|
|
High-speed Networks in Household
Rosenberg, Michal ; Mačák, Jaromír (referee) ; Škorpil, Vladislav (advisor)
The master thesis discusses about the relation between high-speed networks and intelligent system installation features and possibilities of this mutual interaction. Furthermore principles of KNX bus tunneling through IP networks are theoretically analyzed (KNXnet/IP). Practical use of implements KNXnet/IP shows real elements on the test panel. The control is realized by KNX@Home in the Ubuntu environment. Simulation of the real state tunneling KNX bus represent model in Opnet Modeler, which shows how the delays may change due to network load.
|
|
|
Development trends of TCP for high-speed networks
Modlitba, Jan ; Molnár, Karol (referee) ; Vyoral, Josef (advisor)
The master's thesis solve the problem of setting new TCP variants for high-speed IP networks. The first goal was to describe in detail the behaviour of TCP and then analyse a problem of utilization the available bandwidth with standard TCP in high-speed network. Work consequently deals with selection and description the most perspective ones. Further the reader is familiarized with reasonable simulation tools of existing problems and their brief description. Main part of this thesis presents examination of performance of new TCP variants for high-speed network. During the examination the aspects on efficiency and fairness of competition flows on shared bottleneck are taken. The results are tabularly displayed plus compared with each other.
|
|
|
System for Protection against DoS Attacks
Šiška, Pavel ; Wrona, Jan (referee) ; Kučera, Jan (advisor)
This bachelor's thesis deals with the design and implementation of the software part of the system for protection against DoS attacks. Nowadays Denial of Service attacks are quite common and can cause significant financial damage to internet or service providers. The main goal of this thesis was to provide software, which is focused on high-speed data throughput and can provide efficient protection against these attacks in 100 Gbps networks. Key part of the system, which is being developed in cooperation with CESNET, is hardware-accelerated network interface card, which can process incoming network traffic at full wire-speed and does the operations laid down by the software part. The main task of the software is evaluation of the information about network traffic and managing actions of the hardware accelerator. The software part of the proposed system has been successfully implemented and the properties of the system have been verified in an experimental evaluation. During the work on this thesis the first implementation of the system has already been deployed in CESNET network infrastructure.
|
|
|
Protection Against DoS Attacks Using P4 Language
Vojanec, Kamil ; Fukač, Tomáš (referee) ; Kučera, Jan (advisor)
This thesis focuses on reimplementation of existing DoS (Denial of Service) attack mitigation device with high-level P4 programming language. The main reason for using P4 is to enhance adaptability and functionality to different types of DoS attacks. The created device is designed in a modular way and enables easy alterations by using interchangeable components. The target platform for this thesis is an FPGA acceleration card. The work results in designing several DoS mitigation components and implementing applications composed of these components. Pats of this work have been presented at IEEE ANCS (Symposium on Architectures for Networking and Communication Systems) in September 2019 at University of Cambridge.
|
|
|
Software-Controlled Network Traffic Monitoring
Kekely, Lukáš ; Antichi, Gianni (referee) ; Lhotka,, Ladislav (referee) ; Kořenek, Jan (advisor)
Tato disertační práce se zabývá návrhem nového způsobu softwarově řízené (definované) hardwarové akcelerace pro moderní vysokorychlostní počítačové sítě. Hlavním cílem práce je formulace obecného, flexibilního a jednoduše použitelného konceptu akcelerace použitelného pro různé bezpečnostní a monitorovací aplikace, který by umožnil jejich reálné nasazení ve 100 Gb/s a rychlejších sítích. Disertační práce začíná rozborem aktuálního stavu poznání v oborech síťového monitorování, bezpečnosti a způsobů akcelerace zpracování vysokorychlostních síťových dat. Na základě tohoto rozboru je formulován a navržen zcela nový koncept s názvem Softwarově definované monitorování (SDM). Klíčová funkcionalita uvedeného konceptu je postavená na hardwarově akcelerované, aplikačně specifické (řízené), na tocích založené, informované redukci a distribuci zachycených síťových dat. Toto je zajištěno spojením vysokorychlostního hardwarového zpracování s flexibilním softwarovým řízením, které tak společně umožňují jednoduchou tvorbu různých komplexních a vysoce výkonných síťových aplikací. Pokročilé optimalizace a vylepšení základního SDM konceptu a jeho vybraných komponent jsou v práci též zkoumány, což vede k návrhu zcela unikátní a obecně použitelné FPGA architektury modulárního analyzátoru hlaviček paketů a vysoce výkonného klasifikátoru paketů založeného na kukaččím hashovaní. Nakonec je vytvořen vysokorychlostní SDM prototyp postavený nad FPGA akcelerační síťovou kartou, který je podrobně ověřen v podmínkách nasazení do reálných sítí. Jsou změřeny a diskutovány dosažitelné zlepšení výkonností v několika vybraných monitorovacích a bezpečnostních případech užití. Vytvořený SDM prototyp je rovněž nasazen v produkčním monitorování reálné páteřní sítě sdružení Cesnet a byl komercializován společností Netcope Technologies.
