Save the date DPDK Summit 2025 Prague
Skip to main content
Monthly Archives

December 2024

DPDK Dispatch December

By Monthly Newsletter

1. Main Announcements

2. Blogs, User Stories and Developer Spotlights

  • Share your latest updates here
  • Start your developer spotlight here

3. DPDK & Technologies in the news:

4. Performance Reports & Meeting Minutes

This newsletter is sent out to thousands of DPDK developers, it’s a collaborative effort. If you have a project release, pull request, community event, and/or relevant article you would like to be considered as a highlight for next month, please reply to marketing@dpdk.org

Thank you for your continued support and enthusiasm.

DPDK Team.

DPDK 24.11: Another Step Forward for Performance Networking

By Blog

DPDK has unveiled its latest release, DPDK 24.11, marking a significant step forward in performance, flexibility, and hardware integration for packet processing. Here’s what you need to know about the latest advancements, new features, and what they mean for developers and system integrators.


A Busy Release Cycle: By the Numbers

This release was the product of an impressive collaborative effort:

  • 1329 commits by 196 authors.
  • Changes across 2557 files, with 376,587 insertions and 177,108 deletions.
  • Contributions from a wide range of organizations, ensuring a diverse and robust codebase.

The new release introduces some API/ABI compatibility breakages, marking a clear departure from previous versions. The new ABI version (25) means that while 24.11 will be supported for three years, its successors (25.03 and 25.07) will maintain ABI compatibility with this release. This makes 24.11 an excellent foundation for long-term system integration and deployment.


Key Highlights of DPDK 24.11

The new features and improvements span various areas, from power management and IPv6 handling to enhanced cryptography and logging. Below are some of the most notable updates:

1. Performance and Resource Management

  • Lcore Variable Allocation: Improved CPU core management allows for more dynamic and efficient resource utilization.
  • Bit Set and Atomic Bit Manipulation: Streamlined bit operations enhance concurrency and reduce overhead.
  • Power Management Enhancements:
    • AMD uncore power management improves energy efficiency.
    • Per-CPU power management QoS for resume latency enables finer control of power-performance trade-offs.

2. Networking Features

  • IPv6 Address API: Simplifies the handling of IPv6 addresses in applications.
  • RSS Hash Key Generation: Automates generation of RSS keys, enhancing load balancing capabilities.
  • Ethernet Link Lanes: Improves support for high-speed Ethernet configurations.
  • Flow Table Index Action: Adds more control for flow-based operations, aiding advanced packet processing.

3. Hardware and Driver Support

New drivers and enhancements to existing ones extend DPDK’s hardware compatibility:

  • New Hardware Integrations:
    • Cisco ENIC VF, Marvell CN20K, Napatech NTN flow engine.
    • Realtek R8169 and ZTE drivers expand support for a broader range of network interfaces.
  • Enhanced Cryptography Support:
    • Symmetric Crypto SM4 and Asymmetric Crypto EdDSA bolster security capabilities.

4. Event and Logging Improvements

  • Event Device Features: Pre-scheduling and independent enqueue capabilities enhance event-driven processing.
  • Logging Rework: Revamped logging adds timestamps, color-coded outputs, syslog, and journal support, improving debugging and operational insights.

Welcoming New Contributors

The DPDK community grew stronger with 50 new contributors, spanning roles such as authors, reviewers, and testers. This diversity reflects the open source ethos and ensures continuous innovation.

Key contributors include individuals from Intel, Marvell, NVIDIA, Red Hat, and many others, with Intel leading in the number of commits.

A special thanks to the top reviewers who played a vital role in maintaining code quality and collaboration. Their efforts highlight the often-underappreciated task of reviewing contributions.


Looking Ahead: What’s Next?

The next release, DPDK 25.03, is slated for March 2025. Development for this version is already underway, with feature submissions open through December. This cadence ensures a predictable and collaborative development process.

For those planning deployments, DPDK 24.11’s three-year support period makes it the recommended version for stability and long-term integration.

Download DPDK 24.11 here

Elevating Network Security Performance: Suricata’s Integration with DPDK

By User Stories

Introduction

The demand for high-performance network security solutions is at an all-time high, as organizations constantly seek faster and more efficient ways to handle traffic, detect threats, and ensure real-time response capabilities. 

Suricata as an open-source high-performance network security engine has long been at the forefront of these efforts. Network security professionals appreciate Suricata for its capabilities to act as an IDS (Intrusion Detection System), IPS (Intrusion Prevention System), and as an NSM (Network Security Monitoring) system.

