Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:"— Presentation transcript:

1 1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher: IEEE GLOBECOM, 2007 Presenter: Chen – Yu Lin Date: Aug, 4, 2008

2 2 Outline Introduction String matching as LPM (Longest Prefix Matching) Evaluation and analysis

3 3 Introduction (1/2) Deep packet content inspection is one of the most significant challenges and important issues to provide security service in high speed network. Boyer-Moore algorithm has the best search performance amount current well-known single pattern matching algorithm. Aho-Corasick and Wu-Manber are the two most well-known multiple- pattern matching algorithm.

4 4 Introduction (2/2) A novel scheme, “String Matching as Longest Prefix Matching”, is presented for applying the existing layer-3 LPM techniques of IP lookup to the layer-7 packet content inspection. In this paper, we show that IP lookup can be applied to the content inspection by employing the analogy between IP lookup and automaton-based string matching algorithms.

5 5 String Matching as LPM (1/11) The proposed model for performing string matching by LPM consists of two stages. 1. State transition by LPM-based table lookup. 2. Searches the pattern ID if the output of the first stage is an accept state. The fundamentality of all kinds of FSA operations is based on state transitions. Ascii code (u=8) Snort 2.4 patterns is 21595 (v=16) Input symbol : a Current state : b Index = { a:b } 8 16 a b

6 6 String Matching as LPM (2/11) The index is used to lookup the corresponding next state in the state table. The major job of the 2 nd stage, pattern search, is to determine whether the output state of state table lookup is an accepting state or not. If it is, then find the matched pattern ID. The state table in state table lookup stage can be represented as a state transition matrix as follows: e (x,y) : next state when current state y receives the input symbol x

7 7 String Matching as LPM (3/11) An IP lookup algorithm : Multibit trie It segments the 32bit IP address a.b.c.d into two parts: a.b.c & d The concept of this IP lookup algorithm can be adopted straightforwardly to use 24 bits as the index in our proposal. The original 2 24 elements in the automaton matrix can be rearranged as follows: Determine the next state

8 8 String Matching as LPM (4/11) We straightforwardly assume the combination of the current state and input symbol to be the index and determine the next state using directly-lookup mechanism. The next state and Index are seen as the next hop and IP address in LPM,respectively. Definitions: Index (x,y) = { w 23, w 22, …, w 15, …, w 0 } There are two ways to design the data structure of the state table: State-wise prefix : { v 15, …, v 0, u 7, …, u 0 } This design is suitable for the case when M is an NFA. Symbol-wise prefix : {u 7, …, u 0, v 15, …, v 0 }

9 9 String Matching as LPM (5/11) Nevertheless, it is interesting to see that when M is a DFA, for each symbol x, most of e (x,y) have the same next state for different current state y. Magic state of x (denoted as ms(x)).

10 10 String Matching as LPM (6/11) This provides the opportunity to aggregate many consecutive entries into one entry with shorter prefix length. For example: u=2, v=3, and e (x,y-1) = e (x,y) Assume that x = 3(11), y = 5(101), then we have e (11,100) = e (11,101) In other words, the 28 th (11100) and 29 th (11101) entry of state table can be merged into one entry with prefix 1110*. This symbol-wise prefix is the primary key that enables the state table lookup to be processed by using the LPM lookup algorithm.

11 11 String Matching as LPM (7/11) When u = 8 and v = 16, for the matrix M constructed by the Snort 2.4 patterns, the number of entries is dramatically reduced to 590453 from 16-million(2 24 ) entries when the symbol-wise prefix is employed, requiring only 3.5% of original number of entries.

12 12 String Matching as LPM (8/11) The magic state feature can be further applied to the symbol-wise prefix to reduce the prefix length. In matrix M, if e (x,y) = ms(x), the corresponding Index (x,y) will be transformed to Index ’ (x,y) = { w 23, w 22, …, w 16, *, *,…,* } More precisely, all the entries with the next state equals to the magic state can be merged into one symbol-wise prefix with a length of 8.

13 13 String Matching as LPM (9/11) With the magic state, the total number of prefix entries decreases to 273212, and the total number of the lookup table entries is dramatically reduced to only 1.5% (273k / 16-million).

