TechXplore November 5, 2020
Network operators are faced with securing 100Gbps networks with 100K+ concurrent connections by deploying IDS/IPSes to search for 10K+ rules concurrently. Through the Pigasus IDS/IPS, researchers at Carnegie Mellon University show that this goal is achievable by building on recent advances in FPGA-capable SmartNICs. Pigasus’ design takes an FPGA-first approach, where most of the processing, and all state and control flow are managed on the FPGA. However, doing so requires careful design of algorithms and data structures to ensure fast common-case performance while densely utilizing system memory resources. Their experiments with a variety of traces showed that Pigasus can support 100Gbps using an average of 5 cores and 1 FPGA, using 38× less power than a CPU-only approach…read more. Open source Code . Open Access TECHNICAL ARTICLE
An FPGA integrated circuit (Intel’s Stratix 10 FPGA shown here) is essential to the performance of the CMU team’s intrusion detection system. Credit: Intel