The new network card is based on an FPGA chip - a demanding technology that experts from FIT BUT have been working on for more than 20 years. The ultra-fast hardware-accelerated card was created last year as part of the cooperation between the CESNET association and the Reflex CES company. It can monitor up to 400 gigabits of data per second. According to Jan Kořenk from the Research Group of Accelerated Network Technologies, it thus solves current challenges related to the increasing speed of the Internet, the volume of transmitted data and cyber security.
You have been working on FPGA technology at FIT BUT since 2000. What is its main benefit?
By using FPGA chips, it is possible to increase the speed of Internet communication and improve its security. One chip programmed by us is capable of replacing dozens to hundreds of computers with its computing capacity. Instead of a large number of computers, all you need is one with an acceleration card on which a programmed FPGA chip is placed. This will also significantly reduce energy consumption.
It offers a solution for very fast networks and communication infrastructure used by large data centers or communication operators such as O2, T-Mobile or Vodafone. While today households have connections in the order of hundreds of Mb/s, we aim for lines operating at speeds in the order of 100 Gb/s. So we have to solve up to 1000 times higher volume of transferred data.
To give you a better idea, over 1.2 billion characters are transferred per second over a 100 gigabit line. That's like 2,300 books containing 300 pages of A4 text. Analyzing such a volume of data every second is demanding and requires a lot of computing power.
On what principle is FPGA technology built?
It allows the processing of data to be divided into many small operations that can be performed simultaneously. It's as if the work is divided among many workers, who then manage it in a shorter time thanks to parallel work. Thanks to this feature of FPGA, fast network lines can solve even very demanding tasks. In addition, FPGA chips can also be programmed - depending on the recorded program, they can solve various functions.
How expensive is the technology?
FPGA chips are generally more expensive than conventional network chips or processors – the price difference can be up to three times, but the return on investment depends on the specific application. FPGA technology is more expensive but more flexible. The client can thus create his own cards with his own hardware and his own chips.
However, making a chip is very expensive, because you need to make a mask first, which can cost as much as a million dollars. You don't have to do this if you have a configurable FPGA chip. Due to the price, the chip itself is not worth using for products that are produced in millions of series - it is already cheaper for the manufacturer to create a mask and their own chip.
What area do you most often focus on when developing FPGA cards?
Above all, for security, when it is necessary to check the content of the communication, whether something harmful appears in the transmitted data. Whether it's targeted attacks, spreading viruses or exploiting computer vulnerabilities. Attack detection is a challenging task – you have to search for thousands of attack signatures at very high speed. A signature is something like a string or word you're looking for in text. On a 100-gigabit line, these signatures are searched at the rate of billions of characters per second.
But we also deal with the collection of key data for the analysis of communication with the use of artificial intelligence. Another task is the direct elimination of distributed DoS attacks, when a large number of computers try to overwhelm one computer or the entire network. In this case, acceleration cards with FPGA can filter the communication from attacking computers and let the rest of the legitimate communication go on.
How did you get into the field of security?
More than 20 years ago, it started with the Liberouter project, which is still led by the CESNET association. Our goal was to make the infrastructure cheaper for the CESNET association by building our own router based on FPGA technology. A router is a key element of a network infrastructure, and building such a device was very challenging in an academic environment. It was a very ambitious plan.
Therefore, the team's activities gradually focused on the area of network monitoring and security. Thanks to the work on the router, we had technology that was suitable for the EU SCAMPI project aimed at monitoring 10 gigabit networks. And in 2004, we managed to build one of the first adapters for monitoring 10 gigabit lines. We then stayed with monitoring and security. We focused on creating tools for securing the CESNET academic network.
In 2022, we then moved to a speed of 400 Gb/s and managed to develop an acceleration card for 400 gigabit lines. Today, the card is produced by the French company Reflex CES, and the FPGA programming is provided by the company BrnoLogic, which is a spin-off of FIT BUT in Brno. In all cases, research and development was covered by the CESNET association, which provided not only a high-speed network, but also a unique environment for research, development and, above all, testing of new technologies.
It looks like you are succeeding in translating the results of your research into practice.
It's going well. The results are mostly deployed as security tools in the academic network of the CESNET association, where they serve as protection against attacks. Some results led to the creation of new spin-off companies - for example, Flowmon Networks, Netcope Technologies or BrnoLogic. All three companies are successful. Flowmon Networks was bought by Kemp in 2020, Netcope Technologies sold the technology to the largest processor manufacturer, and BrnoLogic is already active worldwide and is very successful.
But we are not limited to commercial applications. We also cooperate with the security forces of the state. For example, we made equipment for the fight against cybercrime for the Police of the Czech Republic. It is a network probe that won the Ministry of the Interior Award in 2018. We also work with other security components that use cards with FPGA technology to detect attacks and protect the network infrastructure.
You have currently developed one of the fastest cards in the world. Can it be pushed even further?
It works and we want to get started in cooperation with BrnoLogic. FPGA is a complex technology that only an experienced hardware developer can grasp. We are therefore trying to create an easy-to-grasp programmable FPGA card that can be used by an ordinary programmer without knowledge of hardware and at the same time achieves high performance. I think we are on the right track and that we will succeed. The next step can then be the creation of custom chips for mass deployment. I see a great opportunity here and, thanks to many years of history and experience, very good starting conditions.