tag:blogger.com,1999:blog-37798047.post1624268432996622726..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: Net ring-buffers are essential to an OSDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-37798047.post-29314320319156425722016-01-27T17:05:23.106-05:002016-01-27T17:05:23.106-05:00In todays terms, it means it's relatively triv...<i>In todays terms, it means it's relatively trivial to use a desktop system (quad-core, 3 GHz) to create a 10-gbps firewall that passes 30 million packets/second (bidirectional), at wire speed.</i><br /><br />We are actually doing it with DPDK using 2 Xeon cores and stateless ACLs. And also rate-limiting. And encapsulating packets. :)<br /><br />It is worth noting that while PF_RING ZC and Netmap require modified drivers, DPDK and Snabb Switch come with their own. The bad thing is that you can't easily mix kernel and dataplane traffic using different queues. The good thing is that it requires thin driver that replaces NIC driver and exposes card (via UIO) to real driver inside DPDK.Paweł Małachowskihttps://www.blogger.com/profile/15487593294898483807noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-31658728508645177232016-01-27T16:36:10.690-05:002016-01-27T16:36:10.690-05:00You wrote:
"Modern network machines, whether ...You wrote:<br />"Modern network machines, whether web servers or firewalls, have to parts: the control-plane …, and the data-plane…"<br />Really?<br /><br />I thought all our troubles in life were because the data and control plane were not separated. We are stuck in the world of the von Neumann architecture where everything is in the same address space.Matthttps://www.blogger.com/profile/15755507162292774093noreply@blogger.com