DPRP: Distributed Parallelled Rule Pre-matchings for NIDS: A Possible Way to Deploy Middlebox in Future Internet

Influenced by cloud computing and emerging software define network(SDN), today´s Internet is changing. In this exciting background, how to deploy middle box functions is widely studied. Main trend is enterprise should outsourcing its middle box functionalities to third party, such as to public cloud[8] or to feather provider[7]. In this paper, we argue that we should not only study where to deploy the middle box functionalities, but also how to implement these functionalities more efficiently and scalable in future Internet. We propose DPRP, a distributed parallel rule pre-matching model for high performance and scalable NIDS implementation. The contribution of DPRP include: (1) DPRP separate hardware accelerator and software modules clearly, and use multiple parallel lightweight rule pre-matching units(RPU) to accelerate rule matching in NIDS. (2)RPU is reconfigurable. NIDS can add/remove RPUs dynamically according to rule matching demand, achieving better balance between performance and resource cost. (3)Hardware accelerators and software modules work in a distributed mode. It is scalable and accommodate to the control mode of the emerging SDN networks. We show the initial design results of RPU design and give more discussions about DPRP. As we know, this is the first work that proposes NIDS being implemented in distributed mode by decoupling hardware accelerators and software modules, which we think a possible way to deploy middle box in future Internet.