1 / 48

NetFPGA Tutorial Tsinghua University – Day 2

Presented by: James Hongyi Zeng (Stanford University ) Joshua Lu (Xilinx China) Beijing, China May 15 - 16, 2010 http://NetFPGA.org. NetFPGA Tutorial Tsinghua University – Day 2. Outline. Tree Structure Develop a cryptography module Quick overview of XOR “cryptography”

yasuo
Download Presentation

NetFPGA Tutorial Tsinghua University – Day 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Presented by: James HongyiZeng (Stanford University) Joshua Lu (Xilinx China) Beijing, China May 15 - 16, 2010 http://NetFPGA.org NetFPGA TutorialTsinghua University – Day 2

  2. Outline • Tree Structure • Develop a cryptography module • Quick overview of XOR “cryptography” • Implement crypto module • Write software simulations • Synthesize • Write hardware tests

  3. Tree Structure NF2 bin (scripts for running simulations and setting up the environment) bitfiles (contains the bitfiles for all projects that have been synthesized) lib (stable common modules and common parts needed for simulation/synthesis/design) projects (user projects, including reference designs)

  4. Tree Structure (2) lib C (common software and code for reference designs) java (contains software for the graphical user interface) Makefiles (makefiles for simulation and synthesis) Perl5 (common libraries to interact with reference designs and aid in simulation) python (common libraries to aid in regression tests) (scripts for common functions) scripts verilog (modules and files that can be reused for design)

  5. Tree Structure (3) projects doc (project specific documentation) (contains file to include verilog modules from lib, and creates project specific register defines files) include (regression tests used to test generated bitfiles) regress (contains non-library verilog code used for synthesis and simulation) src sw (all software parts of the project) (contains user .xco files to generate cores and Makefile to implement the design) synth verif (simulation tests)

  6. Cryptography • Simple cryptography – XOR

  7. Cryptography (cont.) • Example: • Explanation: • A ^ A = 0 • So, M ^ K ^ K = M ^ 0 = M

  8. Implementing a Crypto Module (1) • What do we want to encrypt? • IP payload only • Plaintext IP header allows routing • Content is hidden • Encrypt bytes 35 onward • Bytes 1-14 – Ethernet header • Bytes 15-34 – IPv4 header (assume no options) • Assume all packets are IPv4 for simplicity

  9. Implementing a Crypto Module (2) • State machine (draw on next page): • Module headers on each packet • Datapath 64-bits wide • 34 / 8 is not an integer!  • Inside the crypto module

  10. Crypto Module State Diagram Hint: We suggest 4 states (or 3 if you’re feeling adventurous) Skip Module Headers

  11. State Diagram to Verilog (1) Module location Crypto module to encrypt and decrypt packets MAC RxQ CPU RxQ MAC RxQ CPU RxQ MAC RxQ CPU RxQ MAC RxQ CPU RxQ Input Arbiter Output Port Lookup Crypto MAC TxQ CPU TxQ MAC TxQ CPU TxQ MAC TxQ CPU TxQ MAC TxQ CPU TxQ Output Queues

  12. Inter-module Communication Module i Module i+1 data ctrl wr rdy

  13. State Diagram to Verilog (2) • Projects: • Each design represented by a project Format: NF2/projects/<proj_name> • NF2/projects/crypto_nic • Consists of: • Missing: • Verilog source • Simulation tests • Hardware tests • Libraries • Optional software • State diagram implementation • Simulation tests • Regression tests

  14. State Diagram to Verilog (3) • Projects (cont): • Pull in modules from NF2/lib/verilog • Generic modules that are re-used in multiple projects • Specify shared modules in project’s include/lib_modules.txt • Local src modules override shared modules • crypto_nic: • Local user_data_path.v, crypto.v • Everything else: shared modules

  15. State Diagram to Verilog (4) • Your task: • Copy NF2/lib/verilog/module_template/src/module_template.v to NF2/projects/crypto_nic/src/crypto.v • Implement your state diagram in src/crypto.v • Small fallthrough FIFO • Generic register interface • Registers to be used defined in include/crypto_defines.v

  16. Generic Registers Module generic_regs # ( .UDP_REG_SRC_WIDTH (UDP_REG_SRC_WIDTH), .TAG (`CRYPTO_BLOCK_TAG), .REG_ADDR_WIDTH (`CRYPTO_REG_ADDR_WIDTH), .NUM_COUNTERS (0), .NUM_SOFTWARE_REGS (1), .NUM_HARDWARE_REGS (0)) crypto_regs ( .reg_req_in (reg_req_in), … .reg_src_out (reg_src_out), … .software_regs (key), .hardware_regs (), …

