FPL-3: towards language support for distributed packet processing

Authors:
Mihai-Lucian Cristea;Willem de Bruijn;Herbert Bos
Affiliations:
Leiden University;Vrije Universiteit Amsterdam, De Boelelaan, The Netherlands;Vrije Universiteit Amsterdam, De Boelelaan, The Netherlands
Venue:
NETWORKING'05 Proceedings of the 4th IFIP-TC6 international conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communication Systems
Year:
2005

Citing 6
Cited 7

An extensible probe architecture for network protocol performance measurement

Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
BPF+: exploiting global data-flow optimization in a generalized packet filter architecture

Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Stateful Intrusion Detection for High-Speed Networks

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
FFPF: fairly fast packet filters

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
The BSD packet filter: a new architecture for user-level packet capture

USENIX'93 Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings

OS support for multi-gigabit networking

Proceedings of the twentieth ACM symposium on Operating systems principles
Dynamically extending the Corral with native code for high-speed packet processing

Computer Networks: The International Journal of Computer and Telecommunications Networking - Active networks
The token based switch: per-packet access authorisation to optical shortcuts

NETWORKING'07 Proceedings of the 6th international IFIP-TC6 conference on Ad Hoc and sensor networks, wireless networks, next generation internet
FPL-3E: towards language support for reconfigurable packet processing

SAMOS'05 Proceedings of the 5th international conference on Embedded Computer Systems: architectures, Modeling, and Simulation
SafeCard: a gigabit IPS on the network card

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles

ACM SIGOPS 24th Symposium on Operating Systems Principles
Dandelion: a compiler and runtime for heterogeneous systems

Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles

Quantified Score

Hi-index	0.00

Visualization

Abstract

The FPL-3 packet filtering language incorporates explicit support for distributed processing into the language. FPL-3 supports not only generic header-based filtering, but also more demanding tasks, such as payload scanning, packet replication and traffic splitting. By distributing FPL-3 based tasks across a possibly heterogeneous network of processing nodes, the NET-FFPF network monitoring architecture facilitates very high speed packet processing. Results show that NET-FFPF can perform complex processing at gigabit speeds. The proposed framework can be used to execute such diverse tasks as load balancing, traffic monitoring, firewalling and intrusion detection directly at the critical high-bandwidth links (e.g., in enterprise gateways).