K-ary n-cube based off-chip communications architecture for high-speed packet processors

A k-ary n-cube interconnect architecture is proposed, as an off-chip communications architecture for line cards, to increase the throughput of the currently used memory system. The k-ary n-cube architecture allows multiple packet processing elements on a line card to access multiple memory modules. The main advantage of the proposed architecture is that it can sustain current line rates and higher while distributing the load among multiple memories. Moreover, the proposed interconnect can scale to adopt more memories and/or processors and as a result increasing the line card processing power. Our results portray that k-ary n-cube sustained higher incoming traffic load while keeping latency lower than its shared-bus competitor. © 2005 IEEE

Energy-efficient pipelined bloom filters for network intrusion detection

This document is made available in accordance with publisher policies. Please cite only the published version using the reference above. Full terms of use are available

A low-power network search engine based on statistical partitioning

Network search engines based on Ternary CAMs are widely used in routers. However, due to parallel search nature of TCAMs power consumption becomes a critical issue. In this work we propose an architecture that partitions the lookup table into multiple TCAM chips based on individual TCAM cell status and achieves lower power figures

A network processor for a learning based routing protocol

Recently, Cognitive Packet Networks (CPN) is proposed as an alternative to the IP based network architectures and shows similarity with the discrete active networks. In CPN, there is no routing table, instead reinforcement learning (Random Neural Networks) is used to route packets. CPN routes packets based on QoS, using measurements that are constantly collected by packets and deposited in mailboxes at routers. The applicability of the CPN concept has been demonstrated through several software implementations. However, higher data traffic and increasing packet processing demands require the implementation of this new network architecture in hardware. In this paper, we present a network processor architecture which supports this learning based protocol. ©2004 IEEE

Increasing the power efficiency of Bloom filters for network string matching

Although software based techniques are widely accepted in computer security systems, there is a growing interest to utilize hardware opportunities in order to compensate for the network bandwidth increases. Recently, hardware based virus protection systems have started to emerge. These type of hardware systems work by identifying the malicious content and removing it from the network streams. In principle, they make use of string matching. Bit by bit, they compare the virus signatures with the bit strings in the network. The Bloom filters are ideal data structures for string matching. Nonetheless, they consume large power when many of them used in parallel to match different virus signatures. In this paper, we propose a new type of Bloom filter architecture which exploits well-known pipelining technique. © 2006 IEEE

Low-power bloom filter architecture for deep packet inspection

Bloom filters are frequently used to identify malicious content like viruses in high speed networks. However, architectures proposed to implement Bloom filters are not power efficient. In this letter, we propose a new Bloom filter architecture that exploits the well-known pipelining technique. Through power analysis we show that pipelining can reduce the power consumption of Bloom filters up to 90%, which leads to the energy-efficient implementation of intrusion detection systems. © 2006 IEEE

Improving the efficiency of spam filtering through cache architecture

Blacklists (BLs), also called Domain Name Systembased Blackhole List (DNSBLs) are the databases of known internet addresses used by the spammers to send out the spam mails. Mail servers use these lists to filter out the e-mails coming from different spam sources. In contrary, Whitelists (WLs) are the explicit list of senders from whom e-mail can be accepted or delivered. Mail Transport Agent (MTA) is usually configured to reject, challenge or flag the messages which have been sent from the sources listed on one or more DNSBLs and to allow the messages from the sources listed on the WLs. In this paper, we are demonstrating how the bandwidth (the overall requests and responses that need to go over the network) performance is improved by using local caches for BLs and WLs. The actual sender\u27s IP addresses are extracted from the e-mail log. These are then compared with the list in the local caches to find out if they should be accepted or not, before they are checked against the global DNSBLs by running \u27DNSBL queries\u27 (if required). Around three quarters of the e-mail sources have been observed to be filtered locally through caches with this method. Provision of local control over the lists and lower search (filtering) time are the other related benefits. © 2008 IEEE