通用平台高性能可扩展网络地址转换系统

doi:10.13190/j.jbupt.2020-133

北京邮电大学学报 ›› 2021, Vol. 44 ›› Issue (2): 14-19.doi: 10.13190/j.jbupt.2020-133

• 未来网络体系架构和关键技术专题 • 上一篇下一篇

通用平台高性能可扩展网络地址转换系统

李峻峰, 李丹, 黄昱恺, 程阳, 令瑞林

清华大学计算机科学与技术系, 北京 100084

收稿日期:2020-08-20 出版日期:2021-04-28 发布日期:2021-04-28
通讯作者: 李丹(1981-),男,教授,E-mail:tolidan@tsinghua.edu.cn. E-mail:tolidan@tsinghua.edu.cn
作者简介:李峻峰(1992-),男,博士生.
基金资助:
国家重点研发计划项目（2018YFB1800100）；广东省重点领域研发计划项目（2018B010113001）；国家自然科学基金项目（61432002，61772305，61672499）

High Performance and Scalable NAT System on Commodity Platforms

LI Jun-feng, LI Dan, HUANG Yu-kai, CHENG Yang, LING Rui-lin

Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China

Received:2020-08-20 Online:2021-04-28 Published:2021-04-28

摘要/Abstract

摘要： 为了提高通用平台网络地址转换（NAT）的性能，设计了高性能可扩展网络地址转换系统——Quick NAT.高速网络地址转换查表算法将原始规则表划分为若干子表，并采用哈希查表算法极大地提高了NAT规则的查找效率；为了充分发挥多核中央处理器（CPU）和多队列网卡的性能优势，设计了高效的并行架构，使用本地化的连接记录表和基于比较并交换原子操作的无锁NAT规则表，避免了多CPU核访问修改全局表带来的锁开销；借助轮询取代中断、越过内核等机制，全程使用指针操作数据包，实现零拷贝，进一步降低开销.实验结果表明，Quick NAT可以极大地提高NAT查表的效率和吞吐量，具有较强的多核可扩展性，能够在10 Gbit/s的网络环境下实现64 byte小包线速.

关键词: 网络地址转换, 性能优化, 哈希算法, 数据结构本地化

Abstract: Quick network address translation (NAT) is proposed to improve the network performance of the NAT system on the commodity server by three ways. Firstly, the quick NAT search algorithm is designed to use the Hash search instead of the sequential search to reduce latency when looking up the NAT rule table. Secondly, to leverage the power of multi-core central processing unit (CPU) and multi-queue network interface card, Quick NAT enables multiple CPU cores to process in parallel. The localized connection tracking table and the compare-and-swap based lock-free NAT Hash tables are designed to eliminate the lock overhead. Thirdly, Quick NAT uses the polling and zero-copy delivery to reduce the cost of interrupt and packet copies. The experiment results show that Quick NAT obtains high scalability and line-rate throughput on the commodity server.

Key words: network address translation, performance optimization, Hash search, localized data structure

中图分类号:

TP393

李峻峰, 李丹, 黄昱恺, 程阳, 令瑞林. 通用平台高性能可扩展网络地址转换系统[J]. 北京邮电大学学报, 2021, 44(2): 14-19.

LI Jun-feng, LI Dan, HUANG Yu-kai, CHENG Yang, LING Rui-lin. High Performance and Scalable NAT System on Commodity Platforms[J]. Journal of Beijing University of Posts and Telecommunications, 2021, 44(2): 14-19.

