A prefix-based approach for managing hybrid specifications in complex packet filtering Author: Nizar Ben Neji, Adel Bouhoula Publisher: Computer Networks.

Slides:

Advertisements

Similar presentations

An On-Chip IP Address Lookup Algorithm Author: Xuehong Sun and Yiqiang Q. Zhao Publisher: IEEE TRANSACTIONS ON COMPUTERS, 2005 Presenter: Yu Hao, Tseng.

Advertisements

Fast Algorithms For Hierarchical Range Histogram Constructions

Outline Introduction Related work on packet classification Grouper Performance Empirical Evaluation Conclusions.

A Ternary Unification Framework for Optimizing TCAM-Based Packet Classification Systems Author: Eric Norige, Alex X. Liu, and Eric Torng Publisher: ANCS.

1 TCAM Razor: A Systematic Approach Towards Minimizing Packet Classifiers in TCAMs Department of Computer Science and Information Engineering National.

IP Address Lookup for Internet Routers Using Balanced Binary Search with Prefix Vector Author: Hyesook Lim, Hyeong-gee Kim, Changhoon Publisher: IEEE TRANSACTIONS.

1 A Heuristic and Hybrid Hash- based Approach to Fast Lookup Author: Gianni Antichi, Andrea Di Pietro, Domenico Ficara, Stefano Giordano, Gregorio Procissi,

Fast Filter Updates for Packet Classification using TCAM Authors: Haoyu Song, Jonathan Turner. Publisher: GLOBECOM 2006, IEEE Present: Chen-Yu Lin Date:

Firewall Policy Queries Author: Alex X. Liu, Mohamed G. Gouda Publisher: IEEE Transaction on Parallel and Distributed Systems 2009 Presenter: Chen-Yu Chang.

1 On Constructing Efficient Shared Decision Trees for Multiple Packet Filters Author: Bo Zhang T. S. Eugene Ng Publisher: IEEE INFOCOM 2010 Presenter:

1 Memory-Efficient 5D Packet Classification At 40 Gbps Authors: Ioannis Papaefstathiou, and Vassilis Papaefstathiou Publisher: IEEE INFOCOM 2007 Presenter:

1 Energy Efficient Multi-match Packet Classification with TCAM Fang Yu

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

Efficient Multidimensional Packet Classification with Fast Updates Author: Yeim-Kuan Chang Publisher: IEEE TRANSACTIONS ON COMPUTERS, VOL. 58, NO. 4, APRIL.

1 Partition Filter Set for Power- Efficient Packet Classification Authors: Haibin Lu, MianPan Publisher: IEEE GLOBECOM 2006 Present: Chen-Yu Lin Date:

Parallel-Search Trie-based Scheme for Fast IP Lookup

Performance Evaluation of IPv6 Packet Classification with Caching Author: Kai-Yuan Ho, Yaw-Chung Chen Publisher: ChinaCom 2008 Presenter: Chen-Yu Chaug.

1 DRES:Dynamic Range Encoding Scheme for TCAM Coprocessors Authors: Hao Che, Zhijun Wang, Kai Zheng and Bin Liu Publisher: IEEE Transactions on Computers,

1 A Fast IP Lookup Scheme for Longest-Matching Prefix Authors: Lih-Chyau Wuu, Shou-Yu Pin Reporter: Chen-Nien Tsai.

Two stage packet classification using most specific filter matching and transport level sharing Authors: M.E. Kounavis *,A. Kumar,R. Yavatkar,H. Vin Presenter:

Efficient Gray Code Based Range Encoding Schemes for Packet Classification in TCAM Author: Yeim-Kuan Chang, Cheng-Chien Su, and Yung-Chieh Lin Publisher:

1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.

1 Packet classification using diagonal-based tuple space search Department of Computer Science and Information Engineering National Cheng Kung University,

1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:

Fast binary and multiway prefix searches for pachet forwarding Author: Yeim-Kuan Chang Publisher: COMPUTER NETWORKS, Volume 51, Issue 3, pp , February.

Existing Range Encoding Schemes Presenter: Kai-Yang, Liu Date: 2011/11/23.

1 Efficient packet classification using TCAMs Authors: Derek Pao, Yiu Keung Li and Peng Zhou Publisher: Computer Networks 2006 Present: Chen-Yu Lin Date:

1 Route Table Partitioning and Load Balancing for Parallel Searching with TCAMs Department of Computer Science and Information Engineering National Cheng.

(TPDS) A Scalable and Modular Architecture for High-Performance Packet Classification Authors: Thilan Ganegedara, Weirong Jiang, and Viktor K. Prasanna.

LayeredTrees: Most Specific Prefix based Pipelined Design for On-Chip IP Address Lookups Author: Yeim-Kuau Chang, Fang-Chen Kuo, Han-Jhen Guo and Cheng-Chien.

