Towards efficient security policy lookup on many-core network processing platforms

Author

Wang Xiang ; Qi Yaxuan ; Wang Kai ; Xue Yibo ; Li Jun

Author_Institution

Dept. of Autom., Tsinghua Univ., Beijing, China

Volume

12

Issue

8

fYear

2015

fDate

8/1/2015 12:00:00 AM

Firstpage

146

Lastpage

160

Abstract

Modern network security devices employ packet classification and pattern matching algorithms to inspect packets. Due to the complexity and heterogeneity of different search data structures, it is difficult for existing algorithms to leverage modern hardware platforms to achieve high performance. This paper presents a Structural Compression (SC) method that optimizes the data structures of both algorithms. It reviews both algorithms under the model of search space decomposition, and homogenizes their search data structures. This approach not only guarantees deterministic lookup speed but also optimizes the data structure for efficient implementation on many-core platforms. The performance evaluation reveals that the homogeneous data structure achieves 10Gbps line-rate 64byte packet classification throughput and multi-Gbps deep inspection speed.

Keywords

data compression; data structures; multiprocessing systems; security of data; SC method; deterministic lookup speed; homogeneous data structure; many-core network processing platforms; packet classification; search data structures; search space decomposition; security policy lookup; structural compression; Algorithm design and analysis; Arrays; Classification algorithms; Decision trees; Pattern matching; Redundancy; packet classification; patternmatching; algorithms; data structures;

fLanguage

English

Journal_Title

Communications, China

Publisher

ieee

ISSN

1673-5447

Type

jour

DOI

10.1109/CC.2015.7224697

Filename

7224697