914 research outputs found
P4-compatible High-level Synthesis of Low Latency 100 Gb/s Streaming Packet Parsers in FPGAs
Packet parsing is a key step in SDN-aware devices. Packet parsers in SDN
networks need to be both reconfigurable and fast, to support the evolving
network protocols and the increasing multi-gigabit data rates. The combination
of packet processing languages with FPGAs seems to be the perfect match for
these requirements. In this work, we develop an open-source FPGA-based
configurable architecture for arbitrary packet parsing to be used in SDN
networks. We generate low latency and high-speed streaming packet parsers
directly from a packet processing program. Our architecture is pipelined and
entirely modeled using templated C++ classes. The pipeline layout is derived
from a parser graph that corresponds a P4 code after a series of graph
transformation rounds. The RTL code is generated from the C++ description using
Xilinx Vivado HLS and synthesized with Xilinx Vivado. Our architecture achieves
100 Gb/s data rate in a Xilinx Virtex-7 FPGA while reducing the latency by 45%
and the LUT usage by 40% compared to the state-of-the-art.Comment: Accepted for publication at the 26th ACM/SIGDA International
Symposium on Field-Programmable Gate Arrays February 25 - 27, 2018 Monterey
Marriott Hotel, Monterey, California, 7 pages, 7 figures, 1 tabl
Programming Protocol-Independent Packet Processors
P4 is a high-level language for programming protocol-independent packet
processors. P4 works in conjunction with SDN control protocols like OpenFlow.
In its current form, OpenFlow explicitly specifies protocol headers on which it
operates. This set has grown from 12 to 41 fields in a few years, increasing
the complexity of the specification while still not providing the flexibility
to add new headers. In this paper we propose P4 as a strawman proposal for how
OpenFlow should evolve in the future. We have three goals: (1)
Reconfigurability in the field: Programmers should be able to change the way
switches process packets once they are deployed. (2) Protocol independence:
Switches should not be tied to any specific network protocols. (3) Target
independence: Programmers should be able to describe packet-processing
functionality independently of the specifics of the underlying hardware. As an
example, we describe how to use P4 to configure a switch to add a new
hierarchical label
PhasorSec: Protocol Security Filters for Wide Area Measurement Systems
The addition of synchrophasors to the power grid to improve observability comes at the cost of an increased attack surface: the wide area measurement system. A common source of zero-days, that can be used to exploit the system, is improper input validation. The strict availability and timing requirements of the grid make it critical that input validation be done right and in a timely fashion. PhasorSec is a hardened security filter for the synchrophasor communication protocol, C37.118. PhasorSec is built using language theoretic principles which treat all input as a language with a specific grammar that defines what input must be accepted. An open-source version of the prototype is provided and evaluation in terms of CPU-time show that it is possible to meet the strict latency requirements. Experiments also demonstrate its effectiveness against the state-of-the-art AFL fuzzer
FLICK: developing and running application-specific network services
Data centre networks are increasingly programmable, with application-specific network services proliferating, from custom load-balancers to middleboxes providing caching and aggregation. Developers must currently implement these services using traditional low-level APIs, which neither support natural operations on application data nor provide efficient performance isolation. We describe FLICK, a framework for the programming and execution of application-specific network services on multi-core CPUs. Developers write network services in the FLICK language, which offers high-level processing constructs and application-relevant data types. FLICK programs are translated automatically to efficient, parallel task graphs, implemented in C++ on top of a user-space TCP stack. Task graphs have bounded resource usage at runtime, which means that the graphs of multiple services can execute concurrently without interference using cooperative scheduling. We evaluate FLICK with several services (an HTTP load-balancer, a Memcached router and a Hadoop data aggregator), showing that it achieves good performance while reducing development effort
- …