Advancements in Traffic Processing Using Programmable Hardware Flow Offload

TL;DR

This paper explores how programmable hardware, specifically SmartNICs, enhances network traffic processing and monitoring, highlighting performance benefits and current limitations in flow table management.

Contribution

It provides an in-depth analysis of SmartNICs' capabilities for flow offload and discusses performance trade-offs in network probing applications.

Findings

SmartNICs significantly improve forwarding performance over CPU-based solutions.

Flow table size in host memory remains a key challenge for realistic applications.

Flow offload benefits are evident but limited by memory management issues.

Abstract

The exponential growth of data traffic and the increasing complexity of networked applications demand effective solutions capable of passively inspecting and analysing the network traffic for monitoring and security purposes. Implementing network probes in software using general-purpose operating systems has been made possible by advances in packet-capture technologies, such as kernel-bypass frameworks, and by multi-queue adapters designed to distribute the network workload in multi-core processors. Modern SmartNICs, in addition, have introduced stateful mechanisms to associate actions to network flows such as forwarding packets or updating traffic statistics for an individual flow. In this paper, we describe our experience in exploiting those functionalities in a modern network probe and we perform a detailed study of the performance characteristics under different scenarios. Compared to pure CPU-based solutions, SmartNICs with flow-offload technologies provide substantial benefits when implementing forwarding applications. However, the main limitation of having to keep large flow tables in the host memory remains largely unsolved for realistic monitoring and security applications.