Efficient binary cutting packet classification

Packet classification is the process of distributing packets into ‘flows’ in an internet router. Router processes all packets which belong to predefined rule sets in similar manner& classify them to decide upon what all services packet should receive. It plays an important role in both edge and core routers to provideadvanced network service such as quality of service, firewalls and intrusion detection. These services require the ability to categorize & isolate packet traffic in different flows for proper processing. Packet classification remains a classical problem, even though lots of researcher working on the problem. Existing algorithms such asHyperCuts,boundary cutting and HiCuts have achieved an efficient performance by representing rules in geometrical method in a classifier and searching for a geometric subspace to which each inputpacket belongs. Some fixed interval-based cutting not relating to the actual space that eachrule covers is ineffective and results in a huge storage requirement. However, the memoryconsumption of these algorithms remains quite high when high throughput is required.Hence in this paper we are proposing a new efficient splitting criterion which is memory andtime efficient as compared to other mentioned techniques. Our proposed approach known as (ABC) Adaptive Binary Cuttingproducesa set of different-sized cuts at each decision step, with the goal to balance the distribution offilters and to reduce the filter duplication effect. The proposed algorithmuses stronger andmore straightforward criteria for decision treeconstruction. Experimental results will showthe effectiveness of proposed algorithm as compared to existing algorithm using differentparameters such as time & memory. In this paper, no symmetrical size cut at each decision node, with aim to make a distribution of filters balanced and also to reduce redundancy in filter

Packet Classification based on Boundary Cutting analysis by using Bloom Filters

Packet classification has received a great deal of attention over the half decade in applications such as Quality of Service (QoS), security, firewalls, Network Intrusion Detection System (NIDS), multimedia services, differentiated services. They perform different operations at different flows. Existing decision-tree-based packet classification algorithms, HiCuts and HyperCuts perform search by geometrical representation of rules in a classifier by searching for a geometric space to which packet belongs. These decision tree algorithms have complications in finding number of cuts and the field. Also fixed interval-based cutting not covers the actual space for each rule. Hence it is ineffective and requires huge storage requirement. In recent years, Bloom Filter, which is space-efficient and probabilistic data structure for membership queries, becomes popular in many network applications. It requires small amount of memory and used to avoid lookups to sustain high throughput. It handles the large database and provides security in network applications like NIDS. This paper presents a boundary cutting (BC) scenario which exploits the structure of classifiers. It finds out the space that each rule covers and perform cutting according to rule boundary. Hence it is deterministic, and more effective in providing improved search performance and efficient in memory requirement. Security roles are also considered during classification. DOI: 10.17762/ijritcc2321-8169.15075

Real Time Packet Classification and Analysis based on Bloom Filter for Longest Prefix Matching

Packet classification is an enabling function in network and security systems; hence, hardware-based solutions, such as TCAM (Ternary Content Addressable Memory), have been extensively adopted for high-performance systems. With the expeditious improvement of hardware architectures and burgeoning popularity of multi-core multi-threaded processors, decision-tree based packet classification algorithms such as HiCuts and HyperCuts are grabbing considerable attention, outstanding to their flexibility in satisfying miscellaneous industrial requirements for network and security systems. For high classification speed, these algorithms internally use decision trees, whose size increases exponentially with the ruleset size; consequently, they cannot be used with a large rulesets. However, these decision tree algorithms involve complicated heuristics for concluding the number of cuts and fields. Moreover, ?xed interval-based cutting not depicting the actual space that each rule covers is defeasible and terminates in a huge storage requirement. We propose a new packet classification that simultaneously supports high scalability and fast classification performance by using Bloom Filter. Bloom uses hash table as a data structure which is an efficient data structure for membership queries to avoid lookup in some subsets which contain no matching rules and to sustain high throughput by using Longest Prefix Matching (LPM) algorithm. Hash table data structure which improves the performance by providing better boundaries on the hash collisions and memory accesses per search. The proposed classification algorithm also shows good scalability, high classification speed, irrespective of the number of rules. Performance analysis results show that the proposed algorithm enables network and security systems to support heavy traffic in the most effective manner

High performance modified bit-vector based packet classification module on low-cost FPGA

The packet classification plays a significant role in many network systems, which requires the incoming packets to be categorized into different flows and must take specific actions as per functional and application requirements. The network system speed is continuously increasing, so the demand for the packet classifier also increased. Also, the packet classifier's complexity is increased further due to multiple fields should match against a large number of rules. In this manuscript, an efficient and high performance modified bitvector (MBV) based packet classification (PC) is designed and implemented on low-cost Artix-7 FPGA. The proposed MBV based PC employs pipelined architecture, which offers low latency and high throughput for PC. The MBV based PC utilizes <2% slices, operating at 493.102 MHz, and consumes 0.1 W total power on Artix-7 FPGA. The proposed PC considers only 4 clock cycles to classify the incoming packets and provides 74.95 Gbps throughput. The comparative results in terms of hardware utilization and performance efficiency of proposed work with existing similar PC approaches are analyzed with better constraints improvement

