full tcp offload solution with tcp session setup/teardown su

Hello,

I am searching for a fpga accelerated ethernet card solution for facing tcp sessions before OS. The solution should complete 3 way handshake before operating system/driver stage. This implies it should create SYN-ACK packets and wait for 3rd step ACK. This implies it should keep a connection/session table. Generally, I am waiting high connection rate (1M conn per second for 1 Gbps connection) and high number of live sessions.

I would be grateful for any redirection. Sorry for bothering if this is the wrong community for the subject.

Regards,

Oguz

 

[glen herrmannsfeldt]

oguzyilmazlist@gmail.com wrote:

Hello,

I am searching for a fpga accelerated ethernet card solution
for facing tcp sessions before OS. The solution should complete
3 way handshake before operating system/driver stage.
This implies it should create SYN-ACK packets and wait for 3rd
step ACK. This implies it should keep a connection/session table.
Generally, I am waiting high connection rate (1M conn per second
for 1 Gbps connection) and high number of live sessions.

It might be that some NIC do that. I know there are some with
special features to offload some of the processing from the
server, such as the checksum calculation.

I would be grateful for any redirection. Sorry for bothering if
this is the wrong community for the subject.

You might try comp.dcom.lans.ethernet, even though it isn't
really an ethernet question. There is also a tcpip group.

-- glen

 

On Saturday, January 19, 2013 2:09:38 PM UTC+2, glen herrmannsfeldt wrote:

oguzyilmazlist@gmail.com wrote:

Hello,



I am searching for a fpga accelerated ethernet card solution

for facing tcp sessions before OS. The solution should complete

3 way handshake before operating system/driver stage.

This implies it should create SYN-ACK packets and wait for 3rd

step ACK. This implies it should keep a connection/session table.

Generally, I am waiting high connection rate (1M conn per second

for 1 Gbps connection) and high number of live sessions.



It might be that some NIC do that. I know there are some with

special features to offload some of the processing from the

server, such as the checksum calculation.

I am searching for a different solution then ordinary TOE NIC solutions. The difference is high rate of tcp session setup/teardown.

I would be grateful for any redirection. Sorry for bothering if

this is the wrong community for the subject.



You might try comp.dcom.lans.ethernet, even though it isn't

really an ethernet question. There is also a tcpip group.



-- glen

 

[Allan Herriman]

On Sat, 19 Jan 2013 03:54:49 -0800, oguzyilmazlist wrote:

Hello,

I am searching for a fpga accelerated ethernet card solution for facing
tcp sessions before OS. The solution should complete 3 way handshake
before operating system/driver stage. This implies it should create
SYN-ACK packets and wait for 3rd step ACK. This implies it should keep a
connection/session table. Generally, I am waiting high connection rate
(1M conn per second for 1 Gbps connection) and high number of live
sessions.

I hate to be a naysayer, but I believe 1M connections per second is not
possible on a 1Gb/s link, regardless of how fast the processing is.

Minimum frame size = 64 bytes + 8 bytes preamble and SFD + 12 bytes IFG.
You can send up to about 1.488M packets per second in each direction.
Can't do a 3 way handshake with 1.488 packets, unless you do some trick
like putting multiple handshakes in the one packet.


I've never implemented a TCP/IP stack, so I might be missing something.

Regards,
Allan

 

[glen herrmannsfeldt]

oguzyilmaz@gmail.com wrote:

(snip)

I am searching for a fpga accelerated ethernet card solution
for facing tcp sessions before OS. The solution should complete
3 way handshake before operating system/driver stage.

This implies it should create SYN-ACK packets and wait for 3rd
step ACK. This implies it should keep a connection/session table.

Generally, I am waiting high connection rate (1M conn per second

for 1 Gbps connection) and high number of live sessions.

It might be that some NIC do that. I know there are some with
special features to offload some of the processing from the
server, such as the checksum calculation.

I am searching for a different solution then ordinary TOE NIC
solutions. The difference is high rate of tcp session setup/teardown.

Yes, but someone else might have had this problem before.

Though a high rate of setup/teardown implies only a small amount
of data to each, and most use UDP in that case.

Can you explain the actual problem that you are trying to solve?
(Which specific protocol, or what kind of data?)

I haven't thought about this for a while, but I believe, while
it is usually not done, it is possible to include TCP data in
some of the TCP handshaking packets. You might also be able
to add FIN earlier than usual.

Post to the tcp-ip newsgroup and ask about the minimum TCP
session. You might be able to do:

1) SYN+data
2) SYN+ACK+data+FIN
3) ACK+data+FIN

I know that there are NICs designed to offload some of the work,
but I don't know much more than that.

-- glen

 

On Saturday, January 19, 2013 8:52:55 PM UTC+2, glen herrmannsfeldt wrote:

(snip)

I am searching for a fpga accelerated ethernet card solution

for facing tcp sessions before OS. The solution should complete

3 way handshake before operating system/driver stage.



