Kernel bypass

In two previous posts we've discussed how to receive 1M UDP packets per second and how to reduce the round trip time. We did the experiments on Linux and the performance was very good considering it's a general purpose operating system.

Unfortunately the speed of vanilla Linux kernel networking is not sufficient for more specialized workloads. For example, here at CloudFlare, we are constantly dealing with large packet floods. Vanilla Linux can do only about 1M pps. This is not enough in our environment, especially since the network cards are capable of handling a much higher throughput. Modern 10Gbps NIC's can usually process at least 10M pps.

hispeed.jpg CC BY 2.0 image by Tony Webster

It's apparent that the only way to squeeze more packets from our hardware is by working around the Linux kernel networking stack. This is called a "kernel bypass" and in this article we'll dig into various ways of achieving it.

The kernel is insufficient

Let's prepare a small experiment to convince you that working around Linux is indeed necessary. Let's see how many packets can be handled by the kernel under perfect conditions. Passing packets to userspace is costly, so instead let's try to drop Continue reading

How to permanently change qemu’s qcow2 image?

Of course you heard of qemu. Its a hypervisor used by UNetLab and GNS3 to integrate virtual routers like Alcatel-Lucent’s 7750 SR, Junipers vMX and Cisco’s XRv. And it is well-known that those virtual routers come in the form of qemu disk images with an odd [crayon-563410ebce426237947726-i/] extension. But how can we alter those disc images if we need,

Fiat Chrysler voluntarily recalls 7,810 SUVs over software issues

Fiat Chrysler said Friday it is voluntarily recalling 7,810 SUVs due to a software glitch that could make the vehicles vulnerable to remote control.Half of the vehicles, which are 2015 Jeep Renegade SUVs equipped with 6.5-inch touchscreens, are still at dealerships, the carmaker said in a statement.The company downplayed the risk to drivers, saying it was unaware of injuries related to the problem and had received no complaints.It further said "the software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code."To read this article in full or to leave a comment, please click here

Crypto wars: FTC commissioner says to encrypt despite feds pushing for backdoors

Surveillance is so out of control that superheroes like Captain America fight against it; even the Avengers tried to show us the dangers of militarizing the Internet. Sure that might be coming from fictional characters just like the cosplay activism campaign going on Dragon Con this weekend in Atlanta. Yet as Project Secret Identity points out:To read this article in full or to leave a comment, please click here

NOSHUT got twitter!

Hey fellows! I know some of you prefer to track new posts in twitter feed. For those of you I created noshut_ru twitter account where you will find all the updates and some reposts from networking gurus. Follow!

Checking Out GitHub Pull Requests Locally

In this post, I’m going to show you how to use the Git command-line to check out GitHub pull requests locally. I take absolutely no credit for this trick! I picked this up from this GitHub Gist, and merely wanted to share it here so that others would benefit.

The GitHub gist shows you how to modify the Git configuration for a particular repository so that when you run git fetch it will fetch all the pull requests for that repository as well. This is handy, but what I personally found most helpful was a comment that showed the command to fetch a specific pull request. The command looks like this:

git fetch origin pull/1234/head:pr-1234

Let me break that command down a bit:

  • The origin in this case refers to the Git remote for this repository on GitHub. If you are using the fork-and-pull method of collaborating via Git and GitHub, then you will have multiple Git remotes—and the remote you want probably isn’t origin. For example, if you want to fetch a pull request from the original (not forked) repository, you’d want to use the name that corresponds to the Git remote for the original repository (I Continue reading

iPexpert’s Newest “CCIE Wall of Fame” Additions 9/04/2015

Please join us in congratulating the following iPexpert students who have passed their CCIE lab!

This Week’s CCIE Success Stories

  • Eric Williamson, CCIE #49880 (Collaboration)
  • Paul Raffles, CCIE #49941 (Data Center)
  • Fabien Roulette, CCIE #49854 (Collaboration)

This Week’s Testimonial

Eric Williamson CCIE #49880 (Collaboration)
I would absolutely recommend IPexpert and Andy Vassar for CCIE Collaboration training. One of my favorite parts of the new blueprint change was that the rack rentals went to four hours and the labs increased but they were able to be done in smaller sections. As a person who travels on the road almost every week it was important to have a phone control/view option when coming in on a software VPN. This helped me to keep on track. Thank you Andy for helping me in so many instances, I will be eternally grateful.

Fabien Roulette CCIE #49854 (Collaboration)
Thank you very much for the quality of your books and pods on proctorlabs

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

NIST sets the stage for contactless fingerprint readers

Biometric technologies may soon replace cumbersome passwords, but the U.S. National Institute of Technology is looking out to a time when you won't even have to press your finger onto a grimy fingerprint reader to gain entry to a computer.NIST has funded a number of companies to make touchless fingerprint readers possible, and is creating a framework for evaluating possible technologies for widespread use.Touchless fingerprint readers could be particularly useful for quickly identifying large numbers of people, such as a queue entering a controlled facility, NIST contends. Germaphobes would also appreciate the technology, as they would not have to touch potentially germy fingerprint readers to gain access to their computers.To read this article in full or to leave a comment, please click here

Blackberry buys Good Technology as it further expands into mobile device security

Blackberry has moved further into the mobile device management space by purchasing Good Technology for US$425 million [m]. Good Technology sells enterprise mobile security products and was Blackberry's competitor. In a January blog post, Blackberry called out Good for claiming it was the first company to add a special billing feature to its products. A separate blog post on Friday discussing the merger made note of this history, saying the companies have taken "aggressive positions" through the years.To read this article in full or to leave a comment, please click here

Auction house puts pristine 39-year-old Apple-1 on the block

Auction house Bonhams will put a pristine Apple-1 personal computer on the block later this month, and has pegged the gavel price at between $300,000 and $500,000.Bonhams has experience selling vintage Apple-1 computers: One it sold last year went for the still-record $905,000 after commissions and taxes.The Apple-1, essentially a stand-alone circuit board sans keyboard, monitor or even power supply, was hand-built by Apple co-founder Steve Wozniak in 1976, and may have been one of the first lot of 50, according to a penned identifier on the back. That mark -- 01-0059 -- was probably an inventory number assigned by the Byte Shop of Mountain View, Calif., the first volume purchaser of the computer.To read this article in full or to leave a comment, please click here

1 3,187 3,188 3,189 3,190 3,191 3,697