DPDK: Difference between revisions

From VoIPmonitor.org
Jump to navigation Jump to search
No edit summary
No edit summary
 
(19 intermediate revisions by 3 users not shown)
Line 1: Line 1:
= What is DPDK =
{{DISPLAYTITLE:High-Performance Packet Capture with DPDK}}


DPDK is the Data Plane Development Kit that consists of libraries to accelerate packet processing workloads running on a wide variety of CPU architectures. Designed to run on x86, POWER and ARM processors. Polling-mode drivers skips packet processing from the operating system kernel to processes running in user space. This offloading achieves higher computing efficiency and higher packet throughput than is possible using the interrupt-driven processing provided in the kernel.
'''This is an expert-level guide for configuring the VoIPmonitor sensor to use the Data Plane Development Kit (DPDK) for ultra-high-performance packet capture. This setup is intended for multi-gigabit traffic loads where the standard Linux network stack becomes a bottleneck.'''


= Why DPDK for voipmonitor =
== What is DPDK and Why Use It? ==
The '''Data Plane Development Kit (DPDK)''' is a set of libraries and drivers that allows an application, like the VoIPmonitor sensor, to bypass the operating system's kernel and interact directly with the network card hardware.


Sniffing packets by kernel linux is driven by IRQ interrupts - every packet (or if driver supports every set of packets) needs to be handled by interrupt which has limitation around 3Gbit on 10Gbit cards (it depends on CPU). DPDK allows to read pacekts directly in userspace not using interrupts which allows faster packet reading (so called poll-mode reading). It needs some tweaks to the operating system (cpu affinity / NOHZ kernel) as the reader thread is sensitive to any scheduler delays which can occur on overloaded or misconfigured system. For 6Gbit packet rate with 3 000 000 packets / second any slight delays can cause packet drops.  
*'''Standard Kernel Method:''' In a normal setup, every incoming packet (or group of packets) triggers a CPU interrupt (IRQ), telling the kernel to process it. This interrupt-driven model is reliable but creates significant overhead, typically maxing out around 2-3 Gbit/s on a 10Gbit NIC, as it is limited by the performance of a single CPU core.
*'''DPDK Method:''' DPDK uses '''poll-mode drivers'''. A dedicated CPU core is assigned to constantly poll the network card for new packets, completely avoiding the overhead of kernel interrupts and context switching. This allows for much higher packet throughput, enabling VoIPmonitor to handle 6 Gbit/s or more on a single server.


The trade-off is that this setup requires careful system tuning and dedicated CPU cores to avoid scheduler delays, which can cause packet drops in a high-throughput environment.


= installation =  
== Step 1: System and Hardware Prerequisites ==
* '''Supported NIC:''' You must use a network card supported by DPDK. A list of compatible hardware can be found on the [https://core.dpdk.org/supported/ DPDK supported hardware page]. Intel 10-Gigabit cards (like the X540 or X710 series) are a common choice.
* '''BIOS/UEFI Settings:''' '''VT-d''' (for Intel) or '''AMD-Vi''' (for AMD) virtualization technology must be '''enabled''' in your server's BIOS/UEFI. IOMMU must also be enabled.
* '''DPDK Version:''' VoIPmonitor requires DPDK version 21.08.0 or newer. It is recommended to download the latest stable release from the [https://core.dpdk.org/download/ official DPDK website].


Version >= DPDK 21.08.0 is requried - download the latest version from:
== Step 2: System Preparation (HugePages & IOMMU) ==
DPDK requires specific kernel features and pre-allocated memory to function.


https://core.dpdk.org/download/
=== A. Configure HugePages ===
DPDK uses large, contiguous blocks of memory called HugePages for its packet buffers (mbufs).
;To temporarily allocate 16GB of 1G-sized HugePages on NUMA node 0:
<pre>
echo 16 > /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages
</pre>
*You must allocate HugePages on the same NUMA node (CPU socket) that your network card is physically connected to.*


;To make this permanent, edit the GRUB configuration file (`/etc/default/grub`):
<pre>
# This example allocates 16 1GB pages at boot
GRUB_CMDLINE_LINUX_DEFAULT="... default_hugepagesz=1G hugepagesz=1G hugepages=16"
</pre>
After editing, run `update-grub` and reboot.


