|
|
P4 cryptographic primitive support
Cíbik, Peter ; Malina, Lukáš (referee) ; Smékal, David (advisor)
This diploma thesis deals with the problem of high-speed communication security which leads to the usage of hardware accelerators, in this case high-speed FPGA NICs. Work with simplification of development of FPGA hardware accelerator applications using the P4 to VHDL compiler. Describes extension of compiler of cryptographic external objects support. Teoretical introduction of the thesis explains basics of P4 language and used technologies. Describes mapping of external objects to P4 pipeline and therefore to FPGA chip. Subsequently deals with cryptographic external object, compatible wrapper implementation and verification of design. Last part describes implementation and compiler extension, cryptographic external object support and summarizes reached goals.
|
|
|
Packet Parsing and Header Field Extraction in FPGA
Selecký, Roman ; Košař, Vlastimil (referee) ; Kořenek, Jan (advisor)
Network devices need to process packets and gather information from header fields. Packet parsers become outdated due to increasing number of protocols and frequent changes in their definitions. This thesis aims to create design of flexible and powerful packet parser. P4 language was designed to define packet processing. Flexible parsers can be constructed by combining potential of P4 with reconfigurable FPGA technology. Program mapping P4 language to designed architecture was implemented in order to promptly reflect changes in parser model.
|
|
|
P4.16 Compiler Using High Level Synthesis
Neruda, Jakub ; Kekely, Lukáš (referee) ; Martínek, Tomáš (advisor)
The P4 language is currently a hot topic in the field of network administration due to its capability to program the functionality of network devices. This language is still in development and its last revision P416 drastically changed not only the language features and syntax, but also the underlying compiler. The CESNET association supports the development of the P4 language and thus they also need to support the new standard. This work examines possible problems tied to migration, namely issues related to translation of high-level user-defined actions into VHDL description, with the help of High-level Synthesis (HLS), instantiation of so-called extern objects and the support of atomic sections. The text discusses possible ways of interconnecting the HDL components and organisation of their memory space in order to support configuration from software at runtime. The architecture of the p4c compiler is also described, complete with code examples implementing core classes participating in the compilation process. The last part of the work showcases the usage of Vivado HLS for optimizing C++ code in order to get maximum performance from the resulting firmware.
|
|
|
Network Traffic Monitoring Using the P4 Language
Patová, Pavlína ; Matoušek, Jiří (referee) ; Martínek, Tomáš (advisor)
Today we often encounter the need to monitor network and service quality. For this purpose we can use for example INT. Our goal is to find the optimal platform and associated compiler for implementing INT. We will try to find an alternative to the existing solutions (T4P4S, BMv2). However, we will also mention these two platforms and discuss their advantages and disadvantages. The result of this work is an overview of the capabilities of each compiler and the performance of the described implementations.
|
|
|
Control Flow Graph for P4 Programs
Ponek, Timotej ; Šišmiš, Lukáš (referee) ; Kekely, Lukáš (advisor)
Concept of SDN gradually became one of the most popular solutions for network management. It allows rapid reconfigurability of network devices, to reflect actual demands and to enable quick testing of new solutions, which supports overall advance in networking. This thesis focuses on P4 programming language, which is one of the implementations of SDN concept. The goal of this thesis is improvement of the existing open-source P4 compiler. More precisely, extension of a part used to generate control flow graphs. New implementation captures program flow even inside match-action tables and actions, which allows easier checking of compiler output and further optimization of compiler to reduce dead code. It also provides option to generate a fullgraph in dot format and a predefined json format that captures the flow of the program across all function blocks of the P4 program.
|
|
|
Hardware-Accelerated Cryptography For Software-Defined Networks
Cíbik, Peter
This paper presents a Software-Defined Network (SDN) cryptographic solution targetedon high-speed smart Network Interface Cards (NICs) with an FPGA chip. This solution providesa fast alternative method to develop network-oriented data processing cryptography applications foran accelerator. A high-level programming language – Programming Protocol-independent PacketProcessor (P4) – is used to avoid a complex and time-consuming hardware development. The solutionconsists of two main parts: a library of mainly used cryptographic primitives written in VHSICHardware Description Language (VHDL) i.e. a symmetric cipher (AES-GCM-256), a hash function(SHA-3), a SHA-3-based Hash-based Message Authentication Code (HMAC), a digital signaturescheme (EdDSA) and a post-quantum digital signature scheme (Dilithium), and a compiler P4/VHDLwith the support for these cryptographic components as external objects of P416.
|
|
|
Cryptographic Externs Support In P416/Vhdl Compiler For Fpga Board Target Platform
Cíbik, Peter
This paper deals with the problem of data security and secure communication at high speed, which leads to the usage of hardware accelerators, in this case high-speed FPGA NICs. It proposes an effective way how to develop applications for an FPGA-based acceleration platform. The compiler is produced by Netcope Technologies a. s. and is called Netcope P4. It allows development in high-level language P4. The key value of this product is compiler P4_16/VHDL, which compiles a P4 application source code and maps it on a target FPGA platform. The main goal of this paper is the extension of the compiler to support cryptographic external objects, which can be used in the design of applications using cryptographic features like a hash function over payload, encryption, etc. It describes design of pipeline with control block for external objects, interface of these control blocks and implementation steps.
|
|
|
Flexible Load Balancer Using P4 Language
Šesták, Jindřich ; Fukač, Tomáš (referee) ; Martínek, Tomáš (advisor)
Currently servers of internet services are usually grouped together into clusters to provide sufficient performance to serve clients' queries. Each cluster needs Load Balancer, so it can choose one server which will process query from one client. For describing such device that processes packets is convenient to use P4 language. Within this work, the principles of load balancing, design, implementation and testing of a simple Load Balancer described in P4 language were demonstrated. The program is tested using Behavioral model of P4 language on a common processor and on the NFB-200G2QL card thanks to the Netcope environment from the CESNET association
|
|
|
Protection Against DoS Attacks Using P4 Language
Vojanec, Kamil ; Fukač, Tomáš (referee) ; Kučera, Jan (advisor)
This thesis focuses on reimplementation of existing DoS (Denial of Service) attack mitigation device with high-level P4 programming language. The main reason for using P4 is to enhance adaptability and functionality to different types of DoS attacks. The created device is designed in a modular way and enables easy alterations by using interchangeable components. The target platform for this thesis is an FPGA acceleration card. The work results in designing several DoS mitigation components and implementing applications composed of these components. Pats of this work have been presented at IEEE ANCS (Symposium on Architectures for Networking and Communication Systems) in September 2019 at University of Cambridge.
|
|
|
Acceleration of Open vSwitch
Vodák, David ; Orsák, Michal (referee) ; Martínek, Tomáš (advisor)
Virtual switch is a program, which is used for connecting virtual machines to network and that is why it is a crucial part of server virtualization. However virtual switch is consuming too much performance of the server which it is running on. A measurement of Open vSwitch (OvS) indicates that for data speed of 10 Gb/s, approximately 4 cores of the processor are fully occupied. As the consumption of performance is directly proportional to transmission speed, it may eventually get to the point where the consumption of performance cannot be handled. This bachelor thesis is about acceleration of the Open vSwitch with the help of the DPDK Poll Mode Driver extended by support of the SR-IOV virtualization technology as well as the interface for offloading classification rules to hardware called RTE flow. In the scope of this thesis the SR-IOV is implemented and then tested on OvS. Furthermore, the RTE flow support was designed and partially implemented.
|
guest ::
