TCAM –BASED REGULAR EXPRESSION MATCHING SOLUTION IN NETWORK Phase-I Review 14-12-15 Supervised By, Presented By, MRS. SHARMILA,M.E., M.ARULMOZHI, AP/CSE.

Slides:

Advertisements

Similar presentations

Deep Packet Inspection: Where are We? CCW08 Michela Becchi.

Advertisements

Deep packet inspection – an algorithmic view Cristian Estan (U of Wisconsin-Madison) at IEEE CCW 2008.

A Search Memory Substrate for High Throughput and Low Power Packet Processing Sangyeun Cho, Michel Hanna and Rami Melhem Dept. of Computer Science University.

Data plane algorithms in routers

A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.

1 An Efficient, Hardware-based Multi-Hash Scheme for High Speed IP Lookup Hot Interconnects 2008 Socrates Demetriades, Michel Hanna, Sangyeun Cho and Rami.

An Efﬁcient Regular Expressions Compression Algorithm From A New Perspective Authors : Tingwen Liu,Yifu Yang,Yanbing Liu,Yong Sun,Li Guo Tingwen LiuYifu.

Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.

Bio Michel Hanna M.S. in E.E., Cairo University, Egypt B.S. in E.E., Cairo University at Fayoum, Egypt Currently is a Ph.D. Student in Computer Engineering.

Survey of Packet Classification Algorithms. Outline Background and problem definition Classification schemes – One dimensional classification – Two dimensional.

1 TCAM Razor: A Systematic Approach Towards Minimizing Packet Classifiers in TCAMs Department of Computer Science and Information Engineering National.

William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Internetworking.

A hybrid finite automaton for practical deep packet inspection Department of Computer Science and Information Engineering National Cheng Kung University,

CSIE NCKU High-performance router architecture 高效能路由器的架構與設計.

Efficient IP-Address Lookup with a Shared Forwarding Table for Multiple Virtual Routers Author: Jing Fu, Jennifer Rexford Publisher: ACM CoNEXT 2008 Presenter:

An Efficient IP Lookup Architecture with Fast Update Using Single-Match TCAMs Author: Jinsoo Kim, Junghwan Kim Publisher: WWIC 2008 Presenter: Chen-Yu.

Algorithms for Advanced Packet Classification with TCAMs Karthik Lakshminarayanan UC Berkeley Joint work with Anand Rangarajan and Srinivasan Venkatachary.

1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:

EaseCAM: An Energy And Storage Efficient TCAM-based IP-Lookup Architecture Rabi Mahapatra Texas A&M University;

A High Throughput String Matching Architecture for Intrusion Detection and Prevention Lin Tan U of Illinois, Urbana Champaign Tim Sherwood UC, Santa Barbara.

Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.

Memory-Efficient Regular Expression Search Using State Merging Department of Computer Science and Information Engineering National Cheng Kung University,

Chapter 9 Classification And Forwarding. Outline.

Improving Signature Matching using Binary Decision Diagrams Liu Yang, Rezwana Karim, Vinod Ganapathy Rutgers University Randy Smith Sandia National Labs.

1 Route Table Partitioning and Load Balancing for Parallel Searching with TCAMs Department of Computer Science and Information Engineering National Cheng.

 Author: Tsern-Huei Lee  Publisher: 2009 IEEE Transation on Computers  Presenter: Yuen-Shuo Li  Date: 2013/09/18 1.

Sarang Dharmapurikar With contributions from : Praveen Krishnamurthy,

ECE 526 – Network Processing Systems Design Network Processor Architecture and Scalability Chapter 13,14: D. E. Comer.

Fast and deterministic hash table lookup using discriminative bloom filters  Author: Kun Huang, Gaogang Xie,  Publisher: 2013 ELSEVIER Journal of Network.

An Improved Algorithm to Accelerate Regular Expression Evaluation Author ： Michela Becchi 、 Patrick Crowley Publisher ： ANCS’07 Presenter ： Wen-Tse Liang.

(TPDS) A Scalable and Modular Architecture for High-Performance Packet Classification Authors: Thilan Ganegedara, Weirong Jiang, and Viktor K. Prasanna.

An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture.

Timothy Whelan Supervisor: Mr Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University Hardware based packet filtering.

Wire Speed Packet Classification Without TCAMs ACM SIGMETRICS 2007 Qunfeng Dong (University of Wisconsin-Madison) Suman Banerjee (University of Wisconsin-Madison)

Firewall Fingerprinting Amir R. Khakpour 1, Joshua W. Hulst 1, Zhihui Ge 2, Alex X. Liu 1, Dan Pei 2, Jia Wang 2 1 Michigan State University 2 AT&T Labs.

