Global ETD Search

1	Hardware Implementation of Queue Length Based Pacing on NetFPGA Dwaraki, Abhishek 01 January 2011 (has links) (PDF) Optical packet switching networks are the foundation for next generation high speed Internet and are fast becoming the norm rather than an option. When such high speed optical networks are taken into account, one of the key considerations is packet buffering. The importance of packet buffering plays an even bigger role in optical networks because of the physical and technological constraints on the buffer sizes that can be implemented. Existing protocols, in many real world scenarios do not perform well in such networks. To eliminate such scenarios where there is a high possibility of packet loss, we use packet pacing. The proposed pacing scheme aims to reduce or eliminate packet losses arising from packet bursts in small-buffer networks. This thesis deals with a proposed hardware design and implementation of the packet pacing system on a NetFPGA. Our results show that the packet pacer can be implemented with a low overhead on hardware resources. small-buffers optical networks pacing netfpga Digital Communications and Networking
2	Segurança cibernética com hardware reconfigurável em subestações de energia elétrica utilizando o padrão IEC 61850 / Cyber security with reconfigurable hardware in power substations using the IEC 61850 standard Miranda, Juliano Coêlho 20 September 2016 (has links) Com a tecnologia digital, as redes de comunicação têm sido de fundamental importância para o bom funcionamento das subestações de energia elétrica. Criado em 2002, o padrão IEC 61850 busca harmonizar a diversidade de equipamentos e fabricantes, e possibilitar a integração de dados para que o máximo de benefícios possa ser extraído. Nesse contexto, o protocolo GOOSE (Generic Object Oriented Substation Event), pertinente ao padrão IEC 61850, é um datagrama multicast concebido para funcionar na rede local ou de longa distância que interliga as subestações de energia elétrica. Nos ambientes de longa distância, o tráfego de dentro para fora, e vice-versa, deveria passar por um firewall. Porém, a tecnologia de firewall atual não é capaz de inspecionar as mensagens GOOSE reais ou originadas a partir de um ataque, e afeta o tempo de transferência das mesmas, que, no enlace de comunicação, não deve exceder 5ms. Dessa forma, o objetivo deste trabalho é desenvolver um firewall em hardware reconfigurável, por meio da plataforma NetFPGA, de modo que o incremento no tempo de propagação de uma mensagem GOOSE, Tipo 1A (Trip), ao transpor o dispositivo de segurança, não ultrapasse 20% do tempo total destinado ao enlace de comunicação. Por ter a capacidade de ser um acelerador, construído por meio de hardware reconfigurável FPGA (Field Programmable Gate Array), a NetFPGA conduz enlaces Gigabit, e torna possível examinar e estabelecer regras iniciais de autorização ou negação para o tráfego de mensagens GOOSE, manipulando os campos do quadro ISO/IEC 8802-3. O incremento no tempo máximo de propagação de uma mensagem com 1518 bytes foi de 77,39 μs, com 77,38 μs de tempo médio. Um algoritmo de criptografia e outro de autenticação também foram testados e mensagens falsas não conseguiram transpor o firewall. No momento atual da pesquisa, concluiu-se que o firewall em NetFPGA, pertinente ao conjunto de recursos de hardware e software destinados a garantir a segurança de uma rede, é capaz de rejeitar mensagens GOOSE falsas e fornecer segurança aos dispositivos ativos de uma subestação, sem atrasos adicionais superiores a 1ms. / With the digital technology, the communication networks have been of fundamental importance for the good performance of power substations. Created in 2002, the IEC 61850 standard seeks for harmonization of the different equipment and manufacturers, enabling the integration of data for maximum performance. In this context, the GOOSE (Generic Object Oriented Substation Event) message, concerning the IEC 61850 standard, is a multicast datagram, designed to operate in LAN or WAN that connects power substations. In the long-distance environment, the propagation time in the communication link must not exceed 5ms. The current firewall technology is not able to differ true GOOSE messages from the ones originated from an attack, and it affects the transfer time of messages. The objective of this research is to develop a reconfigurable firewall hardware, using the NetFPGA platform, so that the increase in propagation time of a GOOSE message, Type 1A (Trip), does not exceed 20% of the total time allocated to the link communication. Due to the ability of NetFPGA of being an accelerator, and having been built by using reconfigurable FPGA (Field Programmable Gate Array) leading to Gigabit links, it was possible to examine and establish initial rules of authorization or denial of GOOSE messages by manipulating some of the fields from the table ISO/IEC 8802-3. The increase in the maximum propagation time of a message of 1518 bytes was 77.39 μs, with the average of 77.38 μs. Fake messages failed to cross the firewall. Results from a process of authentication and encryption were also presented. At the present study, it has been concluded that the firewall using NetFPGA, concerning the hardware and software in order to ensure the security of a network, is able to reject false GOOSE messages and provide security to devices of a power substation without time increments greater than 1ms. Firewall Hardware Reconfigurável Cyber security Firewall GOOSE GOOSE IEC 61850 IEC 61850 IEC 62351 IEC 62351 NetFPGA NetFPGA Network communications Reconfigurable hardware Redes de comunicação Segurança cibernética
