Post on 16-Dec-2015
NAT Implementation for the NetFPGA Platform
Omar Choudary and David MillerUniversity of Cambridge
Computer Laboratory
Outline• Hardware
o Designo TCAM memory: LPM and NATo Performance
• Softwareo Functionality
• Advanced Feature: NATo Hardwareo Software
• NAT Demoo Case 1: client-server transfer crossing two nf-test machineso Case 2: ttcp performance test
NAT implementation for the NetFPGA (Omar Choudary; David Miller) Slide 2
NAT.Hardware• Tables to store NAT translations• 2 CAMs + 2 RAMs• 1 RAM for update counter (to solve TCP State issue)• Registers for software communication• Synchronisation with LPM and Routing functionality
NAT implementation for the netFPGA (Omar Choudary; David Miller) Slide 9
Hardware.Performance
• TTCP (Test TCP, sourcing data from Linux OS)o 976Mbps = 122 MB/s o Limited by the OS and NF2 framework
• Router_perf (sourcing data directly from the FPGA): o 2909 Mbps = 363MB/s for 64-byte packet sizeo 3751 Mbps = 469MB/s for 1500-byte packet size o Limited by the NF2 framework
NAT implementation for the netFPGA (Omar Choudary; David Miller) Slide 6
Software.Functionality• Process packets sent by the Hardware to the CPU
o Send and receive ICMP and ARP packets• Implement and run the OSPF protocol• Insert and update entries into the hardware tables: IP filter,
ARP, ROUTE, NAT|• Implement the CLI
NAT implementation for the netFPGA (Omar Choudary; David Miller) Slide 7
NAT.Software• Create entries in the NAT table when TCP/UDP packet
arrives on INBOUND interfaces• Checks the hardware counter on each entry to delete
unused entries• Handles incorrect UDP/TCP packets (possibly due to
incorrect header checksum)• Implements DHCP server to automatically provide hosts
connected to INBOUND interfaces with IP addresses
NAT implementation for the netFPGA (Omar Choudary; David Miller) Slide 10
Problems Encountered
NAT implementation for the netFPGA (Omar Choudary; David Miller) Slide 17
• NF2 framework limitations -> issues with out_rdy signal• Bad hardware design• Hidden hardware bugs; hard to debug using chipscope• NetFPGA ports are only Gigabit-capable; not possible to
plug in a laptop Fast-Ethernet-only capable• Problems when dealing with slow devices; either web
server or our software making problems
Hardware.TCAM• Fastest LPM hardware solution• Based on a Ternary CAM => Each bit in the CAM memory
contains 3 states: 0, 1 and X (don't care)• My implementation uses 2 CAMs for each bit of the 32
composing an IP address => 64 Block RAMs
NAT implementation for the netFPGA (Omar Choudary; David Miller) Slide 5