|
|
P4 Language-Based Description of Accelerated Device against DoS Attacks
Kuka, Mário ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
This thesis describes the development of a networking device used to defend against (D)DoS attacks using P4 language. The main purpose was to design flexible device using P4 lan-guage based on already existing device, this would allow us to quickly react and respond to new more complex DDoS attacks. The design of the device dealt with the transfer of individual parts of the firmware into the P4 language. Subsequently, the entire device firmware was designed for hardware accelerators with FPGA technology. The firmware had been designed with respect to the limitations of current P4 language compilers. The device has been tested under laboratory conditions for functionality and performance. The device will be deployed in the network infrastructure of CESNET.
|
|
|
Analysis of Captured DNS Traffic
Hmeľár, Jozef ; Kekely, Lukáš (referee) ; Kováčik, Michal (advisor)
This thesis is focused on the analysis of captured DNS traffic. Introduction of this thesis is focused of basic desciption of computer networks , DNS and description of network flows. Then, the work focused on analysis Netflow format, IPFIX and PCAP, the analysis and implementation of tool for analyzing DNS traffic in C++ programming language. The conclusion is devoted to the results of the implemented tools.
|
|
|
Control Flow Graph for P4 Programs
Ponek, Timotej ; Šišmiš, Lukáš (referee) ; Kekely, Lukáš (advisor)
Concept of SDN gradually became one of the most popular solutions for network management. It allows rapid reconfigurability of network devices, to reflect actual demands and to enable quick testing of new solutions, which supports overall advance in networking. This thesis focuses on P4 programming language, which is one of the implementations of SDN concept. The goal of this thesis is improvement of the existing open-source P4 compiler. More precisely, extension of a part used to generate control flow graphs. New implementation captures program flow even inside match-action tables and actions, which allows easier checking of compiler output and further optimization of compiler to reduce dead code. It also provides option to generate a fullgraph in dot format and a predefined json format that captures the flow of the program across all function blocks of the P4 program.
|
|
|
Hardware Acceleration of Longest Prefix Match
Kekely, Lukáš ; Tobola, Jiří (referee) ; Kořenek, Jan (advisor)
This bachelor's thesis describes design and implementation of hardware architecture for longest prefix match in order to achieve high throughput, which is required in today's high-speed computer networks. It is focused on IPv4 as-well-as IPv6 networks. Designed hardware architecture has throughput 75 Gbps on the shortest IPv4 and IPv6 packets. Performance of designed architecture is also compared with performance of chosen algorithms, which are used in nowadays commercial devices. These algorithms are: Tree Bitmap, Shape-Shifting Trie and Binary Search on Prefixes. All algorithms were implemented in C language using multi-threaded processing.
|
|
|
Hardware Acceleration of Extraction and Merging of Items from Packet Headers
Brázda, Mikuláš ; Kekely, Lukáš (referee) ; Martínek, Tomáš (advisor)
Almost every device on the network needs to extract some fields from the packet headers for its operation, perform operations on them, and forward the reassembled packet. This processing must be implemented at a speed corresponding to the line speed. On high-speed networks, specialized circuits are used to meet this requirement. As the demands on network flexibility increase, so do the demands on the flexibility of these circuits. However, making changes to the hardware description languages is complex and time consuming. This work therefore deals with the implementation of circuits for extraction and subsequent merging of packet header items using high-level synthesis.
|
|
|
User Interface for DDoS Mitigation Configuration
Man, Jakub ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
Denial of service (DoS) (česky odepření služby) je častý typ útoku na internetové zařízení a sítě. Za účelem mitigace těchto útoků bylo vyvinuto síťové zařízení ,,DDoS Protector''. Konfigurace tohoto zařízení však může být komplikovaná a pro efektivní funkci vyžaduje konfiguraci uživateli, kteří se dobře orientují v problematice DoS útoků. Tato práce se zaměřuje na zjednodušení konfigurace tohoto zařízení pomocí uživatelského rozhraní. Bude vyvinuto webové uživatelské rozhraní a aplikační rozhraní. Uživatelské rozhraní umožní i méně znalým uživatelům efektivně konfigurovat DDoS Protector. Aplikační rozhraní umožní dalším vývojářům integrovat konfiguraci tohoto zařízení do dalších aplikací.
