Presentation is loading. Please wait.

Presentation is loading. Please wait.

HARDWARE BASED PACKET FILTERING USING FPGAs (or “How hardware is better than software at judging a book by its cover”) Timothy Whelan Supervisor: Mr Barry.

Published byCameron Ferguson Modified over 8 years ago

Similar presentations

Presentation on theme: "HARDWARE BASED PACKET FILTERING USING FPGAs (or “How hardware is better than software at judging a book by its cover”) Timothy Whelan Supervisor: Mr Barry."— Presentation transcript:

1 HARDWARE BASED PACKET FILTERING USING FPGAs (or “How hardware is better than software at judging a book by its cover”) Timothy Whelan Supervisor: Mr Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University

2 Contents Problem Description FPGA Pros FPGA Cons Theory of Operation Lessons Learned Future Extensions

3 Problem Description Network nodes receive a lot of packets. Not all packets are good. Some packets are better. Wouldn’t it be nice to be able to accept/reject packets based on who the sender is and what they are sending? And let’s try to do that as fast as possible! 12 3

4 Problem Description - Goals Goals 1.Be able to classify packets according to basic 5-tuple. 1.(source/destination IP/port and transport protocol used) 2.Provides a basic context in which further decisions can be made. Be able to alter classification rules with relative ease. Times change; classification rules will need to change too. Assess feasibility of using FPGA’s. Can they do the job? Are they worth it?

5 FPGA Pros 1.Ultimately they are circuits. 2.They are also re-configurable circuits. Useful for changing classification rules. 3.Dedicated to the application. Won’t waste time on “other stuff”. 4.Xilinx support is HUGE. IP cores, code generators, user guides, application notes, case studies, reference designs, step-by-step tutorials.

6 FPGA Cons 1.Unfamiliar platform. 2.Xilinx support is HUGE! Too large to quickly learn how to use tools – ChipScope, CoreGenerator. 3.Provide best worse-case performance. A dedicated IC will always out perform an FPGA. 4.Ultra low level. But voltage level conversions are normally provided. 5.No default I/O for debugging. Have to create a form of basic I/O to use as debugging.

7 Theory of Operation RX_clk RX_dv RX_data (nybble) Rule count Ethernet cable RS-232 interface

8 Theory of Operation: Locating fields

9 Theory of Operation: Stripping fields Extracting packet data Extracting protocol number and IP address

10 Theory of Operation: Bit-for-bit AND

11 Theory of Operation: Data output To get rule counts from the device the user pushes a button on the board. The device then reads each rule count stored in memory and transmits it over a serial RS-232 interface to a connected computer.

12 Lessons Learned 1.Require much experience one does. Inference engine can destroy synchronized signals. 2.FPGA’s are extremely versatile. Range of applications: DSP – video processing – network computing. 3.RTFM If you can’t figure out how it works, read the manual. 4.It might actually work! The full process can be simulated and synthesized without timing warnings. (And the literature says so).

13 Future extensions 1.Output counts over the network Can monitor device from anywhere. 2.Implement the RAM interface. Board has a 512MB DDR2 RAM chip. 3.Add functionality. Provide more rule matching e.g. TCP flags Board as a LCD screen built on it and has a VGA output.

14

Download ppt "HARDWARE BASED PACKET FILTERING USING FPGAs (or “How hardware is better than software at judging a book by its cover”) Timothy Whelan Supervisor: Mr Barry."

Similar presentations

Nios Multi Processor Ethernet Embedded Platform Final Presentation

Nios Multi Processor Ethernet Embedded Platform Final Presentation
FPGA Configuration. Introduction What is configuration? – Process for loading data into the FPGA Configuration Data Source Configuration Data Source FPGA.

FPGA Configuration. Introduction What is configuration? – Process for loading data into the FPGA Configuration Data Source Configuration Data Source FPGA.
StreamBlade SOE TM Initial StreamBlade TM Stream Offload Engine (SOE) Single Board Computer SOE-4-PCI Rev 1.2.

