Day: 30 August 2018
Lukáš Kekely was given a prestigious award for his work dealing with network monitoring through FPGA technology
The ever-increasing volume of transferred data means that demands for speed of computer networks are increasing as well. That means that usual tools are no longer sufficient for the needs of experts monitoring network traffic. They are unable to analyse such large volumes of data quickly enough to allow them to notify administrators of unusual behaviour or possible threat. That is why Lukáš Kekely from the Faculty of Information Technology of BUT researched the possibility of using special FPGA chips. As a part of his research, he designed a way to program an FPGA card so that it enables monitoring of above-standard volumes of data once connected to the network. He was even awarded third place in the Werner von Siemens Award for his dissertation thesis.
According to Lukáš Kekely, people are currently sending more photos, they want to transfer higher quality videos and they are sharing more and more data in general. Networks are getting faster as a result. This in turns makes the work of administrators overseeing the behaviour of networks more difficult. Unusual behaviour or attempts at compromising security are easier to miss in high speeds. "It's like looking for a needle in an ever-growing haystack. Standard processors are no longer adequate for high-speed processing of large amounts of data. What we need is a network card that will accelerate data processing," noted Lukáš Kekely.
As a matter of fact, the issue of suitable utilisation of acceleration at the level of network card for the purpose of monitoring is precisely the issue he was addressing in his dissertation thesis for which he was awarded the Werner von Siemens Award. Kekely used FPGA technology to achieve said acceleration. "Those are chips programmed using a special hardware description language. They are capable of high speed parallel data processing. In the proposed solution, I utilise FPGA for pre-processing of network data so that processors are under less load during subsequent processing," described Kekely. He says that until now, data processing on the network card level has been utilised only in a very basic form. Analysis has been performed exclusively using processors. In Kekely's opinion, this is no longer possible due to high speeds. "We need the card to be able to analyse the data in detail, filter them in certain way and pick only the most interesting pieces of data for more detailed analysis. This way, only a fraction of the original volume is sent to processor," he added. His work then consisted in programming the card to be able to process data at the highest speed possible and by doing so helped the processor to extract as much relevant information as possible.
Thanks to the technology created, experts can keep track of what is happening on the network. "Large companies that have big networks which perform huge data transfers must be able to take a look into the networks at any time. They need to keep themselves informed of any issues like issues with configuration, whether the data is transmitted as expected, and if there isn't some kind of a problem. That's why I verified whether this procedure may be a suitable solution," said Lukáš Kekely, who works for CESNET, an organisation which manages the nationwide network connecting all Czech universities and academic institutions, describing the use of the cards.
Although the FPGA chips are nothing new, Kekely and his colleagues introduced the world's first 100 Gbps acceleration card four years ago. More recently, a 200 Gbps card has been introduced to the world. Nowadays, Kekely works with the team on a 400 Gbps card. These cards can be purchased through a commercial company which co-operates with FIT BUT and CESNET. According to Kekely, the price of the cards is in the order of thousands of dollars.
Other projects focused on the FPGA technology were also created at FIT BUT. "Currently, we are trying to increase not only the speed but also the accuracy of data processing performed by the card. This means that we want to achieve more complex interconnection of the card with data analysis. We connect the cards directly to threat detectors so that the cards are able to send more relevant information when a threat arises or if an unusual behaviour is detected, i.e. to monitor potentially harmful communication in greater detail," concluded Lukáš Kekely.
Author: Kozubová Hana, Mgr.
Last modified: 2020-06-26T15:07:10