What is the Role of HW Acceleration in the SW Defined World?

With the ongoing process of shifting as much network functionality as possible towards software processing, the hardware acceleration of dataplane's time critical operations is often neglected. This is highly disproportional with recent increases in network speeds, which easily surpass any improvements in the CPU performance. In particular, devices with 100 Gbps Ethernet interfaces have become available in recent years, but the practical traffic processing at such speed is often limited to rather simple packet switching and routing. Other important applications, such as network security monitoring, DDoS protection or application-layer processing, are extremely expensive or unavailable at all. While the original intention of the Software Defined Networking paradigm is to improve network manageability, extensibility and flexibility, we propose an elegant way to use its ideas in conjunction with hardware acceleration. Our poster provides success stories of several applications that embrace the Software Defined paradigm, yet utilize hardware acceleration to achieve very high throughput and are therofere suitable for 100 Gbps networks. We present our COMBO-100G hardware accelerator card, which uses powerful FPGA chip to implement various programmable high-speed dataplane processing tasks. The card has single 100 Gbps Ethernet interface realized by the CFP2 optical module, thus it supports both LR4 and SR10 100G Ethernet flavors. The card is a PCI form factor board and connects to the host system via PCI-Express gen3 x16 interface to support full 100 Gbps throughput. Additionally, on card QDR and DDR memories may be used to implement deep packet buffers, lookup tables or other data structures. Current applications of the card include lossless 100 Gbps Ethernet packet capture, 100 Gbps network flow monitoring and application layer (L7) traffic monitoring. Other possible uses of the card include 100 Gbps traffic generation from onboard or host memory for network testing purposes, application layer traffic filtering and intelligent DDoS protection for network security. This research has been supported by the "CESNET Large Infrastructure" project no. LM2010005 funded by the Ministry of Education, Youth and Sports of the Czech Republic.


Part of session

Thunderclap Talks

Related documents

  • (72 kB)