Hardware nanosecond-precision timestamping for line-rate packet capture

IF 1.3 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
IET Networks Pub Date : 2024-01-19 DOI:10.1049/ntw2.12114
Xiaoying Huang
{"title":"Hardware nanosecond-precision timestamping for line-rate packet capture","authors":"Xiaoying Huang","doi":"10.1049/ntw2.12114","DOIUrl":null,"url":null,"abstract":"<p>Cybersecurity events occur frequently. When it comes to investigating security threats, it is essential to offer a 100 percent accurate and packet-level network history, which depends on packet capture with high precision packet timestamping. Many packet capture applications are developed based on data plane development kit (DPDK)—a set of libraries and drivers for fast packet processing. However, DPDK cannot give an accurate timestamp for every packet, and it is unable to truly reflect the order in which packets arrive at the network interface card. In addition, DPDK-based applications cannot achieve zero packet loss when the packet is small such as 64 B for beyond 10 Gigabit Ethernet. Therefore, the authors proposed a new method based on Field-Programmable Gate Array (FPGA) to solve this problem. The authors also develop a DPDK driver for FPGA devices to make the design compatible with all DPDK-based applications. The proposed method performs timestamping at line-rate for 10 Gigabit Ethernet traffic at 4 ns precision and 1 ns precision for 25 Gigabit, which greatly improves the accuracy of security incident retrospective analysis. Furthermore, the design can capture full-size packets for any protocol with zero packet loss and can be applied to 40/100 Gigabit systems as well.</p>","PeriodicalId":46240,"journal":{"name":"IET Networks","volume":null,"pages":null},"PeriodicalIF":1.3000,"publicationDate":"2024-01-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ntw2.12114","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Networks","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/ntw2.12114","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Cybersecurity events occur frequently. When it comes to investigating security threats, it is essential to offer a 100 percent accurate and packet-level network history, which depends on packet capture with high precision packet timestamping. Many packet capture applications are developed based on data plane development kit (DPDK)—a set of libraries and drivers for fast packet processing. However, DPDK cannot give an accurate timestamp for every packet, and it is unable to truly reflect the order in which packets arrive at the network interface card. In addition, DPDK-based applications cannot achieve zero packet loss when the packet is small such as 64 B for beyond 10 Gigabit Ethernet. Therefore, the authors proposed a new method based on Field-Programmable Gate Array (FPGA) to solve this problem. The authors also develop a DPDK driver for FPGA devices to make the design compatible with all DPDK-based applications. The proposed method performs timestamping at line-rate for 10 Gigabit Ethernet traffic at 4 ns precision and 1 ns precision for 25 Gigabit, which greatly improves the accuracy of security incident retrospective analysis. Furthermore, the design can capture full-size packets for any protocol with zero packet loss and can be applied to 40/100 Gigabit systems as well.

Abstract Image

用于线速数据包捕获的纳秒级精度硬件时间戳
网络安全事件频繁发生。在调查安全威胁时,必须提供 100% 准确的数据包级网络历史记录,而这取决于具有高精度数据包时间戳的数据包捕获。许多数据包捕获应用都是基于数据平面开发套件(DPDK)开发的,这是一套用于快速数据包处理的库和驱动程序。然而,DPDK 无法为每个数据包提供准确的时间戳,也无法真实反映数据包到达网络接口卡的顺序。此外,当数据包较小时,如超过万兆以太网的 64 B 数据包,基于 DPDK 的应用程序无法实现零数据包丢失。因此,作者提出了一种基于现场可编程门阵列(FPGA)的新方法来解决这个问题。作者还为 FPGA 设备开发了 DPDK 驱动程序,使设计与所有基于 DPDK 的应用兼容。所提出的方法以线速对万兆以太网流量执行时间戳,精度为 4 ns,对 25 千兆以太网流量执行时间戳,精度为 1 ns,大大提高了安全事件回顾分析的准确性。此外,该设计可捕获任何协议的全尺寸数据包,且数据包丢失为零,还可应用于 40/100 千兆位系统。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
IET Networks
IET Networks COMPUTER SCIENCE, INFORMATION SYSTEMS-
CiteScore
5.00
自引率
0.00%
发文量
41
审稿时长
33 weeks
期刊介绍: IET Networks covers the fundamental developments and advancing methodologies to achieve higher performance, optimized and dependable future networks. IET Networks is particularly interested in new ideas and superior solutions to the known and arising technological development bottlenecks at all levels of networking such as topologies, protocols, routing, relaying and resource-allocation for more efficient and more reliable provision of network services. Topics include, but are not limited to: Network Architecture, Design and Planning, Network Protocol, Software, Analysis, Simulation and Experiment, Network Technologies, Applications and Services, Network Security, Operation and Management.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信