Resource allocation in network processors for network intrusion prevention systems

  • Authors:

  • Yi-Neng Lin;Yao-Chung Chang;Ying-Dar Lin;Yuan-Chen Lai

  • Affiliations:

  • Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan;Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan;Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan;Department of Information Management, National Taiwan University of Science and Technology, Taipei, Taiwan

  • Venue:
  • Journal of Systems and Software
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

Networking applications with high memory access overhead gradually exploit network processors that feature multiple hardware multithreaded processor cores along with a versatile memory hierarchy. Given rich hardware resources, however, the performance depends on whether those resources are properly allocated. In this work, we develop an NIPS (Network Intrusion Prevention System) edge gateway over the Intel IXP2400 by characterizing/mapping the processing stages onto hardware components. The impact and strategy of resource allocation are also investigated through internal and external benchmarks. Important conclusions include: (1) the system throughput is influenced mostly by the total number of threads, namely IxJ, where I and J represent the numbers of processors and threads per processor, respectively, as long as the processors are not fully utilized, (2) given an application, algorithm and hardware specification, an appropriate (I, J) for packet inspection can be derived and (3) the effectiveness of multiple memory banks for tackling the SRAM bottleneck is affected considerably by the algorithms adopted.