3	Segurança cibernética com hardware reconfigurável em subestações de energia elétrica utilizando o padrão IEC 61850 / Cyber security with reconfigurable hardware in power substations using the IEC 61850 standard Juliano Coêlho Miranda 20 September 2016 (has links) Com a tecnologia digital, as redes de comunicação têm sido de fundamental importância para o bom funcionamento das subestações de energia elétrica. Criado em 2002, o padrão IEC 61850 busca harmonizar a diversidade de equipamentos e fabricantes, e possibilitar a integração de dados para que o máximo de benefícios possa ser extraído. Nesse contexto, o protocolo GOOSE (Generic Object Oriented Substation Event), pertinente ao padrão IEC 61850, é um datagrama multicast concebido para funcionar na rede local ou de longa distância que interliga as subestações de energia elétrica. Nos ambientes de longa distância, o tráfego de dentro para fora, e vice-versa, deveria passar por um firewall. Porém, a tecnologia de firewall atual não é capaz de inspecionar as mensagens GOOSE reais ou originadas a partir de um ataque, e afeta o tempo de transferência das mesmas, que, no enlace de comunicação, não deve exceder 5ms. Dessa forma, o objetivo deste trabalho é desenvolver um firewall em hardware reconfigurável, por meio da plataforma NetFPGA, de modo que o incremento no tempo de propagação de uma mensagem GOOSE, Tipo 1A (Trip), ao transpor o dispositivo de segurança, não ultrapasse 20% do tempo total destinado ao enlace de comunicação. Por ter a capacidade de ser um acelerador, construído por meio de hardware reconfigurável FPGA (Field Programmable Gate Array), a NetFPGA conduz enlaces Gigabit, e torna possível examinar e estabelecer regras iniciais de autorização ou negação para o tráfego de mensagens GOOSE, manipulando os campos do quadro ISO/IEC 8802-3. O incremento no tempo máximo de propagação de uma mensagem com 1518 bytes foi de 77,39 μs, com 77,38 μs de tempo médio. Um algoritmo de criptografia e outro de autenticação também foram testados e mensagens falsas não conseguiram transpor o firewall. No momento atual da pesquisa, concluiu-se que o firewall em NetFPGA, pertinente ao conjunto de recursos de hardware e software destinados a garantir a segurança de uma rede, é capaz de rejeitar mensagens GOOSE falsas e fornecer segurança aos dispositivos ativos de uma subestação, sem atrasos adicionais superiores a 1ms. / With the digital technology, the communication networks have been of fundamental importance for the good performance of power substations. Created in 2002, the IEC 61850 standard seeks for harmonization of the different equipment and manufacturers, enabling the integration of data for maximum performance. In this context, the GOOSE (Generic Object Oriented Substation Event) message, concerning the IEC 61850 standard, is a multicast datagram, designed to operate in LAN or WAN that connects power substations. In the long-distance environment, the propagation time in the communication link must not exceed 5ms. The current firewall technology is not able to differ true GOOSE messages from the ones originated from an attack, and it affects the transfer time of messages. The objective of this research is to develop a reconfigurable firewall hardware, using the NetFPGA platform, so that the increase in propagation time of a GOOSE message, Type 1A (Trip), does not exceed 20% of the total time allocated to the link communication. Due to the ability of NetFPGA of being an accelerator, and having been built by using reconfigurable FPGA (Field Programmable Gate Array) leading to Gigabit links, it was possible to examine and establish initial rules of authorization or denial of GOOSE messages by manipulating some of the fields from the table ISO/IEC 8802-3. The increase in the maximum propagation time of a message of 1518 bytes was 77.39 μs, with the average of 77.38 μs. Fake messages failed to cross the firewall. Results from a process of authentication and encryption were also presented. At the present study, it has been concluded that the firewall using NetFPGA, concerning the hardware and software in order to ensure the security of a network, is able to reject false GOOSE messages and provide security to devices of a power substation without time increments greater than 1ms. Firewall Hardware Reconfigurável GOOSE IEC 61850 IEC 62351 NetFPGA Redes de comunicação Segurança cibernética Cyber security Firewall GOOSE IEC 61850 IEC 62351 NetFPGA Network communications Reconfigurable hardware
