The goal of the Liberouter project is to create a working system for network-wide monitoring and anomaly detection in a high-speed network. The input points of the system are probes which are placed inside the network. These probes collect and process information about the data flow in the network. Hardware acceleration is used to achieve the best possible quality of the measured data. The normal operation mode of the probes is to export flow data in the Netflow format. However, due to the programmability of the hardware acceleration cards, the probes may also be used for a specialized, narrow-focused measurements. The measured data is sent to the flow collector, where it is stored and further processed. This processing involves network anomaly detection methods, which generate reports about the identified anomalies.

100GE Acceleration card

We are ready for 100GE

  • Family of COMBO cards – are cards designed for hardware acceleration of network applications using FPGA technology. These cards consist of one or more FPGA chips, memories and other neccessary hardware components. As FPGAs on cards can be configured from a host computer within several micro seconds and use PCIe hotplug to reload device drivers, card functionality can be altered very fast without the need to restart the computer. This is very comfortable during development and can also be utilized in target applications.
  • NetCOPE – is development environment and collection of IP cores for rapid development of hardware accelerated network applications using FPGA cards. The platform provides effective implementations of network interfaces, time-stamp generation, PCIe bus interface and fast DMA transfers so that the designer can concentrate on the target application and do not waste time with the implementation of any interfaces. Moreover, as the platform uses the same interface for different cards, applications can be easily moved to new cards with the NetCOPE platform.
  • HANIC is both software and firmware that brings hardware accelerated network interface card functionality to the COMBO family cards. The main feature of HANIC is distribution of incoming traffic among several software interfaces, which can then be processed by a single CPU core each. The mentioned traffic distribution is based on extracted packet header fields, and is therefore flow-aware.
  • SDM is a new concept of hardware acceleration for flexible flow-based application level monitoring. The concept relies on smart monitoring tasks implemented in the software in conjunction with a configurable hardware accelerator.
  • P4 is a domain-specific language for describing switches’ packet processing functionality far beyond OpenFlow. Our research efforts are aimed at exploring how P4-programmability can be incorporated into high-speed FPGA-based NICs and what are the benefits and use cases.
  • DDoS Protector is our custom DDoS protection device. The device consists of COMBO network interface card and a commodity server. The FPGA implements the fast forwarding and filtering data plane while the server implements the control plane that continuously evaluates the network traffic parameters and in case of attacks, it enables FPGA filtering with less than one second delay.
TMC Toolset Scheme

TMC Toolset Scheme

  • As a Flow Exporter we use the FlowMon exporter from Flowmon Networks. It provides a fast core with API for various types of plugins. We developed the plugins to read input packets from the COMBO cards, process them according to our specific needs and finally export them in the NetFlow format.
  • Flow Collector named IPFIXcol is an extensible framework for processing network flow data in the IPFIX format. It supports plugins for receiving data from a network and storing it. The same data can be processed by more than one storage plugin at once.
  • For remote configuration, we develop a set of various YANG and NETCONF toolsNetopeer is the project of remote configuration system providing NETCONF server and client applications. The integral part of the project is the libnetconf library implementing NETCONF protocol functionality. The main advantage of the Netopeer server is meant to be a plugin mechanism allowing developers to focus only on the configuration of the device without any unnecessary knowledge of the NETCONF protocol. As a base for the new generation of our tools, we have created libyang – YANG parser implemented and usable as a library with C language API.
  • Nemea is the network measurement and analysis framework which allows an assembly of a system for automated real-time analysis of data gathered by network monitoring processes. It is the suitable platform for development of network security applications such as anomaly detection modules.