But it’s the integration of the Data Plane Development Kit (DPDK) into Suricata that has allowed it to reach unprecedented performance levels, providing a vital boost for packet processing at high speeds. 

This story explores the journey of Suricata’s DPDK integration, the technical challenges and solutions, and the ongoing impact on Suricata’s functionality and performance.

Origins of Suricata: A Security Solution with Community at Its Core

In 2008, a group of security-focused professionals came together with a vision to improve open-source network security. 

Victor Julien, who was working as a contractor in the network security field, joined forces with Matt Jonkman, who led an early threat intelligence project (known as Emerging Threats), and Will Metcalf, who was involved in developing an inline version of Snort—a popular intrusion detection and prevention system (IDS/IPS). 

Their collaborative work in network security sparked the idea to create something new that would address gaps in existing solutions.

The journey truly began when Victor experimented with code on his own in 2007, without expecting much traction. However, after meeting Matt and Will at a conference in the U.S. and sharing his prototype with them, the project gained momentum. 

By 2008, they secured initial seed funding from the Department of Homeland Security (DHS), allowing them to pursue their vision formally. This funding was instrumental in establishing the Open Information Security Foundation (OISF), a nonprofit entity designed to ensure that the project would remain community-oriented and free from corporate control.

From the start, they were committed to making Suricata an open-source, community-driven project. With the OSF foundation’s setup, they chose the GPLv2 license, reflecting their belief in open collaboration and safeguarding the project from being absorbed by larger corporations. DHS funding, while crucial, was temporary, so they developed a sustainable model that allowed vendors to join OSF as members, offering a more flexible licensing option.

This foundational approach set the stage for what has now been a 15-year journey of innovation and collaboration in the network security field.

“We wanted to establish an organization that would make Suricata safe from acquisition, which we’d seen happen to other open-source projects at the time.” 

– Victor Julien – Suricata IDS/IPS Lead Developer

Since then, Suricata has gained adoption from large enterprises, including AWS, which integrates Suricata in its network firewall services.

A Perfect Fit: The Role of DPDK in Suricata’s Development

With increasing demand for high-performance network security tools, Suricata’s team saw an opportunity to leverage DPDK. DPDK provides a set of libraries and drivers for fast packet processing, bypassing traditional kernel limitations. 

This high-performance potential caught the attention of users and developers alike, many of whom were eager to see DPDK integration in Suricata. Lukas Sismis, a contributor who led Suricata’s DPDK integration, explained that several teams had previously worked on integrating DPDK with Suricata. 

However, most of these efforts were specific to unique use cases and lacked general applicability, which is why they hadn’t been contributed back to the Suricata codebase.

Lukas initially engaged with Suricata’s architecture through a master’s thesis, where his primary goal was to expand Suricata’s packet capture capabilities using DPDK. He explains, “Suricata’s architecture, with its separate capture logic, made it easy to add a new capture method.” 

His work, later incorporated into Suricata’s main codebase, helped create a general-purpose DPDK integration, ensuring Suricata’s compatibility with multiple DPDK-supported network interface cards (NICs) and enabling seamless configuration.

“Suricata’s architecture, with its separate capture logic, made it easy to add a new capture method.”

 – Lukas Sismis, Software Engineer at Suricata & Cesnet

Suricata’s Architectural Evolution and DPDK Integration

Suricata’s multi-threaded, modular design made it an ideal candidate for integration with DPDK. Suricata supports packet-capturing methods through its modular “capture interface,” which allows users to swap out packet capture techniques. 

DPDK, as an input method, fits naturally within this design and supports Suricata’s scalability goal: Suricata aims to run effectively across small, low-power deployments to high-speed data centers.

Lukas’ integration efforts involved setting up DPDK within Suricata as an alternative capture method, making it possible to directly interface with high-speed NICs while bypassing kernel overhead. Some of the major steps in this integration included:

  • Creating a New Capture Method: Lukas established DPDK as a new capture method within Suricata’s architecture, mapping configuration options for different NICs.
  • Testing Different NICs: Through this process, Lukas tested various NICs supported by DPDK, noting disparities in how each handled DPDK configurations.
  • Traffic Distribution Strategies: To manage packet distribution effectively, Lukas leveraged DPDK to configure hash-based packet distribution, efficiently balancing traffic load across CPU cores.

While most initial optimizations focused on enabling basic packet capture, this work laid the foundation for further enhancements. Testing showed a notable 10-15% performance gain, an exciting outcome that validated the decision to integrate DPDK as a core feature of Suricata’s capture options.

Tackling Hardware Offloading for Enhanced Performance

Beyond standard packet capture, the Suricata team recognized a significant opportunity in DPDK’s hardware offloading capabilities. Suricata’s high-speed packet processing can greatly benefit from the offloading of repetitive tasks to hardware, potentially bypassing certain types of network traffic. 