Multi-Field Range Encoding for Packet Classification in TCAM Author: Yeim-Kuan Chang, Chun-I Lee and Cheng-Chien Su Publisher: INFOCOM 2011 Presenter:

An Efficient Regular Expressions Compression Algorithm From A New Perspective  Author: Tingwen Liu, Yifu Yang, Yanbing Liu, Yong Sun, Li Guo  Publisher:

Balajee Vamanan and T. N. Vijaykumar School of Electrical & Computer Engineering CoNEXT 2011.

Parallelization and Characterization of Pattern Matching using GPUs Author: Giorgos Vasiliadis 、 Michalis Polychronakis 、 Sotiris Ioannidis Publisher:

1 Dynamic Pipelining: Making IP- Lookup Truly Scalable Jahangir Hasan T. N. Vijaykumar School of Electrical and Computer Engineering, Purdue University.

StriD 2 FA: Scalable Regular Expression Matching for Deep Packet Inspection Author: Xiaofei Wang, Junchen Jiang, Yi Tang, Bin Liu, and Xiaojun Wang Publisher:

StrideBV: Single chip 400G+ packet classification Author: Thilan Ganegedara, Viktor K. Prasanna Publisher: HPSR 2012 Presenter: Chun-Sheng Hsueh Date:

Algorithms to Accelerate Multiple Regular Expressions Matching for Deep Packet Inspection Sailesh Kumar Sarang Dharmapurikar Fang Yu Patrick Crowley Jonathan.

Extending Finite Automata to Efficiently Match Perl-Compatible Regular Expressions Publisher : Conference on emerging Networking EXperiments and Technologies.

Memory-Efficient Regular Expression Search Using State Merging Author: Michela Becchi, Srihari Cadambi Publisher: INFOCOM th IEEE International.

High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.

A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching Yao Song 11/05/2015.

Author ： Randy Smith & Cristian Estan & Somesh Jha Publisher ： IEEE Symposium on Security & privacy,2008 Presenter ： Wen-Tse Liang Date ： 2010/10/27.

TFA: A Tunable Finite Automaton for Regular Expression Matching Author: Yang Xu, Junchen Jiang, Rihua Wei, Yang Song and H. Jonathan Chao Publisher: ACM/IEEE.

A Fast Regular Expression Matching Engine for NIDS Applying Prediction Scheme Author: Lei Jiang, Qiong Dai, Qiu Tang, Jianlong Tan and Binxing Fang Publisher:

HIGH-PERFORMANCE LONGEST PREFIX MATCH LOGIC SUPPORTING FAST UPDATES FOR IP FORWARDING DEVICES Author: Arun Kumar S P Publisher/Conf.: 2009 IEEE International.

1 Bit Weaving: A Non-Prefix Approach to Compressing Packet Classifiers in TCAMs Author: Chad R. Meiners, Alex X. Liu, and Eric Torng Publisher: IEEE/ACM.

An Improved DFA for Fast Regular Expression Matching Author ： Domenico Ficara 、 Stefano Giordano 、 Gregorio Procissi Fabio Vitucci 、 Gianni Antichi 、 Andrea.

High Throughput and Programmable Online Traffic Classifier on FPGA Author: Da Tong, Lu Sun, Kiran Kumar Matam, Viktor Prasanna Publisher: FPGA 2013 Presenter:

Deflating the Big Bang: Fast and Scalable Deep Packet Inspection with Extended Finite Automata Date:101/3/21 Publisher:SIGCOMM 08 Author:Randy Smith Cristian.

Author Name Security and Networks Research Group Department of Computer Science Rhodes University SNRG SLIDE TEMPLATE.

A DFA with Extended Character-Set for Fast Deep Packet Inspection

How a Stateful Firewall Works

Data plane algorithms in routers

CS 31006: Computer Networks – The Routers

Advanced Algorithms for Fast and Scalable Deep Packet Inspection

Transport Layer Systems Packet Classification

Data Plane Algorithms in Network Processing Systems

Scalable Memory-Less Architecture for String Matching With FPGAs

Implementing an OpenFlow Switch on the NetFPGA platform

High-performance router/switch architecture 高效能路由器/交換器的架構與設計

Compact DFA Structure for Multiple Regular Expressions Matching

High-Performance Pattern Matching for Intrusion Detection

Packet Classification Using Binary Content Addressable Memory

Presentation transcript:

TCAM –BASED REGULAR EXPRESSION MATCHING SOLUTION IN NETWORK Phase-I Review Supervised By, Presented By, MRS. SHARMILA,M.E., M.ARULMOZHI, AP/CSE

ABSTRACT Regular expression is a core component of deep packet inspection in modern networking and security devices. Hardware based RE matching approach that uses Ternary Content Addressable Memory(TCAM) used for packet classification. TCAM is available as off-the-shelf chips is deployed in modern networking devices. Three techniques are used to reduce TCAM space and improve RE matching speed.RE matching algorithm are based on the DFA set of regular expressions. 2

