nat implementation for the netfpga platform omar choudary and david miller university of cambridge...
TRANSCRIPT
NAT Implementation for the NetFPGA Platform
Omar Choudary and David MillerUniversity of Cambridge
Computer Laboratory
Outline• Hardware
o Designo TCAM memory: LPM and NATo Performance
• Softwareo Functionality
• Advanced Feature: NATo Hardwareo Software
• NAT Demoo Case 1: client-server transfer crossing two nf-test machineso Case 2: ttcp performance test
NAT implementation for the NetFPGA (Omar Choudary; David Miller) Slide 2
NAT.Hardware• Tables to store NAT translations• 2 CAMs + 2 RAMs• 1 RAM for update counter (to solve TCP State issue)• Registers for software communication• Synchronisation with LPM and Routing functionality
NAT implementation for the netFPGA (Omar Choudary; David Miller) Slide 9
Hardware.Performance
• TTCP (Test TCP, sourcing data from Linux OS)o 976Mbps = 122 MB/s o Limited by the OS and NF2 framework
• Router_perf (sourcing data directly from the FPGA): o 2909 Mbps = 363MB/s for 64-byte packet sizeo 3751 Mbps = 469MB/s for 1500-byte packet size o Limited by the NF2 framework
NAT implementation for the netFPGA (Omar Choudary; David Miller) Slide 6
Software.Functionality• Process packets sent by the Hardware to the CPU
o Send and receive ICMP and ARP packets• Implement and run the OSPF protocol• Insert and update entries into the hardware tables: IP filter,
ARP, ROUTE, NAT|• Implement the CLI
NAT implementation for the netFPGA (Omar Choudary; David Miller) Slide 7
NAT.Software• Create entries in the NAT table when TCP/UDP packet
arrives on INBOUND interfaces• Checks the hardware counter on each entry to delete
unused entries• Handles incorrect UDP/TCP packets (possibly due to
incorrect header checksum)• Implements DHCP server to automatically provide hosts
connected to INBOUND interfaces with IP addresses
NAT implementation for the netFPGA (Omar Choudary; David Miller) Slide 10
Problems Encountered
NAT implementation for the netFPGA (Omar Choudary; David Miller) Slide 17
• NF2 framework limitations -> issues with out_rdy signal• Bad hardware design• Hidden hardware bugs; hard to debug using chipscope• NetFPGA ports are only Gigabit-capable; not possible to
plug in a laptop Fast-Ethernet-only capable• Problems when dealing with slow devices; either web
server or our software making problems
Hardware.TCAM• Fastest LPM hardware solution• Based on a Ternary CAM => Each bit in the CAM memory
contains 3 states: 0, 1 and X (don't care)• My implementation uses 2 CAMs for each bit of the 32
composing an IP address => 64 Block RAMs
NAT implementation for the netFPGA (Omar Choudary; David Miller) Slide 5