14 14 String Matching as LPM (10/11) [12] presented a data structure for forwarding table named Lulea algorithm designed for fast routing lookups. By ingenious design, it enables the IP routing table to be compressed for storing in the cache of a processor through three elegant structures: Code word array Base index array Maptable In Lulea, the routing prefix is segmented into three levels: One 16-bit level. Two 8-bit levels.

15 15 String Matching as LPM (11/11) When precessing the next state lookup: Use first 8 bits of Index to decide which code word array and base index array are needed for the lookup. Then, execute level-1 of the Lulea algorithm with the last 16 bits to obtain the next state value.

16 16 Evaluation and analysis E m (MB) : memory size E t (Mbps) : throughput E : overall efficiency [16] [12]

Download ppt "1 Performing packet content inspection by longest prefix matching technology Authors: Nen-Fu Huang, Yen-Ming Chu, Yen-Min Wu and Chia- Wen Ho Publisher:"

Similar presentations

A Search Memory Substrate for High Throughput and Low Power Packet Processing Sangyeun Cho, Michel Hanna and Rami Melhem Dept. of Computer Science University.

A Search Memory Substrate for High Throughput and Low Power Packet Processing Sangyeun Cho, Michel Hanna and Rami Melhem Dept. of Computer Science University.
Author : Xinming Chen,Kailin Ge,Zhen Chen and Jun Li Publisher : ANCS, 2011 Presenter : Tsung-Lin Hsieh Date : 2011/12/14 1.

Author : Xinming Chen,Kailin Ge,Zhen Chen and Jun Li Publisher : ANCS, 2011 Presenter : Tsung-Lin Hsieh Date : 2011/12/14 1.
Authors: Wei Lin, Bin Liu Publisher: ICPADS, 2008 (IEEE International Conference on Parallel and Distributed Systems) Presenter: Chia-Yi, Chu Date: 2014/03/05.

Authors: Wei Lin, Bin Liu Publisher: ICPADS, 2008 (IEEE International Conference on Parallel and Distributed Systems) Presenter: Chia-Yi, Chu Date: 2014/03/05.
A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.

A Scalable and Reconfigurable Search Memory Substrate for High Throughput Packet Processing Sangyeun Cho and Rami Melhem Dept. of Computer Science University.
An On-Chip IP Address Lookup Algorithm Author: Xuehong Sun and Yiqiang Q. Zhao Publisher: IEEE TRANSACTIONS ON COMPUTERS, 2005 Presenter: Yu Hao, Tseng.

An On-Chip IP Address Lookup Algorithm Author: Xuehong Sun and Yiqiang Q. Zhao Publisher: IEEE TRANSACTIONS ON COMPUTERS, 2005 Presenter: Yu Hao, Tseng.
1 An Efficient, Hardware-based Multi-Hash Scheme for High Speed IP Lookup Hot Interconnects 2008 Socrates Demetriades, Michel Hanna, Sangyeun Cho and Rami.

1 An Efficient, Hardware-based Multi-Hash Scheme for High Speed IP Lookup Hot Interconnects 2008 Socrates Demetriades, Michel Hanna, Sangyeun Cho and Rami.
Low Power TCAM Forwarding Engine for IP Packets Authors: Alireza Mahini, Reza Berangi, Seyedeh Fatemeh and Hamidreza Mahini Presenter: Yi-Sheng, Lin (

Low Power TCAM Forwarding Engine for IP Packets Authors: Alireza Mahini, Reza Berangi, Seyedeh Fatemeh and Hamidreza Mahini Presenter: Yi-Sheng, Lin (
An Efficient IP Address Lookup Algorithm Using a Priority Trie Authors: Hyesook Lim and Ju Hyoung Mun Presenter: Yi-Sheng, Lin ( 林意勝 ) Date: Mar. 11, 2008.

An Efficient IP Address Lookup Algorithm Using a Priority Trie Authors: Hyesook Lim and Ju Hyoung Mun Presenter: Yi-Sheng, Lin ( 林意勝 ) Date: Mar. 11, 2008.
IP Address Lookup for Internet Routers Using Balanced Binary Search with Prefix Vector Author: Hyesook Lim, Hyeong-gee Kim, Changhoon Publisher: IEEE TRANSACTIONS.

