1 / 11

Sdn Based Hardware accelerated FIREWALL

NET MANIACS. Sdn Based Hardware accelerated FIREWALL. By Net Maniacs. Abhishek Katuluru Arun Kumar Lokre Mohd Yusuf Abdul Hamid Vasantham Sudheer Kumar Santosh Kalakonda. Problem statement. NET MANIACS. LOSS $1.2 BILLION. 3000000. Infected Hosts. 300000. 30000.

faolan
Download Presentation

Sdn Based Hardware accelerated FIREWALL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. NET MANIACS Sdn Based Hardware accelerated FIREWALL ByNet Maniacs Abhishek KatuluruArun Kumar LokreMohd Yusuf Abdul HamidVasantham Sudheer KumarSantosh Kalakonda

  2. Problem statement NET MANIACS LOSS $1.2 BILLION 3000000 Infected Hosts 300000 30000 • The Spread of Sapphire Worm in the 30 minutes after its release 1Gbps 10 Gbps 100Mbps

  3. Problem statement Performance Evaluation Hardware ANALYSIS Hardware Update time 2us Firmware Update time 50us Firmware Hosts Affected 1666.5 166.65 16.65 66 6.6 0.666 100Mbps 1Gbps 10 Gbps Line Rate

  4. Firewall application overview NET MANIACS CONTROL NORMAL PACKET PACKET WITH PATTERN INSTRUCTION PACKET DROP ALLOW ! REROUTE ! UPDATED ! NETFPGA NODE 1 NODE 2 NODE 3

  5. PROJECT ARCHITECTURE NET MANIACS OUTPUT PORT LOOKUP INSTRUCTION PACKET ARBITER UPDATED FIFO FIFO LOOKUP HARDWARE CPU CPU RE-ROUTE HW ACC RE-ROUTE HW ACC ARBITER OUTPUT QUEUE

  6. Cpu architecture NET MANIACS Thread 1 Branch Logic ID/EX MEM WB Register File Instruction Memory T1: ADD T1: SW Data Memory MUX ALU Memory Mapped for HW Acc Register File Instruction Memory T2: ADD T2: LW Branch Logic Thread 2

  7. Fifo design NET MANIACS MEMORY NET MANIACS DESIGN CONVENTIONAL DESIGN 0 PACKET RECEIVED RESET Rd_Ptr FIFO Memory FIFO BUSY (Accept Current Pkt and Send Previous Pkt) Wr_Ptr FIFO 255 256 Scratch Memory PACKET PROCESSED CPU BUSY (CPU Processing) 511 Memory Mapped I/O Up to 50%

  8. FIREWALL Hardware Accelerator NET MANIACS LOOKUP HARDWARE ACC. IP LOOKUP ACTION MATCHER Denied List CAM Allowed List CAM IP IP Parse Logic Match Match Packet Packet Normal/ InstPkt Match en en

  9. Performance comparison NET MANIACS • Comparison against the Open Source DPI Firewall. • Performance between H/W and S/W in terms of: •  Throughput •  Latency References: 1)Jedhe, G.S.; Ramamoorthy, A.; Varghee, K., “A Scalable High Throughput Firewall in FPGA,” The 16th International Symposium on Field-Programmable Custom Computing Machines, FCCM’08, Palo Alto, CA, USA, April 14-15, 2008, pp. 43-52. 2) Building Firewall over the Software-Defined Network Controller, Michelle Suh, SaeHyong Park, Byungjoon Lee, SunheeYang, SDN Research Section, ETRI (Electronics and Telecommunications Research Institute), Korea

  10. Project schedule NET MANIACS

  11. NET MANIACS

More Related