Scribd Logo
Importer

Bienvenue sur Scribd !

  • SDN Firewall

    Transféré par

    svasanth007
    39 vues11 pages
    SDN firewall

    Titre original

    SDN firewall

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PPTX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    SDN firewall

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    39 vues11 pages

    SDN Firewall

    Transféré par

    svasanth007
    SDN firewall

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 11

    NET

    MANIACS

    Sdn Based
    Hardware accelerated
    FIREWALL
    By

    Net Maniacs
    AbhishekKatuluru
    ArunKumarLokre
    MohdYusuf Abdul Hamid
    VasanthamSudheer Kumar
    SantoshKalakonda

    NET MANIACS

    Problem statement
    30000
    00
    Infected
    Hosts
    3000
    0
    100Mbp
    s

    3000
    LOSS
    00$1.2
    BILLION
    1Gbp
    s

    10
    Gbps

    The Spread of Sapphire Worm in the 30 minutes


    after its release

    Problem statement
    Performance
    Evaluation

    Hosts
    Affect
    ed

    ANALYSI
    S
    Hardware Update time
    2us
    Firmware Update time
    50us

    Hardware
    Firmware

    1666.5

    166.65
    16.65
    0.666
    100Mb
    ps

    66
    6.6
    1Gbps

    Line Rate

    10
    Gbps

    NET MANIACS

    Firewall application overview


    INSTRUCTION
    PACKET WITH
    NORMAL PACKET
    PATTERN
    PACKET

    CONTR
    OL

    REROUT
    UPDATE
    ALLOW
    DROP
    D
    E! !
    NETFPG
    A

    NODE 1

    NODE 2

    NODE 3

    NET MANIACS

    PROJECT ARCHITECTURE
    OUTPUT PORT LOOKUP

    INSTRUCTION
    PACKET

    ARBITER

    FIF
    O

    LOOKUP
    HARDWAR
    E

    CPU
    CPU

    UPDAT
    ED

    REROUTE
    HW
    ACC

    FIF
    O
    REROUTE
    HW
    ACC

    ARBITER

    OUTPUT QUEUE

    CPU
    CPU

    NET MANIACS

    Cpu architecture
    Threa
    d1
    Instruct
    T1:
    ion
    ADD
    SW
    Memory

    Bran
    ch
    Logic

    ID/EX

    Regist
    er File
    ALU
    ALU

    Instruct
    T2:
    ion
    ADD
    LW
    Memory

    Threa
    d2

    Regist
    er File
    Bran
    ch
    Logic

    MEM
    Data
    Memor
    y
    Memor
    y
    Mappe
    d for
    HW
    Acc

    WB

    M
    U
    X

    NET MANIACS

    Fifo design

    CONVENTIONAL
    MEMORY
    DESIGN

    NET MANIACS DESIGN


    RE
    ET S

    FIFO
    BUSY

    PACKE
    T
    RECEIV
    ED

    (Accept
    Current
    Pkt and
    Send
    Previous
    Pkt)

    CPU
    BUSY

    (CPU
    Processin
    g)

    0
    Rd_Ptr
    Wr_Ptr

    STAR
    FIFO
    T
    Memory

    FIFO

    PACKET
    PROCES
    SED

    Up to
    50%

    255
    SEND
    256
    PKT

    CONVENTIO
    NAL STATE
    MACHINE
    Scratch

    Memory
    511
    PROC
    Memory
    ESS
    Mapped
    I/O
    PKT

    FIFO
    BUSY

    NET MANIACS

    FIREWALL Hardware Accelerator


    LOOKUP HARDWARE
    ACC.

    IP LOOKUP
    IP

    Par
    Pack se
    Pack
    et Log
    et
    ic

    ACTIO
    ACTIO
    N
    N

    IP

    Allow
    Allow
    ed
    ed
    List
    List

    Deni
    Deni
    ed
    ed
    List
    List

    Matc
    h

    MATCH
    MATCH Normal/
    ER
    Inst Pkt
    ER

    Match

    CAM
    CAM
    en

    CAM
    CAM
    en

    Matc
    h

    Performance comparison

    NET MANIACS

    Comparison against the Open Source DPI Firewall.

    Performance between H/W and S/W in terms of:


    Throughput
    Latency
    References:
    1)Jedhe, G.S.; Ramamoorthy, A.; Varghee, K., A Scalable High Throughput Firewall
    in FPGA, The 16th International Symposium on Field-Programmable Custom
    Computing Machines, FCCM08, Palo Alto, CA, USA, April 14-15, 2008, pp. 43-52.
    2) Building Firewall over the Software-Defined Network Controller, Michelle Suh,
    Sae Hyong Park, Byungjoon Lee, Sunhee Yang, SDN Research Section, ETRI
    (Electronics and Telecommunications Research Institute), Korea

    Project schedule

    NET MANIACS

    Description

    Completion Date

    Phase 1

    Multi-Core Processor

    April 7 2014

    Phase 2

    Multi-Core Multi-threaded Processor

    April 14 2014

    Phase 3

    Hardware accelerator design

    April 28 2014

    Phase 4

    Implementation and integration of


    action table with processor

    In Progress

    Phase 5

    Testing and verification

    In Progress

    NET MANIACS

    Vous aimerez peut-être aussi