  17. First Break (While writing Verilog modules)

  18. Testing: Simulation (1) • Simulation allows testing without requiring lengthy synthesis process • NetFPGA provides Perl simulation infrastructure to: • Send/receive packets • Physical ports and CPU • Read/write registers • Verify results • Simulations run in ModelSim/VCS

  19. Testing: Simulation (2) • Simulations located in project/verif • Multiple simulations per project • Test different features • Example: • crypto_nic/verif/test_nic_short • Send one packet from CPU, expect packet out physical port • Send one packet in physical port, expect packet to CPU

  20. Testing: Simulation (3) • Useful functions: • nf_PCI_read32(delay, batch, addr, expect) • nf_PCI_write32(delay, batch, addr, value) • nf_packet_in(port, length, delay, batch, pkt) • nf_expected_packet(port, length, pkt) • nf_dma_data_in(length, delay, port, pkt) • nf_expected_dma_data(port, length, pkt) • make_IP_pkt(length, da, sa, ttl, dst_ip, src_ip) • encrypt_pkt(key, pkt) • decrypt_pkt(key, pkt)

  21. Testing: Simulation (4) • Your task: • Template files NF2/projects/crypto_nic/verif/test_crypto_encrypt/make_pkts.pl NF2/projects/crypto_nic/verif/test_crypto_decrypt/make_pkts.pl • Implement your Perl verif tests • Use the example verif test (test_nic_short)

  22. Running Simulations • Use command nf21_run_test.pl • Optional parameters • --major <major_name> • --minor <minor_name> • --gui (starts the default viewing environment) test_crypto_encrypt • Set env. variables to reference your project • NF2_DESIGN_DIR=/root/NF2/projects/<project> • PERL5LIB=/root/NF2/projects/<project>/lib/Perl5: /root/NF2/lib/Perl5: major minor

  23. Running Simulations • When running modelsim interactively: • Click "no" when simulator prompts to finish • Changes to code can be recompiled without quitting ModelSim: • bash# cd /tmp/$(whoami)/verif/<projname>; make model_sim • VSIM 5> restart -f; run -a • Do ensure $NF2_DESIGN_DIR is correct

  24. Synthesis • To synthesize your project • Run make in the synth directory (NF2/projects/crypto_nic/synth)

  25. Second Break (while hardware compiles)

  26. Regression Tests • Test hardware module • Perl Infrastructure provided to • Read/Write registers • Read/Write tables • Send Packets • Check Counters

  27. Example Regression Tests • Reference Router • Send Packets from CPU • Longest Prefix Matching • Longest Prefix Matching Misses • Packets dropped when queues overflow • Receiving Packets with IP TTL <= 1 • Receiving Packets with IP options or non IPv4 • Packet Forwarding • Dropping packets with bad IP Checksum

  28. Perl Libraries • Specify the Interfaces • eth1, eth2, nf2c0 … nf2c3 • Start packet capture on Interfaces • Create Packets • MAC header • IP header • PDU • Read/Write Registers • Read/Write Reference Router tables • Longest Prefix Match • ARP • Destination IP Filter

  29. Regression Test Examples • Reference Router • Packet Forwarding • regress/test_packet_forwarding • Longest Prefix Match • regress/test_lpm • Send and Receive • regress/test_send_rec

  30. Creating a Regression Test • Useful functions: • nftest_regwrite(interface, addr, value) • nftest_regread(interface, addr) • nftest_send(interface, frame) • nftest_expect(interface, frame) • encrypt_pkt(key, pkt) • decrypt_pkt(key, pkt) • $pkt = NF2::IP_pkt->new(len => $length,            DA => $DA, SA => $SA,            ttl => $TTL, dst_ip => $dst_ip,            src_ip => $src_ip);

  31. Creating a Regression Test (2) • Your task: • Template files NF2/projects/crypto_nic/regress/test_crypto_encrypt/run • Implement your Perl verif tests

  32. Running Regression Test • Run the command nf2_regress_test.pl --project crypto_nic

  33. Third Break (while testing hardware)

  34. The New 2.0 Release • Modular Registers • Simplifies integration of multiple modules • Many users control NetFPGAs from software • Register set joined together at build time • Project specifies registers in XML list • Packet Buffering in DRAM • Supports Deep buffering • Single 64MByte queue in DDR2 memory • Programmable Packet Encapsulation • Packet-in-packet encapsulation • Enables tunnels between OpenFlowSwitch nodes