参考文献

[1] ITU-D ICT. Measuring digital development:facts and figures[R/OL]. Geneva:ITU, 2020:1-19(2020-06-10)[2021-01-05]. https://www.itu.int/en/ITU-D/Statistics/Documents/facts/FactsFigures2020.pdf.
[2] Clement J. Number of worldwide Internet hosts in the domain name system from 1993 to 2019[R/OL]. Hamburg:Statista, 2020:1-10(2020-05-15)[2021-01-05]. https://www.statista.com/statistics/264473/number-of-internet-hosts-in-the-domain-name-system/.
[3] Ibhaze A E, Okoyeigbo O, Samson U A, et al. Performance evaluation of IPv6 and IPv4 for future technologies[C]//Future of Information and Communication Conference. Cham:Springer, 2020:15-22.
[4] Li Junfeng, Li Dan, Huang Yukai, et al. Quick NAT:high performance NAT system on commodity platforms[C]//International Symposium on Local and Metropolitan Area Networks (LANMAN). Osaka:IEEE, 2017:1-2.
[5] Pickard J, Mark A, Dale D. IPv6 diffusion milestones:assessing the quantity and quality of adoption[J]. Journal of International Technology and Information Management, 2019, 28(1):2-28.
[6] Miano S, Bertrone M, Risso F, et al. Securing Linux with a faster and scalable iptables[J]. ACM SIGCOMM Computer Communication Review, 2019, 49(3):2-17.
[7] 王程, 徐玭, 张素兵, 等. 基于Linux系统的LEO卫星动态路由协议研究与实现[J]. 北京邮电大学学报, 2020, 43(2):94-102. Wang Cheng, Xu Pin, Zhang Subing, et al. Research and implementation of dynamic routing protocol for LEO satellites based on Linux system[J]. Journal of Beijing University of Posts and Telecommunications, 2020, 43(2):94-102.
[8] Yang Mingming, Wang Zheng. Study and implementation of algorithm to dynamic improvement of performance of netfilter[J]. Computer Technology and Development, 2010, 20(4):163-166.
[9] Ntop. PF_RING:high-speed packet capture, filtering and analysis[R/OL]. Pisa:Ntop, 2020:1-1(2020-04-25)[2021-01-05]. https://www.ntop.org/products/packet-capture/pf_ring.
[10] Han S, Jang K, Park K, et al. PacketShader:a GPU-accelerated software router[J]. ACM SIGCOMM Computer Communication Review, 2010, 40(4):195-206.
[11] Bonelli N, Di P A, Giordano S, et al. On multi-gigabit packet capturing with multi-core commodity hardware[C]//International Conference on Passive and Active Network Measurement. Vienna:Springer, 2012:64-73.
[12] Zhang Tianzhu, Linguaglossa L, Gallo M, et al. FloWatcher-DPDK:lightweight line-rate flow-level monitoring in software[J]. IEEE Transactions on Network and Service Management, 2019, 16(3):1143-1156.
[13] Chandrababu S, Bahulekar C, Yadav R, et al. Hardware-assisted flow monitoring for high speed networks[C]//10th International Conference on Computing, Communication and Networking Technologies (ICCCNT). Kanpur:IEEE, 2019:1-5.
[14] Dally W, Turakhia Y, Han Song. Domain-specific hardware accelerators[J]. Communications of the ACM, 2020, 63(7):48-57.
[15] Owaida M, Alonso G, Fogliarini L, et al. Lowering the latency of data processing pipelines through FPGA based hardware acceleration[J]. Proceedings of the VLDB Endowment, 2019, 13(1):71-85.
[16] Wada R, Yamasaki N. Fast interrupt handling scheme by using interrupt wake-up mechanism[C]//Seventh International Symposium on Computing and Networking Workshops (CANDARW). Nagasaki:IEEE, 2019:109-114.
[17] Zhang Wei, Liu Guyue, Zhang Wenhui, et al. OpenNetVM:a platform for high performance network service chains[C]//Workshop on Hot Topics in Middleboxes and Network Function Virtualization. Florianopolis:ACM, 2016:26-31.
[18] Li Junfeng, Li Dan, Wu Wenfei, et al. Sphinx:a transport protocol for high-speed and lossy mobile networks[C]//38th International Performance Computing and Communications Conference (IPCCC). London:IEEE, 2019:1-8.
[19] Wu Wenqing, Feng Xiao, Zhang Wenli, et al. MCC:a predictable and scalable massive client load generator[C]//International Symposium on Benchmarking, Measuring and Optimization. Denver:Springer, 2019:319-331.

通用平台高性能可扩展网络地址转换系统

High Performance and Scalable NAT System on Commodity Platforms

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 6

编辑推荐

Metrics

本文评价

[1]	汤洋, 赵达非, 黄智濒, 戴志涛. 高性能行任务散列法GPU一般稀疏矩阵-矩阵乘法[J]. 北京邮电大学学报, 2019, 42(3): 106-113.
[2]	王莹, 李洪林, 费子轩, 赵竑宇, 王虹. 5G多接入网络TCP研究与展望[J]. 北京邮电大学学报, 2019, 42(1): 1-15.
[3]	李映雪, 钟士元, 雷静, 黄春明, 姚诸香. 认知无线电中OFDM协作频谱感知技术及其优化[J]. 北京邮电大学学报, 2015, 38(5): 96-98,103.
[4]	侯锡柱，马跃，陈立南. H.323协议跨越NAT网关的研究[J]. 北京邮电大学学报, 2005, 28(2): 91-94.
[5]	杨武, 方滨兴, 云晓春, 张宏莉, 胡铭曾. 一种高性能分布式入侵检测系统的研究与实现[J]. 北京邮电大学学报, 2004, 27(4): 83-86.
[6]	郑文慧, 马跃, 蒋砚军. IPsec与NAT兼容问题的研究和解决方案[J]. 北京邮电大学学报, 2002, 25(4): 61-64.