|
|
|
The DPDK DNS Probe Application Extension
Doležal, Pavel ; Kučera, Jan (referee) ; Vrána, Roman (advisor)
This master's thesis is focused on extension of the DPDK DNS Probe application that monitors DNS traffic in high speed networks. It presents framework DPDK, which can be used for fast packet processing. General architecture of the DNS system is described as well as details of its components. Basic principles of transport protocol TCP are described. It introduces an effective design and implementation of DNS packet parsing to optimize DPDK DNS Probe's performance. It also introduces a design and implementation of processing DNS messages sent over TCP for export of traffic statistics. The application's performance was tested using a high speed traffic generator Spirent.
|
|
|
System for Protection against DoS Attacks
Šiška, Pavel ; Wrona, Jan (referee) ; Kučera, Jan (advisor)
This bachelor's thesis deals with the design and implementation of the software part of the system for protection against DoS attacks. Nowadays Denial of Service attacks are quite common and can cause significant financial damage to internet or service providers. The main goal of this thesis was to provide software, which is focused on high-speed data throughput and can provide efficient protection against these attacks in 100 Gbps networks. Key part of the system, which is being developed in cooperation with CESNET, is hardware-accelerated network interface card, which can process incoming network traffic at full wire-speed and does the operations laid down by the software part. The main task of the software is evaluation of the information about network traffic and managing actions of the hardware accelerator. The software part of the proposed system has been successfully implemented and the properties of the system have been verified in an experimental evaluation. During the work on this thesis the first implementation of the system has already been deployed in CESNET network infrastructure.
|
|
|
Accelerated Detection of Network Security Threats
Piecek, Adam ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
This bachelor's thesis deals with the acceleration of IDS (Intrusion Detection System) for detection of security threats in networks. The main goal of the thesis is a proposal to use the Software Defined Monitoring (SDM) concept to accelerate the activity of IDS applications with a regard to their subsequent deployment for high-speed network analysis. The proposed system is implemented and subsequently evaluated for two selected open-source applications - Snort and Suricata. Over and above the task, native support for the SZE2 interface for packet acquisition is also implemented for the Suricata system in order to achieve even faster acceleration using an accelerated network interface card. Two alternatives of the concept are further analysed and compared in the thesis. The first alternative uses the hardware-accelerated version of SDM, while the second alternative is based on full software implementation of the SDM principle. Both alternatives are then evaluated in terms of achieved results and performance parameters of the entire system before and after the acceleration.
|
|
|
Traffic Shaping in High Speed Networks in DPDK
Doležal, Pavel ; Fukač, Tomáš (referee) ; Vrána, Roman (advisor)
This bachelor thesis is focused on traffic shaping in high speed networks. It presents framework DPDK, which can be used for fast packet processing. General traffic shaping mechanisms are described as well as traffic shaping in Linux using program tc. It also introduces a design and implementation of traffic shaper using DPDK framework for networks with 10 Gbps bandwidth. The traffic shaper uses a complex mechanism of hierarchical token bucket. The system was tested using high speed traffic generator Spirent.
|
|
|
Packet Filtration in 100 Gb Networks
Kučera, Jan ; Matoušek, Jiří (referee) ; Kořenek, Jan (advisor)
This master's thesis deals with the design and implementation of an algorithm for high-speed network packet filtering. The main goal was to provide hardware architecture, which would support large rule sets and could be used in 100 Gbps networks. The system has been designed with respect to the implementation on an FPGA card and time-space complexity trade-off. Properties of the system have been evaluated using various available rule sets. Due to the highly optimized and deep pipelined architecture it was possible to reach high working frequency (above 220 MHz) together with considerable memory reduction (on average about 72% for compared algorithms). It is also possible to efficiently store up to five thousands of filtering rules on an FPGA with only 8% of on-chip memory utilization. The architecture allows high-speed network packet filtering at wire-speed of 100 Gbps.
|
guest ::
