验证pf_ring性能
背景
本实验主要为了验证pf_ring.ko内核模块是否能够提升抓包率。
实验思路很多参考自 PF_RING与NAPI结合的捕包性能优化和仿真.pdf
通过分析源码得知:
- pf_ring.ko未加载到内核时,libpcap 会使用PCAP_MMAP方式来抓包
- pf_ring.ko加载到内核时,libpcap 会通过libpfring配合pf_ring.ko内核模块来抓包
- pf_ring基本没有对 tcpdump 做改动
实验思路:
- 使用pf_ring项目中的tcpdump抓包,计算抓包率
- 使用pktgen发包
- 在”加载pf_ring.ko”和”不加载pf_ring.ko”两种场景下分别测试三次
实验环境:
| 机器用途 | 配置 | 操作系统 | 备注 |
|---|---|---|---|
| 发包机 | 2核4G、pps 40w | CentOS 7.5 | 云虚机 |
| 收包机 | 2核4G、pps 40w | CentOS 7.5 | 云虚机 |
过程
准备测试环境
收包机器编译安装tcpdump
安装依赖
1
yum install flex bison kernel-headers kernel-devel gcc stress -y
发包机器编写发包脚本
此bash脚本配置来自网络
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30# 定义一个工具函数,方便后面配置各种测试选项
function pgset() {
local result
# 定义一个工具函数,方便后面配置各种测试选项
echo $1 > $PGDEV
result=`cat $PGDEV | fgrep "Result: OK:"`
if [ "$result" = "" ]; then
cat $PGDEV | fgrep Result:
fi
}
# 为0号线程绑定eth0网卡
PGDEV=/proc/net/pktgen/kpktgend_0
pgset "rem_device_all" # 清空网卡绑定
pgset "add_device eth0" # 添加eth0网卡
# 配置eth0网卡的测试选项
PGDEV=/proc/net/pktgen/eth0
pgset "count 2000" # 总发包数量
pgset "delay 0" # 不同包之间的发送延迟(单位纳秒)
pgset "clone_skb 0" # SKB包复制
pgset "pkt_size 64" # 网络包大小
pgset "dst 172.16.32.12" # 目的IP
pgset "dst_mac fa:28:00:06:df:6c" # 目的MAC
# 启动测试
PGDEV=/proc/net/pktgen/pgctrl
pgset "start"modprobe pktgen
人为调高收包机cpu利用率
为什么要调高呢?因为实验过程中发现,如果不调高,即使收包机pps达到最大值40w,机器cpu仍然很低、tcpdump不会丢包,这样就看不出来效果。
怎么调高cpu利用率?可以使用
stress -c 2命令 故意占用cpu。
观察测试数据
发包为
pgset "pkt_size 64"时,收包机的收包率1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31[root@instance-6b1djiud tcpdump]# ./tcpdump 'src host 172.16.32.25' -w a.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
4265694 packets captured
4268967 packets received by filter
3273 packets dropped by kernel
[root@instance-6b1djiud tcpdump]# ./tcpdump 'src host 172.16.32.25' -w a.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
4190808 packets captured
4196105 packets received by filter
5297 packets dropped by kernel
[root@instance-6b1djiud tcpdump]# ./tcpdump 'src host 172.16.32.25' -w a.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
4192817 packets captured
4197737 packets received by filter
4920 packets dropped by kernel
[root@instance-6b1djiud tcpdump]# insmod ../../kernel/pf_ring.ko
[root@instance-6b1djiud tcpdump]# ./tcpdump 'src host 172.16.32.25' -w a.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
4212730 packets captured
4212730 packets received by filter
0 packets dropped by kernel
[root@instance-6b1djiud tcpdump]# ./tcpdump 'src host 172.16.32.25' -w a.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
4217341 packets captured
4217341 packets received by filter
0 packets dropped by kernel
[root@instance-6b1djiud tcpdump]# ./tcpdump 'src host 172.16.32.25' -w a.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
4358870 packets captured
4358870 packets received by filter
0 packets dropped by kernel测试数据汇总
| 包大小 | 是否加载pf_ring.ko | captured | received | dropped |
| - | - | - | - | - | - |
| 64 | 否 | 4265694 | 4268967 | 3273 |
| 64 | 否 | 4192817 | 4197737 | 4920 |
| 64 | 否 | 4190808 | 4196105 | 5297 |
| 64 | 是 | 4212730 | 4212730 | 0 |
| 64 | 是 | 4217341 | 4217341 | 0 |
| 64 | 是 | 4358870 | 4358870 | 0 |
| 1500 | 否 | 2113248 | 2421024 | 307776 |
| 1500 | 否 | 1988029 | 2370209 | 382180 |
| 1500 | 否 | 2121627 | 2424882 | 303255 |
| 1500 | 是 | 2382563 | 2382563 | 0 |
| 1500 | 是 | 2422587 | 2422587 | 0 |
| 1500 | 是 | 2479560 | 2479560 | 0 |pgset "pkt_size 64"命令调整包大小可以看到上面收包机tcpdump的数据:
1
2
3* 加载pf_ring.ko内核模块前,六次都有丢包
* 加载pf_ring.ko内核模块后,六次都没有丢包
* 大包时,丢包更严重所以可以得出结论:
- pf_ring版本的tcpdump抓包率更高
结论
- pf_ring版本的tcpdump抓包率更高