# C-GEP: Platform Demo for 100 Gbit/s Network Monitoring

Tamás Tóthfalusi, Péter Orosz

Faculty of Informatics University of Debrecen Debrecen, Hungary emal: <u>oroszp@unideb.hu</u>

Abstract—As the line rate reaches and exceeds 100 Gbit/s, the usage of hardware-accelerated networking equipment is getting a natural choice when evaluating newly developed network-related features. The requirement for high throughput and high level of reconfiguration together put Field Programmable Gate Array (FPGA) technology into the focus of high performance networking. In this demonstration, we show some of the capabilities of a new, 100 Gigabit Ethernet Evaluation Platform, called C-GEP. Since the hardware is reconfigurable, the platform can host a wide range of high-speed network specific applications, and it is aligned with the Software Defined Networking (SDN) principles. Our demonstration contains two different implementations of 100 Gbit/s-capable applications: a traffic generator and a traffic monitor engine. Our aim here is to show the feasibility of C-GEP for high-speed networking evaluations.

Keywords—network management; network monitoring; 100 Gbit/s Ethernet; traffic analysis; reconfigurable hardware; Field Programmable Gate Array

#### I. INTRODUCTION

In this demonstration, we introduce a reconfigurable, highthroughput capable packet processing platform, called C-GEP. The name is a short version for *100 Gigabit Ethernet Evaluation Platform*.

The main idea of the demonstration is to show that C-GEP is able to process the traffic arriving at 100 Gbit/s: it is able to parse packets, chop and filter them based on various rules, and forward them for further processing. Besides demonstrating these capabilities, we show that the platform is also capable of acting as a full-speed traffic generator. Furthermore, since C-GEP is based on a Virtex-6 FPGA (Field Programmable Gate Array), it has dynamic hardware reconfiguration capabilities; and it can even host hardware-accelerated protocol-implementations, such as PTP (Precision Time Protocol) – which we also include in the demonstration.

The architecture can host different high-speed interfaces (SFP, XFP, CFP) in various configurations. The prototype boards, used in the demonstration, contain 1 CFP, 4 XFP and 4 SFP connectors to handle 100, 10 and 1 Gbit/s Ethernet, respectively. The conference paper entitled "C-GEP: Adaptive Network Management with Reconfigurable Hardware" [1] provides further, detailed description about the platform.

Pál Varga

Department of Telecommunications and Media Informatics Budapest University of Technology and Economics Budapest, Hungary email: pyarga@tmit.bme.hu

# II. HIGH-PERFORMANCE APPLICATIONS FOR 100 GBIT/S NETWORKS

Figure 1 illustrates the environment of the demonstration. There are two C-GEP platforms connected directly to each other, using a 100 Gbit/s optical link. One of the reconfigurable devices is uploaded with a traffic generator firmware, to generate multi-encapsulated packets. The successive Ethernet frames contain various protocol embedding schemes, transmitted at near line rate. The other C-GEP device is configured as a lossless monitor architecture-. It parses and classifies the captured packets at 100 Gbit/s. Furthermore, the monitor application decodes and filters the multi-encapsulated packets in real-time.

The demonstrator setup has three screens: (i) rule configuration of the traffic generator, (ii) interface statistics (showing the lossless feature), and (iii) decoded and filtered packets presented via Wireshark.

Each packet receives a precise timestamp on the monitor platform, as an extended header. After timestamping, the packets are parsed and compared against the filtering rules – then those that match are passed (in this demo case) to a 1 Gbit/s output interface. The output interface is monitored with *Wireshark*, as a protocol analyzer. To visualize the extension header (64-bit timestamp) of the processed packets, the functionalities of *Wireshark* was extended through a *lua* script. In addition, the monitor platform contains a web-based graphical user interface for management functions and statistics.



