How to Build DPI Products? (Part IX - Packet Scheduling)

A new research covering one more internal aspect of DPI products, by Terry Nelms and Mustaque Ahamad (picture) from the Georgia Institute of Technology.

See "Packet Scheduling for Deep Packet Inspection on Multi-Core Architectures". The paper and slides, presented at ACM/IEEE Symposium on Architectures for Networking and Communications Systems, are accessible from here.

Multi-core architectures are commonly used for network applications because the workload is highly parallelizable. Packet scheduling is a critical performance component of these applications and significantly impacts how well they scale. Deep packet inspection (DPI) applications are more complex than most network applications. This makes packet scheduling more difficult, but it can have a larger impact on performance. Also, packet latency and ordering requirements differ depending on whether the DPI application is deployed inline. Therefore, different packet scheduling tradeoffs can be made based on the deployment.

In this paper, we evaluate three packet scheduling algorithms with the Protocol Analysis Module (PAM) as our DPI application using network traces acquired from production networks where intrusion prevention systems (IPS) are deployed. One of the packet scheduling algorithms we evaluate is commonly used in production applications; thus, it is useful for comparison. The other two are of our own design. Our results show that packet scheduling based on cache affinity is more important than trying to balance packets. More specifically, for the three network traces we tested, our cache affinity packet scheduler outperformed the other two schedulers increasing throughput by as much as 38%.

Abstract