NetFPGA: status, uses, developments, challenges, and evaluation

The constant growth of the Internet, driven by the demand for timely access to data center networks; has meant that the technological platforms necessary to achieve this purpose are outside the current budgets. In this order to make and validate relevant, timely and relevant contributions; it is necessary that a wider community, access to evaluation, experimentation and demonstration environments with specifications that can be compared with existing networking solutions. This article introduces the NetFPGA, which is a platform to develop network hardware for reconfigurable and rapid prototyping. It’s introduces the application areas in high-performance networks, advantages for traffic analysis, packet flow, hardware acceleration, power consumption and parallel processing in real time. Likewise, it presents the advantages of the platform for research, education, innovation, and future trends of this platform. Finally, we present a performance evaluation of the tool called OSNT (Open-Source Network Tester) and shows that OSNT has 95% accuracy of timestamp with resolution of 10ns for the generation of TCP traffic, and 90% efficiency capturing packets at 10Gbps of full line-rate

Analysis of P4 and XDP for IoT programmability in 6G and beyond

Recently, two technologies have emerged to provide advanced programmability in Software-Defined Networking (SDN) environments, namely P4 and XDP. At the same time, the Internet of Things (IoT) represents a pillar of future 6G networks, which will be also sustained by SDN. In this regard, there is a need to analyze the suitability of P4 and XDP for IoT. In this article, we aim to compare both technologies to help future research efforts in the field. To this purpose, we evaluate both technologies by implementing diverse use cases, assessing their performance and providing a quick qualitative overview. All tests and designed scenarios are publicly available in GitHub to guarantee replication and serve as initial steps for researchers that want to initiate in the field. Results illustrate that currently XDP is the best option for constrained IoT devices, showing lower latency times, half of CPU usage, and reduced memory in comparison with P4. However, development of P4 programs is more straightforward and the amount of code lines is more similar regardless of the scenario. Additionally, P4 has a lot of potential in IoT if a special effort is made to improve the most common software target, BMv2.Comunidad de MadridJunta de Comunidades de Castilla-La ManchaUniversidad de Alcal

Enabling P4 Network Telemetry in Edge Micro Data Centers With Kubernetes Orchestration

Integrating computation resources with networking technologies is an hot research topic targeting the optimization of containers deployment on a set of host machines interconnected by a network infrastructure. Particularly, next generation edge nodes will offer significant advantages leveraging on integrated computation resources and networking awareness, enabling configurable, granular and monitorable quality of service to different micro-services, applications and tenants, especially in terms of bounded end-to-end latency. In this regard, SDN is a key technology enabling network telemetry and traffic switching with the granularity of the single traffic flow. However, currently available solutions are based on legacy SDN techniques, not enabling the matching of tunneled traffic, and thus require a tricky integration inside the hosts where containers are deployed. This work considers Kubernetes clusters deployed on next generation edge micro data center platforms and proposes an innovative SDN solution exploiting the P4 technology to gain visibility inside tunnelled traffic exchanged among pods. This way, the integration is achieved at the control plane level through the communication between Kubernetes and the SDN controller. The proposed solution is experimentally validated including a comprehensive framework enabling effective traffic switching and in-band telemetry at pod level. The major paper contributions consist in the design and the development of: (i) the networking applications at SDN control plane level; (ii) the P4 switch pipeline at the data plane level; (iii) the monitoring system used to collect, aggregate and elaborate the telemetry data

An Inter-domain Collaboration Scheme to Remedy DDoS Attacks in Computer Networks

Distributed Denial-of-Service (DDoS) attacks continue to trouble network operators and service providers, and with increasing intensity. Effective response to DDoS can be slow (because of manual diagnosis and interaction) and potentially self-defeating (as indiscriminate filtering accomplishes a likely goal of the attacker), and this is the result of the discrepancy between the service provider's flow-based, application-level view of traffic and the network operator's packet-based, network-level view and limited functionality. Furthermore, a network required to take action may be in an Autonomous System (AS) several AS-hops away from the service, so it has no direct relationship with the service on whose behalf it acts. This paper presents Antidose, a means of interaction between a vulnerable peripheral service and an indirectly related AS that allows the AS to confidently deploy local filtering with discrimination under the control of the remote service. We implement the core filtering mechanism of Antidose, and provide an analysis of it to demonstrate that conscious attacks against the mechanism will not expose the AS to additional attacks. We present a performance evaluation to show that the mechanism is operationally feasible in the emerging trend of operators' willingness to increase the programmability of their hardware with SDN technologies such as OpenFlow, as well as to act to mitigate attacks on downstream customers

EMU: Rapid prototyping of networking services

Due to their performance and flexibility, FPGAs are an attractive platform for the execution of network functions. It has been a challenge for a long time though to make FPGA programming accessible to a large audience of developers. An appealing solution is to compile code from a general-purpose language to hardware using high-level synthesis. Unfortunately, current approaches to implement rich network functionality are insufficient because they lack: (i) libraries with abstractions for common network operations and data structures, (ii) bindings to the underlying “substrate” on the FPGA, and (iii) debugging and profiling support. This paper describes Emu, a new standard library for an FPGA hardware compiler that enables developers to rapidly create and deploy network functionality. Emu allows for high-performance designs without being bound to particular packet processing paradigms. Furthermore, it supports running the same programs on CPUs, in Mininet, and on FPGAs, providing a better development environment that includes advanced debugging capabilities. We demonstrate that network functions implemented using Emu have only negligible resource and performance overheads compared with natively-written hardware versions

