AltraMayor / gatekeeper

The first open-source DDoS protection system
https://github.com/AltraMayor/gatekeeper/wiki
GNU General Public License v3.0
1.33k stars 229 forks source link

Remove hardware requirements for virtio #131

Open cjdoucette opened 6 years ago

cjdoucette commented 6 years ago

Gatekeeper still has two hardware requirements that the virtio driver/device doesn't support: checksumming and jumbo frames.

Jumbo frames could be made to be configurably on or off.

Checksumming will require a patch that adds software alternatives.

It's worth noting that once these hardware options are made optional, the only hardware requirement Gatekeeper has is multiqueue (for multiple TX queues per port; Gatekeeper can work with one RX queue per port since GK and GT can distribute packets to LLS, CPS, and GGU).

AltraMayor commented 6 years ago

Is this issue preventing Gatekeeper of running on KVM?

cjdoucette commented 6 years ago

I have a note on the Setup on Virtual Machine page about how to remove jumbo frames until we add a patch.

For checksumming, Gatekeeper can still run on KVM but the checksums will not be correct until we add software alternatives.

AltraMayor commented 5 years ago

Version 19.05 (2019 May) is adding a Poll Mode Driver (PMD) for AF_XDP. This might mean that we can write an eBPF program to eliminate all hardware demands that Gatekeeper currently has, so Gatekeeper can run anywhere.

This presentation overviews DPDK PMD for AF_XDP.