77 Hits in 3.8 sec

Bidirectional Range Extension for TCAM-Based Packet Classification [chapter]

Yan Sun, Min Sik Kim
2010 Lecture Notes in Computer Science  
Packet classification is a fundamental task for network devices such as edge routers, firewalls, and intrusion detection systems.  ...  Our experiments show a more than 75% reduction in the number of TCAM entries by applying the bidirectional range extension algorithm to realworld rule sets.  ...  Then we propose a bidirectional range extension algorithm to solve the range explosion problem based on the non-redundant rule set.  ... 
doi:10.1007/978-3-642-12963-6_28 fatcat:jhmyynojcvg5rdouc7uydh3wh4

Network intrusion detection using hardware techniques: A review

Razan Abdulhammed, Miad Faezipour, Khaled M. Elleithy
2016 2016 IEEE Long Island Systems, Applications and Technology Conference (LISAT)  
Finally, a classification tree of hardware-based NIDS platforms is given.  ...  Our approach to classify modern hardware-based Intrusion Detection System (IDS) techniques is based on the detection approach.  ...  TCAM that is a packet classification architecture based on FPGA for network intrusion detection.  ... 
doi:10.1109/lisat.2016.7494100 fatcat:z2a5na5margvvhybu7qpy4yaqm

Green DataPath for TCAM-Based Software-Defined Networks

Huawei Huang, Song Guo, Jinsong Wu, Jie Li
2016 IEEE Communications Magazine  
A TCAM-based flow table is power-hungry hardware that can provide high-speed lookup operations for packet switching networks.  ...  A framework for energy-efficient routing algorithms is also developed under the proposed architecture and evaluated by extensive simulations using three traffic scheduling schemes.  ...  This feature is very useful in many applications such as the prefix matching in IP-lookup and range queries for packet classification.  ... 
doi:10.1109/mcom.2016.1600067cm fatcat:siarrbzkg5anjgvheb3omlyxq4

Killer Fabrics for Scalable Datacenters

M. Schlansker, J. Tourrilhes, Y. Turner, J. R. Santos
2010 2010 IEEE International Conference on Communications  
This enables a cost-effective scalable network architecture based on enhanced layer two Ethernet switches.  ...  This enables a cost-effective scalable network architecture based on enhanced layer two Ethernet switches.  ...  TCAM hardware structures are commonly used for flow classification in IP routers [19] . In a paper by Dong et al., TCAM-like classification is performed using RAMs to process IP packets [20] .  ... 
doi:10.1109/icc.2010.5502190 dblp:conf/icc/SchlanskerTTS10 fatcat:uficdkm4hffndjyvujhfe6dd2q

SPADE: Statistical Packet Acceptance Defense Engine

Shimrit Tzur-David, Harel Avissar, Danny Dolev, Tal Anker
2010 2010 International Conference on High Performance Switching and Routing  
SPADE: a Statistical Packet Acceptance Defense Engine is presented.  ...  The principal way for achieving this goal is to model anticipated network traffic behavior, and to use this model for identifying anomalies.  ...  The implementation complexity arises from calculating these two histograms for each packet attribute. ALPI [7] is an extension of PacketScore.  ... 
doi:10.1109/hpsr.2010.5580287 dblp:conf/hpsr/Tzur-DavidADA10 fatcat:prrz4jhsfjarpksi5ogxh64oiy

Partial offloading of OpenFlow rules on a traditional hardware switch ASIC

Sebastiano Miano, Fulvio Risso, Hagen Woesner
2017 2017 IEEE Conference on Network Softwarization (NetSoft)  
This extension is left for future work. ports 4 .  ...  In the second, Advanced Multi-stage classification step, three TCAMs (named IS1, IS2 and ES0) serve different purposes.  ... 
doi:10.1109/netsoft.2017.8004107 fatcat:pn2u5bcdjvdu7l3ndnlzyizvru

A Survey on the Application of FPGAs for Network Infrastructure Security

Hao Chen, Yu Chen, Douglas H. Summerville
2011 IEEE Communications Surveys and Tutorials  
Given the rapid evolution of attack methods and toolkits, software-based solutions to secure the network infrastructure have become overburdened.  ...  Possessing the flexibility of software and high parallelism of hardware, reconfigurable hardware devices, such as Field Programmable Gate Arrays (FPGAs), have become increasingly popular for this purpose  ...  The approach is based on the observation that while TCAM structure is efficient for direct data-lookup with prefix or exact values, it is not suitable for those that fall within a range.  ... 
doi:10.1109/surv.2011.072210.00075 fatcat:4yew6yqt25expelxenskh22b4m

Towards an FPGA-Accelerated programmable data path for edge-to-core communications in 5G networks

Ruben Ricart-Sanchez, Pedro Malagon, Pablo Salva-Garcia, Enrique Chirivella Perez, Qi Wang, Jose M. Alcaraz Calero
2018 Journal of Network and Computer Applications  
The Fifth-Generation (5G) networks, as the emerging next generation mobile networks, are adopting softwarization and virtualization technologies as the cornerstones for the network operators to gain significant  ...  Meanwhile, a virtualized and softwarized 5G network would suffer from downgraded system performance due to this unprecedented paradigm shift towards software-based networking.  ...  The RIFFA framework for NetFPGA is configured with one DMA engine of two bidirectional channels: one for packets and the other one for registers and configuration.  ... 
doi:10.1016/j.jnca.2018.09.012 fatcat:6kjco2fiejgyvp4qnnxs3fnusm

