With a growing number of internet-connected devices DDoS attacks become stronger while link speeds of up to 100 Gbit/s reduce the time that is available for handling a single data packet. Linux features a general-purpose networking stack that is too slow for handling high-profile packet floods. A different solution is needed to successfully mitigate DDoS attacks; so-called kernel bypass techniques are commonly used for this purpose, such as the DPDK framework. Recently (as of Linux 4.8) an emerging alternative, which doesn't bypass the kernel, called XDP has been available. This paper evaluates performance of XDP with Intel hardware and compares it to DPDK at a workload that is relevant to the use-case of DDoS mitigation.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.