Lukas and his team began exploring offload capabilities that would allow Suricata to selectively filter traffic in hardware.

The primary focus of Suricata’s hardware offloading research has been on:

  • Flow Bypass: Allowing Suricata to ignore certain flows after initial inspection, reducing the processing load on uninteresting traffic.
  • Packet Filter: Discarding unwanted traffic from the start helps Suricata use more resources on the important part.
  • Decapsulation and Encapsulation Offloads: Offloading these operations can reduce overhead in packet analysis, freeing up CPU resources for other tasks.

Although full offload implementation is still underway, initial testing shows promising potential. DPDK’s RegEx accelerator API, supported by NVIDIA BlueField and Marvell NICs, is an example of hardware that could handle pattern-matching offloads. This ongoing work has been presented at Suricon 2024.

Since Suricata’s detection engine performs extensive pattern matching, a hardware-based solution could significantly reduce CPU load.

Challenges and Technical Hurdles in DPDK Integration

Lukas encountered several challenges while working with DPDK, primarily related to hardware compatibility and traffic distribution. While DPDK offers a standardized API, not all NICs perform identically, which led to variations in performance during testing. 

One challenge was to cover and unify the different configurations of the load balancing hash function (RSS) in the NICs. This required NIC-specific experimentation and testing with different configuration mechanisms.

Lukas also had to modify Suricata’s configuration parsing to map settings to DPDK-compatible options, ensuring a more user-friendly experience. 

This testing phase highlighted the need for adaptable configurations to support a wide range of DPDK-enabled hardware.

Despite these challenges, Lukas’ integration work has laid a strong foundation for Suricata’s use of DPDK, making Suricata more adaptable to high-performance environments.

Leveraging Community and Industry Feedback

Suricata’s community engagement plays a vital role in its development. Lukas worked closely with the CESNET team, a network research institution with deep experience in DPDK. 

This collaboration allowed him to troubleshoot issues in real time without relying solely on online forums. In addition, Victor and Lukas sought feedback from DPDK maintainers like Thomas Monjalon and David Marchand, whose insights were invaluable in refining Suricata’s integration.

Suricata’s developers also participate in community channels, including a Discourse forum, Redmine, and a Discord server. While direct communication with the DPDK team has been limited, Suricata’s community-driven model allows users to share feedback directly with developers, accelerating improvements and ensuring the tool meets evolving needs.

Real-World Impact: Enhanced Packet Processing for Modern Network Demands

DPDK’s integration has brought measurable performance gains to Suricata, providing faster packet processing for users. Major security vendors are already leveraging Suricata with the DPDK integration in their products, attesting to its reliability and scalability.

DPDK’s impact is particularly evident in high-speed environments where packet capture bottlenecks could otherwise lead to packet drops or latency. The integration allows Suricata to handle higher packet rates efficiently, extending its utility in demanding, real-time network security use cases.

Looking Forward: New Horizons with AI and Machine Learning

As artificial intelligence and machine learning applications expand across technology sectors, Suricata’s team remains open to exploring AI-driven enhancements. 

Victor explained that AI’s most promising role would likely be in post-processing. Suricata currently exports JSON-formatted data, which can be fed into AI models for insights beyond immediate packet inspection. 

Many current machine learning models operate at a macro level, analyzing data patterns over time rather than in real time, which aligns well with Suricata’s current functionality as a data generator for other analytics tools.

Real-time AI inference for packet processing, however, remains a challenge. Victor elaborated, “Most AI models require milliseconds for inference, which is too slow for packet-level detection in real-time.” Still, the team is ready to adopt AI models once hardware advances make real-time AI feasible.

“Most AI models require milliseconds for inference, which is too slow for packet-level detection in real-time.”

– Victor Julien – Suricata IDS/IPS Lead Developer

Future Development: Suricata as a Library for Broader Integration

A major long-term goal for Suricata is to establish a core API, effectively transforming Suricata’s detection engine into a library that other tools can leverage. 

This approach could enable seamless integration of Suricata’s capabilities with other applications, such as proxy servers, endpoint security products, and cloud-based services. 

While the foundational work for this API exists, achieving a fully developed API will take time. Victor noted that this goal, motivated by growing encryption in network traffic, could broaden Suricata’s utility in increasingly secure environments.

This library initiative would allow third-party developers to incorporate Suricata’s detection features in novel ways, creating a flexible, modular ecosystem where Suricata is part of larger, more complex security infrastructures.