=== B. Enable IOMMU ===
The IOMMU (Input-Output Memory Management Unit) is required for the VFIO driver used to bind the NIC to DPDK.
;Edit `/etc/default/grub` and add the following to `GRUB_CMDLINE_LINUX_DEFAULT`:
<pre>
# For Intel CPUs
GRUB_CMDLINE_LINUX_DEFAULT="... iommu=pt intel_iommu=on"


= How it works =
# For AMD CPUs, adjust accordingly
</pre>
After editing, run `update-grub` and reboot. After rebooting, verify that the `/sys/kernel/iommu_groups/` directory is populated with subdirectories.


On supported NIC cards (https://core.dpdk.org/supported/) the ethernet port needs to be unbinded from kernel and binded to DPDK, the command for it is:
== Step 3: Bind the Network Interface to DPDK ==
Once the system is prepared, you must unbind the network interface you want to use for sniffing from the kernel driver and bind it to a DPDK-compatible driver. This means the OS will no longer see or be able to use this interface (e.g., it will not appear in `ifconfig` or `ip a`).


* no special driver is needed - debian 10/11 already has support for this out of the box
;1. Find the PCI address of your network card:
* bind/unbind means that when you undind NIC port from the kernel you cannot use it within the operating system - the port dissapears (you will not see eth1 for example)
<pre>
* you can unbind from dpdk and bind back to kernel so eth1 can be used again
# This script is included with the DPDK source package
dpdk-devbind.py -s


list of available network devices:  
Network devices using kernel driver
===================================
0000:1f:00.0 'Ethernet Controller 10-Gigabit X540-AT2 1528' if=ens3f0 drv=ixgbe unused=
0000:1f:00.1 'Ethernet Controller 10-Gigabit X540-AT2 1528' if=ens3f1 drv=ixgbe unused=
</pre>


dpdk-devbind.py -s
;2. Load the VFIO-PCI driver:
<pre>modprobe vfio-pci</pre>
Network devices using kernel driver
===================================
0000:0b:00.0 'NetXtreme II BCM5709 Gigabit Ethernet 1639' if=enp11s0f0 drv=bnx2 unused= *Active*
0000:0b:00.1 'NetXtreme II BCM5709 Gigabit Ethernet 1639' if=enp11s0f1 drv=bnx2 unused=
0000:1f:00.0 'Ethernet Controller 10-Gigabit X540-AT2 1528' if=ens3f0 drv=ixgbe unused=
0000:1f:00.1 'Ethernet Controller 10-Gigabit X540-AT2 1528' if=ens3f1 drv=ixgbe unused=


bind both 10gbit ports to vfio-pci driver (this driver is available by default on >= debian10)
;3. Bind the interface to the driver using its PCI address:
<pre>
# This example binds both ports of the X540 card
dpdk-devbind.py -b vfio-pci 0000:1f:00.0 0000:1f:00.1
</pre>


modprobe vfio-pci
;To unbind it and return control to the kernel:
dpdk-devbind.py -b vfio-pci 0000:1f:00.0 0000:1f:00.1
<pre>dpdk-devbind.py -u 0000:1f:00.1
dpdk-devbind.py -b ixgbe 0000:1f:00.1
</pre>
*Note: On some systems, `vfio-pci` may not work correctly. An alternative is the `igb_uio` driver, which may need to be compiled manually. See the [https://doc.dpdk.org/guides/linux_gsg/linux_drivers.html official DPDK driver documentation] for more details.*


bind B port back to kernel:
== Step 4: Configure VoIPmonitor ==
Finally, configure your `voipmonitor.conf` file to use the DPDK interface.


dpdk-devbind.py -b ixgbe 0000:1f:00.1
=== Mandatory Parameters ===
<pre>
# /etc/voipmonitor.conf


On some systems vfio-pci does not work for 10Gbit card - instead igb_uio (for Intel cards) needs to be loaded alongside with special kernel parameters:
# Enable DPDK mode
dpdk = yes


/etc/default/grub:
# Tell the sniffer to use the DPDK interface instead of a kernel interface like eth0
interface = dpdk:0
GRUB_CMDLINE_LINUX_DEFAULT="iommu=pt intel_iommu=on"