An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture.

The Fast Optimal Voltage Partitioning Algorithm For Peak Power Density Minimization Jia Wang, Shiyan Hu Department of Electrical and Computer Engineering.

Fast Packet Classification Using Bloom filters Authors: Sarang Dharmapurikar, Haoyu Song, Jonathan Turner, and John Lockwood Publisher: ANCS 2006 Present:

High-Speed Packet Classification Using Binary Search on Length Authors: Hyesook Lim and Ju Hyoung Mun Presenter: Yi-Sheng, Lin ( 林意勝 ) Date: Jan. 14, 2008.

Packet Classifiers In Ternary CAMs Can Be Smaller Qunfeng Dong (University of Wisconsin-Madison) Suman Banerjee (University of Wisconsin-Madison) Jia Wang.

Multi-Field Range Encoding for Packet Classification in TCAM Author: Yeim-Kuan Chang, Chun-I Lee and Cheng-Chien Su Publisher: INFOCOM 2011 Presenter:

EECB 473 DATA NETWORK ARCHITECTURE AND ELECTRONICS PREPARED BY JEHANA ERMY JAMALUDDIN Basic Packet Processing: Algorithms and Data Structures.

Energy-Efficient Sensor Network Design Subject to Complete Coverage and Discrimination Constraints Frank Y. S. Lin, P. L. Chiu IM, NTU SECON 2005 Presenter:

Multiprefix Trie: A New Data Structure for Designing Dynamic Router-Tables Author: Sun-Yuan Hsieh, Senior Member, IEEE, Yi-Ling Huang, and Ying-Chi Yang.

On the Use of Sparse Direct Solver in a Projection Method for Generalized Eigenvalue Problems Using Numerical Integration Takamitsu Watanabe and Yusaku.

Compact Trie Forest: Scalable architecture for IP Lookup on FPGAs Author: O˘guzhan Erdem, Aydin Carus and Hoang Le Publisher: ReConFig 2012 Presenter:

StrideBV: Single chip 400G+ packet classification Author: Thilan Ganegedara, Viktor K. Prasanna Publisher: HPSR 2012 Presenter: Chun-Sheng Hsueh Date:

1 Fast packet classification for two-dimensional conflict-free filters Department of Computer Science and Information Engineering National Cheng Kung University,

Speedy FPGA-Based Packet Classifiers with Low On-Chip Memory Requirements Author: Chih-Hsun Chou, Fong Pong, and Nian-Feng Tzeng Publisher: FPGA 2012 Presenter:

A Dynamic Longest Prefix Matching Content Addressable Memory for IP Routing Author: Satendra Kumar Maurya, Lawrence T. Clark Publisher: IEEE TRANSACTIONS.

作者 :Satyajeet Ahuja and Marwan Krunz 出處 :IEEE TRANSACTIONS ON MULTIMEDIA, VOL. 10, NO. 7, NOVEMBER 2008 報告者 : 黃群凱 1.

AUTHOR: NIZAR BEN NEJI, ADEL BOUHOULA PUBLISHER: IEEE INTERNATIONAL CONFERENCE,2011 PRESENTER: KAI-YANG LIU DATE:2011/08/31 1 NAF Conversion: An Efficient.

Cross-Product Packet Classification in GNIFS based on Non-overlapping Areas and Equivalence Class Author: Mohua Zhang, Ge Li Publisher: AISS 2012 Presenter:

Binary-tree-based high speed packet classification system on FPGA Author: Jingjiao Li*, Yong Chen*, Cholman HO**, Zhenlin Lu* Publisher: 2013 ICOIN Presenter:

Boundary Cutting for Packet Classification Author: Hyesook Lim, Nara Lee, Geumdan Jin, Jungwon Lee, Youngju Choi, Changhoon Yim Publisher: Networking,

Range Enhanced Packet Classification Design on FPGA Author: Yeim-Kuan Chang, Chun-sheng Hsueh Publisher: IEEE Transactions on Emerging Topics in Computing.

Parallel tree search: An algorithmic approach for multi- field packet classification Authors: Derek Pao and Cutson Liu. Publisher: Computer communications.

Unit1: Modeling & Simulation Module5: Logic Simulation Topic: Unknown Logic Value.

Author: Weirong Jiang and Viktor K. Prasanna Publisher: The 18th International Conference on Computer Communications and Networks (ICCCN 2009) Presenter:

Evaluating and Optimizing IP Lookup on Many Core Processors Author: Peng He, Hongtao Guan, Gaogang Xie and Kav´e Salamatian Publisher: International Conference.

