sdn based hardware accelerated firewall
DESCRIPTION
NET MANIACS. Sdn Based Hardware accelerated FIREWALL. By Net Maniacs. Abhishek Katuluru Arun Kumar Lokre Mohd Yusuf Abdul Hamid Vasantham Sudheer Kumar Santosh Kalakonda. Problem statement. NET MANIACS. LOSS $1.2 BILLION. 3000000. Infected Hosts. 300000. 30000. - PowerPoint PPT PresentationTRANSCRIPT
Sdn Based Hardware accelerated
FIREWALLBy Net Maniacs
Abhishek KatuluruArun Kumar LokreMohd Yusuf Abdul HamidVasantham Sudheer KumarSantosh Kalakonda
NET MANIACS
NET MANIACSProblem statement
The Spread of Sapphire Worm in the 30 minutes after its release
Infected Hosts
100Mbps 1Gbps 10 Gbps
30000
300000
3000000
LOSS$1.2 BILLION
Line Rate100Mbps 1Gbps 10 Gbps
Hosts Affected
0.6666.6
166.65
66
Hardware
16.65
Performance Evaluation
1666.5
FirmwareHardware Update time 2usFirmware Update time 50us
ANALYSIS
Problem statement
DROP
Firewall application overviewNET MANIACS
CONTROL
NETFPGA
NODE 1 NODE 2 NODE 3
NORMAL PACKETPACKET WITH PATTERN
ALLOW !REROUTE !
INSTRUCTION PACKET
UPDATED !
PROJECT ARCHITECTURENET MANIACS
OUTPUT PORT LOOKUP
ARBITER
FIFO FIFO
CPU CPURE-ROUTE HW ACC
ARBITER
RE-ROUTE HW ACC
OUTPUT QUEUE
LOOKUP HARDWARE
INSTRUCTION PACKET
UPDATED
Cpu architectureNET MANIACS
Instruction Memory Register
File
Branch Logic
Data MemoryALU
Instruction Memory
Register File
Branch Logic
MUX
T1: ADD
ID/EX MEM WB
Memory Mapped for HW
Acc
Thread 1
Thread 2
T2: LW
T1: SW
T2: ADD
FIFO BUSY(Accept
Current Pkt and Send
Previous Pkt)
CPU BUSY(CPU Processing)
Fifo designNET MANIACS
NET MANIACS DESIGN
CONVENTIONAL STATE MACHINE
START
FIFO BUSY
PROCESS PKT
SEND PKT
CONVENTIONAL DESIGN
RESETPACKET
RECEIVED
PACKET PROCESSED
FIFO
Scratch Memory
0Rd_PtrWr_Ptr
255256
511
FIFO Memory
MEMORY
Memory Mapped I/O
Up to 50%
MATCHER
Match MatchDenied
List
CAMMatch
FIREWALL Hardware AcceleratorNET MANIACS
Parse Logic
LOOKUP HARDWARE ACC. IP LOOKUP
Allowed List
CAM
en en
ACTION
Packet Packet
IP
Normal/Inst Pkt
IP
Performance comparisonNET MANIACS
Comparison against the Open Source DPI Firewall.
Performance between H/W and S/W in terms of: Throughput Latency
References:1)Jedhe, G.S.; Ramamoorthy, A.; Varghee, K., “A Scalable High Throughput Firewall in FPGA,” The 16th International Symposium on Field-Programmable Custom Computing Machines, FCCM’08, Palo Alto, CA, USA, April 14-15, 2008, pp. 43-52.
2) Building Firewall over the Software-Defined Network Controller, Michelle Suh, Sae Hyong Park, Byungjoon Lee, Sunhee Yang, SDN Research Section, ETRI (Electronics and Telecommunications Research Institute), Korea
Description Completion Date
Phase 1 Multi-Core Processor April 7 2014
Phase 2 Multi-Core Multi-threaded Processor April 14 2014
Phase 3 Hardware accelerator design April 28 2014
Phase 4 Implementation and integration of action table with processor In Progress
Phase 5 Testing and verification In Progress
Project scheduleNET MANIACS
NET MANIACS