How to protect RP2040 from network flood?
Let's find out which Ethernet IC can protect RP2040 by performing network stress test!
Software Apps and online services
Introduction
This post was inspired by this project. Since RP2040 introduction, there have been multiple projects presenting how to add Ethernet connectivity to RP2040.
I decided to test how various solutions would behave under network stress attack.
The purpose of this post is not about reaching best network performance but to test how performance is changing when network stress tool is working.
Setup
Overall test idea is simple. I will run TCP server on RP2040. Raspberry Pi Pico or W5100S-EVB-Pico will be connected to same network as PC. On PC I will run iperf client to check network performance and LOIC - to do network stress test.
For test I decided to proceed with three setups:
- RP2040 + WIZnet W5100S + Hardwired TCP/IP Stack
- RP2040 + ENC28J60 + LWIP
- RP2040 + WIZnet W5100S + LWIP
Test 1. WIZnet W5100S + Hardwired TCP/IP Stack
I used loopback example from RP2040-HAT-C SDK. For this test W5100S was set to PHY_100 mode, DMA was enabled.
You may view first test results in below video
I noticed that "Requested" & "failed" numbers do not change, and realized that it happened because only one socket was opened and iperf already connected to it. Therefore, I re-run the test with all 4 sockets opened on W5100S-EVB-Pico (W5100S has 4 independent sockets). The result can be seen in below video.
It can be seen that network performance doesn't change whenLOIC starts flooding the packets.
Test 2. ENC28J60 + LWIP
For this test I modified a bit code from https://github.com/Juddling/pi-pico-enc28j60
I added lwiperf test code, so that application would not only respond to ping requests but also run iperf server.
The result is shown in next video
As can be seen, once LOIC starts flooding, network performance drops to zero.
Test 3. W5100S + LWIP
When Pico W was introduced, LWIP was included in Pico SDK.
Since W5100S supports MACRAW mode, I wanted to see what happens if W5100S is used along with LWIP.
Code used for testing can be found here: https://github.com/TeddyWiz/wiznet_driver
https://github.com/TeddyWiz/pico-examples
https://github.com/TeddyWiz/pico-sdk
The result is shown on next video:
As can be seen, network performance dropsa bit and fluctuates. I believe that W5100S is still filtering and protecting from flood packets.
Conclusion
It is clear that flood attacks are not effective when W5100S is used.
P.S. I am aware of another option with RP2040 + LAN8720, I am planning to do same test for this setup as well.