Expanding Community Engagement Through Events

Suricata’s annual conference, Suricon, exemplifies the project’s community-centric approach. Suricon gathers developers, users, and industry professionals to share insights, discuss roadmap goals, and showcase new features. 

With a mix of training sessions and talks, Suricon provides a valuable opportunity for knowledge exchange and collaboration. DPDK community members have shown interest in attending future events, strengthening cross-community relationships, and fostering a shared development approach.

Suricata’s collaboration model has proven instrumental in its growth. This strong community foundation ensures that Suricata can keep pace with rapidly changing security demands.

Conclusion: Pushing Network Security Boundaries

Suricata’s integration with DPDK marks a significant milestone in its evolution, empowering it to achieve higher performance, greater adaptability, and better hardware compatibility. 

From initial testing to real-world deployments, DPDK’s impact has been transformative, enabling Suricata to meet the demands of today’s high-speed, security-focused networks. 

Through community feedback, industry collaboration, and a forward-looking approach to hardware offloading and AI, Suricata continues to redefine what’s possible in open-source network security.

As Suricata looks ahead, its development team remains committed to innovation and community-driven progress. With a roadmap that includes expanded hardware offloading, AI-driven enhancements, and new API integrations, Suricata is well-positioned to lead the next generation of network security solutions. 

This DPDK integration story exemplifies how open-source collaboration can drive meaningful advancements, pushing technology forward in response to real-world needs.

Learn more about contributing to DPDK here

Kamalakshitha’s Journey from Noise-Canceling Algorithms to Open Source Networking

By Community Spotlight

In the fast-paced world of high-performance networking, DPDK (Data Plane Development Kit) stands as a powerful tool, and its success is due in no small part to the dedication of its community members. 

One such contributor is Kamalakshitha, a talented developer whose journey took her from studying electronics and communications in India to making a notable impact in open source software at Arm. 

This developer spotlight explores Kamalakshitha’s journey into tech, her entry into open source, and her contributions to the DPDK project.

From Academia to First Tech Role

Kamalakshitha’s journey in tech began with an academic foundation in Electronics and Communications, where she completed an integrated Bachelor’s and Master’s program in India. This program sparked her interest in technology, laying the groundwork for her career.

After graduation, she accepted a role as a software engineer at a startup in India. This company focused on developing noise cancellation algorithms, and her work centered on researching and implementing solutions that would filter background noise, allowing only the target sound to pass through. 

This experience gave her a strong foundation in software development, algorithm design, and research-based problem-solving—skills that would later contribute to her open source career.

Master’s in Computer Engineering and Exposure to DPDK

Seeking to deepen her technical expertise, Kamalakshitha pursued a Master’s in Computer Engineering at Texas A&M University, where her interests broadened toward network performance and user-space networking.

It was during this period that she secured an internship with Arm, a leading semiconductor company. In this role, she joined Arm’s Open Source Software team, where she was introduced to DPDK and VPP (Vector Packet Processor).

Her internship with Arm marked a pivotal moment in her career. Kamalakshitha delved into the performance analysis of VPP, by collecting and analyzing PMU(Performance monitoring unit) counters to dissect code hotspots and optimize their performance

This work familiarized her with the fundamentals of user-space networking and performance optimization, opening her eyes to DPDK’s potential to improve data processing speeds in network applications by bypassing the traditional kernel-based networking stack.

Full-Time Role at Arm and Entry into Open Source

After her internship, Kamalakshitha was interested in a full-time role with Arm’s Open Source Software team. Although no positions were available in that team at the time, she secured a role in a different team, where she focused on performance analysis for networking applications. 

This role concentrated on identifying performance bottlenecks without direct code contributions. However, her desire to contribute to the codebase led her to eventually rejoin the Open Source Software team when a position became available.

This transition was significant for Kamalakshitha, as it allowed her to fulfill her aspiration of not only identifying performance bottlenecks but also addressing them through code contributions. Joining the open-source team allowed her to actively engage with the DPDK community, sharing her insights and participating in open discussions.