  35. NetFPGA.org

  36. Project Ideas for the NetFPGA • IPv6 Router (in high demand) • TCP Traffic Generator • Valiant Load Balancing • Graphical User Interface (like CLACK) • MAC-in-MAC Encapsulation • Encryption / Decryption modules • RCP Transport Protocol • Packet Filtering ( Firewall, IDS, IDP ) • TCP Offload Engine • DRAM Packet Queues • 8-Port Switch using SATA Bridge • Build our own MAC (from source, rather than core) • Use XML for Register Definitions http://www.netfpga.org/foswiki/NetFPGA/OneGig/ModuleWishlist

  37. NetFPGA Designs .. And more on http://netfpga.org/foswiki/NetFPGA/OneGig/ProjectTable

  38. Group Discussion • Your plans for using the NetFPGA • Teaching • Research • Other • Resources needed for your class • Source code • Courseware • Examples • Your plans to contribute • Expertise • Capabilities • Collaboration Opportunities

  39. NetFPGA Developers Workshops • You already know that the NetFPGA implements a Gigabit NIC, a hardware-accelerated Internet router, a traffic generator, an OpenFlow switch, a NetFlow probe and more. What else can it do? We invite you to contribute a NetFPGA project and present your work at a NetFPGA workshop • NetFPGA Events: • http://netfpga.org/php/events.php • 2010 Locations: • USA (Stanford, California) • Europe (UK) • Asia (Korea) • Format • Presentations • Demonstrations • Example • http://NetFPGA.org/DevWorkshop “What can you built with your NetFPGA?”

  40. The contest is split into two challenges. Teams can participate in either or both challenges. Design challenges will be posted on the start date of the contest. The design teams have 120 days to produce a working implementation employing any HW and SW design methodology and targeting the NetFPGA development platform. Dates Contest starts on Feb 9th 2010 Contest ends on June 1st 2010. Challenge 1: The Best Network Tester/Packet Capture system There are a small number of very expensive packet generator and capture systems on the market, used for testing networks and network equipment. The goal of this design is to provide a usable, powerful and open-source alternative for use by universities and organizations unable to afford such expensive equipment. Challenge 2: The Best Overall Network System Design The goal is to design and implement a novel design on the NetFPGA system. Use your imagination to devise a new use case for the NetFPGA. We are looking for solutions utilizing the NetFPGA cards that perform significant networking functionality. Rules and more Information http://www.netfpga.org/foswiki/NetFPGA/OneGig/DesignContest2010 NetFPGA Design Contest

  41. Thoughts for Developers • Build Modular components • Describe shared registers (as per 2.0 release) • Consider how modules would be used in larger systems • Define functionality clearly • Through regression tests • With repeatable results • Disseminate projects • Post open-source code • Document projects on Web, Wiki • Expand the community of developers • Answer questions in the Discussion Forum • Collaborate with your peers to build new applications

  42. Visit http://NetFPGA.org

  43. Join the NetFPGA.org Community • Log into the Wiki • Access the Beta code • Join the netfpga-beta mailing list • Join the discussion forum

  44. Contribute to the Project • Search for related work • List your project on the Wiki • Link your project homepage

  45. Survey • How did you like this this tutorial? • What did you find useful? • What should be improved? • What should be removed? • What should be added? • Can we post the video from this event? • If not, please let us know. • Complete On-line survey • http://netfpga.org/tutorial_survey.html

  46. Acknowledgments NetFPGA Team at Stanford University (Past and Present): Nick McKeown, Glen Gibb,Jad Naous, David Erickson, G. Adam Covington, John W. Lockwood, Jianying Luo,Brandon Heller, Paul Hartke, Neda Beheshti, Sara Bolouki, James Zeng, Jonathan Ellithorpe, Sachidanandan Sambandan

  47. Special thanks to: Patrick Lysaght, Veena Kumar, Paul Hartke, Anna Acevedo Xilinx University Program (XUP) Other NetFPGA Tutorials Presented At: SIGMETRICS See: http://NetFPGA.org/tutorials/

  48. Acknowledgments Support for the NetFPGA project has been provided by the following companies and institutions Disclaimer: Any opinions, findings, conclusions, or recommendations expressed in these materials do not necessarily reflect the views of the National Science Foundation or of any other sponsors supporting this project.

More Related