On the Exploration of FPGAs and High-Level Synthesis Capabilities on Multi-Gigabit-per-Second Networks

Tesis doctoral inédita leída en la Universidad Autónoma de Madrid, Escuela Politécnica Superior, Departamento de Tecnología Electrónica y de las Comunicaciones. Fecha de lectura: 24-01-2020Traffic on computer networks has faced an exponential grown in recent years. Both links and communication equipment had to adapt in order to provide a minimum quality of service required for current needs. However, in recent years, a few factors have prevented commercial off-the-shelf hardware from being able to keep pace with this growth rate, consequently, some software tools are struggling to fulfill their tasks, especially at speeds higher than 10 Gbit/s. For this reason, Field Programmable Gate Arrays (FPGAs) have arisen as an alternative to address the most demanding tasks without the need to design an application specific integrated circuit, this is in part to their flexibility and programmability in the field. Needless to say, developing for FPGAs is well-known to be complex. Therefore, in this thesis we tackle the use of FPGAs and High-Level Synthesis (HLS) languages in the context of computer networks. We focus on the use of FPGA both in computer network monitoring application and reliable data transmission at very high-speed. On the other hand, we intend to shed light on the use of high level synthesis languages and boost FPGA applicability in the context of computer networks so as to reduce development time and design complexity. In the first part of the thesis, devoted to computer network monitoring. We take advantage of the FPGA determinism in order to implement active monitoring probes, which consist on sending a train of packets which is later used to obtain network parameters. In this case, the determinism is key to reduce the uncertainty of the measurements. The results of our experiments show that the FPGA implementations are much more accurate and more precise than the software counterpart. At the same time, the FPGA implementation is scalable in terms of network speed — 1, 10 and 100 Gbit/s. In the context of passive monitoring, we leverage the FPGA architecture to implement algorithms able to thin cyphered traffic as well as removing duplicate packets. These two algorithms straightforward in principle, but very useful to help traditional network analysis tools to cope with their task at higher network speeds. On one hand, processing cyphered traffic bring little benefits, on the other hand, processing duplicate traffic impacts negatively in the performance of the software tools. In the second part of the thesis, devoted to the TCP/IP stack. We explore the current limitations of reliable data transmission using standard software at very high-speed. Nowadays, the network is becoming an important bottleneck to fulfill current needs, in particular in data centers. What is more, in recent years the deployment of 100 Gbit/s network links has started. Consequently, there has been an increase scrutiny of how networking functionality is deployed, furthermore, a wide range of approaches are currently being explored to increase the efficiency of networks and tailor its functionality to the actual needs of the application at hand. FPGAs arise as the perfect alternative to deal with this problem. For this reason, in this thesis we develop Limago an FPGA-based open-source implementation of a TCP/IP stack operating at 100 Gbit/s for Xilinx’s FPGAs. Limago not only provides an unprecedented throughput, but also, provides a tiny latency when compared to the software implementations, at least fifteen times. Limago is a key contribution in some of the hottest topic at the moment, for instance, network-attached FPGA and in-network data processing

A Survey on Data Plane Programming with P4: Fundamentals, Advances, and Applied Research

With traditional networking, users can configure control plane protocols to match the specific network configuration, but without the ability to fundamentally change the underlying algorithms. With SDN, the users may provide their own control plane, that can control network devices through their data plane APIs. Programmable data planes allow users to define their own data plane algorithms for network devices including appropriate data plane APIs which may be leveraged by user-defined SDN control. Thus, programmable data planes and SDN offer great flexibility for network customization, be it for specialized, commercial appliances, e.g., in 5G or data center networks, or for rapid prototyping in industrial and academic research. Programming protocol-independent packet processors (P4) has emerged as the currently most widespread abstraction, programming language, and concept for data plane programming. It is developed and standardized by an open community and it is supported by various software and hardware platforms. In this paper, we survey the literature from 2015 to 2020 on data plane programming with P4. Our survey covers 497 references of which 367 are scientific publications. We organize our work into two parts. In the first part, we give an overview of data plane programming models, the programming language, architectures, compilers, targets, and data plane APIs. We also consider research efforts to advance P4 technology. In the second part, we analyze a large body of literature considering P4-based applied research. We categorize 241 research papers into different application domains, summarize their contributions, and extract prototypes, target platforms, and source code availability.Comment: Submitted to IEEE Communications Surveys and Tutorials (COMS) on 2021-01-2

