发布求助
文献互助 智能选刊 最新文献

2005 Symposium on Architectures for Networking and Communications Systems (ANCS)最新文献

筛选
英文 中文
High-throughput linked-pattern matching for intrusion detection systems 入侵检测系统的高通量链接模式匹配
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095918
Z. Baker, V. Prasanna
{"title":"High-throughput linked-pattern matching for intrusion detection systems","authors":"Z. Baker, V. Prasanna","doi":"10.1145/1095890.1095918","DOIUrl":"https://doi.org/10.1145/1095890.1095918","url":null,"abstract":"This paper presents a hardware architecture for highly efficient intrusion detection systems. In addition, a software tool for automatically generating the hardware is presented. Intrusion detection for network security is a compute-intensive application demanding high system performance. By moving both the string matching and the linking of multi-part rules to hardware, our architecture leaves the host system free for higher-level analysis. The tool automates the creation of efficient field programmable gate array architectures (FPGA). The generated hardware allows an FPGA-based system to perform deep-packet inspection of streams at up to 10 Gb/s line rates at a high level of area efficiency. Going beyond previous basic string-matching implementations that offer only single-string matching, the architecture provides support for rules requiring complex, linked (correlated-content) constructions. This allows most Snort content-linking extensions including 'distance' and 'within' bounding restrictions.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125605330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 55
A novel reconfigurable hardware architecture for IP address lookup 一种新颖的可重构IP地址查找硬件架构
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095903
Hamid Fadishei, M. S. Zamani, M. Sabaei
{"title":"A novel reconfigurable hardware architecture for IP address lookup","authors":"Hamid Fadishei, M. S. Zamani, M. Sabaei","doi":"10.1145/1095890.1095903","DOIUrl":"https://doi.org/10.1145/1095890.1095903","url":null,"abstract":"IP address lookup is one of the most challenging problems of Internet routers. In this paper, an IP lookup rate of 263 Mlps (Million lookups per second) is achieved using a novel architecture on reconfigurable hardware platform. A partial reconfiguration may be needed for a small fraction of route updates. Prefixes can be added or removed at a rate of 2 million updates per second, including this hardware reconfiguration overhead. A route update may fail due to the physical resource limitations. In this case, which is rare if the architecture is properly configured initially, a full reconfiguration is needed to allocate more resources to the lookup unit.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126617189","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
Architectural impact of stateful networking applications 有状态网络应用程序的体系结构影响
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095893
Javier Verdú, J. García-Vidal, M. Nemirovsky, M. Valero
{"title":"Architectural impact of stateful networking applications","authors":"Javier Verdú, J. García-Vidal, M. Nemirovsky, M. Valero","doi":"10.1145/1095890.1095893","DOIUrl":"https://doi.org/10.1145/1095890.1095893","url":null,"abstract":"The explosive and robust growth of the Internet owes a lot to the \"end-to-end principle\", which pushes stateful operations to the end-points. The Internet grew both in traffic volume, and in the richness of the applications it supports. The growth also brought along new security issues and network monitoring applications. Edge devices, in particular, tend to perform upper layer packet processing. A whole new class of applications require stateful processing. In this paper we study the impact of stateful networking applications on architectural bottlenecks. The analysis covers applications with a variety of statefulness levels. The study emphasizes the data cache behavior. Nevertheless, we also discuss other issues, such as branch prediction and ILP. Additionally, we analyze the architectural impact through the TCP connection life. Our results show an important memory bottleneck due to maintaining the states. Moreover, depending on the target of the application, the memory bottleneck may be concentrated within a set of packets or distributed along the TCP connection lifetime.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"7 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127175016","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Fast and scalable pattern matching for content filtering 用于内容过滤的快速可扩展模式匹配
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095916
Sarang Dharmapurikar, J. Lockwood
{"title":"Fast and scalable pattern matching for content filtering","authors":"Sarang Dharmapurikar, J. Lockwood","doi":"10.1145/1095890.1095916","DOIUrl":"https://doi.org/10.1145/1095890.1095916","url":null,"abstract":"High-speed packet content inspection and filtering devices rely on a fast multi-pattern matching algorithm which is used to detect predefined keywords or signatures in the packets. Multi-pattern matching is known to require intensive memory accesses and is often a performance bottleneck. Hence specialized hardware-accelerated algorithms are being developed for line-speed packet processing. While several pattern matching algorithms have already been developed for such applications, we find that most of them suffer from scalability issues. To support a large number of patterns, the throughput is compromised or vice versa. We present a hardware-implementable pattern matching algorithm for content filtering applications, which is scalable in terms of speed, the number of patterns and the pattern length. We modify the classic Aho-Corasick algorithm to consider multiple characters at a time for higher throughput. Furthermore, we suppress a large fraction of memory accesses by using Bloom filters implemented with a small amount of on-chip memory. The resulting algorithm can support matching of several thousands of patterns at more than 10 Gbps with the help of a less than 50 KBytes of embedded memory and a few megabytes of external SRAM. We demonstrate the merit of our algorithm through theoretical analysis and simulations performed on Snort's string set.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123554034","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 93
