Open-source flexible packet parser for high data rate agile network probe

The development of a network centered life has increased overall data rates in core networks. Thus, data centers face the challenge to provide always more services at higher data rates while reacting quickly to complex failures and more powerful attacks thanks to efficient network forensics. Moreover, Software-Defined Networking (SDN) becomes a standard which offers agility but also requires forensic devices able to handle multiple configurations. Although conventional software probes are programmable and thus agile, they cannot support high data rate packet processing any more. Probes could benefit from Application Specific Integrated Circuits (ASIC) to cope with high data rates, but ASICs development time of many months makes them unable to satisfy agility requirements. With reconfiguration ability and high throughput processing without packet loss, Field Programmable Gate Arrays (FPGA) are the key technology chosen by some companies, such as Microsoft, Amazon and OVH, to be integrated into smart Network Interface Cards (NIC). Nevertheless, while high performance criteria is fulfilled, current FPGA probes benefit from an agility still limited to their conventional firmware upgrades which require proprietary tools and hardware-design time and knowledge. This paper proposes the first solution to offer FPGA probes with runtime agility thanks to a flexible packet parser which can be parameterized continuously by a software, endorsing complex tasks and SDN control. This allows a live adaptation of protocol processings from computer host alongside handling packets at line rate without data loss. The proposed parser is open-source and easily usable by network engineers through a Python software API. Benchmark results illustrate the performance of the agile high-level probe implemented on a NetFPGA SUME board, with XC7VX690T FPGA. 60 millions of 64-byte packets are counted based on features provided at runtime. These are selected by the software part, allowing the detection of different volumetric attacks within a few tens of microseconds. This represents a 40 Gb/s traffic of smallest Ethernet packets with no packet loss. With adequate boards, the generic design of the probe offers 160 Gb/s data rates and beyond on modern hardware, assuring probe scalability.

[1]  George Varghese,et al.  Design principles for packet parsers , 2013, Architectures for Networking and Communications Systems.

[2]  Víctor López,et al.  A FPGA-based scalable architecture for URL legal filtering in 100GbE networks , 2012, 2012 International Conference on Reconfigurable Computing and FPGAs.

[3]  Gordon J. Brebner,et al.  High-Speed Packet Processing using Reconfigurable Computing , 2014, IEEE Micro.

[4]  Christian Callegari,et al.  An open hardware implementation of CUSUM based network anomaly detection , 2012, 2012 IEEE Global Communications Conference (GLOBECOM).

[5]  José Luis García-Dorado,et al.  Commodity Packet Capture Engines: Tutorial, Cookbook and Applicability , 2015, IEEE Communications Surveys & Tutorials.

[6]  Sandrine Vaton,et al.  Stretching the Edges of SVM Traffic Classification With FPGA Acceleration , 2014, IEEE Transactions on Network and Service Management.

[7]  Björn Scheuermann,et al.  Partial reconfiguration and specialized circuitry for flexible FPGA-based packet processing , 2015, 2015 International Conference on ReConFigurable Computing and FPGAs (ReConFig).

[8]  Osman Salem,et al.  A scalable, efficient and informative approach for anomaly‐based intrusion detection systems: theory and practice , 2010, Int. J. Netw. Manag..

[9]  Hana Kubatova,et al.  P4-to-VHDL: Automatic Generation of 100 Gbps Packet Parsers , 2016, 2016 IEEE 24th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM).

[10]  Daniel Raumer,et al.  Comparison of frameworks for high-performance packet IO , 2015, 2015 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[11]  Jan Korenek,et al.  Design methodology of configurable high performance packet parser for FPGA , 2014, 17th International Symposium on Design and Diagnostics of Electronic Circuits & Systems.

[12]  Gordon J. Brebner Packets everywhere: The great opportunity for field programmable technology , 2009, 2009 International Conference on Field-Programmable Technology.

[13]  Gordon J. Brebner,et al.  400 Gb/s Programmable Packet Parsing on a Single FPGA , 2011, 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems.

[14]  Andrew W. Moore,et al.  NetFPGA SUME: Toward 100 Gbps as Research Commodity , 2014, IEEE Micro.

[15]  Vaughn Betz,et al.  Bringing programmability to the data plane: Packet processing with a NoC-enhanced FPGA , 2015, 2015 International Conference on Field Programmable Technology (FPT).

[16]  Andrew W. Moore,et al.  Reconfigurable Network Systems and Software-Defined Networking , 2015, Proceedings of the IEEE.

[17]  Elisa Bertino,et al.  Botnets and Internet of Things Security , 2017, Computer.