Title :
Towards efficient security policy lookup on many-core network processing platforms
Author :
Wang Xiang ; Qi Yaxuan ; Wang Kai ; Xue Yibo ; Li Jun
Author_Institution :
Dept. of Autom., Tsinghua Univ., Beijing, China
fDate :
8/1/2015 12:00:00 AM
Abstract :
Modern network security devices employ packet classification and pattern matching algorithms to inspect packets. Due to the complexity and heterogeneity of different search data structures, it is difficult for existing algorithms to leverage modern hardware platforms to achieve high performance. This paper presents a Structural Compression (SC) method that optimizes the data structures of both algorithms. It reviews both algorithms under the model of search space decomposition, and homogenizes their search data structures. This approach not only guarantees deterministic lookup speed but also optimizes the data structure for efficient implementation on many-core platforms. The performance evaluation reveals that the homogeneous data structure achieves 10Gbps line-rate 64byte packet classification throughput and multi-Gbps deep inspection speed.
Keywords :
data compression; data structures; multiprocessing systems; security of data; SC method; deterministic lookup speed; homogeneous data structure; many-core network processing platforms; packet classification; search data structures; search space decomposition; security policy lookup; structural compression; Algorithm design and analysis; Arrays; Classification algorithms; Decision trees; Pattern matching; Redundancy; packet classification; patternmatching; algorithms; data structures;
Journal_Title :
Communications, China
DOI :
10.1109/CC.2015.7224697