An operating system architecture for network processors 一种用于网络处理器的操作系统架构
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095900
S. Muir, Jonathan M. Smith
{"title":"An operating system architecture for network processors","authors":"S. Muir, Jonathan M. Smith","doi":"10.1145/1095890.1095900","DOIUrl":"https://doi.org/10.1145/1095890.1095900","url":null,"abstract":"Network devices have become significantly more complex in recent years, with the most sophisticated current devices incorporating one or more general-purpose CPUs as part of their hardware. The need for such processing capability is motivated by the desire to move greater amounts of functionality, of ever-increasing complexity, from the host CPU to the network device itself. A significant challenge in doing so is managing the complexity of the software running on the network device. We believe that the complexity of this software has reached the point where it is now on a par with many general-purpose systems, and thus requires the same management infrastructure - an operating system for network processors. In this paper we describe an architecture for such an OS, presenting the features most relevant to network processors and describing similarities to and differences from a general- purpose OS. We present a prototype implementation using an SMP system as a virtual network processor, and show how our prototype was used to evaluate a novel user-space interface to a network device.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125623398","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Gigabit routing on a software-exposed tiled-microprocessor 千兆路由上的软件暴露平铺微处理器
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095899
U. Saif, James W. Anderson, Anthony Degangi, A. Agarwal
{"title":"Gigabit routing on a software-exposed tiled-microprocessor","authors":"U. Saif, James W. Anderson, Anthony Degangi, A. Agarwal","doi":"10.1145/1095890.1095899","DOIUrl":"https://doi.org/10.1145/1095890.1095899","url":null,"abstract":"This paper investigates the suitability of emerging tiled-architectures, equipped with low-latency on-chip networks, for high-performance network routing. In this paper, we present the design, implementation and evaluation of a continuum of software-based routers on the MIT RAW microprocessor. The routers presented in this paper explore 1) several design choices for mapping the routing functions to the RAW tiles, 2) the role and behavior of RAW on-chip interconnects for transporting and switching packets, and 3) the placement of packet buffers and their interaction with the RAW on-chip networks. Our experiments evaluate the performance benefit of streaming on-chip networks for transporting packet payloads, effect of buffering on the linecards, and the cost of scal ing our design. Our software-based routers on RAW can achieve a throughput of 15Gb/sec - an order of magnitude improvement over previous software routers on traditional general-purpose architectures and at least four times faster than Intel's XP1200 Network Processor.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129898841","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Framework for supporting multi-service edge packet processing on network processors 在网络处理器上支持多业务边缘数据包处理的框架
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095913
Arun Raghunath, A. Kunze, Erik J. Johnson, V. Balakrishnan
{"title":"Framework for supporting multi-service edge packet processing on network processors","authors":"Arun Raghunath, A. Kunze, Erik J. Johnson, V. Balakrishnan","doi":"10.1145/1095890.1095913","DOIUrl":"https://doi.org/10.1145/1095890.1095913","url":null,"abstract":"Network edge packet-processing systems, as are commonly implemented on network processor platforms, are increasingly required to support a rich set of services. These multi-service systems are also subjected to widely varying and unpredictable traffic. Current network processor systems do not simultaneously deal well with a variety of services and fluctuating workloads. For example, current methods of worst-case, static provisioning can meet performance requirements for any workload, but provisioning each service for its worst case reduces the total number of services that can be supported. Alternately, profile-driven automatic-partitioning compilers create efficient binaries for multi-service applications for specific workloads but they are sensitive to workload fluctuations. Run-time adaptation is a potential solution to this problem. With run-time adaptation, the mapping of services to system resources can be dynamically adjusted based on the workload. We have implemented an adaptive system that automatically changes the mapping of services to processors, and handles migration of services between different processor core types to match the current workload. In this paper we explain our adaptive system built on the Intelreg IXP2400 network processor. We demonstrate that it outperforms multiple different profile-driven compiled solutions for most workloads and performs within 20% of the optimal compiled solution for the remaining workloads.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115180868","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
