Research
Netronome is creating a worldwide network of universities, government agencies and private companies that are involved in research with our powerful microengine processing technology. These researchers are continuing work from the Intel IXP28XX forward to the Netronome NFP-32xx.
Netronome offers software development tools, hardware reference platforms, sample code and other technologies that will enable you to continue your academic curriculums, academic research and corporate research. Netronome supports gift awards to universities based on research proposals from faculty and helps graduate students to identify internships and full-time employement opportunities. For more information please contact research@netronome.com.
Accelerating OpenFlow Switching with Network Processors
Yan Luo, Pablo Cascon, Eric Murray and Julio Ortega
University of Massachusetts Lowell, USA and University of Granada, Spain
Published: September 2009
Abstract: OpenFlow switching enables flexible management of enterprise network switches and experiments on regular network traffic. We present in this paper a complementary design to OpenFlow’s existing reference designs. We apply network processor based acceleration cards to perform OpenFlow switching. We describe the design options and report our experiment results that show a 20% reduction on packet delay and the comparable packet forwarding throughput compared to conventional designs.
Sentinel: Hardware-Accelerated Mitigation of Bot-Based DDoS Attacks
Researchers: Peter Djalaliev, Muhammad Jamshed, Nicholas Farnan and José Brustoloni
Department of Computer Science, University of Pittsburgh
Published: August 2008
Abstract: Effective defenses against DDoS attacks that deplete resources at the network and transport layers have been deployed commercially. Therefore, DDoS attacks increasingly use normallooking application-layer requests to waste server CPU or disk capacity. CAPTCHAs attempt to distinguish bots from human clients and are often used to avoid such attacks. However, CAPTCHAs themselves consume resources and frequently are defeated. Kill-Bots reduces CAPTCHA overhead by pushing client authentication into the kernel. However, Kill-Bots requires kernel modifications, which can be infeasible. We describe the design, implementation, and performance evaluation of Sentinel, a network device that overcomes several limitations in Kill-Bots. Sentinel can be easily deployed as a bridge in front of server farms, modularly accepts a variety of present and future authentication schemes, and can use network processors to accelerate authentication. Experiments show that Sentinel greatly reduces the impact of DDoS attacks on the response time experienced by legitimate clients.
