A High-Throughput Hardware Implementation of NAT Traversal For IPSEC VPN

In this paper, we present a high-throughput FPGA implementation of IPSec core. The core supports both NAT and non-NAT mode and can be used in high speed security gateway devices. Although IPSec ESP is very computing intensive for its cryptography process, our implementation shows that it can achieve high throughput and low lantency. The system is realized on the Zynq XC7Z045 from Xilinx and was verified and tested in practice. Results show that the design can gives a peak throughput of 5.721 Gbps for the IPSec ESP tunnel mode in NAT mode and 7.753 Gbps in non-NAT mode using one single AES encrypt core. We also compare the performance of the core when running in other mode of encryption

An Architecture for QoS-capable Integrated Security Gateway to Protect Avionic Data Network

International audienceWhile the use of Internet Protocol (IP) in aviation allows new applications and benefits, it opens the doors for security risks and attacks. Many security mechanisms and solutions have evolved to mitigate the ever continuously increasing number of network attacks. Although these conventional solutions have solved some security problems, they also leave some security holes. Securing open and complex systems have become more and more complicated and obviously, the dependence on a single security mechanism gives a false sense of security while opening the doors for attackers. Hence, to ensure secure networks, several security mechanisms must work together in a harmonic multi-layered way. In addition, if we take QoS requirements into account, the problem becomes more complicated and necessitates in-depth reflexions. In this paper, we present the architecture of our QoS-capable integrated security gateway: a gateway that highly integrates well chosen technologies in the area of network security as well as QoS mechanisms to provide the strongest level of security for avionic data network; our main aim is to provide both multi-layered security and stable performances for critical network applications

Optimizing energy-efficiency for multi-core packet processing systems in a compiler framework

Network applications become increasingly computation-intensive and the amount of traffic soars unprecedentedly nowadays. Multi-core and multi-threaded techniques are thus widely employed in packet processing system to meet the changing requirement. However, the processing power cannot be fully utilized without a suitable programming environment. The compilation procedure is decisive for the quality of the code. It can largely determine the overall system performance in terms of packet throughput, individual packet latency, core utilization and energy efficiency. The thesis investigated compilation issues in networking domain first, particularly on energy consumption. And as a cornerstone for any compiler optimizations, a code analysis module for collecting program dependency is presented and incorporated into a compiler framework. With that dependency information, a strategy based on graph bi-partitioning and mapping is proposed to search for an optimal configuration in a parallel-pipeline fashion. The energy-aware extension is specifically effective in enhancing the energy-efficiency of the whole system. Finally, a generic evaluation framework for simulating the performance and energy consumption of a packet processing system is given. It accepts flexible architectural configuration and is capable of performingarbitrary code mapping. The simulation time is extremely short compared to full-fledged simulators. A set of our optimization results is gathered using the framework

AMC: Advanced Multi-accelerator Controller

The rapid advancement, use of diverse architectural features and introduction of High Level Synthesis (HLS) tools in FPGA technology have enhanced the capacity of data-level parallelism on a chip. A generic FPGA based HLS multi-accelerator system requires a microprocessor (master core) that manages memory and schedules accelerators. In a real environment, such HLS multi-accelerator systems do not give a perfect performance due to memory bandwidth issues. Thus, a system demands a memory manager and a scheduler that improves performance by managing and scheduling the multi-accelerator’s memory access patterns efficiently. In this article, we propose the integration of an intelligent memory system and efficient scheduler in the HLS-based multi-accelerator environment called Advanced Multi-accelerator Controller (AMC). The AMC system is evaluated with memory intensive accelerators, High Performance Computing (HPC) applications and implemented and tested on a Xilinx Virtex-5 ML505 evaluation FPGA board. The performance of the system is compared against the microprocessor-based systems that have been integrated with the operating system. Results show that the AMC based HLS multi-accelerator system achieves 10.4x and 7x of speedup compared to the MicroBlaze and Intel Core based HLS multi-accelerator systems.Peer ReviewedPostprint (author’s final draft

