Hipernetch: High-Performance FPGA Network Switch

We present Hipernetch, a novel FPGA-based design for performing high-bandwidth network switching. FPGAs have recently become more popular in data centers due to their promising capabilities for a wide range of applications. With the recent surge in transceiver bandwidth, they could further benefit the implementation and refinement of network switches used in data centers. Hipernetch replaces the crossbar with a “combined parallel round-robin arbiter”. Unlike a crossbar, the combined parallel round-robin arbiter is easy to pipeline, and does not require centralised iterative scheduling algorithms that try to fit too many steps in a single or a few FPGA cycles. The result is a network switch implementation on FPGAs operating at a high frequency and with a low port-to-port latency. Our proposed Hipernetch architecture additionally provides a competitive switching performance approaching output-queued crossbar switches. Our implemented Hipernetch designs exhibit a throughput that exceeds 100 Gbps per port for switches of up to 16 ports, reaching an aggregate throughput of around 1.7 Tbps.

Machine-Learning-Enabled DDoS Attacks Detection in P4 Programmable Networks

Distributed Denial of Service (DDoS) attacks represent a major concern in modern Software Defined Networking (SDN), as SDN controllers are sensitive points of failures in the whole SDN architecture. Recently, research on DDoS attacks detection in SDN has focused on investigation of how to leverage data plane programmability, enabled by P4 language, to detect attacks directly in network switches, with marginal involvement of SDN controllers. In order to effectively address cybersecurity management in SDN architectures, we investigate the potential of Artificial Intelligence and Machine Learning (ML) algorithms to perform automated DDoS Attacks Detection (DAD), specifically focusing on Transmission Control Protocol SYN flood attacks. We compare two different DAD architectures, called Standalone and Correlated DAD, where traffic features collection and attack detection are performed locally at network switches or in a single entity (e.g., in SDN controller), respectively. We combine the capability of ML and P4-enabled data planes to implement real-time DAD. Illustrative numerical results show that, for all tested ML algorithms, accuracy, precision, recall and F1-score are above 98% in most cases, and classification time is in the order of few hundreds of $$\upmu \text {s}$$ μ s in the worst case. Considering real-time DAD implementation, significant latency reduction is obtained when features are extracted at the data plane by using P4 language. Graphic Abstract

ICT security in tax administration - Rapid7 Nexpose vulnerability analysis

The article focuses on the subject of IT security in tax administration. This study presents the research on the security level of endpoints, servers, printing devices, network switches and other ICT devices using the Rapid Nexpose vulnerability scanner. We discuss the specifics of security research in public administration resulting from the laws in force in these institutions.

A Method for the Stateful Data-Plane Algorithm State Synchronization in the Network Processing Unit

This work presents a network processing unit based on specialized computational cores that is used for packet processing in network devices (e.g. in network switches). Nowadays stateful data-plane algorithms are developing in software-defined networks. The idea of stateful data-plane algorithms is to move a part of control information from control plane to data plane. But these algorithms require hardware support because they need resources for state handling. This work presents the network processing unit architecture modifications that allow to use stateful data-plane algorithms that require state synchronization between the NPU processing pipelines.

An Analytical Model of a Corporate Software-Controlled Network Switch

Implementing the almost limitless possibilities of a software-defined network requires additional study of its infrastructure level and assessment of the telecommunications aspect. The aim of this study is to develop an analytical model for analyzing the main quality indicators of modern network switches. Based on the general theory of queuing systems and networks, generated functions and Laplace-Stieltjes transforms, a three-phase model of a network switch was developed. Given that, in this case, the relationship between processing steps is not significant, quality indicators were obtained by taking into account the parameters of single-phase networks. This research identified the dependencies of service latency and service time of incoming network packets on load, as well as equations for finding the volume of a switch’s buffer memory with an acceptable probability for message loss.

Differentiation between Bellman-Ford and Dijsktra Algorithm in Routing Protocols

The modus operandi of congregating data pre-owned by home area network (HAN) protocols in order to deliver data across confined or extensive distance connection and that which is transmittal over a digital network in the form of packets is called as packet switching. Packet switching necessitates packaging of data in meagre units (packets) that are routed through a network, based on destination address contained within each packet and with the usage of network switches and routers. In packet switching networks, routing is the Avant-graded and multifaceted resolution maker, that controls the direction of network packets from their source in the vicinity of their destination through intermediate network nodes by precise packet advancing techniques. Here, in this disquisition we made an interpretation apropos the dyad pre-eminent shortest path (closest distance) searching algorithms, which are used in routing. They’re the BELLMAN-FORD and DIJKSTRA’S algorithm. The anatomization of the differentiation between the two is given concisely.