Accelerated Network Technologies

Technology

Network Security

Network security is essential for safe and nondisruptive utilization of network and its services. Network security includes monitoring of threats, anomalies and complience with network usage policy. We investigate various anomaly detection (AD) methods in terms of their detection quality and computational complexity. We also design our own algorithms for anomaly detection. To this end, we evolve and publish:

We have accelerated entropy computation and hierarchical clustering on various platforms such as mutlicores, GPU, FPGA. Both algorithms are essential for several AD methods as they allow to reveal deviations from normal traffic.

Hardware Acceleration

Network traffic processing speed is crucial in most of the network devices, because any packet drop can lead to lower quality of network services, affect precise monitoring or disallow detection of security threats. We focus on networks with 1, 10, 40 and 100 Gbps throughput and use FPGAs and MultiCORES to accelerate time critical operations for network security and monitoring appliances:

We have created framework (Netbench) for evaluation of existing algorithms and architectures, which have been designed to accelerate these time critical operations. Moreover, we have developed benchmarking tool (Procbench-toolset) to evaluate processor performance in these operations.

NetCOPE Platform for Rapid Development of Hardware Accelerated Network Applications

NetCOPE is a platform dedicated for acceleration of network applications using FPGA acceleation card. Such an accelerated network application is usually composed of two parts:

  1. Acceleration core which is placed inside the FPGA chip and implements time critical parts of application such as header field extraction, classification process, patter matching etc.;

  2. Software part of application usually provides management and control function. NetCOPE covers both hardware and software part of the platform and precisely defines the general interface between them.

The platform was designed in cooperation with CESNET and is available as a product by INVEA-TECH spin-off company. For more information see description of NetCOPE Platform.

Hardware Platforms for 1 Gbps

For hardware acceleration on 1 Gbps networks, we use different FPGA-based platforms:

These ones are solutions for use with standard personal computer. Together with standard networking cards as a commodity hardware they are used in PC configurations with powerful processors.

Another type of not only networking hardware accelerator is the Embedded development platform - uG4-150. This is a stand- alone FPGA board with quite interesting equipment such as USB 3.0 interface and many others. Complete firmware for the FPGA is based on MicroBlaze processor running Linux based operating system. Moreover, desing is quickly prototyped using EDK/SDK.

Hardware Platforms for 10 Gbps

For hardware acceleration on 10 Gbps networks, we use COMBO with 10G add-on and NetFPGA-10G PCI Express cards with powerfull FPGAs and multiple network interfaces:

hs-hw-platform.png

Figure 1.1: COMBO with 10G add-on and NetFPGA-10G

NetCOPE platform enables rapid development of new network applications on both FPGA-based acceleration cards. We use also Myricom and Intel networking cards as a commodity hardware for high performance low cost 10Gb applications with multicore processors.

© 2009/2017