Loading igb_uio for IBM internal X540-AT2 4 port 10Gbit card:  
# The PCI address of the network card to use for sniffing
dpdk_pci_device = 0000:1f:00.0


modprobe igb_uio
# Assign dedicated CPU cores for the DPDK polling threads.
# These cores should be on the same NUMA node as the NIC.
dpdk_read_thread_cpu_affinity = 2
dpdk_worker_thread_cpu_affinity = 30
</pre>


More information about drivers:
=== Optional Performance Parameters ===
<pre>
# Number of receive queues on the NIC. Default is 2.
dpdk_nb_rxq = 4


https://doc.dpdk.org/guides/linux_gsg/linux_drivers.html
# Number of packets to read in a single burst. Default is 32.
# Do not change unless advised by support.
dpdk_pkt_burst = 32


# Number of mbuf segments (x1024) in the memory pool between reader/worker threads.
# Default of 1024 allocates about 2GB of RAM. Increase for >5Gbit traffic.
dpdk_nb_mbufs = 4096


dpdk is now ready to be used by voipmonitor  
# Restrict all other voipmonitor threads to specific cores, leaving the
# DPDK cores isolated.
# By default, voipmonitor will automatically use all cores EXCEPT those
# assigned to the DPDK reader/worker.
thread_affinity = 1,3-29,31-59
</pre>


= Sniffer configuration =
== Advanced OS Tuning for Maximum Performance ==
For the most demanding environments (6Gbit+), isolating dedicated cores from the Linux scheduler is critical.
 
;1. Isolate CPU Cores:
: Edit `/etc/default/grub` and add `isolcpus=2,30` to the kernel command line. This tells the Linux scheduler to avoid scheduling any general tasks on cores 2 and 30, reserving them exclusively for our DPDK threads.
 
;2. Enable Tickless Kernel (`NOHZ_FULL`):
: To prevent even periodic timer interrupts from disturbing the polling threads, you can configure the kernel to be "tickless." This is an advanced option that may require compiling a custom kernel with `CONFIG_NO_HZ_FULL=y`. Add the following to your GRUB configuration:
: `nohz=on nohz_full=2,30 rcu_nocbs=2,30`
 
== AI Summary for RAG ==
'''Summary:''' This guide provides an expert-level walkthrough for configuring VoIPmonitor with DPDK (Data Plane Development Kit) for high-performance packet capture on multi-gigabit networks. It explains that DPDK bypasses the standard, interrupt-driven Linux kernel stack and uses dedicated CPU cores in "poll-mode" to read packets directly from the NIC, achieving significantly higher throughput. The guide details a four-step process: 1) Ensuring system prerequisites are met (supported NIC, BIOS settings). 2) Preparing the OS by allocating HugePages and enabling IOMMU via GRUB parameters. 3) Using the `dpdk-devbind.py` script to unbind the target network interface from its kernel driver and bind it to a DPDK driver like `vfio-pci`. 4) Configuring `voipmonitor.conf` with mandatory parameters, including `dpdk=yes`, `interface=dpdk:0`, `dpdk_pci_device`, and setting dedicated CPU cores with `dpdk_read_thread_cpu_affinity`. The article also covers advanced OS tuning, such as isolating CPU cores (`isolcpus`) and using a tickless kernel (`nohz_full`) for maximum, jitter-free performance.
'''Keywords:''' dpdk, performance, high throughput, packet capture, kernel bypass, poll-mode, `dpdk-devbind`, vfio-pci, igb_uio, hugepages, iommu, cpu affinity, `isolcpus`, nohz_full, tickless kernel, `dpdk_pci_device`, `dpdk_read_thread_cpu_affinity`, `t0CPU`, packet loss
'''Key Questions:'''
* How can I capture more than 3 Gbit/s of traffic with VoIPmonitor?
* What is DPDK and why should I use it?
* How do I configure DPDK for VoIPmonitor?
* What are HugePages and how do I configure them?
* How do I bind a network card to the DPDK driver?
* What does the `dpdk-devbind.py` script do?
* What are the mandatory `voipmonitor.conf` settings for DPDK?
* How do I isolate CPU cores for maximum packet capture performance?
* What is a "tickless kernel" (`nohz_full`)?

Latest revision as of 17:08, 30 June 2025


This is an expert-level guide for configuring the VoIPmonitor sensor to use the Data Plane Development Kit (DPDK) for ultra-high-performance packet capture. This setup is intended for multi-gigabit traffic loads where the standard Linux network stack becomes a bottleneck.

