|
|
The DPDK DNS Probe Application Extension
Doležal, Pavel ; Kučera, Jan (referee) ; Vrána, Roman (advisor)
This master's thesis is focused on extension of the DPDK DNS Probe application that monitors DNS traffic in high speed networks. It presents framework DPDK, which can be used for fast packet processing. General architecture of the DNS system is described as well as details of its components. Basic principles of transport protocol TCP are described. It introduces an effective design and implementation of DNS packet parsing to optimize DPDK DNS Probe's performance. It also introduces a design and implementation of processing DNS messages sent over TCP for export of traffic statistics. The application's performance was tested using a high speed traffic generator Spirent.
|
|
|
System for Protection against DoS Attacks
Šiška, Pavel ; Wrona, Jan (referee) ; Kučera, Jan (advisor)
This bachelor's thesis deals with the design and implementation of the software part of the system for protection against DoS attacks. Nowadays Denial of Service attacks are quite common and can cause significant financial damage to internet or service providers. The main goal of this thesis was to provide software, which is focused on high-speed data throughput and can provide efficient protection against these attacks in 100 Gbps networks. Key part of the system, which is being developed in cooperation with CESNET, is hardware-accelerated network interface card, which can process incoming network traffic at full wire-speed and does the operations laid down by the software part. The main task of the software is evaluation of the information about network traffic and managing actions of the hardware accelerator. The software part of the proposed system has been successfully implemented and the properties of the system have been verified in an experimental evaluation. During the work on this thesis the first implementation of the system has already been deployed in CESNET network infrastructure.
|
|
|
Accelerated Detection of Network Security Threats
Piecek, Adam ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
This bachelor's thesis deals with the acceleration of IDS (Intrusion Detection System) for detection of security threats in networks. The main goal of the thesis is a proposal to use the Software Defined Monitoring (SDM) concept to accelerate the activity of IDS applications with a regard to their subsequent deployment for high-speed network analysis. The proposed system is implemented and subsequently evaluated for two selected open-source applications - Snort and Suricata. Over and above the task, native support for the SZE2 interface for packet acquisition is also implemented for the Suricata system in order to achieve even faster acceleration using an accelerated network interface card. Two alternatives of the concept are further analysed and compared in the thesis. The first alternative uses the hardware-accelerated version of SDM, while the second alternative is based on full software implementation of the SDM principle. Both alternatives are then evaluated in terms of achieved results and performance parameters of the entire system before and after the acceleration.
|
|
|
Traffic Shaping in High Speed Networks in DPDK
Doležal, Pavel ; Fukač, Tomáš (referee) ; Vrána, Roman (advisor)
This bachelor thesis is focused on traffic shaping in high speed networks. It presents framework DPDK, which can be used for fast packet processing. General traffic shaping mechanisms are described as well as traffic shaping in Linux using program tc. It also introduces a design and implementation of traffic shaper using DPDK framework for networks with 10 Gbps bandwidth. The traffic shaper uses a complex mechanism of hierarchical token bucket. The system was tested using high speed traffic generator Spirent.
|
|
|
Packet Filtration in 100 Gb Networks
Kučera, Jan ; Matoušek, Jiří (referee) ; Kořenek, Jan (advisor)
This master's thesis deals with the design and implementation of an algorithm for high-speed network packet filtering. The main goal was to provide hardware architecture, which would support large rule sets and could be used in 100 Gbps networks. The system has been designed with respect to the implementation on an FPGA card and time-space complexity trade-off. Properties of the system have been evaluated using various available rule sets. Due to the highly optimized and deep pipelined architecture it was possible to reach high working frequency (above 220 MHz) together with considerable memory reduction (on average about 72% for compared algorithms). It is also possible to efficiently store up to five thousands of filtering rules on an FPGA with only 8% of on-chip memory utilization. The architecture allows high-speed network packet filtering at wire-speed of 100 Gbps.
|
|
|
Application Specific Processor for Stateful Network Traffic Processing
Kučera, Jan ; Matoušek, Jiří (referee) ; Kekely, Lukáš (advisor)
This bachelor's thesis deals with the design and implementation of an application-specific processor for high-speed network traffic processing. The main goal is to provide complex system for hardware acceleration of various network security and monitoring applications. The application-specific processor (hardware part of the system) is implemented on an FPGA card and has been designed with respect to be used in 100 Gbps networks. The design is based on the unique combination of high-speed hardware processing and flexible software control using a new concept called Software Defined Monitoring (SDM). The performance and throughput of the proposed system has been verified and measured.
|
|
|
Hardware Acceleration of Network Security and Monitoring Applications
Kekely, Lukáš ; Žádník, Martin (referee) ; Kořenek, Jan (advisor)
This master's thesis deals with the design of software controlled hardware acceleration system for high-speed networks. The main goal is to provide easy access to acceleration for various network security and monitoring applications. The proposed system is designed for 100 Gbps networks. It enables high-speed processing on an FPGA card together with flexible software control. The combination of hardware speed and software flexibility allows easy creation of complex high-performance network applications. Achievable performance improvement of three chosen monitoring and security applications is shown using simulation model of the designed system.
|
|
|
Fast Processing of Application-Layer Protocols
Bárta, Stanislav ; Martínek, Tomáš (referee) ; Polčák, Libor (advisor)
This master's thesis describes the design and implementation of system for processing application protocols in high-speed networks using the concept of Software Defined Monitoring. The proposed solution benefits from hardware accelerated network card performing pre-processing of network traffic based on the feedback from monitoring applications. The proposed system performs pre-processing and filtering of network traffic which is handed afterwards passed to application modules. Application modules process application protocols and generate metadata that describe network traffic. Pre-processing consists of parsing of network protocols up to the transport layer, TCP reassembling and forwarding packet flow only to modules that are looking for a given network traffic. The proposed system closely links intercept related information internal interception function (IRI-IIF) and content of communication internal interception function (CC-IIF) to minimize the performing of duplicate operations and increase the efficiency of the system.
|
|
|
High-speed Networks in Household
Rosenberg, Michal ; Mačák, Jaromír (referee) ; Škorpil, Vladislav (advisor)
The master thesis discusses about the relation between high-speed networks and intelligent system installation features and possibilities of this mutual interaction. Furthermore principles of KNX bus tunneling through IP networks are theoretically analyzed (KNXnet/IP). Practical use of implements KNXnet/IP shows real elements on the test panel. The control is realized by KNX@Home in the Ubuntu environment. Simulation of the real state tunneling KNX bus represent model in Opnet Modeler, which shows how the delays may change due to network load.
|
|
|
Wireless connections for metropolitan networks
Svoboda, Jan ; Tejkal, Vladimír (referee) ; Šporik, Jan (advisor)
This Master’s thesis analizes technologies suitable for metropolitan area networks. In this thesis there are mentioned technologies used for wireless transfer with speeds above 1 Gbps. There are described basic features and parameters of microwave radio relay links in 70/80GHz range and free space optic links. These technologies are compared with classic optical networks. Practical part of thesis was focused on development of application which calculates signal attenuation caused by the passage of the atmosphere for both technologies. Results gained from this application are mentioned in this Master’s thesis.
|
guest ::