1 Space-Efficient TCAM-based Classification Using Gray Coding Authors: Anat Bremler-Barr and Danny Hendler Publisher: IEEE INFOCOM 2007 Present: Chen-Yu.

Hierarchical packet classification using a Bloom filter and rule-priority tries Source : Computer Communications Authors : A. G. Alagu Priya 、 Hyesook.

Packet Classification Using Multi- Iteration RFC Author: Chun-Hui Tsai, Hung-Mao Chu, Pi-Chung Wang Publisher: 2013 IEEE 37th Annual Computer Software.

DRES: Dynamic Range Encoding Scheme for TCAM Coprocessors 2008 YU-ANTL Lab Seminar June 11, 2008 JeongKi Park Advanced Networking Technology Lab. (YU-ANTL)

Journal of Computational and Applied Mathematics Volume 253, 1 December 2013, Pages 14–25 Reporter : Zong-Dian Lee A hybrid quantum inspired harmony search.

Efficient Montgomery Modular Multiplication Algorithm Using Complement and Partition Techniques Speaker: Te-Jen Chang.

A Classification for Access Control List To Speed Up Packet-Filtering Firewall CHEN FAN, LONG TAN, RAWAD FELIMBAN and ABDELSHAKOUR ABUZNEID Department.

Author : Tzi-Cker Chiueh, Prashant Pradhan Publisher : High-Performance Computer Architecture, Presenter : Jo-Ning Yu Date : 2010/11/03.

Range Hash for Regular Expression Pre-Filtering Publisher : ANCS’ 10 Author : Masanori Bando, N. Sertac Artan, Rihua Wei, Xiangyi Guo and H. Jonathan Chao.

Efficient Signature Matching with Multiple Alphabet Compression Tables Publisher : SecureComm, 2008 Author : Shijin Kong,Randy Smith,and Cristian Estan.

Space and Speed Tradeoffs in TCAM Hierarchical Packet Classification

Topic 1: Data Representation

Speaker: YI-JIA HUANG Date: 2011/12/08 Authors: C. N

Color image noise removal algorithm utilizing hybrid vector filtering

Worst-Case TCAM Rule Expansion

Presentation transcript:

A prefix-based approach for managing hybrid specifications in complex packet filtering Author: Nizar Ben Neji, Adel Bouhoula Publisher: Computer Networks 56 (2012) Presenter: Yu Hao, Tzeng Date: 2012/11/ 1

Outline Introdution Proposed technique Performance Conclusion 2

Introduction A packet filter must support rule sets involving any type of condition. Prefix-based packet filters have gained wide acceptance in the research community for storing. Range-based fields need to be converted into a set of standard prefixes to guarantee the homogeneity. Since multiple packet header fields can contain several range specifications, a single rule may require multiple memory entries. The difficulty lies in the fact that multiple memory entries have to be allocated to represent a rule containing various range specifications. 3

Introduction (Cont.) DRPC (direct range to prefix conversion) Example : 4

Introduction (Cont.) The NAF (Non-Adjacent Form) conversion method lets us obtain a better conversion ratio than the previous proposed solutions. Example : 5

Introduction (Cont.) 6

7

Proposed technique 8

Proposed technique (Cont.) NAF conversion of arbitrary range Direct range-to-prefix conversion (DRPC) Indirect range to signed prefixes (IRSP) Lower{} is a list of Integers Upper{} is a list of Integers Sign{} is a binary list 9

Proposed technique (Cont.) NAF conversion of arbitrary range Example : 10

Proposed technique (Cont.) NAF conversion of arbitrary range Direct range to signed prefixes (DRSP) DRSP is better than the indirect conversion in terms of time since it lets us avoid the use of two conversion stages. Arbitrary RangeSigned Prefixes DRSP 11

Proposed technique (Cont.) NAF conversion of arbitrary range Direct range to signed prefixes (DRSP) isElementaryRange() is a boolean function that takes as entry an arbitrary w-bit range [l, u] and tells whether it can be represented using a single prefix or not. extendedRange() takes as entry an arbitrary range [l, u] and returns as a result the smallest elementary range covering it. addSignedPrefix() stores the resulting signed prefixes in the lists Lower{}, Upper{} and Sign{}. 12

Proposed technique (Cont.) NAF conversion of arbitrary range Algorithm 13

Proposed technique (Cont.) Building the two-staged data structure 14

Proposed technique (Cont.) 15

Proposed technique (Cont.) Building the two-staged data structure 16

Proposed technique (Cont.) 17

Proposed technique (Cont.) 18

Proposed technique (Cont.) 19

Performance 20

Performance (Cont.) 21

Performance (Cont.) 22

Conclusion In this paper, the essential issues related to the resolution of the range matching problem arising in the packet filtering process were thoroughly examined and efficiently solved using the new concept of signed prefixes. 23