Conference Schedule - BSDCan 2020

RFPF: fast packet filtering in userspace

Date: 2020-06-05
Time: 15:15 - 16:00
Room: Stream 1
Level: Intermediate

All times are based on Ottawa time, which is UTC -4. For example, 9AM is 1300 UTC.

Packet classification and filtering at and above 10 Gbps speeds is today mainly a realm of proprietary equipment vendors, as traditional software firewalls struggle to forward more than a few million packets per second. In this talk we'll present RFPF, a software packet filtering datapath which forwards 44 Mpps (limited by PCIe bus speed) on a commodity CPU, while doing multiple longest prefix matching lookups in large datasets (such as GeoIP, blacklists, or full-view BGP snapshots) per each packet. Our goal is to provide filtering functionality and capacity suitable for scrubbing / dampening large-scale volumetric DDOS attacks, while still being reasonably flexible for (fast) general-purpose firewalling applications. We'll describe how the prototype is constructed: a multithreaded, lockless userspace datapath coupled with a modern LPM lookup scheme, with packet I/O going through netmap, and of course, running on FreeBSD.


Marko Zec