Private Island: Open Source FPGA-Based Network Processor for Privacy, Security, IoT, and Control

Overview of the Private Island project for networking including highlights, goals, and a brief description of the development board.

updated: May 17, 2019

Overview

Private Island is an open source FPGA-based project for Gigabit Ethernet networking. It's primary purpose is for building an open, trustworthy, and extensible foundation for packet processing, IoT, and control (e.g., sensors, motors, etc.).

When the FPGA filters certain addresses, ports, and / or protocols, we are able to confirm at the hardware layer that this has been accomplished. This is in stark contrast to off-the-shelf SoC implementations, which require developers & users to make assumptions of multiple layers (typically opaque) being free of bugs, back doors, and resident spies / spyware.

The open FPGA-based architecture supports numerous, highly parallel functions implemented at Ethernet line rate (125 MHz x 8-bit). Our Darsena development board, which is Arduino form factor and pin out compatible, supports Ethernet connectivity via two on-board Gigabit Ethernet PHYs and integrates an ARM micro controller, debuggers, and offers expansion via Arduino-style connectors.

The source code is hosted here using cgit.

Private Island System Concept — Private Island Conceptual Block Diagram

Project Highlights

Soft Gigabit / 100 Mbit Ethernet switch

Real-time packet filtering, inspection, and mirroring

Gigabit Ethernet MAC controller for external micro controller

Customizable metrics. Stream them to the host of your choice.

Dozens of expansion I/O

It's an FPGA and open source, so the applications are endless.

The figure below shows a block diagram of the FPGA Verilog modules comprising a typical Private Island instantiation. Note that the SERDES/PCS functionality is provided by a hard macrocell inside the Lattice ECP5UM. The receive (rx) path is into the soft Ethernet switch, and the transmit path is out of the switch.

development block diagram — Private Island FPGA Modular Architecture

Project Goals

Strive for modularity and simplicity

Extensible: add new generators, receivers, and packet forwarding

Limited number of dependencies and only when necessary

Enable connecting new modules for new applications

Deterministic packet visibility from inside and outside the FPGA

Our Development Board: Darsena

Arduino form-factor compatible with dozens of I/O for expansion and shield support
Lattice ECP5UM FPGA (45K LUTs with integrated PCS/SERDES)
Two Texas Instruments DP83867 Gigabit PHYs
NXP Kinetis K02 Microcontroller with ARM Cortex M4 core
Micron SPI ROM

The figure below shows the Lattice Diamond IDE with the Physical Viewer window enabled. This viewer shows the routing of an instantiation of Private Island with one of the wires of the Ethernet rx_data bus highlighted.

Lattice Diamond IDE showing Physical Viewer

The next figure shows the Lattice Diamond Reveal Analyzer active with a trace of the Ethernet receive path. This gives new meaning to the concept of packet inspection and enables developers to see packets within their FPGA as it traverses their device.

Didn't find an answer to your question? Post your issue below or in our new FORUM, and we'll try our best to help you find a solution.

And please note that we update our site daily with new content related to our open source approach to network security and system design. If you would like to be notified about these changes, then please follow us on Twitter and join our mailing list.

Getting Started with Darsena	A quick start guide for working with Darsena, the Private Island development board for FPGA-based open source networking
Darsena Hardware Specification	Darsena FPGA Development Board for Open Source FPGA-Based Network Security Project
Review of Ethernet Packet and Packet Processing using an FPGA-based Open Source Network Processor	We examine the fields within an Ethernet packet and discuss how they are processed by an open source FPGA network processor.
PCS / SERDES Architecture for Lattice ECP5 FPGA Open Source Network Processor	A high level overview of the usage and configuration of the ECP5UM DCU (PCS/SERDES) for Private Island Open Source Project
Gigabit Shields	Gigabit data rate shields using standard 100-mil connectors for Arduino form-factor boards including Darsena. Our new SMA Shield design now released as open source.
Review of Ethernet SGMII Concepts	The Serial Gigabit Media Independent Interface (SGMII) is a popular Gigabit Ethernet PHY interface, and it holds various advantages over both GMII and RGMII. This article reviews some of the core SGMII concepts with the help of oscilloscope screen shots from our Rohde & Schwarz RTO1044.
Documentation for the Private Island project	Architecture and Code Description for the Private Island Open Source, FPGA-based Network Processor

Private Island: Open Source FPGA-Based Network Processor for Privacy, Security, IoT, and Control

Overview

Project Highlights

Project Goals

Our Development Board: Darsena

Related articles on this site:

Please help us improve this article by adding your comment or question: