PF_RING™ ZC (Zero Copy) is designed to provide high-speed packet processing capabilities for both receiving (RX) and transmitting (TX) packets at 1/10 Gbit line rates, regardless of packet size. It leverages zero-copy operations to facilitate efficient inter-process and inter-VM (KVM) communication. As a successor to DNA/LibZero, PF_RING™ ZC offers a unified and consistent API, incorporating lessons learned from previous implementations. The framework provides a simple and flexible API, built around fundamental components such as queues, workers, and pools, which can be utilized across threads, applications, and virtual machines to achieve 10 Gbit line-rate packet processing. PF_RING™ ZC includes a new generation of PF_RING™-aware drivers that can operate in both kernel and bypass modes. When installed, these drivers function as standard Linux drivers, allowing for normal networking operations. However, when used with PF_RING™, they offer improved performance by interacting directly with the framework. In zero-copy mode, the device becomes exclusively accessible to PF_RING™, bypassing the kernel for enhanced speed. PF_RING™ ZC enables zero-copy packet forwarding for KVM virtual machines, eliminating the need for PCIe passthrough. By dynamically creating ZC devices on VMs, traffic can be captured and sent in zero-copy without modifying the KVM code. This allows for 10 Gbit line rate communication to KVMs using the same commands as on a physical host. Furthermore, PF_RING™ ZC supports zero-copy operations across threads, applications, and VMs, enabling packet balancing and fanout at line rate. Even with non-PF_RING aware drivers, the zero-copy framework can be utilized. Packets can be copied (one-copy) into the ZC environment and subsequently processed in zero-copy. Unlike other kernel-bypass technologies, PF_RING™ ZC allows for selective injection of packets received in kernel-bypass into the standard Linux IP stack. The "stack" module enables the forwarding of specific packets to the IP stack as if they were received from a designated interface. Snort users can also benefit from PF_RING™ ZC through the native PF_RING™ ZC DAQ library, which offers improved performance compared to the standard PF_RING™ DAQ.

Features & Benefits

• Simple and Clean API
  • Enables the creation of complex applications with minimal code.
• On-Demand Kernel Bypass
  • PF_RING-aware drivers operate in kernel or bypass mode, offering flexibility and improved performance.
• Zero Copy Operations to Virtual Machines (KVM)
  • Allows forwarding packets in zero-copy for KVM virtual machines without PCIe passthrough.
• Zero Copy Operations
  • Enables zero copy operations across threads, applications and VMs.
• Performance
  • Achieves 10 Gbit line rate, any packet size from physical host or KVM.
• Integrating Zero-Copy with One-Copy Devices
  • The zero-copy framework can be used even with non-PF_RING aware drivers.
• Kernel Bypass and IP Stack Packet Injection
  • Allows to decide at any time what packets received in kernel-bypass you want to inject into the standard Linux IP stack.
• DAQ for Snort
  • The native PF_RING™ ZC DAQ (Snort Data AcQuisition) library is from 20% to 50% faster than the standard PF_RING™ DAQ.