Feedback

Faculté des Sciences appliquées
Faculté des Sciences appliquées
MASTER THESIS
VIEW 61 | DOWNLOAD 484

Master thesis : Fast Service Chaining

Download
Iurman, Justin ULiège
Promotor(s) : Mathy, Laurent ULiège
Date of defense : 7-Sep-2017/8-Sep-2017 • Permalink : http://hdl.handle.net/2268.2/3208
Details
Title : Master thesis : Fast Service Chaining
Author : Iurman, Justin ULiège
Date of defense  : 7-Sep-2017/8-Sep-2017
Advisor(s) : Mathy, Laurent ULiège
Committee's member(s) : Donnet, Benoît ULiège
Leduc, Guy ULiège
Barbette, Tom ULiège
Language : English
Number of pages : 59
Keywords : [en] Snort
[en] DPDK
[en] FastClick
[en] NFV
Discipline(s) : Engineering, computing & technology > Computer science
Target public : Researchers
Professionals of domain
Student
General public
Other
Complementary URL : https://github.com/IurmanJ
Institution(s) : Université de Liège, Liège, Belgique
Degree: Master en sciences informatiques, à finalité spécialisée en "computer systems and networks"
Faculty: Master thesis of the Faculté des Sciences appliquées

Abstract

[en] Today, the network traffic keeps growing again and again. Software middleboxes are crucial elements and can't become bottlenecks, at the risk of dropping network performances. They are either a firewall, a NAT, an intrusion detection system, a WAN optimizer, a load balancer, etc. That's why they must be efficient and choices made for their implementation are very important.

The objective of this work is to speed up Snort, which is an intrusion detection system, in a context of user level service chaining. Some improvements are studied and implemented in order to reach that goal. Thanks to those, Snort itself is also improved.

This paper describes the whole work, step by step. It begins with an introduction to define the context and to explain each protagonist. Then, next chapters are each dedicated to specific tests and measurements, in a view of comparing each result and improve performances. DPDK, a fast I/O framework developed by Intel, is introduced to speed up Snort. In a context of cooperation, FastClick and Snort exchange packets through DPDK rings and jobs repetitions are avoided thanks to a notion which is also introduced: metadata. Those metadata are used to pass information between multiple middleboxes. Other ideas are also studied. Finally, it ends with future possible improvements and a conclusion that discusses whether it is worthwhile to improve elements, in a view of a cooperation.


File(s)

Document(s)

File
Access thesis.pdf
Description:
Size: 1.79 MB
Format: Adobe PDF

Annexe(s)

File
Access fastclick.zip
Description:
Size: 4.75 MB
Format: Unknown
File
Access daq-2.0.6.zip
Description:
Size: 573.54 kB
Format: Unknown
File
Access snort-2.9.9.0.zip
Description:
Size: 7.31 MB
Format: Unknown
File
Access configs.zip
Description:
Size: 7.29 kB
Format: Unknown

Author

  • Iurman, Justin ULiège Université de Liège > Master sc. informatiques, à fin.

Promotor(s)

Committee's member(s)

  • Donnet, Benoît ULiège Université de Liège - ULg > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Algorithmique des grands systèmes
    ORBi View his publications on ORBi
  • Leduc, Guy ULiège Université de Liège - ULg > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Réseaux informatiques
    ORBi View his publications on ORBi
  • Barbette, Tom ULiège Université de Liège - ULg > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Systèmes informatiques répartis et sécurité
    ORBi View his publications on ORBi
  • Total number of views 61
  • Total number of downloads 484










All documents available on MatheO are protected by copyright and subject to the usual rules for fair use.
The University of Liège does not guarantee the scientific quality of these students' works or the accuracy of all the information they contain.