Software-Defined Networking (SDN) promises the vision of more flexible and manageable networks but requires certain level\nof programmability in the data plane to accommodate different forwarding abstractions. SDN software switches running on\ncommodity multicore platforms are programmable and are with low deployment cost. However, the performance of SDN software\nswitches is not satisfactory due to the complex forwarding operations on packets. Moreover, this may hinder the performance of\nreal-time security on software switch. In this paper,we analyze the forwarding procedure and identify the performance bottleneck of\nSDN software switches. An FPGA-based mechanism for accelerating and securing SDN switches, named FAS (FPGA-Accelerated\nSDN software switch), is proposed to take advantage of the reconfigurability and high-performance advantages of FPGA. FAS\nimproves the performance as well as the capacity against malicious traffic attacks of SDN software switches by offloading some\nfunctional modules. We validate FAS on an FPGA-based network processing platform. Experiment results demonstrate that the\nforwarding rate of FAS can be 44% higher than the original SDN software switch. In addition, FAS provides new opportunity to\nenhance the security of SDN software switches by allowing the deployment of bump-in-the-wire security modules (such as packet\ndetectors and filters) in FPGA.
Loading....