Fig. 1. Demonstration setup for monitoring with C-GEP

| Ethernet Header | 802.1 Q<br>Outer TAG 802.1 Q<br>Inner TAG | MPLS<br>Level 1. | MPLS<br>Level 2. | Ethernet over<br>MPLS | 802.1 Q | IPv4 Header | UDP/TCP<br>Header | GTP<br>Header | IPv4 Header | UDP/TCP<br>Header |  |
|-----------------|-------------------------------------------|------------------|------------------|-----------------------|---------|-------------|-------------------|---------------|-------------|-------------------|--|
|-----------------|-------------------------------------------|------------------|------------------|-----------------------|---------|-------------|-------------------|---------------|-------------|-------------------|--|

Fig. 2. Example for the header structure of a supported multi-encapsulated packet

# A. Traffic Generator

The main feature of the generator is that the platform sends predefined (or prerecorded) packets *from firmware*. The traffic generator firmware is able to transmit multiencapsulated packets at line rate, operating on predefined Ethernet frames with variable length. As the architecture is based on an FPGA device, high precision timing for the transmission process and accurate frame generation are guaranteed even at near line-rate.

Main features of the generator module are:

- handling up to 128 different frames with predefined, multi-encapsulated structures and variable length,
- sending out frames based on a predefined pattern or in random order,
- high variability of transmission rate and packet length

   these can also follow predefined patterns, can be
   randomized, or can have fixed values,
- recreation of Ethernet frame checksum on-the-fly.

The generator firmware contains a custom 100 Gbit/s MAC (Media Access Control) module made by our group. It is a fully compliant implementation of the IEEE 802.3ba-2010 standard.

Since the demonstration mainly concentrates on filtering packet headers, the internal storage contains headers only. Data parts are filled up with PRBS (Pseudo Random Binary Sequence), or fixed content.

## B. Traffic Monitor

The traffic monitor platform has a scalable architecture, based on high-throughput pipeline engines. Its operation can be divided up to three main phases: *packet parsing, packet classification* and *output arbitration*, as illustrated in Figure 3.

The monitor device applies high precision timestamps on the captured Ethernet frames. The Local Time Manager module synchronizes its local clock to a PTP Master device using a controller module to achieve 6.4 ns time accuracy.

The monitor firmware also contains the mentioned custom 100 Gbit/s MAC module.

The parsing engine of the monitor platform is a hand optimized pipeline architecture, where the pipeline stages operate on a complex parser graph. It is responsible for the parsing of the multi-encapsulated packets. During the decoding process, specific header fields are extracted and stored for further packet processing phases.

The operation of the monitoring system is based on a reconfigurable filter rule set. Each rule can be uploaded during online operation through a web-based GUI, without the need for stopping or redirecting the monitored traffic. Each filtering rule has a priority, based on its number. The rules can apply AND or NOT(AND) operation between the tuples. In addition, matching packets are propagated or dropped, depending on the rule settings.



Fig. 3. Internal module architecture of the monitoring system

The demonstration includes a 14-tuple based decoding and filtering engine, which can handle complex multiencapsulated packets (e.g., QinQ, 2 level MPLS, IP-in-IP, IP-GTP-IP). Figure 2 represents an example of the supported header combinations.

### III. FEASIBILITY

C-GEP provides a highly scalable architecture for high-speed networking, supporting features such as packet parsing, classification and dynamic snaplength, among others.

Since the hardware architecture is reconfigurable, the *parsing* engine can operate on different parser graphs. The scalable pipeline architecture can extract 14 or even more header fields, while operating on an extremely high data rate.

The main feature of the *classification* engine is the possibility to reconfigure rules during real-time operation. The lossless filtering process continues working simultaneously with the process of rule-upload, based on the previous filter configuration.

*Dynamic snaplength* is an adaptive and efficient way to optimize the amount of packet data being stored for further processing, which is critical in high speed environment. We use the output of the parser engine to determine the cutting position for each packet.

#### REFERENCES

 P. Orosz, T. Tothfalusi, P. Varga, "C-GEP: Adaptive Network Management with Reconfigurable Hardware", IFIP/IEEE International Symposium on Integrated Network Management, 2015, Ottawa, Canada