Session
Fahrplan 34C3
Hardware & Making

Demystifying Network Cards

Things you always wanted to know about NIC drivers
Saal Borg
Paul Emmerich
Network cards are often seen as black boxes: you put data in a socket on one side and packets come out at the other end - or the other way around. Let's have a deeper look at how a network card actually works at the lower levels by writing a simple user space driver from scratch for a 10 Gbit/s NIC.

Packet processing in software is currently undergoing a huge paradigm shift. Connection speeds of 10 Gbit/s and beyond created new problems and operating systems couldn't keep keep up. Hence, there has been a rise of frameworks and libraries working around the kernel, sometimes referred to as kernel bypass or zero copy (the latter is a misnomer). Examples are DPDK, Snabb, netmap, XDP, pf_ring, and pfq. The first part of the talk looks at the background and performance of the kernel network stack and what changes with these new frameworks. They break with all traditional APIs and present new paradigms. For example, they usually provide an application exclusive access to a network interface and exchange raw packets with the app. There are no sockets, they don't even offer a protocol stack. Hence, they are mostly used for low-level packet processing apps: routers, (virtual) switches, firewalls, and annoying middleboxes "optimizing" your connection.

It's now feasible to write quick prototypes of packet processing and forwarding apps that were restricted to dedicated hardware in the past, enabling everyone to build and test high-speed networking equipment with a low budget. These concepts are slowly creeping into operating systems and software routers/switches: FreeBSD ships with netmap today, XDP is coming to Linux, Open vSwitch can be compiled with a DPDK backend, pfSense is adopting DPDK as well, ... We need to look at the architecture of these frameworks to better understand what is coming for us. Most of these frameworks build on the original drivers that have been growing in complexity: a typical driver for a 10 or 40 Gbit/s NIC is in the order of 50,000 lines of code nowadays.

Hundreds of thousands of lines of code are involved when handling a packet in a typical operating system, and tens of thousands when using one of these new frameworks. Reading and understanding so much code is quite tedious, so the obvious question is: How hard can it be to implement a driver for a modern 10 Gbit/s NIC from scratch while ignoring all of the existing software layers? Turns out that it's not very hard: I've written ixy, a user space driver for 10 Gbit/s NICs from the Intel 82599 family (X520, X540, X550) from scratch in about 1000 lines of C code. The second part of the talk focuses on user space drivers and the Intel 82599 architecture as it is easy to understand, has a great datasheet, and the core functionality is in the driver as opposed to a magic black-box firmware.

ixy is a full user space driver: you get your raw packets delivered directly into your application and the operating system doesn't even know the NIC exists. User space drivers are also very hackable, you get direct access to the full hardware in your application in user space making it really easy to test out new features, no pesky kernel code needed. This is why it's important to have a simple driver like ixy: for hacking and educational purposes. Core functionality of the driver such as handling DMA buffers is never far away when writing an ixy app: you typically only need to look beneath one layer to see the guts of the driver. For example, when you send out a packet you call a transmit function that directly modifies a ring buffer of DMA descriptors.

Check out the code of ixy on GitHub!

Additional information

Type lecture
Language English

More sessions

12/27/17
Hardware & Making
Saal Borg
Did you ever want to run your own IoT cloud on your IoT devices? Or did you ever wonder what data your vacuum cleaning robot is transmitting to the vendor? Why a vacuum cleaning robot needs tcpdump? Nowadays IoT devices are getting more and more powerful and contain a lot of sensors. As most devices are connected directly to the vendor and transmit all data encrypted to the cloud, this may result in privacy issues. An IoT device with no internet connection lacks numerous features or is even ...
12/27/17
Hardware & Making
Jean Rintoul
Saal Clarke
An open source biomedical imaging project using electrical impedance tomography. Imagine a world where medical imaging is cheap and accessible for everyone! We'll discuss this current project, how it works, and future directions in medical physics.
12/27/17
Hardware & Making
Saal Borg
The Apollo Guidance Computer ("AGC") was used onboard the Apollo spacecraft to support the Apollo moon landings between 1969 and 1972. This talk explains "everything about the AGC", including its quirky but clever hardware design, its revolutionary OS, and how its software allowed humans to reach and explore the moon.
12/28/17
Hardware & Making
Saal Dijkstra
Over the past year, we have been developing open source wheelchair add-ons through user research, ideation, design, prototyping and testing. We present the outcome and insights from the process.
12/28/17
Hardware & Making
Katja Bach
Saal Dijkstra
„5.-Klässlerinnen, die über die Millisekunden für einen delay()-Aufruf diskutieren! Gibt es nicht? Doch, gibt es!“ Ein Modellprojekt mit sieben Schulen in Aachen hat diese Frage untersucht – wir haben die Schülerinnen und Schüler begleitet und würden gerne darüber berichten, denn wir wissen jetzt: Programmieren macht ihnen Spaß!
12/28/17
Hardware & Making
MathiasL
Saal Clarke
In this talk I describe the basic makeup of FPGAs and how I reverse engineered the Xilinx 7 Series and Lattice iCE40 Series together with the implications.
12/28/17
Hardware & Making
Saal Clarke
The Blinkenrocket is a DIY SMD Soldering Kit that was designed to teach different manufacturing and soldering skills. A lot of work on both Hardware and Software was done in CCC erfas namely shackspace, chaosdorf and metalab. The kit is used in workshops since 1.5 years at the chaos macht schule events and is very successful in its purpose. Creating this project was plenty of work and there is so much to show and tell around it, it will blow your mind.