A multi-dimensional packet classifier for NP-based firewalls

Author

Rashti, Mohammad J. ; Rabiee, Hamid R. ; Foroutan, Amir ; Lavasani, Meisam

Author_Institution

Digital Media Lab., Sharif Univ. of Technol., Tehran, Iran

fYear

2004

fDate

2004

Firstpage

250

Lastpage

254

Abstract

In this paper we present design and implementation of a new multi-dimensional packet classifier engine using network processor technology. Our classification algorithm is fast and is based on hierarchical trie search for multi-dimensional rules. Moreover, we propose a technique to optimize the memory usage of our classifier. We have used the Intel® IXP1200 network processor pipeline architecture for implementation of the classifier. The final system is targeted to be a fast firewall packet filtering engine that uses the filtering policies as its classification rules. Our experimental result shows that the packet classification throughput results for various distribution of packet sizes, is above 800Mbps.

Keywords

authorisation; computational complexity; computer networks; packet switching; pattern classification; pipeline processing; protocols; tree searching; Intel IXP1200 network processor; NP-based firewalls; classification algorithm; content-aware application; firewall packet filtering engine; hierarchical trie search; memory usage optimization; multidimensional packet classifier; packet classification; packet forwarding; pipeline processing; Classification algorithms; Computer architecture; Databases; Filtering; IP networks; Multidimensional systems; Pipelines; Search engines; Telecommunication traffic; Throughput;

fLanguage

English

Publisher

ieee

Conference_Titel

Applications and the Internet, 2004. Proceedings. 2004 International Symposium on

Print_ISBN

0-7695-2068-5

Type

conf

DOI

10.1109/SAINT.2004.1266123

Filename

1266123