Download presentation
Presentation is loading. Please wait.
Published byMarshall Terry Modified over 9 years ago
1
TCAM –BASED REGULAR EXPRESSION MATCHING SOLUTION IN NETWORK Phase-I Review 14-12-15 Supervised By, Presented By, MRS. SHARMILA,M.E., M.ARULMOZHI, AP/CSE. 812813405004. 1
2
ABSTRACT Regular expression is a core component of deep packet inspection in modern networking and security devices. Hardware based RE matching approach that uses Ternary Content Addressable Memory(TCAM) used for packet classification. TCAM is available as off-the-shelf chips is deployed in modern networking devices. Three techniques are used to reduce TCAM space and improve RE matching speed.RE matching algorithm are based on the DFA set of regular expressions. 2
3
OBJECTIVE To achieve potential RE matching throughput using TCAM based on the Deterministic Finite State Automata(DFA). 3
4
EXISTING SYSTEM RE matching algorithms are either software based or FPGA based. Deep packet inspection used string matching, Whether a packet’s payload matches any of a set of predefined strings. 4
5
DISADVANTAGE Deployment cost is high. Handling RE updates is slow. It is difficult to deploy. 5
6
1:An Efficient Regular Expressions Compression Algorithm From A New Perspective(2011) To reduce the memory usage of DFAs of multi regular expressions. A new perspective, namely observing the characteristic of transition distribution inside each state, which is different from schemes that observe the characteristic among states. State minimization. 6
7
2:CompactDFA: Generic State Machine Compression for Scalable Pattern Matching(2010) To analyze the pattern matching problem to the IP-lookup problem. The usage of TCAM for pattern matching, a hardware device that is commonly used for IP-lookup and packet classification and is deployed in many core routers. 7
8
3:Bit weaving a non-prefix approach to compressing packet classifiers in TCAM`S(2009) Supports fast incremental updates to classifiers, and it can be deployed on existing classification hardware. Its speed and its ability to find different compression opportunities than existing compromising schemes. 8
9
4:Extending Finite Automata to Efficiently Match Perl-Compatible Regular Expressions(2008) Deterministic finite automata (DFAs) offer the advantage of a limited memory bandwidth requirement. In particular, they require only a single state traversal for each input character processed, independent of the number of regular expressions in the data-set. Handle memory space and bandwidth requirements. 9
10
5:Modeling TCAM Power for Next Generation Network Devices(2006) In high-speed networking applications, TCAM has been used as one of the principal components due to its ability to perform fully associative ternary search. TCAM power model that can be directly compared against comparable SRAM, cache, and logic models. High Performance Look up system which takes constant time. 10
11
PROPOSED SYSTEM TCAM based RE matching solutions. Two techniques that minimize the TCAM space for storing a DFA- transition sharing and table consolidation. To improve RE matching speed use variable striding. ADVANTAGES High-speed is achieved. Deployment cost is reduced. Large DFA’s are stored. 11
12
ADVANTAGES High-speed is achieved. Deployment cost is reduced. Large DFA’s are stored 12
13
SYSTEM ARCHITECTURE 13
14
DATA FLOW DIAGRAM 14
15
MODULES 1.Peer construction and process 2.Firewall process 3.Encoding for character bundling 4.Shadow encoding 5.Table consolidation 6. Variable striding 15
16
1.PEER CONSTRUCTION AND PROCESS 16
17
DESCRIPTION To construct the peer process, it contains two phases named process and initialization. Initialization phase To assign the IP address and port number for this peer, and collected information’s are stored into database. Process phase received the peer from the process and enter into packet conversion. The peer is converted into set of expressions. Then insert a packet and forward to the destination. 17
18
2.FIREWALL PROCESS 18
19
DESCRIPTION The packets are enter into firewall. Firewall decides whether the nodes are allowed or not. Then Initialize the TCAM entry. Selection process is based on either 36 bit or 72 bit. Once decide the selection process TCAM has been initialized and receive the packets then extract the expression values into corresponding packets. 19
20
CONCLUSION TCAM space is minimized by Transition Sharing and Table consolidation and RE matching speed is increased by Variable Striding. Small TCAMs are capable of storing large DFAs. 20
21
REFERENCES T. Liu, Y. Yang, Y. Liu, Y. Sun, and L. Guo, “An efficient regular expressions compression algorithm from a new perspective,” in IEEEINFOCOM, 2011, pp. 2129–2137. A. Bremler-Barr, D. Hay, and Y. Koral, “CompactDFA: generic state machine compression for scalable pattern matching,” in IEEE INFOCOM,2010, pp. 659– 667. C. R. Meiners, A. X. Liu, and E. Torng, “Bit weaving: A non-prefix approach to compressing packet classifiers in TCAMs,” in Proc. 17 th IEEE Conf. on Network Protocols (ICNP), October 2009. S. Kong, R. Smith, and C. Estan, “Efficient signature matching with multiple alphabet compression tables,” in ACM SecureComm, 2008. M. Becchi and P. Crowley, “Extending finite automata to efficiently match perl- compatible regular expressions,” in Proc. CoNEXT, 2008. B. Agrawal and T. Sherwood, “Modeling TCAM power for next generation network devices,” in Proc. IEEE Int. Symposium on Performance Analysis of Systems and Software, 2006, pp. 120– 129. M. Becchi and P. Crowley, “A hybrid finite automaton for practical deep packet inspection,” in Proc. CoNext, 2007. 21
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.