Tester Jobs Requirements (VIDEO GAME): General overview of netmap

Saturday, September 2, 2017

General overview of netmap

Netmap is a framework for fast packet I/O that enables operating systems to handle millions of packet per second traversing 1 to 10 Gbit/s links without requiring custom hardware or changes to applications. To achieve this, netmap eliminates three main packet processing costs:

per-packet dynamic memory allocation is removed by preallocating resources
system calls are amortized over large batches of packets
memory copies are eliminated by sharing buffers and metadata between kernel and userspace

Existing options for packet I/O can either be userspace or in-kernel, each offering its own advantages or disadvantages. Userspace options offer rich and friendly development environment, packet I/O using various kinds of sockets, BPF or libcap. However they have expensive system calls and data copies just to move packets from and to the kernel for every packet of batch of packets. In-kernel options have a dangerous and constrained environment in witch application that is misbehaving can crash the entire system. They use direct device management and modules using netfilter/pfilter and Ndis hooks. Netmap is a userspace framework with the following goals:

use packet I/O efficiently from userspace
expose NIC to userspace applications
remove or reduce data copies and amortize system calls
remove unnecessary allocations
provide a simple API based on application requirements
be device independent
easy integration in existing operating systems
be compatible with existing applications

From the security standpoint netmap is meant to be used by trusted processes running with root privileges. There is no chance of crashing the system or overwriting some other memory. Potentially dangerous actions such as programming the NIC are validated by the OS, which also enforces memory protection. However there is a chance of packet corruption if a process is misbehaving.

Netmap is mostly useful for userspace applications that must deal with raw packets, traffic generators, sinks, monitors, loggers, software switches and routers, interconnection of virtual machines.

Inner workings of netmap

Each part of the system is used for the task best suited for, NIC to move data fast between the network and memory, and the OS to enforce protection and provide support for synchronization. When in netmap mode NIC rings are disconnected from the host networking stack and exchange packets through netmap API. Application can talk to the host stack through two additional netmap rings seen in Figure 1.

Figure 1. Netmap rings

At a very high level when a program requests to put the interface in netmap mode, NIC is partially disconnected from the host protocol stack. Program gains the ability to exchange packet with the NIC and separately with the host stack through circular queues of buffers implemented in shared memory. Figure 2 shows the shared memory area exported by netmap.

Figure 2. Shared memory area exported by netmap

For synchronization, traditional OS primitives like select()/pull() are used. The operating system is unaware of the change, apart from the disconnection in the data path, and still continues to use and manage the interface.

download file now