Improving IPS by network processors

  • Authors:

  • Pablo Cascón;Julio Ortega;Yan Luo;Eric Murray;Antonio Díaz;Ignacio Rojas

  • Affiliations:

  • Department of Computer Architecture and Technology, University of Granada, Granada, Spain;Department of Computer Architecture and Technology, University of Granada, Granada, Spain;Department of Electrical and Computer Engineering, University of Massachusetts Lowell, Lowell, USA;Department of Electrical and Computer Engineering, University of Massachusetts Lowell, Lowell, USA;Department of Computer Architecture and Technology, University of Granada, Granada, Spain;Department of Computer Architecture and Technology, University of Granada, Granada, Spain

  • Venue:
  • The Journal of Supercomputing
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

Many present applications usually require high communication throughputs. Multiprocessor nodes and multicore architectures, as well as programmable NICs (Network Interface Cards) provide new opportunities to take advantage of the available multigigabits per second link bandwidths. Nevertheless, to achieve adequate communication performance levels efficient parallel processing of network tasks and interfaces should be considered. In this paper, we leverage network processors as heterogeneous microarchitectures with several cores that implement multithreading and are suited for packet processing, to investigate on the use of parallel processing to accelerate the network interface, and thus the network applications developed above it. More specifically, we have implemented an intrusion prevention system (IPS) with such a network processor. We describe the IPS we have developed that after its offloaded implementation allows faster packet processing of both normal and corrupted traffic. The benefits from placing the IPS close to the network, by using specialized network processors, give many times lower latency and higher bandwidth available to the legitimate traffic.