Building Network Automation Solutions
6 week online course starting in September 2017

PF_RING Deep Dive with Luca Deri on Software Gone Wild

Whenever software switching nerds get together and start discussing the challenges of high-speed x86-based switching, someone inevitably mentions PF_RING, an open-source library that gives you blazingly fast packet processing performance on a Linux server.

I started recording a podcast with Luca Deri, the author of PF_RING, but we diverted into discussing ntopng, Luca’s network monitoring software. We quickly fixed that and recorded another podcast – this time, it’s all about PF_RING, and we discussed these topics:

  • What is the difference between PF_RING and the Linux built-in packet capturing module;
  • How can you process over 10 million packets per second per CPU core?
  • Do you need special device drivers for PF_RING or can you use the standard Linux NIC drivers?
  • How does a packet processing application interact with the PF_RING library?
  • How do you spread packets across multiple cores, multiple copies of monitoring application, or even multiple monitoring applications?

To learn more about PF_RING, listen to Episode 30 of Software Gone Wild.

2 comments:

  1. I'm a big fan of PF_RING using both ntop.org's packet capture/playback systems and in some custom software that uses it.

    Windows has a similar "raw packet" interface called Registered I/O (RIO).

    I wish Linux had a "raw packet" interface built into the kernel out of the box!

    ReplyDelete
  2. Will PF_RING works for per VAPs in WiFi acces point ?

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.