A Packet Classification Architecture with Low Storage Requirements
Date Issued
2007
Date
2007
Author(s)
Cho, Sheng-Hsun
DOI
zh-TW
Abstract
Packet classification is an important part of many Internet security applications, such as firewalls and intrusion detection. A packet classifier uses packet header information to decide if a packet matches any rule in a rule database. There exist many algorithms in this research area. However, many of them have the drawback of requiring a large amount of memory storage in general and consume small amount of memory only in some particular conditions, like using some kind of rule databases or with several restrictions. When the contents of the rule database changes, the memory requirement may become unaffordable, even the rule number remains the same. If those packet classifiers are going to be implemented on hardware, they may not be accepted due to the memory requirement and the limited amount of memory on hardware. To overcome this problem, we proposed a packet classification architecture called Probable Bit Vector (PBV), which combines the concepts of aggregated and folded bit vectors, the rule rearrangement, the Split IP Index Table data structure, and FPGA hardware circuits. With this architecture, we can guarantee that in any case the maximum amount of memory requirement will not exceed a relatively small number, and experiments with synthetically generated rule databases have showed that the average performance is still acceptable.
Subjects
封包分類
位元向量
聚集
折積
FPGA
Packet Classification
Bit Vector
Aggregate
Folding
Type
thesis
File(s)![Thumbnail Image]()
Loading...
Name
ntu-96-R94921092-1.pdf
Size
23.31 KB
Format
Adobe PDF
Checksum
(MD5):b5f559dbed73cd00b97c3c26a84e59cd