This implies it should create SYN-ACK packets and wait for 3rd

step ACK. This implies it should keep a connection/session table.



Generally, I am waiting high connection rate (1M conn per second



for 1 Gbps connection) and high number of live sessions.



It might be that some NIC do that. I know there are some with

special features to offload some of the processing from the

server, such as the checksum calculation.



I am searching for a different solution then ordinary TOE NIC

solutions. The difference is high rate of tcp session setup/teardown.



Yes, but someone else might have had this problem before.



Though a high rate of setup/teardown implies only a small amount

of data to each, and most use UDP in that case.



Can you explain the actual problem that you are trying to solve?

(Which specific protocol, or what kind of data?)

Actual problems are,

- For IP Spood TCP connection trials, Full Toe NIC should receive SYN, send SYN-ACK, wait for ACK. This is 3way handshake. If this completes, we are sure IP is not spoofed. Now NIC can forward connection to the driver and operating system.

- Operating systems are using hash tree or radix tree tables for keeping state entries. For high session setup/teardown rates, this can be slow to Add, Delete Modify this table. Each state entry maybe about 500 bytes.I am curious about outcomes of doing state table operations on a TOE NIC.

I haven't thought about this for a while, but I believe, while

it is usually not done, it is possible to include TCP data in

some of the TCP handshaking packets. You might also be able

to add FIN earlier than usual.



Post to the tcp-ip newsgroup and ask about the minimum TCP

session. You might be able to do:



1) SYN+data

2) SYN+ACK+data+FIN

3) ACK+data+FIN



I know that there are NICs designed to offload some of the work,

but I don't know much more than that.



-- glen

 

[Ulf Samuelsson]

On 2013-01-19 12:54, oguzyilmazlist@gmail.com wrote:

Hello,

I am searching for a fpga accelerated ethernet card solution for facing tcp sessions before OS. The solution should complete
3 way handshake before operating system/driver stage. This implies it should create SYN-ACK packets and wait for 3rd step ACK.
This implies it should keep a connection/session table. Generally, I
am waiting high connection rate (1M conn per second for

1 Gbps connection) and high number of live sessions.

I would be grateful for any redirection. Sorry for bothering if this is the wrong community for the subject.

Regards,

Oguz

Have been looking at this problem for some time, but for 10 GbE.
You will need

FPGA Card. Looking at Bittware and Hightec-Global which both provide
example designs and Linux Drivers.

For offloading, we are looking at Fraunhofer, but there are others like
PLDA, Intilog, Fiberblaze.

Fraunhofer will release some special features which will be needed,
but may not affect decisions for other applications.

BR
Ulf Samuelsson

 

[mike_la_jolla]

I am searching for a fpga accelerated ethernet card solution for facing tcp >sessions before OS. The solution should complete 3 way handshake before operating >system/driver stage. This implies it should create SYN-ACK packets and wait for >3rd step ACK. This implies it should keep a connection/session table. Generally, >I am waiting high connection rate (1M conn per second for 1 Gbps connection) and >high number of live sessions.

DINI provides this: http://www.dinigroup.com/new/TOE.php

 

[Marko Zec]

mike_la_jolla <mdini@dinigroup.com> wrote:

I am searching for a fpga accelerated ethernet card solution for
facing tcp sessions before OS. The solution should complete 3 way
handshake before operating system/driver stage. This implies it
should create SYN-ACK packets and wait for >3rd step ACK. This
implies it should keep a connection/session table. Generally, I
am waiting high connection rate (1M conn per second for 1 Gbps
connection) and high number of live sessions.

DINI provides this: http://www.dinigroup.com/new/TOE.php

No, they require "setup/teardown of TCP sessions" to be handled by
the CPU.

 

[mike_la_jolla]

No, they require "setup/teardown of TCP sessions" to be handled by the CPU.

Sorry. You are correct. Your best bet would be PLDA or Intilop.

 

[KingOfDisaster]

On Saturday, 19 January 2013 11:54:49 UTC, oguzyil...@gmail.com wrote:

Hello,



I am searching for a fpga accelerated ethernet card solution for facing tcp sessions before OS. The solution should complete 3 way handshake before operating system/driver stage. This implies it should create SYN-ACK packets and wait for 3rd step ACK. This implies it should keep a connection/session table. Generally, I am waiting high connection rate (1M conn per second for 1 Gbps connection) and high number of live sessions.



I would be grateful for any redirection. Sorry for bothering if this is the wrong community for the subject.



Regards,



Oguz

I would reccomend you to be very careful in choosing a TOE.
I have worked for a company that in order to "save time to marked" used one of these Off shield TOE... and I have never seen working correctly!

good luck!