mirror of https://github.com/OISF/suricata
Lukas Sismis
2 years ago
committed by
Victor Julien
parent
c4b0c2888d
commit
11c3aa868d
@ -0,0 +1,97 @@
|
||||
.. _dpdk:
|
||||
|
||||
DPDK
|
||||
====
|
||||
|
||||
Introduction
|
||||
-------------
|
||||
|
||||
The Data Plane Development Kit (DPDK) is a set of libraries and drivers that
|
||||
enhance and speed up packet processing in the data plane. Its primary use is to
|
||||
provide faster packet processing by bypassing the kernel network stack, which
|
||||
can provide significant performance improvements. For detailed instructions on
|
||||
how to setup DPDK, please refer to :doc:`../configuration/suricata-yaml` to
|
||||
learn more about the basic setup for DPDK.
|
||||
The following sections contain examples of how to set up DPDK and Suricata for
|
||||
more obscure use-cases.
|
||||
|
||||
Bond interface
|
||||
--------------
|
||||
|
||||
Link Bonding Poll Mode Driver (Bond PMD), is a software
|
||||
mechanism provided by the Data Plane Development Kit (DPDK) for aggregating
|
||||
multiple physical network interfaces into a single logical interface.
|
||||
Bonding can be e.g. used to:
|
||||
|
||||
* deliver bidirectional flows of tapped interfaces to the same worker,
|
||||
* establish redundancy by monitoring multiple links,
|
||||
* improve network performance by load-balancing traffic across multiple links.
|
||||
|
||||
Bond PMD is essentially a virtual driver that manipulates with multiple
|
||||
physical network interfaces. It can operate in multiple modes as described
|
||||
in the `DPDK docs
|
||||
<https://doc.dpdk.org/guides/prog_guide/link_bonding_poll_mode_drv_lib.html>`_
|
||||
The individual bonding modes can accustom user needs.
|
||||
DPDK Bond PMD has a requirement that the aggregated interfaces must be
|
||||
the same device types - e.g. both physical ports run on mlx5 PMD.
|
||||
Bond PMD supports multiple queues and therefore can work in workers runmode.
|
||||
It should have no effect on traffic distribution of the individual ports and
|
||||
flows should be distributed by physical ports according to the RSS
|
||||
configuration the same way as if they would be configured independently.
|
||||
|
||||
As an example of Bond PMD, we can setup Suricata to monitor 2 interfaces
|
||||
that receive TAP traffic from optical interfaces. This means that Suricata
|
||||
receive one direction of the communication on one interface and the other
|
||||
direction is received on the other interface.
|
||||
|
||||
::
|
||||
|
||||
...
|
||||
dpdk:
|
||||
eal-params:
|
||||
proc-type: primary
|
||||
vdev: 'net_bonding0,mode=0,slave=0000:04:00.0,slave=0000:04:00.1'
|
||||
|
||||
# DPDK capture support
|
||||
# RX queues (and TX queues in IPS mode) are assigned to cores in 1:1 ratio
|
||||
interfaces:
|
||||
- interface: net_bonding0 # PCIe address of the NIC port
|
||||
# Threading: possible values are either "auto" or number of threads
|
||||
# - auto takes all cores
|
||||
# in IPS mode it is required to specify the number of cores and the
|
||||
# numbers on both interfaces must match
|
||||
threads: 4
|
||||
...
|
||||
|
||||
In the DPDK part of suricata.yaml we have added a new parameter to the
|
||||
eal-params section for virtual devices - `vdev`.
|
||||
DPDK Environment Abstraction Layer (EAL) can initialize some virtual devices
|
||||
during the initialization of EAL.
|
||||
In this case, EAL creates a new device of type `net_bonding`. Suffix of
|
||||
`net_bonding` signifies the name of the interface (in this case the zero).
|
||||
Extra arguments are passed after the device name, such as the bonding mode
|
||||
(`mode=0`). This is the round-robin mode as is described in the DPDK
|
||||
documentation of Bond PMD.
|
||||
Members (slaves) of the `net_bonding0` interface are appended after
|
||||
the bonding mode parameter.
|
||||
|
||||
When the device is specified within EAL parameters, it can be used within
|
||||
Suricata `interfaces` list. Note that the list doesn't contain PCIe addresses
|
||||
of the physical ports but instead the `net_bonding0` interface.
|
||||
Threading section is also adjusted according to the items in the interfaces
|
||||
list by enablign set-cpu-affinity and listing CPUs that should be used in
|
||||
management and worker CPU set.
|
||||
|
||||
::
|
||||
|
||||
...
|
||||
threading:
|
||||
set-cpu-affinity: yes
|
||||
cpu-affinity:
|
||||
- management-cpu-set:
|
||||
cpu: [ 0 ] # include only these CPUs in affinity settings
|
||||
- receive-cpu-set:
|
||||
cpu: [ 0 ] # include only these CPUs in affinity settings
|
||||
- worker-cpu-set:
|
||||
cpu: [ 2,4,6,8 ]
|
||||
...
|
||||
Loading…
Reference in New Issue