The exponential growth of data traffic and the increasing complexity of networked applications demand effective solutions capable of passively inspecting and analysing the network traffic for monitoring and security purposes. Implementing network probes in software using general-purpose operating systems has been made possible by advances in packet-capture technologies, such as kernel-bypass frameworks, and by multi-queue adapters designed to distribute the network workload in multi-core processors. Modern SmartNICs, in addition, have introduced stateful mechanisms to associate actions to network flows such as forwarding packets or updating traffic statistics for an individual flow. In this paper, we describe our experience in exploiting those functionalities in a modern network probe and we perform a detailed study of the performance characteristics under different scenarios. Compared to pure CPU-based solutions, SmartNICs with flow-offload technologies provide substantial benefits when implementing forwarding applications. However, the main limitation of having to keep large flow tables in the host memory remains largely unsolved for realistic monitoring and security applications.

翻译：数据流量的指数级增长与网络应用日益复杂的特性，要求我们为监控和安全目的提供能够被动检测与分析网络流量的有效解决方案。借助内核旁路框架等数据包捕获技术的进步，以及专为在多核处理器中分配网络负载而设计的多队列适配器，在通用操作系统上以软件方式实现网络探针已成为可能。此外，现代智能网卡引入了有状态机制，可将特定操作（如转发数据包或更新单个流的流量统计信息）与网络流相关联。本文阐述了我们在现代网络探针中利用这些功能的实践经验，并对不同场景下的性能特征进行了详细研究。与纯基于CPU的解决方案相比，采用流卸载技术的智能网卡在实现转发应用时具有显著优势。然而，对于实际的监控与安全应用而言，仍需在主机内存中维护大型流表这一主要限制仍未得到根本解决。