NetFPGA

Abstract: Modern datacenter networks provide very high capacity via redundant Clos topologies and low switch latency, but transport protocols rarely deliver matching performance. We present NDP, a novel data-center transport architecture that achieves near-optimal completion times for short transfers and high flow throughput in a wide range of scenarios, including incast. NDP switch buffers are very shallow and when they fill the switches trim packets to headers and priority forward the headers. This gives receivers a full view of instantaneous demand from all senders, and is the basis for our novel, high-performance, multipath-aware transport protocol that can deal gracefully with massive incast events and prioritize traffic from different senders on RTT timescales. We implemented NDP in Linux hosts with DPDK, in a software switch, in a NetFPGA-based hardware switch, and in P4. We evaluate NDP's performance in our implementations and in large-scale simulations, simultaneously demonstrating support for very low-latency and high throughput.

Abstract: The demand-led growth of datacenter networks has meant that many constituent technologies are beyond the research community's budget. NetFPGA SUME is an FPGA-based PCI Express board with I/O capabilities for 100 Gbps operation as a network interface card, multiport switch, firewall, or test and measurement environment. NetFPGA SUME provides an accessible development environment that both reuses existing codebases and enables new designs.

Abstract: Software-Defined Networking (SDN) and OpenFlow (OF) protocol have brought a promising architecture for the future networks. However, the centralized control and programmable characteristics also bring a lot of security challenges. Distributed denial-of-service (DDoS) attack is still a security threat to SDN. To detect the DDoS attack in SDN, many researches collect the flow tables from the switch and do the anomaly detection in the controller. But in the large scale network, the collecting process burdens the communication overload between the switches and the controller. Sampling technology may relieve this overload, but it brings a new tradeoff between sampling rate and detection accuracy. In this paper, we first extend a copy of the packet number counter of the flow entry in the OpenFlow table. Based on the flow-based nature of SDN, we design a flow statistics process in the switch. Then, we propose an entropy-based lightweight DDoS flooding attack detection model running in the OF edge switch. This achieves a distributed anomaly detection in SDN and reduces the flow collection overload to the controller. We also give the detailed algorithm which has a small calculation overload and can be easily implemented in SDN software or programmable switch, such as Open vSwitch and NetFPGA. The experimental results show that our detection mechanism can detect the attack quickly and achieve a high detection accuracy with a low false positive rate.

Abstract: As one of the fundamental infrastructures for cloud computing, data center networks (DCN) have recently been studied extensively. We currently use pure software-based systems, FPGA based platforms, e.g., NetFPGA, or OpenFlow switches, to implement and evaluate various DCN designs including topology design, control plane and routing, and congestion control. However, software-based approaches suffer from high CPU overhead and processing latency; FPGA based platforms are difficult to program and incur high cost; and OpenFlow focuses on control plane functions at present.In this paper, we design a ServerSwitch to address the above problems. ServerSwitch is motivated by the observation that commodity Ethernet switching chips are becoming programmable and that the PCI-E interface provides high throughput and low latency between the server CPU and I/O subsystem. ServerSwitch uses a commodity switching chip for various customized packet forwarding, and leverages the server CPU for control and data plane packet processing, due to the low latency and high throughput between the switching chip and server CPU.We have built our ServerSwitch at low cost. Our experiments demonstrate that ServerSwitch is fully programmable and achieves high performance. Specifically, we have implemented various forwarding schemes including source routing in hardware. Our in-network caching experiment showed high throughput and flexible data processing. Our QCN (Quantized Congestion Notification) implementation further demonstrated that ServerSwitch can react to network congestions in 23us.