Presentation is loading. Please wait.

Presentation is loading. Please wait.

Author Name Security and Networks Research Group Department of Computer Science Rhodes University SNRG SLIDE TEMPLATE.

Published bySamson Randall Modified over 7 years ago

Similar presentations

Presentation on theme: "Author Name Security and Networks Research Group Department of Computer Science Rhodes University SNRG SLIDE TEMPLATE."— Presentation transcript:

1 Author Name Security and Networks Research Group Department of Computer Science Rhodes University SNRG SLIDE TEMPLATE

2 Started my literature review WORKED FOR FESTIVAL Finished my literature review (Ordered a new toy) What’s happened since last time?

3 The packet classification problem Overview of literature review –Classification algorithms –Deep packet inspection algorithms Plan of action Contents

4 The packet classification problem Most packets contain the basic 5-tuple (Source/Destination IP addresses, Source/Destination port numbers, protocol numbers). The 5-tuple can determine much of packet routing and how packets should be handled (dropped, ignored, allowed etc.). Different combinations of values of fields in the 5-tuple require different actions i.e. match different filters. Reactions to packets can also be based on the contents of the packet’s payload; may depend on packet’s context/classification. The packet classification problem aims to determine what response a packet should elicit given its field properties and payload contents. (Packet classification tends to ignore deep packet inspection)

5 Linear/Parallel search LinearvsParallel Easy to implement Reliable Not very fast Very fast Very fast (and reliable) Resource expensive TCAMs

6 Useful for prefix ranges Good for 2D filters, worse for >2D Optimisations include branch pruning and cross-trie pointers Grid-of-tries

7 A geometric approach to packet classification 1.Determine the set of applicable filters for each field 2.Intersection of filters yields applicable filters for whole packet Also lends itself to parallelism Address 10; port 7: yield 10010000010 AND 00001000110 -> 00000000010 Bit vectors Address 10Port 7 1001000001000001000110 00000000010 AND Filter: j

8 The BV-TCAM architecture Song and Lockwood observed that in a filter set there are few unique IP addresses or address masks but many protocols and port numbers Used TCAM’s for IP address matching – small variety of unique addresses TCAM output was encoded in a bit vector Grid-of-tries used for protocol matching – protocol determined which set of tries to search Output also in the form of a bit vector Intersection of bit vectors yielded final set of matched filters Designed achieved 2.5 Gbps

9 N parallel rule checks N comparators each search for a string at each offset within the packet Header processing and payload inspection can be pipelined to increase throughput. Sourdis and Pnevmatikatos achieved 10Gbps throughput.

10 Deterministic finite state automata Regular expressions - Vi(R|r)u(S|s) Deterministic automata were created using software tools and then mapped to FPGAs Each DFA searched for a separate string Achieved a throughput of 1.2Gbps – 2.5Gbps

11 Comments on literature Packet classification is a well rehearsed problem Many different solutions Leverage the well known header structure of received packets Deep packet inspection is a much harder problem to solve Obfuscated appearance of most packet payloads Greater need for raw processing power and parallelized implementations

12 Future project progress Currently: Waiting for new FPGA development board Browsing through Xilinx SDK to familiarise myself with Ethernet interfacing on the FPGA Searching the Internet for other open-source TCP/IP or Ethernet processing code segments Still to do: Finish implementation of complete system Testing and timings of final system Write report

Download ppt "Author Name Security and Networks Research Group Department of Computer Science Rhodes University SNRG SLIDE TEMPLATE."

Similar presentations

A Search Memory Substrate for High Throughput and Low Power Packet Processing Sangyeun Cho, Michel Hanna and Rami Melhem Dept. of Computer Science University.

A Search Memory Substrate for High Throughput and Low Power Packet Processing Sangyeun Cho, Michel Hanna and Rami Melhem Dept. of Computer Science University.
A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.

A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.
ECE Department: University of Massachusetts, Amherst ECE 354 Lab 3: Transmitting and Receiving Ethernet Packets.

ECE Department: University of Massachusetts, Amherst ECE 354 Lab 3: Transmitting and Receiving Ethernet Packets.
Basic IP Traffic Management with Access Lists

Basic IP Traffic Management with Access Lists
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.
A Memory-Efficient Reconfigurable Aho-Corasick FSM Implementation for Intrusion Detection Systems Authors: Seongwook Youn and Dennis McLeod Presenter:

A Memory-Efficient Reconfigurable Aho-Corasick FSM Implementation for Intrusion Detection Systems Authors: Seongwook Youn and Dennis McLeod Presenter:
400 Gb/s Programmable Packet Parsing on a Single FPGA Authors : Michael Attig 、 Gordon Brebner Publisher: 2011 Seventh ACM/IEEE Symposium on Architectures.

400 Gb/s Programmable Packet Parsing on a Single FPGA Authors : Michael Attig 、 Gordon Brebner Publisher: 2011 Seventh ACM/IEEE Symposium on Architectures.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
CSIE NCKU High-performance router architecture 高效能路由器的架構與設計.

CSIE NCKU High-performance router architecture 高效能路由器的架構與設計.
Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.
CS 268: Lectures 13/14 (Route Lookup and Packet Classification) Ion Stoica April 1/3, 2002.

CS 268: Lectures 13/14 (Route Lookup and Packet Classification) Ion Stoica April 1/3, 2002.
Two stage packet classification using most specific filter matching and transport level sharing Authors: M.E. Kounavis *,A. Kumar,R. Yavatkar,H. Vin Presenter:

Two stage packet classification using most specific filter matching and transport level sharing Authors: M.E. Kounavis *,A. Kumar,R. Yavatkar,H. Vin Presenter:
Packet Classification George Varghese. Original Motivation: Firewalls Firewalls use packet filtering to block say ssh and force access to web and mail.

Packet Classification George Varghese. Original Motivation: Firewalls Firewalls use packet filtering to block say ssh and force access to web and mail.
CS 268: Route Lookup and Packet Classification

CS 268: Route Lookup and Packet Classification
Algorithms for Advanced Packet Classification with TCAMs Karthik Lakshminarayanan UC Berkeley Joint work with Anand Rangarajan and Srinivasan Venkatachary.

Algorithms for Advanced Packet Classification with TCAMs Karthik Lakshminarayanan UC Berkeley Joint work with Anand Rangarajan and Srinivasan Venkatachary.
Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.

Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.
Chapter 9 Classification And Forwarding. Outline.

Chapter 9 Classification And Forwarding. Outline.
IP Addressing INTW 1325. 2 What is an IP address? An unique identifier for a computer or device (host) on a TCP/IP network A 32-bit binary number usually.

IP Addressing INTW What is an IP address? An unique identifier for a computer or device (host) on a TCP/IP network A 32-bit binary number usually.
1 Efficient packet classification using TCAMs Authors: Derek Pao, Yiu Keung Li and Peng Zhou Publisher: Computer Networks 2006 Present: Chen-Yu Lin Date:

1 Efficient packet classification using TCAMs Authors: Derek Pao, Yiu Keung Li and Peng Zhou Publisher: Computer Networks 2006 Present: Chen-Yu Lin Date:
 Author: Tsern-Huei Lee  Publisher: 2009 IEEE Transation on Computers  Presenter: Yuen-Shuo Li  Date: 2013/09/18 1.

 Author: Tsern-Huei Lee  Publisher: 2009 IEEE Transation on Computers  Presenter: Yuen-Shuo Li  Date: 2013/09/18 1.

Similar presentations

Ads by Google