Key Technical Contributions to DPDK

Kamalakshitha’s contributions to DPDK have been multifaceted. Here’s a look at some of the highlights of her work:

  1. First Patch – Driver Fix
    Her initial contribution to DPDK was a small but crucial driver fix. This patch taught her about the processes involved in open-source contributions and helped her become familiar with DPDK’s mailing list and review system.
  2. Zero Copy API
    Kamalakshitha volunteered to write test cases for DPDK’s Zero Copy API after spotting its development in the community mailing list. Her proactive approach and dedication to improvement led her to create test cases that enhanced the API’s robustness.
  3. Cache-Aware Mempool Project and Blog Post
    Recognizing that users could benefit from understanding the importance of buffer and cache line sizes for performance, Kamalakshitha undertook a project to create a blog post on cache-aware memory pooling. This piece provided an in-depth look at how certain buffer sizes and cache allocations could impact DPDK performance, transforming complex technical details into accessible knowledge for the community.
  4. Multi-Packet Receive Queue (MPRQ)
    Currently, Kamalakshitha is focused on improving the performance of DPDK’s multi-packet receive queue (MPRQ) on Arm systems. This project, centered on the Mellanox NIC, involves analyzing MPRQ configurations and their impact on packet processing, demonstrating her skill in both hardware-specific optimizations and cross-platform performance improvements.

Read Kamalakshitha’s blog Cache Awareness in DPDK Mempool for a detailed understanding of how buffer size and cache awareness influence packet processing in DPDK, including practical insights into buffer allocation strategies, cache utilization and performance benchmarks. 

Engaging with the DPDK Community

Kamalakshitha’s involvement in the DPDK community extends beyond code contributions. She first engaged through DPDK’s mailing list, where she reviewed patches and learned the nuances of community contribution. 

She credits her former manager, Honnappa Nagarahalli, with encouraging her to join Arm’s open source team, which further facilitated her entry into the DPDK community.

In addition to her formal role, Kamalakshitha has found that the open source environment allows her to connect with diverse experts across different companies. This experience has not only expanded her technical expertise but has also developed her soft skills, such as presenting technical ideas, discussing optimization methods, and building consensus on improvements with a global audience.

A Methodical Approach to Programming

Kamalakshitha’s approach to programming is systematic and meticulous. She prefers to analyze code performance and identify hotspots, using tools like perf to monitor program execution. Before implementing a fix, she visualizes potential solutions and maps out her strategy on paper. 

This analog approach allows her to organize her ideas clearly, giving her a structured plan for tackling complex coding tasks. She then methodically tests her solutions, adding only incremental changes to optimize performance.

DPDK’s Future in High-Speed Networking

Kamalakshitha is particularly excited about DPDK’s future role in emerging technologies. With the expansion of 5G networks and the rise of AI-driven applications, she sees DPDK as a foundational technology enabling high-speed data processing and low-latency communication. 

Whether it’s supporting 5G’s data transfer needs or facilitating communication between distributed AI nodes, DPDK provides a versatile, high-performance toolkit. 

She also envisions DPDK as a vital component in building data-plane stacks on top of smart NICs and other accelerators, thus broadening its applications in cutting-edge technology.

Championing Diversity in Open Source

As a woman in a traditionally male-dominated field, Kamalakshitha is aware of the challenges and opportunities that come with increasing diversity in tech. 

She notes that while progress has been made, there’s still work to be done in creating an inclusive environment. She encourages women to explore open source as a platform for professional growth, as it provides unique opportunities for visibility, learning, and collaboration.

Reflecting on her experiences, Kamalakshitha emphasizes the importance of community and role models in motivating women in tech. Seeing other female engineers in open source helps create a sense of belonging and inspires more women to participate and contribute.

Work-Life Balance and Personal Interests

Balancing a demanding career with personal life is essential for Kamalakshitha, especially after recently becoming a mother. She manages her responsibilities by setting clear priorities and taking regular breaks to recharge. 

Small rituals, like preparing healthy meals or going for short walks, help her unwind. The arrival of her child has further sharpened her time management skills, as she carefully balances work and family responsibilities.

Essential Tools and Advice for New Developers

For Kamalakshitha, perf is an indispensable tool, enabling her to perform in-depth performance analysis for her projects. On a personal level, her phone is an essential device, with applications like slack keeping her connected to her team and enabling her to join meetings on the go when necessary. (join the DPDK slack channel here)

One piece of career advice that has resonated with her is the importance of understanding the basics of any project before diving in. 

She believes that a clear grasp of the fundamentals not only accelerates learning but also enables more impactful contributions. She recommends that new developers have a quick chat with mentors to clarify the broader picture before delving into details.

Final Thoughts

Kamalakshitha’s journey from noise-canceling algorithms to open-source networking at Arm illustrates the power of perseverance, curiosity, and community. 

Through her contributions to DPDK, she is helping shape the future of high-performance networking. 

Her story is an inspiration for other developers, particularly women in tech, highlighting the benefits of open-source collaboration and the exciting opportunities it offers.

As she continues her journey in DPDK, Kamalakshitha looks forward to new projects, deeper community engagement, and expanding DPDK’s role in supporting next-generation networking technologies.

Start contributing to DPDK here.