Presenting High Performance Packet Path Accelerator at Suricon 2021

Reservoir Labs is proud to sponsor Suricon 2021, where Dr. Jordi Ros-Giralt, Fellow at Reservoir Labs, presents “Enabling Suricata in the Cloud at Scale Using DPDK,” (abstract below). This year’s annual Suricon conference is hosted in Boston, Massachusetts, October 21-23, 2021, at the Boston Marriott Copley Place.  Dr. Ros-Giralt will present this talk on Friday, October 22nd (Day 3), from 11:45 to 12:30pm EST.

Dr. Ros-Giralt will present elements of Reservoir’s R-Core technology, a solution to run Suricata in the cloud efficiently and at scale. The solution is based on R-Core, a DPDK-based packet path technology designed to deliver packets from the wire to the application while minimizing compute effort. R-Core’s high-performance features include zero copy, multi-core load balancing, NUMA affinity, CPU pinning, zero-locking data structures, and multithreading, among others. R-Core supports an arbitrary number of applications (e.g., Suricata, Zeek, tcpdump, etc.) to be simultaneously connected onto the same traffic feed, avoiding expensive packet copies and saving computational cycles.

Register to attend Suricon 2021 virtually, or contact us for more information on Dr. Ros-Giralt’s work.

Abstract:

In this talk, I will present a solution to run Suricata in the cloud efficiently and at scale. The solution is based on R-Core, a DPDK-based packet path technology designed to deliver packets from the wire to the application while minimizing compute effort. R-Core’s high-performance features include zero copy, multi-core load balancing, NUMA affinity, CPU pinning, zero-locking data structures, and multithreading, among others. R-Core supports an arbitrary number of applications (e.g., Suricata, Zeek, tcpdump, etc.) to be simultaneously connected onto the same traffic feed, avoiding expensive packet copies and saving computational cycles.

By leveraging DPDK’s abstraction API, R-Core enables Suricata to run on DPDK-capable NICs, including both on premise physical appliances as well as virtual NICs available from the main cloud providers, both in virtual machines or containerized environments. In the cloud, R-Core supports network load balancing technology to enable elasticity and automatic scaling of Suricata sensors based on traffic demand.

In the presentation, I plan to present an architecture to run Suricata in the cloud providing elasticity and scalability. I will also demonstrate a cloud deployment of Suricata using R-Core by leveraging the high-performance capabilities of AWS ENA NICs and AWS Elastic Load Balancing (ELB).