Front end device for content networking
10 Mar 2008-pp 1456-1461
TL;DR: This paper proposes an architecture for a device that will utilize hardware-level string matching to distribute incoming requests for a server farm, implemented in VHDL, synthesized, and laid out on an Altera FPGA.
Abstract: The bandwidth and speed of network connections are continually increasing. The speed increase in network technology is set to soon outpace the speed increase in CMOS technology. This asymmetrical growth is beginning to causing software applications that once worked with then current levels of network traffic to flounder under the new high data rates. Processes that were once executed in software now have to be executed, partially if not wholly in hardware. One such application that could benefit from hardware implementation is high layer routing. By allowing a network device to peer into higher layers of the OSI model, the device can scan for viruses, provide higher quality-of-service (QoS), and efficiently route packets. This paper proposes an architecture for a device that will utilize hardware-level string matching to distribute incoming requests for a server farm. The proposed architecture is implemented in VHDL, synthesized, and laid out on an Altera FPGA.
Citations
More filters
TL;DR: This special purpose processor is a parallel and pipelined architecture which can deal with the regular expression semantics and can achieve 200-400 times speedup over traditional CPU implementations and up to 7.9Gbps in processing throughput.
3 citations
Journal Article•
TL;DR: An extensible firewall has been implemented that performs packet filtering, content scanning, and per-flow queuing of Internet packets at Gigabit/second rates as mentioned in this paper, using layered protocol wrappers to parse the content of Internet data.
Abstract: An extensible firewall has been implemented that performs packet filtering, content scanning, and per-flow queuing of Internet packets at Gigabit/second rates The firewall uses layered protocol wrappers to parse the content of Internet data Packet payloads are scanned for keywords using parallel regular expression matching circuits Packet headers are compared to rules specified in Ternary Content Addressable Memories (TCAMs) Per-flow queuing is performed to mitigate the effect of Denial of Service attacks All packet processing operations were implemented with reconfigurable hardware and fit within a single Xilinx Virtex XCV2000E Field Programmable Gate Array (FPGA) The single-chip firewall has been used to filter Internet SPAM and to guard against several types of network intrusion Additional features were implemented in extensible hardware modules deployed using run-time reconfiguration
3 citations
01 Jan 2014
TL;DR: This paper implemented search process to perform compressed pattern matching in binary Huffman encoded texts by applying Brute-Force Search algorithm and evaluating pattern matching processes in terms of clock cycle.
Abstract: High speed and always-on network access is becoming commonplace around the world, creating a demand for increased network security. Network Intrusion Detection Systems (NIDS) attempt to detect and prevent attacks from the network using pattern-matching rules. Data compression methods are used to reduce the data storage requirement. Searching a compressed pattern in the compressed text reduces the internal storage requirement and computation resources. In this paper we implemented search process to perform compressed pattern matching in binary Huffman encoded texts. Brute-Force Search algorithm is applied comparing a single bit per clock cycle and comparing an encoded character per clock cycle. Pattern matching processes are evaluated in terms of clock cycle.
References
More filters
01 Sep 2003
TL;DR: An extensible firewall has been implemented that performs packet filtering, content scanning, and per-flow queuing of Internet packets at Gigabit/second rates and to mitigate the effect of Denial of Service attacks.
Abstract: An extensible firewall has been implemented that performs packet filtering, content scanning, and per-flow queuing of Internet packets at Gigabit/second rates. The firewall uses layered protocol wrappers to parse the content of Internet data. Packet payloads are scanned for keywords using parallel regular expression matching circuits. Packet headers are compared to rules specified in Ternary Content Addressable Memories (TCAMs). Per-flow queuing is performed to mitigate the effect of Denial of Service attacks. All packet processing operations were implemented with reconfigurable hardware and fit within a single Xilinx Virtex XCV2000E Field Programmable Gate Array (FPGA). The single-chip firewall has been used to filter Internet SPAM and to guard against several types of network intrusion. Additional features were implemented in extensible hardware modules deployed using run-time reconfiguration.
54 citations
"Front end device for content networ..." refers methods in this paper
...In [6], a firewall was implemented in hardware....
[...]
TL;DR: A TCAM architecture that can be used on top of the previously reported power saving techniques and it offers additional 30% reduction in power consumption is proposed.
11 citations
11 Mar 2002
TL;DR: This paper presents a management system that can support a configurable and high-performance server farm with layer-7 routing, and devised a data structure termed URL table to hold content-related information for making content-aware routing decisions.
Abstract: Service replication on a server farm is becoming increasingly widespread as the explosive growth of the Web is straining the architecture of many Internet sites. Layer-7 routing, routing packets based on requested content, has been recognized as a powerful approach to distribute workload among these server farms. However, little attention has been given to how to configure content-related knowledge into the layer-7 routing mechanisms. In addition, the used data structures for storing content-related knowledge and lookup operation for making routing decisions are also unclear. This paper presents a management system that can support a configurable and high-performance server farm with layer-7 routing. In this system, we devised a data structure termed URL table to hold content-related information for making content-aware routing decisions. We also propose a novel idea termed "URL Formalization", which provide a scalable solution to speedup the content-aware request routing.
9 citations