4	Design and Implementation of a High Performance Network Processor with Dynamic Workload Management Duggisetty, Padmaja 23 November 2015 (has links) Internet plays a crucial part in today's world. Be it personal communication, business transactions or social networking, internet is used everywhere and hence the speed of the communication infrastructure plays an important role. As the number of users increase the network usage increases i.e., the network data rates ramped up from a few Mb/s to Gb/s in less than a decade. Hence the network infrastructure needed a major upgrade to be able to support such high data rates. Technological advancements have enabled the communication links like optical fibres to support these high bandwidths, but the processing speed at the nodes remained constant. This created a need for specialised devices for packet processing in order to match the increasing line rates which led to emergence of network processors. Network processors were both programmable and flexible. To support the growing number of internet applications, a single core network processor has transformed into a multi/many core network processor with multiple cores on a single chip rather than just one core. This improved the packet processing speeds and hence the performance of a network node. Multi-core network processors catered to the needs of a high bandwidth networks by exploiting the inherent packet-level parallelism in a network. But these processors still had intrinsic challenges like load balancing. In order to maximise throughput of these multi-core network processors, it is important to distribute the traffic evenly across all the cores. This thesis describes a multi-core network processor with dynamic workload management. A multi-core network processor, which performs multiple applications is designed to act as a test bed for an effective workload management algorithm. An effective workload management algorithm is designed in order to distribute the workload evenly across all the available cores and hence maximise the performance of the network processor. Runtime statistics of all the cores were collected and updated at run time to aid in deciding the application to be performed on a core to to enable even distribution of workload among the cores. Hence, when an overloading of a core is detected, the applications to be performed on the cores are re-assigned. For testing purposes, we built a flexible and a reusable platform on NetFPGA 10G board which uses a FPGA-based approach to prototyping network devices. The performance of the designed workload management algorithm is tested by measuring the throughput of the system for varying workloads. Network Processor Workload Management FPGA ASIC NetFPGA Throughput Digital Communications and Networking
5	Protecting Network Processors with High Performance Logic Based Monitors Kumarapillai Chandrikakutty, Harikrishnan 01 January 2013 (has links) (PDF) Technological advancements have transformed the way people interact with the world. The Internet now forms a critical infrastructure that links different aspects of our life like personal communication, business transactions, social networking, and advertising. In order to cater to this ever increasing communication overhead there has been a fundamental shift in the network infrastructure. Modern network routers often employ software programmable network processors instead of ASIC-based technology for higher throughput performance and adaptability to changing resource requirements. This programmability makes networking infrastructure vulnerable to new class of network attacks by compromising the software on network processors. This issue has resulted in the need for security systems which can monitor the behavior of network processors at run time. This thesis describes an FPGA-based security monitoring system for multi-core network processors. The implemented security monitor improves upon previous hardware monitoring schemes. We demonstrate a state machine based hardware programmable monitor which can track program execution flow at run time. Applications are analyzed offline and a hash of the instructions is generated to form a state machine sequence. If the state machine deviates from expected behavior, an error flag is raised, forcing a network processor reset. For testing purposes, the monitoring logic along with the multi-core network processor system is implemented in FPGA logic. In this research, we modify the network processor memory architecture to improve security monitor functionality. The efficiency of this approach is validated using a diverse set of network benchmarks. Experiments are performed on the prototype system using known network attacks to test the performance of the monitoring subsystem. Experimental results demonstrate that out security monitor approach provides an efficient monitoring system in detecting and recovering from network attacks with minimum overhead while maintaining line rate packet forwarding. Additionally, our monitor is capable of defending against attacks on processor with a Harvard architecture, the dominant contemporary network processor organization. We demonstrate that our monitor architecture provides no network slowdown in the absence of an attack and provides the capability to drop packets without otherwise affecting regular network traffic when an attack occurs. Network Processors Security Monitors Hardware Programmable DE4 NetFPGA Determinitic Finite Automaton
6	Adapting the Skyline Operator in the NetFPGA Platform Miller, Nathan D. 10 June 2013 (has links) No description available. Computer Science Computer Engineering Skyline Security NetFPGA FPGA Networking IDS Databases
7	Modelování síťového prvku pomocí logického pole / Modelling of Network Element by Logical Array Štafa, Václav January 2009 (has links) This Master’s Thesis includes introduction the field programmable logic and their NetFPGA platform developed in the context of its use for routing using neural networks. Current routing protocols and routing methods. Furthermore, the issue of neural networks with a focus on the Hopfield network for data network routing.