SpliceNP
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095909
Li Zhao, Yan Luo, L. Bhuyan, R. Iyer
{"title":"SpliceNP","authors":"Li Zhao, Yan Luo, L. Bhuyan, R. Iyer","doi":"10.1145/1095890.1095909","DOIUrl":"https://doi.org/10.1145/1095890.1095909","url":null,"abstract":"TCP Splicing can be used in content-aware switches to tremendously reduce overall request latency. In order to reduce the processing latency further, we propose to off load the protocol processing onto network processors (NPs). An NP consists of a multithreaded multiprocessor architecture that can provide high throughput for packet processing or forwarding. However, off loading any protocol software to an NP needs to be carefully designed due to its low-level programming and limited control memory size. In this paper, we first analyze the operation of TCP Splicing in detail and evaluate its performance through measurements on a Linux-based switch. Then various possibilities of workload allocation among different computation resources in an NP are presented, and the design tradeoffs are discussed. A content aware switch is implemented using IXP 2400 NP and evaluated for performance comparison. The measurement results demonstrate that our NP-based switch can reduce the http processing latency by an average of 83.3% for a 1 K byte Web page. The amount of reduction increases with larger file sizes. It is also shown that the packet throughput can be improved by up to 5.7x across a range of files by taking advantage of multithreading and multiprocessing, available in the NP.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125393804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Minimizing the overhead in implementing flow-aware networking 最小化实现流感知网络的开销
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095912
A. Kortebi, L. Muscariello, S. Oueslati, James W. Roberts
{"title":"Minimizing the overhead in implementing flow-aware networking","authors":"A. Kortebi, L. Muscariello, S. Oueslati, James W. Roberts","doi":"10.1145/1095890.1095912","DOIUrl":"https://doi.org/10.1145/1095890.1095912","url":null,"abstract":"An enhanced flow-aware Internet is arguably a more effective means of ensuring adequate performance than implementing the complex standardized QoS architectures. This flow-aware network would provide flow-level performance guarantees for real time and data applications by implementing per-flow fair queueing and by limiting the impact of overload through flow level admission control. The paper discusses the feasibility of the implied router mechanisms and proposes original solutions that minimize the necessary overhead with respect to the current best effort network. Preferred solutions significantly reduce requirements for flow state by employing directly addressed bitmaps to record flow status, as necessary for scheduling and admission control, respectively.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122147725","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
Optimal XOR hashing for a linearly distributed address lookup in computer networks 计算机网络中线性分布地址查找的最佳异或散列
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095919
Christopher J. Martinez, Wei-Ming Lin, P. Patel
{"title":"Optimal XOR hashing for a linearly distributed address lookup in computer networks","authors":"Christopher J. Martinez, Wei-Ming Lin, P. Patel","doi":"10.1145/1095890.1095919","DOIUrl":"https://doi.org/10.1145/1095890.1095919","url":null,"abstract":"Hashing algorithms have been widely adopted to provide a fast address look-up process which involves a search through a large database to find a record associated with a given key. Modern examples include address-lookup in network routers for a forwarding outgoing link, rule-matching in intrusion detection systems comparing incoming packets with a large database, etc. Hashing algorithms involve transforming a key inside each target data to a hash value hoping that the hashing would render the database a uniform distribution with respect to this new hash value. When the database are already key-wise uniformly distributed, any regular hashing algorithm would easily lead to perfectly uniform distribution after the hashing. On the other hand, if records in the database are instead not uniformly distributed, then different hashing functions would lead to different performance. This paper addresses the case when such distribution follows a natural negative linear distribution, which is found to approximate distributions in many various applications. For this distribution, we derive a general formula for calculating the distribution variance produced by any given non-overlapped bit-grouping XOR hashing function. Such a distribution variance from the hashing directly translates to performance variations in searching. In this paper, the best XOR hashing function is determined for any given key size and any given hashing target size.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"183 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125363495","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信