OBJECTIVE To achieve potential RE matching throughput using TCAM based on the Deterministic Finite State Automata(DFA). 3

EXISTING SYSTEM RE matching algorithms are either software based or FPGA based. Deep packet inspection used string matching, Whether a packet’s payload matches any of a set of predefined strings. 4

DISADVANTAGE Deployment cost is high. Handling RE updates is slow. It is difficult to deploy. 5

1:An Efficient Regular Expressions Compression Algorithm From A New Perspective(2011) To reduce the memory usage of DFAs of multi regular expressions. A new perspective, namely observing the characteristic of transition distribution inside each state, which is different from schemes that observe the characteristic among states. State minimization. 6

2:CompactDFA: Generic State Machine Compression for Scalable Pattern Matching(2010) To analyze the pattern matching problem to the IP-lookup problem. The usage of TCAM for pattern matching, a hardware device that is commonly used for IP-lookup and packet classification and is deployed in many core routers. 7

3:Bit weaving a non-prefix approach to compressing packet classifiers in TCAM`S(2009) Supports fast incremental updates to classifiers, and it can be deployed on existing classification hardware. Its speed and its ability to find different compression opportunities than existing compromising schemes. 8

4:Extending Finite Automata to Efficiently Match Perl-Compatible Regular Expressions(2008) Deterministic finite automata (DFAs) offer the advantage of a limited memory bandwidth requirement. In particular, they require only a single state traversal for each input character processed, independent of the number of regular expressions in the data-set. Handle memory space and bandwidth requirements. 9

5:Modeling TCAM Power for Next Generation Network Devices(2006) In high-speed networking applications, TCAM has been used as one of the principal components due to its ability to perform fully associative ternary search. TCAM power model that can be directly compared against comparable SRAM, cache, and logic models. High Performance Look up system which takes constant time. 10

PROPOSED SYSTEM TCAM based RE matching solutions. Two techniques that minimize the TCAM space for storing a DFA- transition sharing and table consolidation. To improve RE matching speed use variable striding. ADVANTAGES High-speed is achieved. Deployment cost is reduced. Large DFA’s are stored. 11

ADVANTAGES High-speed is achieved. Deployment cost is reduced. Large DFA’s are stored 12

SYSTEM ARCHITECTURE 13

DATA FLOW DIAGRAM 14

MODULES 1.Peer construction and process 2.Firewall process 3.Encoding for character bundling 4.Shadow encoding 5.Table consolidation 6. Variable striding 15

1.PEER CONSTRUCTION AND PROCESS 16

DESCRIPTION To construct the peer process, it contains two phases named process and initialization. Initialization phase To assign the IP address and port number for this peer, and collected information’s are stored into database. Process phase received the peer from the process and enter into packet conversion. The peer is converted into set of expressions. Then insert a packet and forward to the destination. 17

2.FIREWALL PROCESS 18

DESCRIPTION The packets are enter into firewall. Firewall decides whether the nodes are allowed or not. Then Initialize the TCAM entry. Selection process is based on either 36 bit or 72 bit. Once decide the selection process TCAM has been initialized and receive the packets then extract the expression values into corresponding packets. 19

CONCLUSION TCAM space is minimized by Transition Sharing and Table consolidation and RE matching speed is increased by Variable Striding. Small TCAMs are capable of storing large DFAs. 20

REFERENCES T. Liu, Y. Yang, Y. Liu, Y. Sun, and L. Guo, “An efficient regular expressions compression algorithm from a new perspective,” in IEEEINFOCOM, 2011, pp. 2129–2137. A. Bremler-Barr, D. Hay, and Y. Koral, “CompactDFA: generic state machine compression for scalable pattern matching,” in IEEE INFOCOM,2010, pp. 659– 667. C. R. Meiners, A. X. Liu, and E. Torng, “Bit weaving: A non-prefix approach to compressing packet classifiers in TCAMs,” in Proc. 17 th IEEE Conf. on Network Protocols (ICNP), October S. Kong, R. Smith, and C. Estan, “Efficient signature matching with multiple alphabet compression tables,” in ACM SecureComm, M. Becchi and P. Crowley, “Extending finite automata to efficiently match perl- compatible regular expressions,” in Proc. CoNEXT, B. Agrawal and T. Sherwood, “Modeling TCAM power for next generation network devices,” in Proc. IEEE Int. Symposium on Performance Analysis of Systems and Software, 2006, pp. 120– 129. M. Becchi and P. Crowley, “A hybrid finite automaton for practical deep packet inspection,” in Proc. CoNext,