David V. Schuehler

TCP-Splitter: A TCP/IP flow monitor in reconfigurable hardware

TCP/IP is the most commonly-used protocol on the Internet. It provides a reliable transport for nearly all applications that utilize a network. These include Web browsers, FTP, Telnet, Secure Shell and other applications. New types of routers require the examination of TCP/IP flows transiting this networking equipment. This paper describes TCP-Splitter, a reconfigurable hardware based solution for analyzing and processing TCP/IP flows at multi-gigabit line rates. A consistent byte stream is delivered to a client application for every TCP/IP connection processed by TCP-Splitter. In order to maintain a design that is lightweight, efficient, and able to process a nearly unlimited number of flows at gigabit line rates, the system uses a non-passive flow processing algorithm.

A Modular System for FPGA-Based TCP Flow Processing in High-Speed Networks

Field Programmable Gate Arrays (FPGAs) can be used in Intrusion Prevention Systems (IPS) to inspect application data contained within network flows. An IPS operating on high-speed network traffic can be used to stop the propagation of Internet worms and to protect networks from Denial of Services (DoS) attacks. When used in the backbone of a core network, the device will be exposed to millions of active flows simultaneously. In order to protect the data in each connection, network devices will need to track the state of every flow. This must be done at multi-gigabit line rates without introducing significant delays.

Extracting and improving microarchitecture performance on reconfigurable architectures

Applications for constrained embedded systems require careful attention to the match between the application and the support offered by an architecture, at the ISA and microarchitecture levels. Generic processors, such as ARM and Power PC, are inexpensive, but with respect to a given application, they often overprovision in areas that are unimportant for the application’s performance. Moreover, while application-specific, customized logic could dramatically improve the performance of an application, that approach is typically too expensive to justify its cost for most applications. In this paper, we describe our experience using reconfigurable architectures to develop an understanding of an application’s performance and to enhance its performance with respect to customized, constrained logic. We begin with a standard ISA currently in use for embedded systems. We modify its core to measure performance characteristics, obtaining a system that provides cycle-accurate timings and presents results in the style of gprof, but with absolutely no software overhead. We then provide cache-behavior statistics that are typically unavailable in a generic processor. In contrast with simulation, our approach executes the program at full speed and delivers statistics based on the actual behavior of the cache subsystem. Finally, in response to the performance profile developed on our platform, we evaluate various uses of the FPGA-realized instruction and data caches in terms of the application’s performance.

TCP Splitter: a TCP/IP flow monitor in reconfigurable hardware

This flow-monitoring circuit delivers an ordered byte stream to a client application for every TCP/IP connection it processes. Using an active flow-processing algorithm, TCP Splitter is a lightweight, efficient design that supports the monitoring of an almost unlimited number of flows at multigigabit line rates.

Architecture for a hardware based, TCP/IP content scanning system [intrusion detection system applications]

Hardware assisted intrusion detection systems and content scanning engines are needed to process data at multiGigabit line rates. These systems, when placed within the core of the Internet, are subject to millions of simultaneous flows, with each flow potentially containing data of interest. Existing IDS systems are not capable of processing millions of flows at Gigabit-per-second data rates. This paper describes an architecture which is capable of performing complete, stateful, payload inspections on 8 million TCP flows at 2.5 Gigabits-per-second. To accomplish this task, a hardware circuit is used to combine a TCP protocol processing engine, a per flow state store, and a content scanning engine.

Techniques for processing tcp/ip flow content in network switches at gigabit line rates

The growth of the Internet has enabled it to become a critical component used by businesses, governments and individuals. While most of the traffic on the Internet is legitimate, a proportion of the traffic includes worms, computer viruses, network intrusions, computer espionage, security breaches and illegal behavior. This rogue traffic causes computer and network outages, reduces network throughput, and costs governments and companies billions of dollars each year. This dissertation investigates the problems associated with TCP stream processing in high-speed networks. It describes an architecture that simplifies the processing of TCP data streams in these environments and presents a hardware circuit capable of TCP stream processing on multi-gigabit networks for millions of simultaneous network connections. Live Internet traffic is analyzed using this new TCP processing circuit.

TCP Programmer for FPXs

Reconfigurable hardware platforms are the key to extensible high speed networks. They provide flexibility without hindering performance through the internet. Current development of the Field-programmable Port Extender (FPX), a reconfigurable hardware platform allows reconfiguration through an ATM network. However, majority of the internet today is based on the highly popular TCP/IP protocol. The contribution of this work will allow modular components to be reprogrammed via TCP/IP

A TCP/IP Based Multi-device Programming Circuit

This paper describes a lightweight Field Programmable Gate Array (FPGA) circuit design that supports the simultaneous programming of multiple devices at different locations throughout the Internet. This task is accomplished by a single TCP/IP socket connection. Packets are routed through a series of devices to be programmed. At each location, a hardware circuit extracts reconfiguration information from the TCP/IP byte stream and programs other devices at that location. A novel feature of the Multi-Device Programmer is that it does not use a microprocessor or even a soft-core processor. All of the TCP/IP protocol processing and packet forwarding operations are handled directly in FPGA logic and state machines. This system is robust against lost and reordered packets, and has been successfully demonstrated in the laboratory.

TCP-Splitter: Design, Implementation and Operation

TCP-Splitter is a hardware circuit which facilitates the monitoring of TCP/IP data streams. When located within high-speed networking equipment, this circuit provides ordered TCP byte streams for all TCP flows at line rates. This document provides and in-depth look at the design and implementation of the TCP-Splitter circuit. The operation of the TCP-Splitter with three sample client applications is also described.

TCP Processor: Design, Implementation, Operation, and Usage

There is a critical need to perform advanced data processing on network traffic. In order to accomplish this, protocol processing must first be performed to reassemble individual network packets into consistent data streams representing the exact dataset being transferred between end systems. This task is currently performed by protocol stacks running on end systems. Similar protocol processing operations are needed to process the data on the interior of the network. Given millions of network connections operating on multi-gigabit per second network links, this task is extremely difficult. The TCP-Processor addresses this challenge. It is a hardware circuit designed to perform TCP stream reassembly operations for 8 million bi-directional TCP connections at OC-48 (2.5 Gbps) data rates. This document takes an in-depth look at the TCP-Processor technology, related stream processing applications, and other utilities that support the development of the TCP-Processor.