What is DPDK and Why Use It?

The Data Plane Development Kit (DPDK) is a set of libraries and drivers that allows an application, like the VoIPmonitor sensor, to bypass the operating system's kernel and interact directly with the network card hardware.

  • Standard Kernel Method: In a normal setup, every incoming packet (or group of packets) triggers a CPU interrupt (IRQ), telling the kernel to process it. This interrupt-driven model is reliable but creates significant overhead, typically maxing out around 2-3 Gbit/s on a 10Gbit NIC, as it is limited by the performance of a single CPU core.
  • DPDK Method: DPDK uses poll-mode drivers. A dedicated CPU core is assigned to constantly poll the network card for new packets, completely avoiding the overhead of kernel interrupts and context switching. This allows for much higher packet throughput, enabling VoIPmonitor to handle 6 Gbit/s or more on a single server.

The trade-off is that this setup requires careful system tuning and dedicated CPU cores to avoid scheduler delays, which can cause packet drops in a high-throughput environment.

Step 1: System and Hardware Prerequisites

  • Supported NIC: You must use a network card supported by DPDK. A list of compatible hardware can be found on the DPDK supported hardware page. Intel 10-Gigabit cards (like the X540 or X710 series) are a common choice.
  • BIOS/UEFI Settings: VT-d (for Intel) or AMD-Vi (for AMD) virtualization technology must be enabled in your server's BIOS/UEFI. IOMMU must also be enabled.
  • DPDK Version: VoIPmonitor requires DPDK version 21.08.0 or newer. It is recommended to download the latest stable release from the official DPDK website.

Step 2: System Preparation (HugePages & IOMMU)

DPDK requires specific kernel features and pre-allocated memory to function.

A. Configure HugePages

DPDK uses large, contiguous blocks of memory called HugePages for its packet buffers (mbufs).

To temporarily allocate 16GB of 1G-sized HugePages on NUMA node 0
echo 16 > /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages
  • You must allocate HugePages on the same NUMA node (CPU socket) that your network card is physically connected to.*
To make this permanent, edit the GRUB configuration file (`/etc/default/grub`)
# This example allocates 16 1GB pages at boot
GRUB_CMDLINE_LINUX_DEFAULT="... default_hugepagesz=1G hugepagesz=1G hugepages=16"

After editing, run `update-grub` and reboot.

B. Enable IOMMU

The IOMMU (Input-Output Memory Management Unit) is required for the VFIO driver used to bind the NIC to DPDK.

Edit `/etc/default/grub` and add the following to `GRUB_CMDLINE_LINUX_DEFAULT`
# For Intel CPUs
GRUB_CMDLINE_LINUX_DEFAULT="... iommu=pt intel_iommu=on"

# For AMD CPUs, adjust accordingly

After editing, run `update-grub` and reboot. After rebooting, verify that the `/sys/kernel/iommu_groups/` directory is populated with subdirectories.

Step 3: Bind the Network Interface to DPDK

Once the system is prepared, you must unbind the network interface you want to use for sniffing from the kernel driver and bind it to a DPDK-compatible driver. This means the OS will no longer see or be able to use this interface (e.g., it will not appear in `ifconfig` or `ip a`).

1. Find the PCI address of your network card
# This script is included with the DPDK source package
dpdk-devbind.py -s

Network devices using kernel driver
===================================
0000:1f:00.0 'Ethernet Controller 10-Gigabit X540-AT2 1528' if=ens3f0 drv=ixgbe unused=
0000:1f:00.1 'Ethernet Controller 10-Gigabit X540-AT2 1528' if=ens3f1 drv=ixgbe unused=
2. Load the VFIO-PCI driver
modprobe vfio-pci
3. Bind the interface to the driver using its PCI address
# This example binds both ports of the X540 card
dpdk-devbind.py -b vfio-pci 0000:1f:00.0 0000:1f:00.1
To unbind it and return control to the kernel
dpdk-devbind.py -u 0000:1f:00.1
dpdk-devbind.py -b ixgbe 0000:1f:00.1
  • Note: On some systems, `vfio-pci` may not work correctly. An alternative is the `igb_uio` driver, which may need to be compiled manually. See the official DPDK driver documentation for more details.*

Step 4: Configure VoIPmonitor

Finally, configure your `voipmonitor.conf` file to use the DPDK interface.

