The promise of filtering packets in hardware is not new. Unfortunately filtering network adapters are pretty expensive, not to mention if they run at 10 Gbit. Furthermore many commercial FPGA-based NICs feature hardware packet filtering, but often require card reconfiguration whenever flow rules are added/removed and have a limited set of rules that can be configured.
The release of Intel X520, the first NIC based on the 82599-controller, has triggered my interest as this controller is much more powerful than what Linux can do with it. Thanks to support from Intel and in particular Joseph Gasparakis of Intel Shannon, I have jointly developed an extension to the ixgbe driver (used to drive 82599-based NICs) for adding hardware packet filtering support. Thanks to this work, users can specify up to 32K (yes thirty-two thousand) filters that can be added on the fly without any hardware reconfiguration. And if you want the cherry on top, the cost per port of X520 is well below 1000$. So you now have no reason for not jumping on the 10 Gbit wagon. The enhanced driver is released free of charge as part of the PF_RING distribution (inside PF_RING/drivers/intel). If you also want packet capture acceleration in addition to hardware filtering you can use TNAPI that now supports hardware packet filtering too. You can find more information about this work at this page: http://www.ntop.org/blog/?p=192 Enjoy Luca --- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. - Brian W. Kernighan _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
