing apparatus may further include a DMA buffer corresponding to each packet memory, wherein the input / output bus processing unit DMAs the packet to the corresponding packet memory using a DMA buffer matching the divided packet.

On the other hand, according to another field of the present invention, the above technical problem comprises the steps of receiving a packet from a network line; Classifying the received packet; DMA to the corresponding packet memory of the two or more packet memories of the host; is also achieved by the traffic partition processing method comprising a.

On the other hand, according to another field of the present invention, the above technical problem is a host including a plurality of processors and packet memories; A network interface unit for receiving a packet from a network line, a divider for dividing the received packet, DMA buffers corresponding to the divided packets, and a DMA buffer corresponding to the divided packets are used. It is also achieved by a multi-processing system including a traffic partition processing apparatus including an input and output bus processing unit for DMA the packet to the packet memory of the host matched to the DMA buffer.

The foregoing and further aspects of the present invention will become more apparent through the preferred embodiments described with reference to the accompanying drawings. Hereinafter, the present invention will be described in detail to enable those skilled in the art to easily understand and reproduce the present invention.

2 is a block diagram of a multiprocessing system according to the present invention.

The multiprocessing system is utilized as a network security system or a traffic management system.

The traffic segmentation processing apparatus 100 collects, divides, and transmits network traffic to the multiplexed packet memory, thereby simultaneously executing packet analysis software (application 0 and application 1) on both processor 0 and processor 1.

In one embodiment, the traffic splitting apparatus 100 also serves as a network interface card. Therefore, the traffic splitting apparatus 100 may receive a packet directly from a network line. Otherwise, the traffic segmentation processing apparatus 100 may be implemented to be located in the host 200 and receive a packet from a network interface card, as shown.

The host 200 is a symmetric multiprocessing (SMP) -based server, which allows analysis software (application 0 and application 1) to independently occupy a processor according to multiplexed packet memories to analyze and manage received packets. . To this end, packet memories are logically or physically separated.

Meanwhile, a bus arbiter 210, an I / O bus controller 220, and an I / O bus interface 230, which are components included in the host 200, may be used. The same components are in charge of input and output of signals and data, and control of bus usage rights.

3 is a block diagram of a traffic splitting apparatus according to the present invention.

The traffic splitting apparatus 100 includes a network interface unit 110, a packet separator 120, an input / output bus processor 130, and DMA buffers 140.

The network interface unit 110 is composed of a network physical layer MAC and PHY. The network interface unit 110 receives a packet from a network circuit, for example, receives a packet through a splitter. Here, the network interface unit 110 serves as a conventional network interface card.

For example, the traffic splitting apparatus 100 according to the present invention may be mounted in the host 200 in the form of a network interface card, and in this case, the traffic splitting apparatus 100 may be mounted in the form of a PCI interface card. However, when the network interface card is implemented separately, the network interface unit 110 is excluded from the traffic splitting apparatus 100.

The packet separator 120 classifies the packet received by the network interface unit 110 according to a predetermined criterion. In the present embodiment, the packet separator 120 classifies packets in a predefined manner according to the type of application executed in the host 200.

In the present embodiment, if the application type is a type for analyzing the traffic, packet classification should be classified according to the traffic classification required by the application. For example, there may be a method of using IP 5-tuple, or a method of using an IP source address and a destination address to distinguish a peer-to-peer.

If the application type needs to be handled separately from the control connection and data connection, the control connection corresponding to a specific protocol may be received as DMA channel 0, and the data connection according to the control connection may be received as DMA channel 1. As a representative example, in the CDMA network, the R-P interface and the Pi interface may be separately received.

We can define the packet classification method by application type as below.

1) Application Type: Traffic Management System

→ Category 1: IPv4 or IPv6 5-tuple (sourceAddress, destinationAddress, protocol, transportDestinationPort, transportSourcePort)

→ Category 2: Peer-to-peer (sourceAddress, destinationAddress)

2) Application Types: IDS, IPS, and Firewall Systems

→ Category 1: IPv4 or IPv6 5-tuple

→ classification method 2: classification according to a specific protocol or packet pattern

3) Application Type: CDMA Call Monitoring System

→ Classification: call control related packets (A11 and A10 packets) and data related packets

4) Application Type: WCDMA Call Monitoring System

→ Classification: call control related packet (GTP packet) and data related packet (L2TP)

5) There can be many according to user requirements and so on

For example, a method of classifying a packet traffic flow using a hash using IPv4 5-tuple, for example, the packet separator 120 extracts information from a network layer header and a transport layer header of a packet, The traffic flow of the packet may be distinguished by performing an operation by a checksum or a CRC.

In a typical network security system and traffic management apparatus, a packet to be processed in one process is a session that is communicated between network hosts, and the packet is divided in consideration of this fact.

The I / O bus processor 130 DMAs the packet to the packet memory of the host by using the DMA buffer 140 matching the traffic flow classified by the packet separator 120. In FIG. 2, the number of DMA buffers 140 is expandable to N. However, the DMA buffers 140 may be expanded in proportion to the number of processors mounted in the host 200. In addition, the number of DMA buffers 140 preferably matches the number of traffic flows separated by the packet separator 120.

As such, the traffic splitting apparatus 100 according to the present invention guarantees that the packets belonging to the same flow session are DMAed to the same packet memory, so that the network analysis software (Application0, Application1) is independent of each other. Occupies the processor 1) so that traffic can be analyzed.

4 is a flowchart of a traffic segmentation processing method according to the present invention.

First, the network interface unit 110 receives a packet transmitted through a network line (step S410). The packet separator 120 parses the received packet and classifies the packet from the parsed information (step S420) (step S430). The packet classification is performed in a predefined manner according to the application type, as described above. The input / output bus processor 130 DMAs the packet to the corresponding packet memory of the host 200 using the DMA buffer matched for each traffic flow (step S440).

