In data communication via internet, security is becoming one of the most influential aspects. One way to support it is by classifying and filtering ethernet packets within network devices. Packet classification is a fundamental task for network devices such as routers, firewalls, and intrusion detection systems. In this paper we present architecture of fast and reconfigurable Packet Classification Engine (PCE). This engine is used in FPGA-based firewall. Our PCE inspects multi-dimensional field of packet header sequentially based on tree-based algorithm. This algorithm simplifies overall system to a lower scale and leads to a more secure system. The PCE works with an adaptation of single cycle processor architecture in the system. Ethernet packet is examined with PCE based on Source IP Address, Destination IP Address, Source Port, Destination Port, and Protocol fields of the packet header. These are basic fields to know whether it is a dangerous or normal packet before inspecting the content. Using implementation of tree-based algorithm in the architecture, firewall rules are rebuilt into 24bit sub-rules which are read as processor instruction in the inspection process. The inspection process is comparing one subrule with input field of header every clock cycle. The proposed PCE shows 91 MHz clock frequency in Cyclone II EP2C70F896C6 with 13 clocks throughput average from input to output generation. The use of tree-based algorithm simplifies the multidimensional packet inspection and gives us reconfigurable as well as scalable system. The architecture is fast, reliable, and adaptable and also can maximize the advantages of the algorithm very well. Although the PCE has high frequency and little amount of clock, filtering speed of a firewall also depends on the other components, such as packet FIFO buffer. Fast and reliable FIFO buffer is needed to support the PCE. This PCE also is not completed with rule update mechanism yet. This proposed PCE is tested as a component of FPGA-based firewall to filter Ethernet packet with FPGA DE2 Board using NIOS II platform.
As the System-on-Chip (SoC) complexity increases, hardware/software co-design plays an important role to improve design productivity, reduce time to market, and optimize the overall results. Consequently, there is a high interest in providing rapid system validation in such a paradigm to achieve the aforementioned objectives. There exist in previous works prototyping techniques related to the development phase. FPGA-based prototyping has the benefits of enabling HW/SW integration and system validation after the Register Transfer Level (RTL) implementation is available while virtual platforms provide capabilities to accelerate software development with higher level functional models, e.g. Transaction Level Modeling (TLM). In this paper, we propose a hybrid prototyping methodology which takes advantage of virtual and FPGA-based prototyping in a single framework. We aim to provide a rapid and flexible system validation solution for HW/SW co-design at various stages of development based on the availability of TLM and RTL implementations. The proposed methodology allows online and offline performance analysis and debugging for early feedback in HW/SW architecture exploration. This was evaluated in the experiments with a neural network processor as a case study.
The confidentiality and integrity of a stream has become one of the biggest issues in telecommunication. The best available algorithm handling the confidentiality of a data stream is the symmetric key block cipher combined with a chaining mode of operation such as cipher block chaining (CBC) or counter mode (CTR). This scheme is difficult to accelerate using hardware when multiple streams coexist. This is caused by the computation time requirement and mainly by management of the streams. In most accelerators, computation is treated at the block-level rather than as a stream, making the management of multiple streams complex. This article presents a solution combining CBC and CTR modes of operation with a hardware context switching. The hardware context switching allows the accelerator to treat the data as a stream. Each stream can have different parameters: key, initialization value, state of counter. Stream switching was managed by the hardware context switching mechanism. A high-level synthesis tool was used to generate the context switching circuit. The scheme was tested on three cryptographic algorithms: AES, DES, and BC3. The hardware context switching allowed the software to manage multiple streams easily, efficiently, and rapidly. The software was freed of the task of managing the stream state. Compared to the original algorithm, about 18%–38% additional logic elements were required to implement the CBC or CTR mode and the additional circuits to support context switching. Using this method, the performance overhead when treating multiple streams was low, and the performance was comparable to that of existing hardware accelerators not supporting multiple streams.
La capacité à stopper, migrer et reprendre une application sur un ensemble de nœuds virtualisés dans le nuage devient un service essentiel où les accélérateurs FPGA offrent de très bonnes performances. Dans ce chapitre, un protocole de communication qui gère les données de communication lors de la migration de tâches entre FPGA est présenté.
International audienceNowadays, FPGAs are integrated in high-performance computing systems, servers, or even used as accelerators in System-on-Chip (SoC) platforms. Since the execution is performed in hardware, FPGA gives much higher performance and lower energy consumption compared to most microprocessor-based systems. However, the room to improve FPGA performance still exists, e.g. when it is used by multiple users. In multi-user approaches, FPGA resources are shared between several users. Therefore, one must be able to interrupt a running circuit at any given time and continue the task at will. An image of the state of the running circuit (context) is saved during interruption and restored when the execution is continued. The ability to extract and restore the context is known as context-switch.In the previous work [1], an automatic checkpoint selection method is proposed for circuit generation targeting reconfigurable systems. The method relies on static analysis of the finite state machine of a circuit to select the checkpoint states. States with minimum overhead will be selected as checkpoints, which allow optimal context save and restore. The maximum time to reach a checkpoint will be defined by the user and consideredas the context-switch latency. The method is implemented in C code and integrated as plugin in a free and open-source High-Level Synthesis tool AUGH [2]
Ce chapitre présente SESAM, une plate-forme complète pour le prototypage de systèmes cyberphysiques modernes. SESAM accélère et facilite le prototypage par l’adoption d’une approche hybride, composée de sous-systèmes provenant de divers domaines et niveaux d’abstraction. Il introduit également un ensemble d’outils de vérification aidant à l’évaluation de la fiabilité et la consommation d’énergie des systèmes.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.