full tcp offload solution with tcp session setup/teardown support

Hello,

I am searching for a fpga accelerated ethernet card solution for facing tcp=
 sessions before OS. The solution should complete 3 way handshake before op=
erating system/driver stage. This implies it should create SYN-ACK packets =
and wait for 3rd step ACK. This implies it should keep a connection/session=
 table. Generally, I am waiting high connection rate (1M conn per second fo=
r 1 Gbps connection) and high number of live sessions.

I would be grateful for any redirection. Sorry for bothering if this is the=
 wrong community for the subject.

Regards,

Oguz

oguzyilmazlist@gmail.com wrote:
> Hello,
> 
> I am searching for a fpga accelerated ethernet card solution 
> for facing tcp sessions before OS. The solution should complete 
> 3 way handshake before operating system/driver stage. 
> This implies it should create SYN-ACK packets and wait for 3rd 
> step ACK. This implies it should keep a connection/session table. 
> Generally, I am waiting high connection rate (1M conn per second 
> for 1 Gbps connection) and high number of live sessions.

It might be that some NIC do that. I know there are some with
special features to offload some of the processing from the
server, such as the checksum calculation.

> I would be grateful for any redirection. Sorry for bothering if 
> this is the wrong community for the subject.

You might try comp.dcom.lans.ethernet, even though it isn't
really an ethernet question. There is also a tcpip group.

-- glen

On Saturday, January 19, 2013 2:09:38 PM UTC+2, glen herrmannsfeldt wrote:
> oguzyilmazlist@gmail.com wrote:
> 
> > Hello,
> 
> > 
> 
> > I am searching for a fpga accelerated ethernet card solution 
> 
> > for facing tcp sessions before OS. The solution should complete 
> 
> > 3 way handshake before operating system/driver stage. 
> 
> > This implies it should create SYN-ACK packets and wait for 3rd 
> 
> > step ACK. This implies it should keep a connection/session table. 
> 
> > Generally, I am waiting high connection rate (1M conn per second 
> 
> > for 1 Gbps connection) and high number of live sessions.
> 
> 
> 
> It might be that some NIC do that. I know there are some with
> 
> special features to offload some of the processing from the
> 
> server, such as the checksum calculation.
> 
> 

I am searching for a different solution then ordinary TOE NIC solutions. The difference is high rate of tcp session setup/teardown.

> 
> > I would be grateful for any redirection. Sorry for bothering if 
> 
> > this is the wrong community for the subject.
> 
> 
> 
> You might try comp.dcom.lans.ethernet, even though it isn't
> 
> really an ethernet question. There is also a tcpip group.
> 
> 
> 
> -- glen

On Sat, 19 Jan 2013 03:54:49 -0800, oguzyilmazlist wrote:

> Hello,
> 
> I am searching for a fpga accelerated ethernet card solution for facing
> tcp sessions before OS. The solution should complete 3 way handshake
> before operating system/driver stage. This implies it should create
> SYN-ACK packets and wait for 3rd step ACK. This implies it should keep a
> connection/session table. Generally, I am waiting high connection rate
> (1M conn per second for 1 Gbps connection) and high number of live
> sessions.


I hate to be a naysayer, but I believe 1M connections per second is not 
possible on a 1Gb/s link, regardless of how fast the processing is.

Minimum frame size = 64 bytes + 8 bytes preamble and SFD + 12 bytes IFG.  
You can send up to about 1.488M packets per second in each direction.  
Can't do a 3 way handshake with 1.488 packets, unless you do some trick 
like putting multiple handshakes in the one packet.


I've never implemented a TCP/IP stack, so I might be missing something.

Regards,
Allan

oguzyilmaz@gmail.com wrote:

(snip)
>> > I am searching for a fpga accelerated ethernet card solution 
>> > for facing tcp sessions before OS. The solution should complete 
>> > 3 way handshake before operating system/driver stage. 
 
>> > This implies it should create SYN-ACK packets and wait for 3rd 
>> > step ACK. This implies it should keep a connection/session table. 
 
>> > Generally, I am waiting high connection rate (1M conn per second 
 
>> > for 1 Gbps connection) and high number of live sessions.
 
>> It might be that some NIC do that. I know there are some with
>> special features to offload some of the processing from the
>> server, such as the checksum calculation.
 
> I am searching for a different solution then ordinary TOE NIC 
> solutions. The difference is high rate of tcp session setup/teardown.

Yes, but someone else might have had this problem before.

Though a high rate of setup/teardown implies only a small amount
of data to each, and most use UDP in that case.

Can you explain the actual problem that you are trying to solve?
(Which specific protocol, or what kind of data?)

I haven't thought about this for a while, but I believe, while
it is usually not done, it is possible to include TCP data in
some of the TCP handshaking packets. You might also be able
to add FIN earlier than usual. 

Post to the tcp-ip newsgroup and ask about the minimum TCP
session.  You might be able to do:

1)  SYN+data
2)  SYN+ACK+data+FIN
3)  ACK+data+FIN

I know that there are NICs designed to offload some of the work,
but I don't know much more than that.