IP Address Lookup for Internet Routers Using Balanced Binary Search with Prefix Vector Author: Hyesook Lim, Hyeong-gee Kim, Changhoon Publisher: IEEE TRANSACTIONS.
1 MIPS Extension for a TCAM Based Parallel Architecture for Fast IP Lookup Author: Oğuzhan ERDEM Cüneyt F. BAZLAMAÇCI Publisher: ISCIS 2009 Presenter:

1 MIPS Extension for a TCAM Based Parallel Architecture for Fast IP Lookup Author: Oğuzhan ERDEM Cüneyt F. BAZLAMAÇCI Publisher: ISCIS 2009 Presenter:
1 Searching Very Large Routing Tables in Wide Embedded Memory Author: Jan van Lunteren Publisher: GLOBECOM 2001 Presenter: Han-Chen Chen Date: 2010/01/06.

1 Searching Very Large Routing Tables in Wide Embedded Memory Author: Jan van Lunteren Publisher: GLOBECOM 2001 Presenter: Han-Chen Chen Date: 2010/01/06.
1 A Tree Based Router Search Engine Architecture With Single Port Memories Author: Baboescu, F.Baboescu, F. Tullsen, D.M. Rosu, G. Singh, S. Tullsen, D.M.Rosu,

1 A Tree Based Router Search Engine Architecture With Single Port Memories Author: Baboescu, F.Baboescu, F. Tullsen, D.M. Rosu, G. Singh, S. Tullsen, D.M.Rosu,
Power Efficient IP Lookup with Supernode Caching Lu Peng, Wencheng Lu*, and Lide Duan Dept. of Electrical & Computer Engineering Louisiana State University.

Power Efficient IP Lookup with Supernode Caching Lu Peng, Wencheng Lu*, and Lide Duan Dept. of Electrical & Computer Engineering Louisiana State University.
Deterministic Memory- Efficient String Matching Algorithms for Intrusion Detection Nathan Tuck, Timothy Sherwood, Brad Calder, George Varghese Department.

Deterministic Memory- Efficient String Matching Algorithms for Intrusion Detection Nathan Tuck, Timothy Sherwood, Brad Calder, George Varghese Department.
Efficient IP-Address Lookup with a Shared Forwarding Table for Multiple Virtual Routers Author: Jing Fu, Jennifer Rexford Publisher: ACM CoNEXT 2008 Presenter:

Efficient IP-Address Lookup with a Shared Forwarding Table for Multiple Virtual Routers Author: Jing Fu, Jennifer Rexford Publisher: ACM CoNEXT 2008 Presenter:
1 A Novel Scalable IPv6 Lookup Scheme Using Compressed Pipelined Tries Author: Michel Hanna, Sangyeun Cho, and Rami Melhem Publisher: NETWORKING 2011 Presenter:

1 A Novel Scalable IPv6 Lookup Scheme Using Compressed Pipelined Tries Author: Michel Hanna, Sangyeun Cho, and Rami Melhem Publisher: NETWORKING 2011 Presenter:
Efficient Multidimensional Packet Classification with Fast Updates Author: Yeim-Kuan Chang Publisher: IEEE TRANSACTIONS ON COMPUTERS, VOL. 58, NO. 4, APRIL.

Efficient Multidimensional Packet Classification with Fast Updates Author: Yeim-Kuan Chang Publisher: IEEE TRANSACTIONS ON COMPUTERS, VOL. 58, NO. 4, APRIL.
Parallel-Search Trie-based Scheme for Fast IP Lookup

Parallel-Search Trie-based Scheme for Fast IP Lookup
Performance Evaluation of IPv6 Packet Classification with Caching Author: Kai-Yuan Ho, Yaw-Chung Chen Publisher: ChinaCom 2008 Presenter: Chen-Yu Chaug.

Performance Evaluation of IPv6 Packet Classification with Caching Author: Kai-Yuan Ho, Yaw-Chung Chen Publisher: ChinaCom 2008 Presenter: Chen-Yu Chaug.
1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.

1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.

Similar presentations

Ads by Google