Design of High Performance Packet Classification Architecture for Communication Networks

Packet classification is a crucial technique for secure communication and networking. Security tools and internet services use packet classification technique which involves checking of packets against predefined rules stored in a classifier. The performance of the available software solutions of classification is not desirable and efficient for wire speed processing in high speed networks. Ternary Content Addressable Memory (TCAM), Bit-Vector (BV), field split bit vector (FSBV) and StrideBV algorithm are hardware based packet classification algorithms. In this paper, simple and memory efficient approach for packet classification has been proposed using Xnor gate instead of using lookup tables called XnorBV approach. Packet header fields of Internet protocol (IP) addresses and protocol layer are classified using Xnor gate against predefined ruleset which also support ternary bit pattern of ‘1’, ‘0’ and ‘*’ while port numbers of packet header support range match by comparing port numbers against lower bound and upper bound. The proposed parallel pipelined architecture can sustain a high throughput of +100 Gbps and low latency. The proposed method is memory efficient than other existing techniques, also supports prefix, range and exact match without use of range to prefix conversion. Also proposed XnorBV architecture is independent of ruleset feature and supports multiple dimension classification

A High-Speed Range-Matching TCAM for Storage-Efficient Packet Classification

Abstract—A critical issue in the use of TCAMs for packet classification is how to efficiently represent rules with ranges, known as range matching. A range-matching ternary content addressable memory (RM-TCAM) including a highly functional range-matching cell (RMC) is presented in this paper. By offering various range operators, the RM-TCAM can reduce storage expansion ratio from 4.21 to 1.01 compared with conventional TCAMs, under real-world packet classification rule sets, which results in reduced power consumption and die area. A new pre-discharging match-line scheme is used to realize high-speed searching in a dynamic match-line structure. An additional charge-recycling driver further reduces the power consumption of search lines. Simulation results of a 256 64-bit range-matching TCAM, when implemented in the 0.13- m CMOS technology, achieves a 1.99-ns search time with an energy efficiency of 1.26 fJ/bit/search. While a TCAM including range encoding approach requires an additional SRAM or DRAM, the RM-TCAM can improve storage efficiency without any extra components as well as reduce the die area

Hardware support for real-time network security and packet classification using field programmable gate arrays

Deep packet inspection and packet classification are the most computationally expensive operations in a Network Intrusion Detection (NID) system. Deep packet inspection involves content matching where the payload of the incoming packets is matched against a set of signatures in the database. Packet classification involves inspection of the packet header fields and is basically a multi-dimensional matching problem. Any matching in software is very slow in comparison to current network speeds. Also, both of these problems need a solution which is scalable and can work at high speeds. Due to the high complexity of these matching problems, only Field-Programmable Gate Array (FPGA) or Application-Specific Integrated Circuit (ASIC) platforms can facilitate efficient designs. Two novel FPGA-based NID solutions were developed and implemented that not only carry out pattern matching at high speed but also allow changes to the set of stored patterns without resource/hardware reconfiguration; to their advantage, the solutions can easily be adopted by software or ASIC approaches as well. In both solutions, the proposed NID system can run while pattern updates occur. The designs can operate at 2.4 Gbps line rates, and have a memory consumption of around 17 bits per character and a logic cell usage of around 0.05 logic cells per character, which are the smallest compared to any other existing FPGA-based solution. In addition to these solutions for pattern matching, a novel packet classification algorithm was developed and implemented on a FPGA. The method involves a two-field matching process at a time that then combines the constituent results to identify longer matches involving more header fields. The design can achieve a throughput larger than 9.72 Gbps and has an on-chip memory consumption of around 256Kbytes when dealing with more than 10,000 rules (without using external RAM). This memory consumption is the lowest among all the previously proposed FPGA-based designs for packet classification

InSight2: An Interactive Web Based Platform for Modeling and Analysis of Large Scale Argus Network Flow Data

Monitoring systems are paramount to the proactive detection and mitigation of problems in computer networks related to performance and security. Degraded performance and compromised end-nodes can cost computer networks downtime, data loss and reputation. InSight2 is a platform that models, analyzes and visualizes large scale Argus network flow data using up-to-date geographical data, organizational information, and emerging threats. It is engineered to meet the needs of network administrators with flexibility and modularity in mind. Scalability is ensured by devising multi-core processing by implementing robust software architecture. Extendibility is achieved by enabling the end user to enrich flow records using additional user provided databases. Deployment is streamlined by providing an automated installation script. State-of-the-art visualizations are devised and presented in a secure, user friendly web interface giving greater insight about the network to the end user