L7 packet switch: packet switch applying regular expression to packet payload

Software-Defined Networking (SDN) is widely studied in research community. Although OpenFlow switches are considered one of the promising SDN technologies, even the latest version of OpenFlow (1.3) only handles 40 tuples including Layer 2 to Layer 4 (L2-L4) headers. However, application developers and end users may not often find "flow" based traffic control. In this paper, we propose L7 Packet Switch, which is a technique for controlling the packets based on the payload of the Layer 7 (L7) instead of the L2-L4 header information. L7 Packet Switch maintains TCP flow information and performs regular expression matching to L7 payload. If a packet in a flow matches a regular expression, the packets belonging to the same flow are controlled by the same rule, i.e., actions such as deflecting a flow to specific output ports. L7 Packet Switch also provides Southbound API so that the regular expressions to be applied and the corresponding actions can be specified on the fly. We implement L7 Packet Switch on FLARE node which is a programmable node using Click. We also evaluate the performance and show the possibility of operation in a network environment of 10 Gbps.