Efficient packet classification for network intrusion detection using FPGA
Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays
Algorithms for advanced packet classification with ternary CAMs
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Hardware acceleration for database systems using content addressable memories
DaMoN '05 Proceedings of the 1st international workshop on Data management on new hardware
Packet classifiers in ternary CAMs can be smaller
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
A TCAM-Based Parallel Architecture for High-Speed Packet Forwarding
IEEE Transactions on Computers
Fast data stream algorithms using associative memories
Proceedings of the 2007 ACM SIGMOD international conference on Management of data
Wire speed packet classification without tcams: a few more registers (and a bit of logic) are enough
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Fast packet classification for Snort by native compilation of rules
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Journal of Computer Systems, Networks, and Communications
Small subset queries and bloom filters using ternary associative memories, with applications
Proceedings of the ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Simple efficient TCAM based range classification
INFOCOM'10 Proceedings of the 29th conference on Information communications
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Fast computation of database operations using content-addressable memories
DEXA'06 Proceedings of the 17th international conference on Database and Expert Systems Applications
Layered interval codes for TCAM-based classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Efficient gray-code-based range encoding schemes for packet classification in TCAM
IEEE/ACM Transactions on Networking (TON)
| Hi-index | 0.00 |
Today's packet classification systems are designed to provide the highest priority matching result, e.g., the longest prefix match, even if a packet matches multiple classification rules. However, new network applications, such as intrusion detection systems, require information about all the matching results. We call this the multi-match classification problem. In several complex network applications, multi-match classification is immediately followed by other processing dependent on the classification results. Therefore, classification should be even faster than the line rate. Pure software solutions cannot be used due to their slow speeds. We present a solution based on ternary content addressable memory (TCAM), which produces multi-match classification results with only one TCAM lookup and one SRAM lookup per packet - about ten times fewer memory lookups than a pure software approach. In addition, we present a scheme to remove the negation format in rule sets, which can save up to 95% of TCAM space compared with the straight forward solution. We show that using our pre-processing scheme, header processing for the SNORT rule set can be done with one TCAM and one SRAM lookup using a 135 KB TCAM.