Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dynamic Packet-filtering in High-speed Networks Using NetFPGAs

Published byFritzi Gerstle Modified over 5 years ago

Similar presentations

Presentation on theme: "Dynamic Packet-filtering in High-speed Networks Using NetFPGAs"— Presentation transcript:

1 Dynamic Packet-filtering in High-speed Networks Using NetFPGAs
2018/12/2 Dynamic Packet-filtering in High-speed Networks Using NetFPGAs Authors : Felix Engelmann , Thomas Lukaseder Benjamin Erb,Rens van der Heijden,Frank Kargl Institute of Distributed Systems ,University of Ulm Presenter : Yi-Fang, Huang Conference :  Future Generation Communication Technology (FGCT), 2014 Third International Conference on 1 CSIE CIAL Lab

2 Outline Introduction Implementation Evaluation
2018/12/2 Outline Introduction Implementation Evaluation National Cheng Kung University CSIE Computer & Internet Architecture Lab 2 CSIE CIAL Lab

3 2018/12/2 Introduction To enable extensive filter capabilities for high-speed links as well, we developed a packet filter that directly processes data in hardware. Using the field-programmable gate array (FPGA) of a so-called NetFPGA platform, a throughput of 40 Gb/s is possible. It facilitates parsing arbitrary byte-oriented protocols and detects packets by specified header fields matching one of several rules on multiple layers. By default, filtered packets are forwarded and additionally duplicated to send them to a secondary diagnostic interface. This interface captures and analyses the packets using lightweight hardware. We evaluate our implementation in order to verify linespeed capability, which includes none or minimal obligatory influence on the packet flow. This is split into latency and throughput. 過濾幾個數據包時,所有通過link的數據包必須檢查filter為 正常運行的 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

4 Outline Introduction Implementation Evaluation
2018/12/2 Outline Introduction Implementation Evaluation National Cheng Kung University CSIE Computer & Internet Architecture Lab 4 CSIE CIAL Lab

5 Implementation-Packet Generator Architecture
2018/12/2 Implementation-Packet Generator Architecture It consists of two parts. One is used for buffering and forwarding packets to the right output ports and another more involved part, which is the actual parser and filter. National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

6 Implementation-Environment
2018/12/2 Implementation-Environment For the buffering and forwarding framework, it is crucial to perform with minimal impact on the data flow. The buffer is a FIFO buffer with the width of one word and a total size of 2048 bytes. To avoid overflows, it can stall the input. This FIFO buffer stores as many words as needed to determine the output of the packet. As soon as the destination is made available in a second small FIFO buffer, data can be forwarded. The output handler monitors the destination buffer. As long as there is an entry in it, the next packet from the data buffer is forwarded to the indicated port. This process allows a pipelined operation, where several packets can be in the buffer concurrently. Next, packets are transmitted sequentially out of the FIFO buffer in correct order. When the filtering is completed after the first word of every packet, the module induces only the inevitable delay of a single cycle. National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

7 Implementation-Parsing
2018/12/2 Implementation-Parsing The parsing of the protocol stack is done in parallel while writing the input to the data buffer. The process is implemented by a finite-state machine, in which each node corresponds to one layer in the stack. The Ethernet frame header has a minimum length of 14 bytes and it can be extended by multiples of 4 bytes (e.g. by an additional VLAN tag). This does not affect the headers inside, which are mostly aligned to 32 bit. As a result, a lot of fields span across two data words. To simplify the extraction of header fields, we provide a virtual word stream aligned to the start of the network header National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

8 Implementation-Parsing
2018/12/2 Implementation-Parsing Therefore, the structure of the consecutive nodes is characterised by a switch statement, selecting the protocol specified by the preceding layer. Each case must specify an offset to the next header and a type for the nested protocol. The positions of the required fields can easily be calculated within the virtual word, which is completed by the first part of the current AXIs word. Also a check has to be included, if the header spans multiple words to update the front part of the virtual word and increment the word counter to keep track of the position within the packet. National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

9 Implementation-Parsing
2018/12/2 Implementation-Parsing On completion of one node, the flag to retain the data flow is set and the state machine is transitioned to the state of the next layer . If the encapsulated header is not recognised, the transition goes directly to the final state of the FSM. In the final state, a check is performed to determine whether the packet is already completely received . This works by verifying that the current word is the last word of this packet. If the packet is completely received, the process uses an additional cycle in which the previously extracted header fields are stored to registers. If the packet is not completely received, the filtering actions described in the next section are performed in parallel to storing the input stream into the FIFO buffer. In the second cycle of the final state the extracted fields are matches against the specified filter. National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