Field-based branch prediction for packet processing engines

Network processors have exploited many aspects of architecture design, such as employing multi-core, multi-threading and hardware accelerator, to support both the ever-increasing line rates and the higher complexity of network applications. Micro-architectural techniques like superscalar, deep pipeline and speculative execution provide an excellent method of improving performance without limiting either the scalability or flexibility, provided that the branch penalty is well controlled. However, it is difficult for traditional branch predictor to keep increasing the accuracy by using larger tables, due to the fewer variations in branch patterns of packet processing. To improve the prediction efficiency, we propose a flow-based prediction mechanism which caches the branch histories of packets with similar header fields, since they normally undergo the same execution path. For packets that cannot find a matching entry in the history table, a fallback gshare predictor is used to provide branch direction. Simulation results show that the our scheme achieves an average hit rate in excess of 97.5% on a selected set of network applications and real-life packet traces, with a similar chip area to the existing branch prediction architectures used in modern microprocessors

High Speed Networking In The Multi-Core Era

High speed networking is a demanding task that has traditionally been performed in dedicated, purpose built hardware or specialized network processors. These platforms sacrifice flexibility or programmability in favor of performance. Recently, there has been much interest in using multi-core general purpose processors for this task, which have the advantage of being easily programmable and upgradeable. The best way to exploit these new architectures for networking is an open question that has been the subject of much recent research. In this dissertation, I explore the best way to exploit multi-core general purpose processors for packet processing applications. This includes both new architectural organizations for the processors as well as changes to the systems software. I intend to demonstrate the efficacy of these techniques by using them to build an open and extensible network security and monitoring platform that can out perform existing solutions

A novel network architecture for train-to-wayside communication with quality of service over heterogeneous wireless networks

In the railway industry, there are nowadays different actors who would like to send or receive data from the wayside to an onboard device or vice versa. These actors are e.g., the Train Operation Company, the Train Constructing Company, a Content Provider, etc. This requires a communication module on each train and at the wayside. These modules interact with each other over heterogeneous wireless links. This system is referred to as the Train-to-Wayside Communication System (TWCS). While there are already a lot of deployments using a TWCS, the implementation of quality of service, performance enhancing proxies (PEP) and the network mobility functions have not yet been fully integrated in TWCS systems. Therefore, we propose a novel and modular IPv6-enabled TWCS architecture in this article. It jointly tackles these functions and considers their mutual dependencies and relationships. DiffServ is used to differentiate between service classes and priorities. Virtual local area networks are used to differentiate between different service level agreements. In the PEP, we propose to use a distributed TCP accelerator to optimize bandwidth usage. Concerning network mobility, we propose to use the SCTP protocol (with Dynamic Address Reconfiguration and PR-SCTP extensions) to create a tunnel per wireless link, in order to support the reliable transmission of data between the accelerators. We have analyzed different design choices, pinpointed the main implementation challenges and identified candidate solutions for the different modules in the TWCS system. As such, we present an elaborated framework that can be used for prototyping a fully featured TWCS

Will SDN be part of 5G?

For many, this is no longer a valid question and the case is considered settled with SDN/NFV (Software Defined Networking/Network Function Virtualization) providing the inevitable innovation enablers solving many outstanding management issues regarding 5G. However, given the monumental task of softwarization of radio access network (RAN) while 5G is just around the corner and some companies have started unveiling their 5G equipment already, the concern is very realistic that we may only see some point solutions involving SDN technology instead of a fully SDN-enabled RAN. This survey paper identifies all important obstacles in the way and looks at the state of the art of the relevant solutions. This survey is different from the previous surveys on SDN-based RAN as it focuses on the salient problems and discusses solutions proposed within and outside SDN literature. Our main focus is on fronthaul, backward compatibility, supposedly disruptive nature of SDN deployment, business cases and monetization of SDN related upgrades, latency of general purpose processors (GPP), and additional security vulnerabilities, softwarization brings along to the RAN. We have also provided a summary of the architectural developments in SDN-based RAN landscape as not all work can be covered under the focused issues. This paper provides a comprehensive survey on the state of the art of SDN-based RAN and clearly points out the gaps in the technology.Comment: 33 pages, 10 figure