Title :
Wire-Speed TCAM-Based Architectures for Multimatch Packet Classification
Author :
Faezipour, Miad ; Nourani, Mehrdad
Author_Institution :
Univ. of Texas at Dallas, Richardson, TX
Abstract :
Most conventional packet classifiers find only the highest priority filter that matches the arriving packet. However, new networking applications such as network intrusion detection systems and load balancers require all (or the first few) matching packets during classification. In this paper, two TCAM-based architectures for multi-match search are introduced. The first one is a renovated TCAM design that can find all or the first r matches in a packet filter set. The second architecture is a novel partitioning scheme based on filter intersection properties allowing us to use off-the-shelf TCAMs for multi-match packet classification. Our classifier engine finds all matches in exactly one conventional TCAM cycle while reducing the power consumption by at least two orders of magnitude, which is far better than the existing hardware based designs.
Keywords :
computer networks; content-addressable storage; resource allocation; security of data; classifier engine; filter intersection property; load balancers; matching packets; multimatch packet classification; multimatch search; network intrusion detection systems; off-the-shelf TCAM; packet filter set; power consumption; wire-speed TCAM-based architectures; Associative memory; Databases; Energy consumption; Engines; Indexes; Intrusion detection; Matched filters; Multidimensional systems; Payloads; Protocols; Classifier design and evaluation; Network monitoring; Network-level security and protection; System architectures; integration and modeling;
Journal_Title :
Computers, IEEE Transactions on
DOI :
10.1109/TC.2008.159