10 Implementation-Filtering
2018/12/2 Implementation-Filtering When the collection of header fields as part of the parsing process is finished and when all fields are stored in temporary registers, these can be matched independently of their former position in the packet. The host can write and read the mask and filter data via the AXI bus over the PCIe interface. National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

11 Outline Introduction Implementation Evaluation
2018/12/2 Outline Introduction Implementation Evaluation National Cheng Kung University CSIE Computer & Internet Architecture Lab 11 CSIE CIAL Lab

12 2018/12/2 Evaluation The intent of our work was to implement a linespeed filter on the NetFPGA. To verify this goal, we assembled a generic test setup. This consists of the NetFPGA card at its core and two additional systems, each equipped with an intel 10G X520-2 NIC. National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

13 2018/12/2 Evaluation-Latency The intent of our work was to implement a linespeed filter on the NetFPGA. To verify this goal, we assembled a generic test setup. This consists of the NetFPGA card at its core and two additional systems, each equipped with an intel 10G X520-2 NIC. The experimental results fully comply with our prediction that larger packets need more time. In case of the direct link, it has the lowest RTT. Host_iface則是處理那些由軟體端修改的Register值,把他寫入硬體的Register中 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

14 Evaluation-Throughput
2018/12/2 Evaluation-Throughput the direct link between the NICs, a throughput of about 9.9 Gb/s could be reached, but the data path of the NetFPGA is limited to the maximum transmission unit (MTU) of 1500 bytes. This reduces throughput to 9.5 Gb/s. By controlling the MTU on the link, the packet size can be adjusted. 如果user指定了某個pad(Pcap中某個Packet段),則它將包含在模塊頭中 National Cheng Kung University CSIE Computer & Internet Architecture Lab CSIE CIAL Lab

Download ppt "Dynamic Packet-filtering in High-speed Networks Using NetFPGAs"

Similar presentations

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.
20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 IP - The Internet Protocol Relates to Lab 2. A module on the Internet Protocol.

1 IP - The Internet Protocol Relates to Lab 2. A module on the Internet Protocol.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
CS 582 / CMPE 481 Distributed Systems Communications.

CS 582 / CMPE 481 Distributed Systems Communications.
CS335 Networking & Network Administration Tuesday, May 11, 2010.

CS335 Networking & Network Administration Tuesday, May 11, 2010.
Chapter 9 Classification And Forwarding. Outline.

Chapter 9 Classification And Forwarding. Outline.
Connecting LANs, Backbone Networks, and Virtual LANs

Connecting LANs, Backbone Networks, and Virtual LANs
Semester 1 Module 8 Ethernet Switching Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology

Semester 1 Module 8 Ethernet Switching Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology
Chapter 4: Managing LAN Traffic

Chapter 4: Managing LAN Traffic
G64INC Introduction to Network Communications Ho Sooi Hock Internet Protocol.

G64INC Introduction to Network Communications Ho Sooi Hock Internet Protocol.
Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.

Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.
Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.

Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Chapter 21: IP Encapsulation, Fragmentation & Reassembly

Chapter 21: IP Encapsulation, Fragmentation & Reassembly
Dr. John P. Abraham Professor UTPA

Dr. John P. Abraham Professor UTPA
Chapter 81 Internet Protocol (IP) Our greatest glory is not in never failing, but in rising up every time we fail. - Ralph Waldo Emerson.

Chapter 81 Internet Protocol (IP) Our greatest glory is not in never failing, but in rising up every time we fail. - Ralph Waldo Emerson.
25-Oct-15Network Layer Connecting Devices Networks do not normally operate in isolation.They are connected to one another using connecting devices. The.

25-Oct-15Network Layer Connecting Devices Networks do not normally operate in isolation.They are connected to one another using connecting devices. The.
Cisco 3 - Switching Perrine. J Page 16/4/2016 Chapter 4 Switches The performance of shared-medium Ethernet is affected by several factors: data frame broadcast.

Cisco 3 - Switching Perrine. J Page 16/4/2016 Chapter 4 Switches The performance of shared-medium Ethernet is affected by several factors: data frame broadcast.
OpenFlow MPLS and the Open Source Label Switched Router Department of Computer Science and Information Engineering, National Cheng Kung University, Tainan,

OpenFlow MPLS and the Open Source Label Switched Router Department of Computer Science and Information Engineering, National Cheng Kung University, Tainan,

Similar presentations

Ads by Google