NAT Implementation for the NetFPGA Platform

Omar Choudary and David MillerUniversity of Cambridge

Computer Laboratory

Outline• Hardware

o Designo TCAM memory: LPM and NATo Performance

• Softwareo Functionality

• Advanced Feature: NATo Hardwareo Software

• NAT Demoo Case 1: client-server transfer crossing two nf-test machineso Case 2: ttcp performance test

NAT implementation for the NetFPGA  (Omar Choudary; David Miller) Slide 2

Advanced Feature.NAT

NAT implementation for the netFPGA  (Omar Choudary; David Miller) Slide 8

Hardware.Design

NAT implementation for the netFPGA  (Omar Choudary; David Miller) Slide 3

NAT.Hardware• Tables to store NAT translations• 2 CAMs + 2 RAMs• 1 RAM for update counter (to solve TCP State issue)• Registers for software communication• Synchronisation with LPM and Routing functionality

NAT implementation for the netFPGA  (Omar Choudary; David Miller) Slide 9

Hardware.Performance

• TTCP (Test TCP, sourcing data from Linux OS)o 976Mbps = 122 MB/s o Limited by the OS and NF2 framework

• Router_perf (sourcing data directly from the FPGA): o 2909 Mbps = 363MB/s for 64-byte packet sizeo 3751 Mbps = 469MB/s for 1500-byte packet size o Limited by the NF2 framework

NAT implementation for the netFPGA  (Omar Choudary; David Miller) Slide 6

Software.Functionality• Process packets sent by the Hardware to the CPU

o Send and receive ICMP and ARP packets• Implement and run the OSPF protocol• Insert and update entries into the hardware tables: IP filter,

ARP, ROUTE, NAT|• Implement the CLI

NAT implementation for the netFPGA  (Omar Choudary; David Miller) Slide 7

NAT.Software• Create entries in the NAT table when TCP/UDP packet

arrives on INBOUND interfaces• Checks the hardware counter on each entry to delete

unused entries• Handles incorrect UDP/TCP packets (possibly due to

incorrect header checksum)• Implements DHCP server to automatically provide hosts

connected to INBOUND interfaces with IP addresses

NAT implementation for the netFPGA  (Omar Choudary; David Miller) Slide 10

NAT.DEMO

NAT implementation for the netFPGA  (Omar Choudary; David Miller) Slide 11

CASE 1: HTTP Transfer

NAT implementation for the netFPGA  (Omar Choudary; David Miller) Slide 12

CASE 2: TTCP Test

NAT implementation for the netFPGA  (Omar Choudary; David Miller) Slide 13

Questions

NAT implementation for the netFPGA  (Omar Choudary; David Miller) Slide 16

Problems Encountered

NAT implementation for the netFPGA  (Omar Choudary; David Miller) Slide 17

• NF2 framework limitations -> issues with out_rdy signal• Bad hardware design• Hidden hardware bugs; hard to debug using chipscope• NetFPGA ports are only Gigabit-capable; not possible to

plug in a laptop Fast-Ethernet-only capable• Problems when dealing with slow devices; either web

server or our software making problems

CASE 3: Open Internet

NAT implementation for the netFPGA  (Omar Choudary; David Miller) Slide 14

CASE 4: Speed Test

NAT implementation for the netFPGA  (Omar Choudary; David Miller) Slide 15

Hardware.TCAM• Fastest LPM hardware solution• Based on a Ternary CAM => Each bit in the CAM memory

contains 3 states: 0, 1 and X (don't care)• My implementation uses 2 CAMs for each bit of the 32

composing an IP address => 64 Block RAMs

NAT implementation for the netFPGA  (Omar Choudary; David Miller) Slide 5