sdn firewall

8/15/2019 SDN firewall

1/11

Sdn Based

Hardware acceleratedFIREWALL

By Net Maniacs

Abhishek KatuluruArun Kumar LokreMohd Yusuf Abdul HamidVasantham Sudheer KumarSantosh Kalakonda

NETMANIACS


2/11

NET MANIACS

Problem statement

Te S!read o" Sapphire Worm in te #$ min%tesa"ter its release

In"ectedHosts

&$$Mb!

s

&'b!

s

&$

'b!s

#$$$$

#$$$

$$

#$$$$$$

L(SS

)&*+BILLI(N


3/11

Line Rate

&$$Mb!s

&'b!s &$'b!s

HostsA,ect

ed

$*----*-

&--*-.

--

Hardware

&-*-.

Per"ormance E/al%ation

&---*.

Firmware

Hardware 0!date time+%sFirmware 0!date time.$%s

ANAL1SI

S

Problem statement


4/11

2R(P

Firewall a!!lication o/er/iewNET MANIACS

C(NTR(L

NETFP'A

N(2E & N(2E + N(2E #

N!MAL "ACKET

"ACKET #ITH"ATTE!N

ALL(W3

RER(0TE 3

INST!$CTIN"ACKET

0P2ATE2 3


5/11

PR(4ECT ARCHITECT0RENET MANIACS

(0TP0T P(RT L((50P

ARBITER

FIF(

FIF(

CP0 CP0

RE6

R(0TEHWACC

ARBITER

RE6

R(0TEHWACC

(0TP0T 70E0E

L((50PHAR2WAR

E

INST!$CTIN"ACKET

0P2ATE2


6/11

C!% arcitect%reNET MANIACS

Instr%ction

MemoryRe8ister File

Branc

Lo8ic

2ata

MemoryAL0

Instr%ction

Memory

Re8ist

er File

Branc

Lo8ic

M$%

T&9A22

I2:E; MEM WB

Memory

Ma!!ed "orHW

Acc

Tread &

Trea

d +

T+9

LW

T&9SW

T+9

A22


7/11

FIF(B0S1

CP0B0S1

Fi"o desi8nNET MANIACS

NET MANIACS 2ESI'N

C(N?ENTI(NAL STATEMACHINE

START

FIF(B0S1

PR(CESSP5T

SEN2P5T

C(N?ENTI(NAL

2ESI'NR E S E T

PAC5ET

RECEI?E2

PAC5ETPR(CES

SE2

FIF(

ScratcMemory

$Rd@PtrWr@Ptr

+..+.-

.&&

FIF(Memory

MEM(R1

MemoryMa!!ed I:(

0! to.$


8/11

MATCHER

Matc

h

Matc

h

2eniedList

CAMMatc

FIREWALL Hardware AcceleratorNET MANIACS

Parse

Lo8ic

L((50P HAR2WARE

ACC* IP L((50P

Allow

edList

CAM

en en

ACTI(N

Pac=

et

Pac=

et

IP

Normal:Inst P=t

IP


9/11

Per"ormance com!arisonNET MANIACS

om&arison a'ainst the &en Sour(e )"I *ire+all,

erforman(e bet+een H-# and S-# in terms of. Throu'h&ut

Laten(/

Re"erences9

1)Jedhe, G.S.; Ramamoorthy, A.; Varghee, K., “A Scalable High Throughut !ire"all

i# !$GA,% The 1&th '#ter#atio#al Symo(ium o# !ield$rogrammable *u(tom*omuti#g +achi#e(, !**+-, $alo Alto, *A, /SA, Aril 101, 2--, . 032.

2) 4uildi#g !ire"all o5er the So6t"are7e8#ed 9et"or: *o#troller, +ichelle Suh,Sae Hyo#g $ar:, 4yu#goo# TR'?>lectro#ic( a#d Telecommu#icatio#( Re(earch '#(titute), Korea


10/11

)es(ri&tion Com&letion )ate

"hase 0 Multi1Core "ro(essor A&ril 2 3405

"hase 3 Multi1Core Multi1threaded "ro(essor A&ril 05 3405

"hase 6 Hard+are a((elerator desi'n A&ril 37 3405

"hase 5

Im&lementation and inte'ration of

a(tion table +ith &ro(essorIn "ro'ress

"hase 8 Testin' and 9eri:(ation In "ro'ress

Proect sced%leNET MANIACS


11/11

NET MANIACS

sdn firewall

Documents