tcp-splitter: a reconfigurable hardware based tcp/ip flow monitor
DESCRIPTION
TCP-Splitter: A Reconfigurable Hardware Based TCP/IP Flow Monitor. David V. Schuehler [email protected]. Outline. Motivation Hardware Platform Design Results Applications Questions. MOTIVATION. Problem Statement. - PowerPoint PPT PresentationTRANSCRIPT
Hot Interconnects 2002 1
TCP-Splitter: A Reconfigurable Hardware Based TCP/IP Flow MonitorDavid V. Schuehler
Hot Interconnects 2002 2
Outline
Motivation Hardware Platform Design Results Applications Questions
Hot Interconnects 2002 3
MOTIVATION
Hot Interconnects 2002 4
Problem Statement Develop a lightweight network monitoring
component that operates at multi-gigabit/second line rates.
Client Application
TrafficMonitor
Dat
aIP frames IP frames
Hot Interconnects 2002 5
Why work with TCP?
Over 85% on Internet traffic is TCP based Internet is growing TCP is a proven reliable transport for data
delivery Provide high speed active networks the ability
work with TCP flows
Hot Interconnects 2002 6
Why not use a software based monitor?
Why not implement a full TCP stack ? Large memories required for reassembly Limited number of simultaneous connections Acts as a connection endpoint Not a lightweight solution
Difficult to achieve desired performance
Hot Interconnects 2002 7
Solution Develop TCP flow monitor: TCP-Splitter Leverage existing hardware infrastructure Expand upon Layered Protocol Wrappers research
ATM Cell Wrapper
Client Application
TCP Splitter Byt
e S
trea
mAAL5 Frame Wrapper
IP Wrapper
IP frames IP frames
Hot Interconnects 2002 8
HARDWARE PLATFORM
Hot Interconnects 2002 9
Washington University Gigabit Switch
Hot Interconnects 2002 10
FPX Module
OscillatorsStatic Ram
NID (XCV600E)
RAD (XCV1000E)
PROM
Hot Interconnects 2002 11
DESIGN
Hot Interconnects 2002 12
Goals High Speed Design Small FPGA Footprint Simple Client Interface Support Large Number of Flows Utilize existing protocol wrapper framework Execute within FPX environment, and
systems like it
Hot Interconnects 2002 13
Challenges
Frames are dropped on the Internet Packets are reordering Flow state is needed for large number of
flows Widescale deployment requires an efficient
implementation Backbone networks must process data at
multi-Gigabit/second rates Hardware library should be small
Hot Interconnects 2002 14
Assumptions/Limitations
Though traffic may take diverse paths through a network, all monitored traffic must flow through the node with TCP-Splitter
Through flows are generally bidirectional, data is processed as a pair of unidirectional flows
Though data may be sent out of order, data will be forced to be processed in-order
Hot Interconnects 2002 15
TCP-Splitter
ATM Cell Wrapper
Client Application
TCP Splitter
AAL5 Frame Wrapper
IP Wrapper
Inbound
IP frames
Outbound
Byt
e S
trea
m
IP frames
Hot Interconnects 2002 16
TCP Input Module Data Flow
InputOutput
Inpu
t Sta
te M
achi
ne
FlowClassifier
ChecksumEngine
Frame FIFO
Out
put S
tate
Mac
hine
ControlFIFO
Hot Interconnects 2002 17
LayoutTCPProc
TCPInput
Frame FIFO
Input State Machine
Checksum Engine
Flow Classifier
Ou
tpu
t S
tate
Ma
chin
e
Control FIFO
TCPOutput
Packet Routing
ClientApplication
IP InputIP Output
Hot Interconnects 2002 18
Packet Routing
Non-TCP packets IP stack Invalid TCP checksum Drop TCP SYN packets IP stack (Seq # < Expected Seq #) IP stack (Seq # > Expected Seq #) Drop Else Client App AND IP stack
Hot Interconnects 2002 19
Client Interface
1 bit Clock 1 bit Reset 32 bit Data Word 2 bit Data Enable 3 bit Start/End of Data Signals 2 bit Valid Data Bytes N bit Flow Identifier 2 bit Start/End of Flow Signals 1 bit TCA
ClientApplication
Hot Interconnects 2002 20
RESULTS
Hot Interconnects 2002 21
Current State of Research
Developed, simulated, and tested design Handles 256 k simultaneous flows Synthesizes at 101MHz Executes in hardware Developing new client applications
Hot Interconnects 2002 22
Synthesis Results for Xilinx XCV1000E-7TCPSplitter Full Wrappers
(Cell + Frame + IP + TCP + Client)
Space/LUTs 617 (2%) 4954 (20%)
Register bits 503 (2%) 4933 (20%)
Processing delay 7 clock cycles * 44-68 clock cycles *
* Plus length of packet in 32 bit words
Hot Interconnects 2002 23
APPLICATIONS
Hot Interconnects 2002 24
Sample Run
Byte count SRAM writeFlow ID
Start of frameIP payload
TCP data enable
End of frame
Hot Interconnects 2002 25
Multi-Device Programmer Listens to TCP/IP conversation Extracts programming information Sends programming information to device Simultaneously programs multiple devices
ProgrammerConnection
Endpoint
TCP/IP connection
Hot Interconnects 2002 26
Stacked programmer
FPX
FPX
Line Card
98
98
9999
50
Client Server
FPX FPX
FPXFPX
FPX
FPX
50 50
50
50
5050
50
Hot Interconnects 2002 27
Conclusion A lightweight circuit, called TCP-Splitter, has been
developed which provides a client application with the ability to monitor TCP/IP flows on multi-Gigabit/second networks. Implemented in reconfigurable hardware Operates on network traffic in real-time Processes data at 3.1 Gigabits/second Requires limited resources: 2% of a Xilinx XCV1000E Eliminates the need for large reassembly buffers Monitors 256 k flows simultaneously
Hot Interconnects 2002 28
Acknowledgments
Harvey Ku Multi-Device Programmer
Dr. John Lockwood Advisor
Hot Interconnects 2002 29
QUESTIONS