Deployment of PON in Europe and Deep Data Analysis of GPON

This chapter discusses the extensibility of fiber to the x (FTTx) households, specifically in the territory of the European Union. The Czech Republic has made a commitment to other member states to provide connectivity of at least 100 Mbit/s for half of the households by 2020. Although Internet access in the Czech Republic is mostly dominated by wireless fidelity (WiFi), this technology is not capable of meeting the demanding current demands at a reasonable price. As a result, passive optical networks are on the rise in access networks and in mobile cell networks by fiber to the antenna (FTTA). Passive optical networks use much more complex networks. In cooperation with Orange Slovakia, the analysis of the transmitted data was conducted. The optical network unit management and control interface (OMCI) channel data, as well as the activation data associated with specific end units, were analyzed. We propose a complete analysis of the end-unit-related activation process, download, and initialization of the data image for setting the end units and voice over Internet protocol (VoIP) parameters. Finally, we performed an analysis of the transmission of dying gasp messages

Characterizing, managing and monitoring the networks for the ATLAS data acquisition system

Particle physics studies the constituents of matter and the interactions between them. Many of the elementary particles do not exist under normal circumstances in nature. However, they can be created and detected during energetic collisions of other particles, as is done in particle accelerators. The Large Hadron Collider (LHC) being built at CERN will be the world's largest circular particle accelerator, colliding protons at energies of 14 TeV. Only a very small fraction of the interactions will give raise to interesting phenomena. The collisions produced inside the accelerator are studied using particle detectors. ATLAS is one of the detectors built around the LHC accelerator ring. During its operation, it will generate a data stream of 64 Terabytes/s. A Trigger and Data Acquisition System (TDAQ) is connected to ATLAS -- its function is to acquire digitized data from the detector and apply trigger algorithms to identify the interesting events. Achieving this requires the power of over 2000 computers plus an interconnecting network capable of sustaining a throughput of over 150 Gbit/s with minimal loss and delay. The implementation of this network required a detailed study of the available switching technologies to a high degree of precision in order to choose the appropriate components. We developed an FPGA-based platform (the GETB) for testing network devices. The GETB system proved to be flexible enough to be used as the ba sis of three different network-related projects. An analysis of the traffic pattern that is generated by the ATLAS data-taking applications was also possible thanks to the GETB. Then, while the network was being assembled, parts of the ATLAS detector started commissioning -- this task relied on a functional network. Thus it was imperative to be able to continuously identify existing and usable infrastructure and manage its operations. In addition, monitoring was required to detect any overload conditions with an indication where the excess demand was being generated. We developed tools to ease the maintenance of the network and to automatically produce inventory reports. We created a system that discovers the network topology and this permitted us to verify the installation and to track its progress. A real-time traffic visualization system has been built, allowing us to see at a glance which network segments are heavily utilized. Later, as the network achieves production status, it will be necessary to extend the monitoring to identify individual applications' use of the available bandwidth. We studied a traffic monitoring technology that will allow us to have a better understanding on how the network is used. This technology, based on packet sampling, gives the possibility of having a complete view of the network: not only its total capacity utilization, but also how this capacity is divided among users and software applicati ons. This thesis describes the establishment of a set of tools designed to characterize, monitor and manage complex, large-scale, high-performance networks. We describe in detail how these tools were designed, calibrated, deployed and exploited. The work that led to the development of this thesis spans over more than four years and closely follows the development phases of the ATLAS network: its design, its installation and finally, its current and future operation

Telecommunication Systems

This book is based on both industrial and academic research efforts in which a number of recent advancements and rare insights into telecommunication systems are well presented. The volume is organized into four parts: "Telecommunication Protocol, Optimization, and Security Frameworks", "Next-Generation Optical Access Technologies", "Convergence of Wireless-Optical Networks" and "Advanced Relay and Antenna Systems for Smart Networks." Chapters within these parts are self-contained and cross-referenced to facilitate further study

Traffic Classification over Gbit Speed with Commodity Hardware

This paper discusses necessary components of a GPU-assisted traffic classification method, which is capable ofmulti-Gbps speeds on commodity hardware. The majority of the traffic classification is pushed to the GPU to offload the CPU, which then may serve other processing intensive tasks, e.g., traffic capture. The paper presents two massively parallelizable algorithms suitable for GPUs. The first one performs signature search using a modification of Zobrist hashing. The second algorithm supports connection pattern-based analysis and aggregation of matches using a parallel-prefix-sum algorithm adapted to GPU.The performance tests of the proposed methods showed that traffic classification is possible up to approximately 6 Gbps with a commodity PC

System-on-chip architecture for secure sub-microsecond synchronization systems

213 p.En esta tesis, se pretende abordar los problemas que conlleva la protección cibernética del Precision Time Protocol (PTP). Éste es uno de los protocolos de comunicación más sensibles de entre los considerados por los organismos de estandarización para su aplicación en las futuras Smart Grids o redes eléctricas inteligentes. PTP tiene como misión distribuir una referencia de tiempo desde un dispositivo maestro al resto de dispositivos esclavos, situados dentro de una misma red, de forma muy precisa. El protocolo es altamente vulnerable, ya que introduciendo tan sólo un error de tiempo de un microsegundo, pueden causarse graves problemas en las funciones de protección del equipamiento eléctrico, o incluso detener su funcionamiento. Para ello, se propone una nueva arquitectura System-on-Chip basada en dispositivos reconfigurables, con el objetivo de integrar el protocolo PTP y el conocido estándar de seguridad MACsec para redes Ethernet. La flexibilidad que los modernos dispositivos reconfigurables proporcionan, ha sido aprovechada para el diseño de una arquitectura en la que coexisten procesamiento hardware y software. Los resultados experimentales avalan la viabilidad de utilizar MACsec para proteger la sincronización en entornos industriales, sin degradar la precisión del protocolo