8	A Soft-Error Reliability Testing Platform for FPGA-Based Network Systems Rowberry, Hayden Cole 01 December 2019 (has links) FPGAs are frequently used in network systems to provide the performance and flexibility that is required of modern computer networks while allowing network vendors to bring products to market quickly. Like all electronic devices, FPGAs are vulnerable to ionizing radiation which can cause applications operating on an FPGA to fail. These low-level failures can have a wide range of negative effects on the performance of a network system. As computer networks play a larger role in modern society, it becomes increasingly important that these soft errors are addressed in the design of network systems.This work presents a framework for testing the soft-error reliability of FPGA-based networking systems. The framework consists of the NetFPGA development board, a custom traffic generator, and a custom high-speed JTAG configuration device. The NetFPGA development board is versatile and can be used to implement a wide range of network applications. The traffic generator is used to exercise the network system on the NetFPGA and to determine the health of that system. The JTAG configuration device is used to manage reliability experiments, to perform fault injection into the FPGA, and to monitor the NetFPGA during radiation tests.This thesis includes soft-error reliability tests that were performed on an Ethernet switch network system. Using both fault injection and accelerate radiation testing, the soft error sensitivity of the Ethernet switch was measured. The Ethernet switch design was then mitigated using triple module redundancy and duplication with compare. These mitigated designs were also tested and compared against the baseline design. Radiation testing shows that TMR provides a 5.05x improvement in reliability over the baseline design. DWC provides a 5.22x improvement in detectability over the baseline design without reducing the reliability of the system. FPGA computer networking soft-error reliability single-event upset traffic generator triple modular redundancy duplication with compare neutron radiation testing fault injection NetFPGA Ethernet switch Engineering
9	Avaliação da experiência do usuário com base na arbitragem de parâmetros de QoS em fluxo multimídia, em cenários com roteadores Cisco e placa NetFPGA Jacaúna, Rafael Sant'Ana 19 August 2016 (has links) A streaming video has features that differs from other streams: the occupation of large amount of bandwidth, and the possible variation of scenes with consequent increase (or decrease) in amount of bytes transmitted. Applications for video streaming transmission (YouTube, Vimeo, Netflix, Telecine Play, etc.) have aroused the interest of the scientific community regarding the behavior of networks. Our proposal is to measure, from a video stream, the user experience (QoE) based on arbitration QoS parameters in a controlled environment which use NetFPGA. The results of the experiments has shown the efficacy of TCP over UDP, which at the stage of choosing the most appropriate protocol for testing, showed to be ineffective to the Gigabit Ethernet rate. These experiments occurred in distinct physical topologies; only Cisco routers, with and without QoS, with and without injection of traffic generated by software iperf in the network, and using NetFPGA board set to router only with and without traffic via iperf, once the design developed to make the board work as a router does not allow QoS settings. in these scenarios, there was the need to start the client running at different times, setting their respective caches different networks so that did not coincide scenes, avoiding high bandwidth peaks in stretches with a lot of movement. / Um streaming de vídeo tem características que o difere dos demais ﬂuxos: a ocupação de grande quantidade de banda, e a possíveis variações de cenas com consequente aumento (ou diminuição) na quantidade dos bytes transmitidos. Aplicações para transmissão de streaming de vídeo (YouTube, Vimeo, NetFlix, Telecine Play, e etc.) tem despertado o interesse da comunidade cientíﬁca quanto ao comportamento das redes. Nossa proposta é correlacionar, a partir de um ﬂuxo de vídeo, a experiência do usuário com base na arbitragem de parâmetros de QoS em ambiente controlado. O resultado dos experimentos demonstrou a eﬁcácia do protocolo TCP sobre o UDP, que na fase da escolha do protocolo mais adequado para os testes, mostrou-se ineﬁciente até a taxa Gigabit Ethernet. Esses experimentos ocorreram em topologias físicas distintas; apenas com roteadores Cisco, com e sem QoS, tendo ou não injeção de tráfego gerado pelo software iPerf na rede, e usando a placa NetFPGA no modo router, apenas com e sem tráfego via iPerf, uma vez que o projeto desenvolvido para fazer a placa atuar como roteador não permite conﬁgurações de QoS. Nesses cenários, constatou-se a necessidade de iniciar a execução dos clientes em momentos diferentes, conﬁgurando seus respectivos caches de redes diferentes, para que não coincidissem as cenas, evitando altos picos de banda em trechos com muita movimentação. Computação Tecnologia streaming (telecomunicação) Roteadores (redes de computadores) Rede de computador (protocolos) TCP/IP (protocolo de rede de computador) Fluxo de dados (computadores) Streaming QoS QoE TCP UDP NetFPGA iPerf

Search results