Faculté des Sciences appliquées
Faculté des Sciences appliquées
VIEW 125 | DOWNLOAD 1597

Fast Service Chaining

Iurman, Justin ULiège
Promotor(s) : Mathy, Laurent ULiège
Date of defense : 7-Sep-2017/8-Sep-2017 • Permalink :
Title : Fast Service Chaining
Author : Iurman, Justin ULiège
Date of defense  : 7-Sep-2017/8-Sep-2017
Advisor(s) : Mathy, Laurent ULiège
Committee's member(s) : Donnet, Benoît ULiège
Leduc, Guy ULiège
Barbette, Tom ULiège
Language : English
Number of pages : 59
Keywords : [en] Snort
[en] DPDK
[en] FastClick
[en] NFV
Discipline(s) : Engineering, computing & technology > Computer science
Target public : Researchers
Professionals of domain
General public
Complementary URL :
Institution(s) : Université de Liège, Liège, Belgique
Degree: Master en sciences informatiques, à finalité spécialisée en "computer systems and networks"
Faculty: Master thesis of the Faculté des Sciences appliquées


[en] Today, the network traffic keeps growing again and again. Software middleboxes are crucial elements and can't become bottlenecks, at the risk of dropping network performances. They are either a firewall, a NAT, an intrusion detection system, a WAN optimizer, a load balancer, etc. That's why they must be efficient and choices made for their implementation are very important.

The objective of this work is to speed up Snort, which is an intrusion detection system, in a context of user level service chaining. Some improvements are studied and implemented in order to reach that goal. Thanks to those, Snort itself is also improved.

This paper describes the whole work, step by step. It begins with an introduction to define the context and to explain each protagonist. Then, next chapters are each dedicated to specific tests and measurements, in a view of comparing each result and improve performances. DPDK, a fast I/O framework developed by Intel, is introduced to speed up Snort. In a context of cooperation, FastClick and Snort exchange packets through DPDK rings and jobs repetitions are avoided thanks to a notion which is also introduced: metadata. Those metadata are used to pass information between multiple middleboxes. Other ideas are also studied. Finally, it ends with future possible improvements and a conclusion that discusses whether it is worthwhile to improve elements, in a view of a cooperation.



Access thesis.pdf
Description: -
Size: 1.79 MB
Format: Adobe PDF


Description: -
Size: 4.75 MB
Format: Unknown
Description: -
Size: 573.54 kB
Format: Unknown
Description: -
Size: 7.31 MB
Format: Unknown
Description: -
Size: 7.29 kB
Format: Unknown


  • Iurman, Justin ULiège Université de Liège > Master sc. informatiques, à fin.


Committee's member(s)

  • Donnet, Benoît ULiège Université de Liège - ULg > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Algorithmique des grands systèmes
    ORBi View his publications on ORBi
  • Leduc, Guy ULiège Université de Liège - ULg > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Réseaux informatiques
    ORBi View his publications on ORBi
  • Barbette, Tom ULiège Université de Liège - ULg > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Systèmes informatiques répartis et sécurité
    ORBi View his publications on ORBi
  • Total number of views 125
  • Total number of downloads 1597

All documents available on MatheO are protected by copyright and subject to the usual rules for fair use.
The University of Liège does not guarantee the scientific quality of these students' works or the accuracy of all the information they contain.