EMU: Rapid prototyping of networking services

Due to their performance and flexibility, FPGAs are an attractive platform for the execution of network functions. It has been a challenge for a long time though to make FPGA programming accessible to a large audience of developers. An appealing solution is to compile code from a general-purpose language to hardware using high-level synthesis. Unfortunately, current approaches to implement rich network functionality are insufficient because they lack: (i) libraries with abstractions for common network operations and data structures, (ii) bindings to the underlying “substrate” on the FPGA, and (iii) debugging and profiling support. This paper describes Emu, a new standard library for an FPGA hardware compiler that enables developers to rapidly create and deploy network functionality. Emu allows for high-performance designs without being bound to particular packet processing paradigms. Furthermore, it supports running the same programs on CPUs, in Mininet, and on FPGAs, providing a better development environment that includes advanced debugging capabilities. We demonstrate that network functions implemented using Emu have only negligible resource and performance overheads compared with natively-written hardware versions

Sniffer gigabit ethernet em hardware para sistemas de tempo-real

Mestrado em Engenharia Electrónica e TelecomunicaçõesAs ferramentas habituais de análise do comportamento lógico e temporal de uma rede de comunicações, conhecidas popularmente por Sniffers, são satisfatórias para as redes de uso geral. No entanto, não correspondem aos requisitos concretos de alguns protocolos de tempo-real, nomeadamente no que concerne à resolução e precisão das medições dos instantes de transmissão e recepção de mensagens. Esta incapacidade tem a sua origem no facto de estas ferramentas serem aplicações em software, a correr em computadores comuns. Nestes, as suas características multitarefa e o próprio mecanismo de “time-stamping” das mensagens não são apropriados para requisitos de tempo-real. Como resposta a esta limitação, desenvolveu-se um Sniffer Ethernet em Hardware, recorrendo-se a FPGAs e a núcleos sintetizáveis de propriedade intelectual. A ferramenta desenvolvida é capaz de capturar tráfego Gigabit num segmento Ethernet realizando o time-stamping das mensagens em hardware. Os dados são depois transferidos para um computador novamente pela via Ethernet. Do lado do PC os dados são primeiro reconhecidos pelo popular software analisador de dados, Wireshark. Seguidamente, com recurso a ferramentas de software desenvolvidas, os dados são exportados e convertidos para um formato mais conveniente para serem analisados em ferramentas de cálculo. A ferramenta mostrou ser capaz de capturar todo o tráfego procedente de uma porta Ethernet com uma precisão temporal de 8ns e um jitter de 16ns.The standard tools for analysis of the logical and temporal behavior of a communication network, commonly known as Sniffers, are satisfactory for general purpose networks. However, they are insufficient for the specific requisites of some real-time protocols, namely in what concerns the resolution and temporal precision associated with the time-stamping of the arriving messages. This incapacity has its source in the fact that these tools are software based, running in common computers. The way time-stamping ins performed on these machines, as well as the multitask features associated with them are not appropriate for the requisites of real-time systems. As an answer to this limitation, a Gigabit Ethernet hardware based was developed on an FPGA and making use of intellectual Property Cores. The tool developed is capable if capturing Gigabit Ethernet traffic on an Ethernet Link, measuring the time-stamping on hardware. The data is then transferred again through an Ethernet Port. On the PC side, all data is first captured by the popular software data analyzer, Wireshark. Next, making use of software tools developed, the data is exported to a convenient format, in order to be analyzed by math tools. The tool proved to be capable of capturing all the traffic coming from an Ethernet port with an 8ns resolution and 16ns jitter

Enhancing programmability for adaptive resource management in next generation data centre networks

Recently, Data Centre (DC) infrastructures have been growing rapidly to support a wide range of emerging services, and provide the underlying connectivity and compute resources that facilitate the "*-as-a-Service" model. This has led to the deployment of a multitude of services multiplexed over few, very large-scale centralised infrastructures. In order to cope with the ebb and flow of users, services and traffic, infrastructures have been provisioned for peak-demand resulting in the average utilisation of resources to be low. This overprovisionning has been further motivated by the complexity in predicting traffic demands over diverse timescales and the stringent economic impact of outages. At the same time, the emergence of Software Defined Networking (SDN), is offering new means to monitor and manage the network infrastructure to address this underutilisation. This dissertation aims to show how measurement-based resource management can improve performance and resource utilisation by adaptively tuning the infrastructure to the changing operating conditions. To achieve this dynamicity, the infrastructure must be able to centrally monitor, notify and react based on the current operating state, from per-packet dynamics to longstanding traffic trends and topological changes. However, the management and orchestration abilities of current SDN realisations is too limiting and must evolve for next generation networks. The current focus has been on logically centralising the routing and forwarding decisions. However, in order to achieve the necessary fine-grained insight, the data plane of the individual device must be programmable to collect and disseminate the metrics of interest. The results of this work demonstrates that a logically centralised controller can dynamically collect and measure network operating metrics to subsequently compute and disseminate fine-tuned environment-specific settings. They show how this approach can prevent TCP throughput incast collapse and improve TCP performance by an order of magnitude for partition-aggregate traffic patterns. Futhermore, the paradigm is generalised to show the benefits for other services widely used in DCs such as, e.g, routing, telemetry, and security