Towards a Stateful Forwarding Abstraction to Implement Scalable Network Functions in Software and Hardware [article]

Luca Petrucci, Nicola Bonelli, Marco Bonola, Gregorio Procissi, Carmelo Cascone, Davide Sanvito, Salvatore Pontarelli, Giuseppe Bianchi, Roberto Bifulco
2016 arXiv   pre-print
An effective packet processing abstraction that leverages software or hardware acceleration techniques can simplify the implementation of high-performance virtual network functions.  ...  paper, we explore the suitability of SDN switches' stateful forwarding abstractions to model accelerated functions in both software and hardware accelerators, such as optimized software switches and FPGA-based  ...  In fact, SoftFlow can only offload packet classification to hardware NICs and just for packets entering the system, while we can potentially offload both packet classification and stateful operations to  ... 
arXiv:1611.02853v1 fatcat:igcgenk7gff4vgfngwjcours74

A Survey on Data Plane Flexibility and Programmability in Software-Defined Networking

Enio Kaljic, Almir Maric, Pamela Njemcevic, Mesud Hadzialic
2019 IEEE Access  
The role of the switch in the data plane is to simply forward packets based on the instructions given by the controller.  ...  The application plane executes network applications; control plane regulates the rules for the entire network based on the requests generated by network applications; and based on the set rules, the controller  ...  On edge switches, TCAM for incoming packets contains full headers, and TCAM for outgoing packets holds only PATH TAG and FLOW TAG.  ... 
doi:10.1109/access.2019.2910140 fatcat:g7723e6dmjawhm637yywupefm4

Next generation routers

H.J. Chao
2002 Proceedings of the IEEE  
Several proposed algorithms for IP route lookup and packet classification are compared in respect to their search/update speeds and storage requirements.  ...  It then presents several algorithms/architectures to implement IP route lookup, packet classification, and switch fabrics.  ...  Zhang for their assistance in preparing this paper.  ... 
doi:10.1109/jproc.2002.802001 fatcat:abbtxhetq5hwdisgdqavfgi2y4

A Modular System for FPGA-Based TCP Flow Processing in High-Speed Networks [chapter]

David V. Schuehler, John W. Lockwood
2004 Lecture Notes in Computer Science  
This circuit provides stateful flow tracking, TCP stream reassembly, context storage, and flow manipulation services for applications which process TCP data streams.  ...  When the TCP-Processor is configured for bidirectional monitoring, 32 bytes of storage are used for each direction of traffic flow.  ...  Conclusion This paper described the design and implementation of a high-performance TCP flow monitoring system called TCP-Processor for use in an extensible environment.  ... 
doi:10.1007/978-3-540-30117-2_32 fatcat:tm2ds4na7vchlh5xuugnjwujrq

Software-Defined Networking Using OpenFlow: Protocols, Applications and Architectural Design Choices

Wolfgang Braun, Michael Menth
2014 Future Internet  
We give an overview of existing SDN-based applications grouped by topic areas. Finally, we point out architectural design choices for SDN using OpenFlow and discuss their performance implications.  ...  The authors alone are responsible for the content of the paper. Conflicts of Interest The authors declare no conflict of interest. Future Internet 2014, 6  ...  Thus, fast packet forwarding for OpenFlow requires special hardware: TCAM is used in switches for the fast lookup of wildcard matches. TCAM size is often very limited, due to the high cost.  ... 
doi:10.3390/fi6020302 fatcat:ezgfdxk7h5hrlgzrazkzivhiju

Ensemble routing for datacenter networks

Mike Schlansker, Yoshio Turner, Jean Tourrilhes, Alan Karp
2010 Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems - ANCS '10  
ABSTRACT This paper describes Hash-Based Routing (HBR), an architecture that enhances Ethernet to support dynamic management for multipath networks in scalable datacenters.  ...  Networks, Ethernet, Multipath, Switching, Fault Tolerance This paper describes Hash-Based Routing (HBR), an architecture that enhances Ethernet to support dynamic management for multipath networks in scalable  ...  Uplink-bound packets traverse traffic classification and routing layers through a special virtual "Uport" that carries packets that are destined for the core.  ... 
doi:10.1145/1872007.1872036 dblp:conf/ancs/SchlanskerTTK10 fatcat:envy3rlmhzfqdbonzlijofuurq

VFP: A Virtual Switch Platform for Host SDN in the Public Cloud

Daniel Firestone
2017 Symposium on Networked Systems Design and Implementation  
Finally, we thank Dave Maltz, Mark Russinovich, and Albert Greenberg for their sponsorship of and support for this project over the years, and Jitendra Padhye for convincing us to write a paper about our  ...  Provide a fast packet classification algorithm for cases with large numbers of rules and tables.  ...  Rules are implemented via a simple callback interface (Initialize, Process Packet, Deinitialize) so as to make the base VFP platform easily extensible.  ... 
dblp:conf/nsdi/Firestone17 fatcat:oy36xxsxxnaflh4z5e7pu43ryy
« Previous Showing results 1 — 15 out of 77 results