| The traditional models of gigabit traffic network monitoring have been unable to meet the current situation of the development of network monitoring, this paper focuses a ten-gigabit traffic network monitor model, which is a distributed system of capturing and analyzing packets based on multi-NIC forwarding of NDIS. The model monitors network by means of a ten-gigabit NIC, and the captured packets are forwarded to lower layer packet analysis servers by several gigabit NIC of the monitoring server, the task of analyzing packets is assigned to several lower server, so that the burden of the monitoring server is reduced. Compared with the traditional model of network monitoring, the model can greatly reduce packet loss rate, and the ability of packet analysis has been greatly improved.When the multi-NIC server is forwarding packets in a large traffic, the packet forwarding efficiency of the server directly affects the lower layer servers of data analysis efficiency. For the lack of efficiency of packet forwarding, this paper proposes a solution, that is, when a packet arrives, it should put the packet to a buffer pool firstly, if a buffer is full, using a thread to forwards the packets of the buffer, so that the efficiency of packet forwarding is accelerated.After optimizing the technology of multi-NIC forwarding, the task of managing forwarding threads is assigned to system, system may allow several threads running in a core, or maybe make a thread switched in several cores, and these will greatly affect the efficiency of threads. According the way of managing kernel-level threads of Windows, this paper learns the multi-core multi-thread forwarding technology.Through setting a thread of CPU core affinity attribute, the thread can run in a specified core always, so that it improves the efficiency of threads.Finally, this paper introduces some network tools and software, and then analyze and mine packet deeply. |
PDF Full Text Request