-- glen

On Saturday, January 19, 2013 8:52:55 PM UTC+2, glen herrmannsfeldt wrote:
>=20
>=20
>=20
> (snip)
>=20
> >> > I am searching for a fpga accelerated ethernet card solution=20
>=20
> >> > for facing tcp sessions before OS. The solution should complete=20
>=20
> >> > 3 way handshake before operating system/driver stage.=20
>=20
> =20
>=20
> >> > This implies it should create SYN-ACK packets and wait for 3rd=20
>=20
> >> > step ACK. This implies it should keep a connection/session table.=20
>=20
> =20
>=20
> >> > Generally, I am waiting high connection rate (1M conn per second=20
>=20
> =20
>=20
> >> > for 1 Gbps connection) and high number of live sessions.
>=20
> =20
>=20
> >> It might be that some NIC do that. I know there are some with
>=20
> >> special features to offload some of the processing from the
>=20
> >> server, such as the checksum calculation.
>=20
> =20
>=20
> > I am searching for a different solution then ordinary TOE NIC=20
>=20
> > solutions. The difference is high rate of tcp session setup/teardown.
>=20
>=20
>=20
> Yes, but someone else might have had this problem before.
>=20
>=20
>=20
> Though a high rate of setup/teardown implies only a small amount
>=20
> of data to each, and most use UDP in that case.
>=20
>=20
>=20
> Can you explain the actual problem that you are trying to solve?
>=20
> (Which specific protocol, or what kind of data?)
>=20
>=20

Actual problems are,

- For IP Spood TCP connection trials, Full Toe NIC should receive SYN, send=
 SYN-ACK, wait for ACK. This is 3way handshake. If this completes, we are s=
ure IP is not spoofed. Now NIC can forward connection to the driver and ope=
rating system.=20

- Operating systems are using hash tree or radix tree tables for keeping st=
ate entries. For high session setup/teardown rates, this can be slow to Add=
, Delete Modify this table. Each state entry maybe about 500 bytes.I am cur=
ious about outcomes of doing state table operations on a TOE NIC.


>=20
> I haven't thought about this for a while, but I believe, while
>=20
> it is usually not done, it is possible to include TCP data in
>=20
> some of the TCP handshaking packets. You might also be able
>=20
> to add FIN earlier than usual.=20
>=20
>=20
>=20
> Post to the tcp-ip newsgroup and ask about the minimum TCP
>=20
> session.  You might be able to do:
>=20
>=20
>=20
> 1)  SYN+data
>=20
> 2)  SYN+ACK+data+FIN
>=20
> 3)  ACK+data+FIN
>=20
>=20
>=20
> I know that there are NICs designed to offload some of the work,
>=20
> but I don't know much more than that.
>=20
>=20
>=20
> -- glen

On 2013-01-19 12:54, oguzyilmazlist@gmail.com wrote:
> Hello,
>
> I am searching for a fpga accelerated ethernet card solution for facing tcp sessions before OS. The solution should complete
> 3 way handshake before operating system/driver stage. This implies it should create SYN-ACK packets and wait for 3rd step ACK.
 > This implies it should keep a connection/session table. Generally, I 
am waiting high connection rate (1M conn per second for
 >
1 Gbps connection) and high number of live sessions.
>
> I would be grateful for any redirection. Sorry for bothering if this is the wrong community for the subject.
>
> Regards,
>
> Oguz
>

Have been looking at this problem for some time, but for 10 GbE.
You will need

FPGA Card. Looking at Bittware and Hightec-Global which both provide 
example designs and Linux Drivers.

For offloading, we are looking at Fraunhofer, but there are others like 
PLDA, Intilog, Fiberblaze.

Fraunhofer will release some special features which will be needed,
but may not affect decisions for other applications.

BR
Ulf Samuelsson

> I am searching for a fpga accelerated ethernet card solution for facing t=
cp >sessions before OS. The solution should complete 3 way handshake before=
 operating >system/driver stage. This implies it should create SYN-ACK pack=
ets and wait for >3rd step ACK. This implies it should keep a connection/se=
ssion table. Generally, >I am waiting high connection rate (1M conn per sec=
ond for 1 Gbps connection) and >high number of live sessions.

DINI provides this:  http://www.dinigroup.com/new/TOE.php

mike_la_jolla <mdini@dinigroup.com> wrote:
>> I am searching for a fpga accelerated ethernet card solution for
>> facing tcp sessions before OS. The solution should complete 3 way
>> handshake before operating system/driver stage. This implies it
>> should create SYN-ACK packets and wait for >3rd step ACK. This
>> implies it should keep a connection/session table. Generally, I
>> am waiting high connection rate (1M conn per second for 1 Gbps
>> connection) and high number of live sessions.
> 
> DINI provides this:  http://www.dinigroup.com/new/TOE.php

No, they require "setup/teardown of TCP sessions" to be handled by
the CPU.

> No, they require "setup/teardown of TCP sessions" to be handled by the CPU.

Sorry. You are correct. Your best bet would be PLDA or Intilop.