StreamBlade SOE TM Initial StreamBlade TM Stream Offload Engine (SOE) Single Board Computer SOE-4-PCI Rev 1.2.
Autonomous Sensor and Control Platform Rover Tae Lee Josh Reitsema Scott Zhong Mike Chao Mark Winter.

Autonomous Sensor and Control Platform Rover Tae Lee Josh Reitsema Scott Zhong Mike Chao Mark Winter.
In this presentation you will:

In this presentation you will:
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Problems Encountered - Up to Midterm State Machine Transitions Much Too Fast - Solved by Decreasing Clock (LED Circuit) Difficult to Test LED (Column)

Problems Encountered - Up to Midterm State Machine Transitions Much Too Fast - Solved by Decreasing Clock (LED Circuit) Difficult to Test LED (Column)
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
Capstone Fall 2005 GFX-One Guitar Processor Team Carpal Tunnel September 8, 2005.

Capstone Fall 2005 GFX-One Guitar Processor Team Carpal Tunnel September 8, 2005.
Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Network Sniffer.

Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Network Sniffer.
BEEKeeper Remote Management and Debugging of Large FPGA Clusters Terry Filiba Navtej Sadhal.

BEEKeeper Remote Management and Debugging of Large FPGA Clusters Terry Filiba Navtej Sadhal.
Simulation Interface Final Presentation Guy Zur Eithan Nadir Instructor : Igal Kogan.

Simulation Interface Final Presentation Guy Zur Eithan Nadir Instructor : Igal Kogan.
VirtexIIPRO FPGA Device Functional Testing In Space environment. Performed by: Mati Musry, Yahav Bar Yosef Instuctor: Inna Rivkin Semester: Winter/Spring.

VirtexIIPRO FPGA Device Functional Testing In Space environment. Performed by: Mati Musry, Yahav Bar Yosef Instuctor: Inna Rivkin Semester: Winter/Spring.
Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Mid-Semester Presentation Spring 2005 Network Sniffer.

Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Mid-Semester Presentation Spring 2005 Network Sniffer.
Intelligent Phone Service Selector Senior Design Project 2006 Advisor: Sandip Kundu Members: Adam Conway Anh Bao Nguyen (manager) Areej Pirzada Dan Verdolino.

Intelligent Phone Service Selector Senior Design Project 2006 Advisor: Sandip Kundu Members: Adam Conway Anh Bao Nguyen (manager) Areej Pirzada Dan Verdolino.
Performed by: Guy Zur, Eithan Nadir Instructor: Igal Kogan Cooperated with: המעבדה למערכות ספרתיות מהירות High speed digital systems laboratory הטכניון.

Performed by: Guy Zur, Eithan Nadir Instructor: Igal Kogan Cooperated with: המעבדה למערכות ספרתיות מהירות High speed digital systems laboratory הטכניון.
Implementation of DSP Algorithm on SoC. Characterization presentation Student : Einat Tevel Supervisor : Isaschar Walter Accompany engineer : Emilia Burlak.

Implementation of DSP Algorithm on SoC. Characterization presentation Student : Einat Tevel Supervisor : Isaschar Walter Accompany engineer : Emilia Burlak.
FPGA-Based Arcade Emulation Danny Funk, Cory Mohling, Tony Milosch, David Gartner, John Alexander Advisor: Philip Jones Client: Joseph Zambreno.

FPGA-Based Arcade Emulation Danny Funk, Cory Mohling, Tony Milosch, David Gartner, John Alexander Advisor: Philip Jones Client: Joseph Zambreno.
Dr. Sanatan Chattopadhyay Dr. Sudipta Bandopahyaya

Dr. Sanatan Chattopadhyay Dr. Sudipta Bandopahyaya
2 Lines Electronics I 2 C Analyzer Ching-Yen Beh Robert S. Stookey Advisor: Dr. J. W. Bruce.

2 Lines Electronics I 2 C Analyzer Ching-Yen Beh Robert S. Stookey Advisor: Dr. J. W. Bruce.

Similar presentations

Ads by Google