|
|
|
Accelerating an Application for DDoS Mitigation
Vojanec, Kamil ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
This thesis focuses on optimizing and accelerating an application used for mitigating Denial of Service attacks. The goal is to analyze the existing implementation of DDoS Protector and to identify components which are suitable for optimization or hardware acceleration. Based on the analysis, improved algorithms and data structures utilizing the DPDK open-source framework are designed together with a proposal to offload certain computation elements into hardware using the RTE Flow library. The result of this thesis is a set of modules and an implementation of classification components intended to be used within the DDoS Protector application. The resulting components are then properly tested. Finally, the performance results of the original and new implementations are compared. The application shows as much as five-times improvement in terms of packet rate when using 256 classification rules.
|
|
|
Probabilistic Packet Classification Acceleration on FPGA
Kurka, Denis ; Matoušek, Jiří (referee) ; Kekely, Lukáš (advisor)
Klasifikace síťových paketů je klíčovým úkolem v síťových systémech, protože umožňuje efektivní směrování a filtrování dat. Pravděpodobnostní filtry jsou klasifikační metoda, která používá různé techniky k aproximaci členství paketu v sadě pravidel. Tato práce zkoumá tři algoritmy: Bloomův filtr, cuckoo filtr a xor filtr. Hlavním cílem je porovnat výkon těchto tří metod při implementaci jako hardwarové komponenty v FPGA systémech. Kritéria hodnocení zahrnují chybovost, maximální frekvenci a využití zdrojů FPGA se zameřením na paměť. Výsledky ukazují, že xor filtr překonává ostatní v oblasti chybovosti, ve všech kategoriích. Bloomův filtr je nejrychlejší volbou pro menší a rychlejší komponenty, kde je vyšší chybovost tolerovatelná. Cuckoo filtr je nejefektivnější z hlediska využití FPGA logiky. Tyto poznatky přispívají k vývoji optimalizovaných klasifikačních systémů a poskytují cenné informace o možnostech implementace pravděpodobnostních filtrů v hardwarových architekturách.
|
|
|
UVM Verification of DMA Medusa System
Petruška, Zdenko ; Martínek, Tomáš (referee) ; Kekely, Lukáš (advisor)
This thesis describes design and implementation of verification environment for system DMA Medusa. DMA Medusa is hardware system used for high speed transmissions between network card and RAM. Verification environment is developed in SystemVerilog using UVM. Environment is designed with intention to find functional bugs using top level random stimulus. Testbench requirements have been defined prior to its implementation. Requirements are based on system specification and previous version of testbench. Previous version has been based on different methodology. New testbench implements the functionality of previous one. In addition, some functionality has been exteded. Implemented testbench extends previous memory model by serving memory requests in random order. It also implements functional coverage focused on communication with memory and network card. Goal of functional coverage is to monitor quality of generated stimulus.
|
|
|
P4.16 Compiler Using High Level Synthesis
Neruda, Jakub ; Kekely, Lukáš (referee) ; Martínek, Tomáš (advisor)
The P4 language is currently a hot topic in the field of network administration due to its capability to program the functionality of network devices. This language is still in development and its last revision P416 drastically changed not only the language features and syntax, but also the underlying compiler. The CESNET association supports the development of the P4 language and thus they also need to support the new standard. This work examines possible problems tied to migration, namely issues related to translation of high-level user-defined actions into VHDL description, with the help of High-level Synthesis (HLS), instantiation of so-called extern objects and the support of atomic sections. The text discusses possible ways of interconnecting the HDL components and organisation of their memory space in order to support configuration from software at runtime. The architecture of the p4c compiler is also described, complete with code examples implementing core classes participating in the compilation process. The last part of the work showcases the usage of Vivado HLS for optimizing C++ code in order to get maximum performance from the resulting firmware.
|
guest ::
