Retina: Analyzing 100 GbE Traffic on Commodity Hardware
(2022) ACM SIGCOMM 2022 — Location: Amsterdam (22.August.2022)
Files
retina.pdf
preprint
Open Access - Adobe PDF
- 4.36 MB
Details
- Authors
Zakir Durumeric 
- Abstract
- As network speeds have increased to over 100 Gbps, operators and researchers have lost the ability to easily ask complex questions of reassembled and parsed network traffic. In this paper, we introduce Retina, a software framework that lets users analyze over 100 Gbps of real-world traffic on a single server with no specialized hardware. Retina supports running arbitrary user-defined analysis functions on a wide variety of extensible data representations ranging from raw packets to parsed application-layer handshakes. We introduce a novel filtering mechanism and subscription interface to safely and efficiently process high-speed traffic. Under the hood, Retina implements an efficient data pipeline that strategically discards unneeded traffic and defers expensive processing operations to preserve computation for complex analyses. We present the framework architecture, evaluate its performance on production traffic, and explore several applications. Our experiments show that Retina is capable of running sophisticated analyses at over 100 Gbps on a single commodity server and can support 5-100x higher traffic rates than existing solutions, dramatically reducing the effort to complete investigations on real-world networks.
- Affiliations
Citations
Gerry, W., Fengchen, G., Barbette, T., & Zakir Durumeric. (2022). Retina: Analyzing 100 GbE Traffic on Commodity Hardware. SIGCOMM ’22: Proceedings of the ACM SIGCOMM 2022 Conference. Published. ACM SIGCOMM 2022, Amsterdam. https://doi.org/10.1145/3544216.3544227 (Original work published 2022)