PFQ is a novel linux kernel module designed for packet capturing on multicore architectures. After 2 months of hard work I’m proud to unveil the first results. Even if the software is still in its infancy the performance is one of its strength.
PFQ is capable of capturing million packets per second running on a commodity Xeon processor, equipped with an Intel 82599 10G network adapter.
The graph shows how well PFQ scales with the number of cores. The performance scales linearly up to the number of physical cores involved in the capturing process, 6 in my case. The second 6 cores are in reality virtual cores, rendered by the Intel hyper-threading machinery.
PFQ capturing system
My testbed shows that PFQ can capture and copy to userspace up to 10 Million 12.5 Millions (42 Millions with copies) packets per seconds (64-bytes long) by deploying 6 cores @2.66Ghz in the capturing process and the multi-queue Intel 82599 ethernet adapter.
With a recent optimization, the CPU load-average is about 25% (per core) 15% per core. In comparison, the PF_PACKET socket, when used in memory map mode as in pcap library, can capture no more than few hundred thousand or so packets per second.
The PFQ source code is available for download at github: https://github.com/pfq!
Enjoy!
Nicola
Filed under: linux, networking, kernel
Ma niente più news?!
[…] Read Startup article here: https://nicolabonelli.wordpress.com/2011/04/24/introducing-pfq/#more-416 […]