Mandatory Parameters

# /etc/voipmonitor.conf

# Enable DPDK mode
dpdk = yes

# Tell the sniffer to use the DPDK interface instead of a kernel interface like eth0
interface = dpdk:0

# The PCI address of the network card to use for sniffing
dpdk_pci_device = 0000:1f:00.0

# Assign dedicated CPU cores for the DPDK polling threads.
# These cores should be on the same NUMA node as the NIC.
dpdk_read_thread_cpu_affinity = 2
dpdk_worker_thread_cpu_affinity = 30

Optional Performance Parameters

# Number of receive queues on the NIC. Default is 2.
dpdk_nb_rxq = 4

# Number of packets to read in a single burst. Default is 32.
# Do not change unless advised by support.
dpdk_pkt_burst = 32

# Number of mbuf segments (x1024) in the memory pool between reader/worker threads.
# Default of 1024 allocates about 2GB of RAM. Increase for >5Gbit traffic.
dpdk_nb_mbufs = 4096

# Restrict all other voipmonitor threads to specific cores, leaving the
# DPDK cores isolated.
# By default, voipmonitor will automatically use all cores EXCEPT those
# assigned to the DPDK reader/worker.
thread_affinity = 1,3-29,31-59

Advanced OS Tuning for Maximum Performance

For the most demanding environments (6Gbit+), isolating dedicated cores from the Linux scheduler is critical.

1. Isolate CPU Cores
Edit `/etc/default/grub` and add `isolcpus=2,30` to the kernel command line. This tells the Linux scheduler to avoid scheduling any general tasks on cores 2 and 30, reserving them exclusively for our DPDK threads.
2. Enable Tickless Kernel (`NOHZ_FULL`)
To prevent even periodic timer interrupts from disturbing the polling threads, you can configure the kernel to be "tickless." This is an advanced option that may require compiling a custom kernel with `CONFIG_NO_HZ_FULL=y`. Add the following to your GRUB configuration:
`nohz=on nohz_full=2,30 rcu_nocbs=2,30`

AI Summary for RAG

Summary: This guide provides an expert-level walkthrough for configuring VoIPmonitor with DPDK (Data Plane Development Kit) for high-performance packet capture on multi-gigabit networks. It explains that DPDK bypasses the standard, interrupt-driven Linux kernel stack and uses dedicated CPU cores in "poll-mode" to read packets directly from the NIC, achieving significantly higher throughput. The guide details a four-step process: 1) Ensuring system prerequisites are met (supported NIC, BIOS settings). 2) Preparing the OS by allocating HugePages and enabling IOMMU via GRUB parameters. 3) Using the `dpdk-devbind.py` script to unbind the target network interface from its kernel driver and bind it to a DPDK driver like `vfio-pci`. 4) Configuring `voipmonitor.conf` with mandatory parameters, including `dpdk=yes`, `interface=dpdk:0`, `dpdk_pci_device`, and setting dedicated CPU cores with `dpdk_read_thread_cpu_affinity`. The article also covers advanced OS tuning, such as isolating CPU cores (`isolcpus`) and using a tickless kernel (`nohz_full`) for maximum, jitter-free performance. Keywords: dpdk, performance, high throughput, packet capture, kernel bypass, poll-mode, `dpdk-devbind`, vfio-pci, igb_uio, hugepages, iommu, cpu affinity, `isolcpus`, nohz_full, tickless kernel, `dpdk_pci_device`, `dpdk_read_thread_cpu_affinity`, `t0CPU`, packet loss Key Questions:

  • How can I capture more than 3 Gbit/s of traffic with VoIPmonitor?
  • What is DPDK and why should I use it?
  • How do I configure DPDK for VoIPmonitor?
  • What are HugePages and how do I configure them?
  • How do I bind a network card to the DPDK driver?
  • What does the `dpdk-devbind.py` script do?
  • What are the mandatory `voipmonitor.conf` settings for DPDK?
  • How do I isolate CPU cores for maximum packet capture performance?
  • What is a "tickless kernel" (`nohz_full`)?
Retrieved from "https://www.voipmonitor.org//doc/index.php?title=DPDK&oldid=5374"