Analysis of Xilinx SDNet tool for packet filtering in 100 Gbps network monitoring applications

Network traffic monitoring is becoming more and more challenging due to the relentless increase in network speeds. At 100 Gbps, the classical approach of storing all traffic for a later analysis might not be feasible, since the huge volume of data that needs to be saved could make it impossible. Nevertheless, packet filtering allows network monitoring tools to focus on a certain problem, discarding all packets that are not relevant for the analysis and thus easing storage requirements. The high performance and guaranteed line-rate operation of FPGA-based solutions make them optimal for packet filtering at 100 Gbps. However, the effort required by a conventional, HDL-based FPGA development methodology might be prohibitive. To address this problem, in this work we have analyzed the results obtained with the Xilinx SDNet high-level tool for two packet filtering cases. These two filters are related to the monitoring of sites visited by network users and, for both cases, the SDNet designs were able to operate at line rate on actual 100 Gbps Ethernet links. SDNet results were also compared to HDL implementations made by an experienced engineer. Though HDL-based designs allow for reduced latency and resource utilization, SDNet excels in terms of productivity: the description of the most complex filter only takes about 100 lines of SDNet code, that is, significantly less than the HDL counterpart. While pushing the limits of the SDNet architecture, related systems from the field of Queuing Theory were also modeled and studied

Design of a Real-Time Embedded Control System for Quantum Computing Experiments

This thesis describes the design of a real-time control system for trapped ion quantum computer experiments. It is framed in the context of the QuantumIon project, a project at the University of Waterloo’s Institute for Quantum Computing that aims to provide a scalable, remote-operation ion trap for a wide variety of quantum research without the need for ‘expert’ ion-trap knowledge. The target users span the range of ion-trap researchers,algorithms researchers, performance benchmarking researchers, and quantum simulation researchers.The control system features a user programming language, remote access to a compiling server, a sub-nanosecond time sequencing engine, arbitrary waveform generation for pulse shaping, and fully adjustable internal parameters. This platform affords the user extraordinary flexibility for many research use cases without requiring physical access. High-speed precision timing is achieved through the use of FPGA technology, while internal consistency (necessary for usability by non-experts) is achieved through an abstraction layer approach. Supercomputing-grade network infrastructure is employed to meet the strict timing requirements. An extensive suite of calibration tools and results is available to monitor machine-dependent parameters of the experiment. A sophisticated symbolic algebra system is used to create powerful calculations of precision timing sequences. Extensive automation is employed to remove the need for physical access, thus providing quantum computing to a wide audience. Under this model even the lowest-level control is avail-able to support innovative new designs, while a “library” of pre-defined sequences is also available to leverage “best practice” gates for those wishing rapid results. Finally, the user language itself is designed to be portable, allowing bindings to current popular classical languages such as Matlab and Python, and can be expanded for use in quantum-specific languages such as Cirq, Quill, and QASM .Through this approach the control system for QuantumIon is a flexible, powerful, scalable, and robust platform that is expected to be in use for a long tim

An SDN-based firewall shunt for data-intensive science applications

A dissertation submitted to the Faculty of Engineering and the Built Environment, University of the Witwatersrand, Johannesburg, in fulfilment of the requirements for the degree of Master of Science in Engineering, 2016Data-intensive research computing requires the capability to transfer les over long distances at high throughput. Stateful rewalls introduce su cient packet loss to prevent researchers from fully exploiting high bandwidth-delay network links [25]. To work around this challenge, the science DMZ design [19] trades o stateful packet ltering capability for loss-free forwarding via an ordinary Ethernet switch. We propose a novel extension to the science DMZ design, which uses an SDN-based rewall. This report introduces NFShunt, a rewall based on Linux's Net lter combined with OpenFlow switching. Implemented as an OpenFlow 1.0 controller coupled to Net lter's connection tracking, NFShunt allows the bypass-switching policy to be expressed as part of an iptables rewall rule-set. Our implementation is described in detail, and latency of the control-plane mechanism is reported. TCP throughput and packet loss is shown at various round-trip latencies, with comparisons to pure switching, as well as to a high-end Cisco rewall. Cost, as well as operations and maintenance aspects, are compared and analysed. The results support reported observations regarding rewall introduced packet-loss, and indicate that the SDN design of NFShunt is a technically viable and cost-e ective approach to enhancing a traditional rewall to meet the performance needs of data-intensive researchersGS201