The traffic splitting apparatus 100 repeats the above-described process with respect to the packet received from the network line.

On the other hand, the above-described network packet storage method can be created by a computer program. Codes and code segments constituting the program can be easily inferred by a computer programmer in the art. In addition, the program is stored in a computer readable media, and read and executed by a computer to implement a network packet storage method. The information storage medium includes a magnetic recording medium, an optical recording medium, and a carrier wave medium.

So far I looked at the center of the preferred embodiment for the present invention. Those skilled in the art will appreciate that the present invention can be implemented in a modified form without departing from the essential features of the present invention. Therefore, the disclosed embodiments should be considered in descriptive sense only and not for purposes of limitation. The scope of the present invention is shown in the claims rather than the foregoing description, and all differences within the scope will be construed as being included in the present invention.

As described above, the present invention makes it possible to efficiently use a plurality of processors installed in the system by using traffic split transmission when receiving and analyzing high-speed network traffic of 10 Gbps or more in the SMP server system.

On the other hand, by multiplexing the software so that it can be executed on each processor, traffic can be divided and distributed. But if you need to analyze high-speed traffic of 10Gbps or more, a bottleneck occurs in the memory access, so it is difficult to improve performance by multiplexing only software.

Accordingly, in the present invention, by applying the above-described traffic splitting apparatus and method, the received packet is divided and DMA into the multiplexed packet memory, thereby eliminating the bottleneck of the memory and improving the performance of the overall system.

The difference between the traffic splitting method in a software way and the traffic splitting method according to the present invention is as follows. In this calculation method, the following assumptions are made for convenience of explanation.

`` Analytical software running on each processor in the SMP system continuously performs an amount of computation that takes up more than 100% of the processor's occupancy. ''

Even real traffic management systems often require more processor operations for more precise analysis.

《Distributed by software》

In the case of decentralizing the received traffic by multiplexing only the software, it can be inferred as follows from the viewpoint of memory access. However, for convenience of comparison, it is assumed that the SMP system equipped with two processors is configured to distribute the software in two, and it is assumed that high-speed network traffic of 10Gbps or more is received and analyzed by the network interface card.

(1) Send the packet received from the network interface card to the host's packet memory (used memory bandwidth: 10Gbps)

(2) Access to packets received in packet memory from analysis software (memory bandwidth used: 10 Gbps)

(3) Access to packets received in packet memory in the second analysis software (memory bandwidth used: 10 Gbps)

The calculations for memory access above are based on the assumption that each analysis software accesses the packet memory without copying the memory using shared memory. If you do a memory copy or use the kernel's protocol stack, you don't consider it because there are more memory accesses than this, which further degrades performance.

In case of distributing traffic using software as above, all access to packet memory consumes 30Gbps (1 + 2 + 3) bandwidth.

《Distributed by using traffic partitioning method》

In the case of distributed processing using the traffic partitioning method under the same assumption as the distributed software described above, the following memory access is required.

(1) Send the packet received by the traffic splitting processing unit to the multiplexed packet memory of the host (used memory bandwidth: 10Gbps)

(2) Access to packets received in packet memory from analysis software (memory bandwidth used: 5 Gbps)

(3) Access to packets received in packet memory in the second analysis software (memory bandwidth used: 5 Gbps)

The calculation for the memory access above indicates that the received packets are distributed to each software by 50% each, but this may cause a deviation depending on the traffic characteristics of the network and the method of distinguishing the traffic. However, because the sum of the traffic handled by the two software is 10Gbps, the bandwidth required for access to the packet memory for traffic analysis is constant up to 10Gbps.

Segmenting traffic in this way improves the overall system performance by keeping memory operations the same as those processed by one analysis software and allowing the analysis software to run on each processor.

Assuming that the packet memory access and the number of processors are two, theoretically, the performance can be twice as high, but considering that the software's executable code is in memory, we can expect about 1.5 times the performance.

In the previous example, a system equipped with two processors is assumed. However, considering that the processor is distributed as many as the number of processors in a system equipped with two or more processors, the software distributed processing method increases the packet memory by the number of increased analysis software. Although the access is increased, the traffic segmentation method according to the present invention can further improve performance by increasing the number of analysis software while keeping the access of the packet memory constant in the total sum.

Claims (8)

A separator for classifying the received packet; And An input / output bus processing unit for directing the divided packets to a corresponding packet memory among two or more packet memories of a host; Traffic partition processing apparatus comprising a. The method of claim 1, The division unit, the traffic splitting apparatus, characterized in that for classifying the packet in a predefined manner according to the type of application running on the host. The method of claim 1, And a corresponding DMA buffer for each packet memory. And the I / O bus processing unit DMAs the packet to a corresponding packet memory using a DMA buffer matched with the divided packet. The method according to any one of claims 1 to 3, A network interface unit for receiving a packet from a network line and outputting the packet to the division unit; Traffic partition processing apparatus further comprises. Receiving a packet from a network circuit; Classifying the received packet; DMA the divided packet to a corresponding one of two or more packet memories of a host; Traffic segmentation processing method comprising a. The method of claim 5, The dividing step may be configured to classify packets according to a predefined method according to an application type executed in the host. A host including a plurality of processors and packet memories; A network interface unit for receiving packets from a network line, a division unit for distinguishing the received packets, DMA buffers corresponding to the divided packets, and a DMA buffer corresponding to the divided packets A traffic partition processing unit including an input / output bus processing unit for DMAs the packet to the packet memory of the host matched to a DMA buffer; Multi-processing system comprising a. The method of claim 7, wherein The division unit, the multi-processing system, characterized in that for classifying the packet in a predefined manner according to the type of application running on the host.

Images