发布求助
文献互助 智能选刊 最新文献

2005 Symposium on Architectures for Networking and Communications Systems (ANCS)最新文献

筛选
英文 中文
Network processor acceleration for a Linux* netfilter firewall 网络处理器加速为Linux* netfilter防火墙
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095906
Kristen Accardi, T. Bock, F. Hady, Jon Krueger
{"title":"Network processor acceleration for a Linux* netfilter firewall","authors":"Kristen Accardi, T. Bock, F. Hady, Jon Krueger","doi":"10.1145/1095890.1095906","DOIUrl":"https://doi.org/10.1145/1095890.1095906","url":null,"abstract":"Network firewalls occupy a central role in computer security, protecting data, compute, and networking resources while still allowing useful packets to flow. Increases in both the work per network packet and packet rate make it increasingly difficult for general-purpose processor based firewalls to maintain line rate. In a bid to address these evolving requirements we have prototyped a hybrid firewall, using a simple firewall running on a network processor to accelerate a Linux* Netfilter Firewall executing on a general purpose processor. The simple firewall on the network processor provides high rate packet processing for all the packets while the general-purpose processor delivers high rate, full featured firewall processing for those packets that need it. This paper describes the hybrid firewall prototype with a focus on the software created to accelerate Netfilter with a network processor resident firewall. Measurements show our hybrid firewall able to maintain close to 2 Gb/sec line rate for all packet sizes, a significant improvement over the original firewall. We also include the hard won lessons learned while implementing the hybrid firewall.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121633176","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Fast payload-based flow estimation for traffic monitoring and network security 基于有效负载的流量快速估计,用于流量监控和网络安全
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095920
F. Hao, M. Kodialam, T. V. Lakshman, Hui Zhang, Way Holmdel
{"title":"Fast payload-based flow estimation for traffic monitoring and network security","authors":"F. Hao, M. Kodialam, T. V. Lakshman, Hui Zhang, Way Holmdel","doi":"10.1145/1095890.1095920","DOIUrl":"https://doi.org/10.1145/1095890.1095920","url":null,"abstract":"Real-time IP flow estimation has many potential applications in network management, monitoring, security, and traffic engineering. Existing techniques typically rely on flow definitions being constrained as subsets of the fields in packet headers. This makes flow-membership tests relatively inexpensive. In this paper, we consider a more general flow estimation problem that needs complex packet-payload based tests for flow-membership. An example is to estimate traffic with common strings in the payload and detect potential virus signatures for early alarm generation. We develop a fast, memory efficient algorithm for solving this problem as a variant of the longest common subsequence problem. This is done via an application of Rabin fingerprinting in combination with bloom filters. Both analysis and simulation show the effectiveness of the developed method.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131152846","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
SSA 撒哈南的非洲
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095905
Fang Yu, T. V. Lakshman, Marti A. Motoyama, R. Katz, Amy M Freestone
{"title":"SSA","authors":"Fang Yu, T. V. Lakshman, Marti A. Motoyama, R. Katz, Amy M Freestone","doi":"10.1145/1095890.1095905","DOIUrl":"https://doi.org/10.1145/1095890.1095905","url":null,"abstract":"New network applications like intrusion detection systems and packet-level accounting require multi-match packet classification, where all matching filters need to be reported. Ternary Content Addressable Memories (TCAMs) have been adopted to solve the multi-match classification problem due to their ability to perform fast parallel matching. However, TCAM is expensive and consumes large amounts of power. None of the previously published multi-match classification schemes is both memory and power efficient. In this paper, we develop a novel scheme that meets both requirements by using a new Set Splitting Algorithm (SSA). The main idea of SSA is that it splits filters into multiple groups and performs separate TCAM lookups into these groups. It guarantees the removal of at least half the intersections when a filter set is split into two sets, thus resulting in low TCAM memory usage. SSA also accesses filters in the TCAM only once per packet, leading to low power consumption. We compare SSA with two best known schemes: MUD [1] and Geometric Intersection- based solutions [2]. Simulation results based on the SNORT filter sets show that SSA uses approximately the same amount of TCAM memory as MUD, but yields a 75% to 95% reduction in power consumption. Compared with Geometric Intersection-based solutions, SSA uses 90% less TCAM memory and power at the cost of one additional TCAM lookup per packet.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"107 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117235890","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 54
Resource mapping and scheduling for heterogeneous network processor systems 异构网络处理器系统的资源映射和调度
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095895
Liang Yang, Tushar Gohad, P. Ghosh, Devesh Sinha, Arunabha Sen, A. Richa
{"title":"Resource mapping and scheduling for heterogeneous network processor systems","authors":"Liang Yang, Tushar Gohad, P. Ghosh, Devesh Sinha, Arunabha Sen, A. Richa","doi":"10.1145/1095890.1095895","DOIUrl":"https://doi.org/10.1145/1095890.1095895","url":null,"abstract":"Task to resource mapping problems are encountered during (i) hardware-software co-design and (ii) performance optimization of Network Processor systems. The goal of the first problem is to find the task to resource mapping that minimizes the design cost subject to all design constraints. The goal of the second problem is to find the mapping that maximizes the performance, subject to all architectural constraints. To meet the design goals in performance, it may be necessary to allow multiple packets to be inside the system at any given instance of time and this may give rise to the resource contention between packets. In this paper, a Randomized Rounding (RR) based solution is presented for the task to resource mapping and scheduling problem. We also proposed two techniques to detect and eliminate the resource contention. We evaluate the efficacy of our RR approach through extensive simulation. The simulation results demonstrate that this approach produces near optimal solutions in almost all instances of the problem in a fraction of time needed to find the optimal solution. The quality of the solution produced by this approach is also better than often used list scheduling algorithm for task to resource mapping problem. Finally, we demonstrate with a case study, the results of a Network Processor design and scheduling problem using our techniques.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131789579","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Design considerations for network processor operating systems 网络处理器操作系统的设计注意事项
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095901
T. Wolf, N. Weng, Chia-Hui Tai
{"title":"Design considerations for network processor operating systems","authors":"T. Wolf, N. Weng, Chia-Hui Tai","doi":"10.1145/1095890.1095901","DOIUrl":"https://doi.org/10.1145/1095890.1095901","url":null,"abstract":"Network processors (NPs) promise a flexible, programmable packet processing infrastructure for network systems. To make full use of the capabilities of network processors, it is imperative to provide the ability to dynamically adapt to changing traffic patterns and to provide run-time support in the form of a network processor operating system. The differences to existing operating systems and the main challenges lie in the multiprocessor nature of NPs, their on-chip resources constraints, and the real-time processing requirements. In this paper, we explore the key design tradeoffs that need to be considered when designing a network processor operating system. In particular, we explore the performance impact of (1) application analysis for partitioning, (2) network traffic characterization, (3) workload mapping, and (4) run-time adaptation. We present and discuss qualitative and quantitative results in the context of a particular application analysis and mapping framework, but the observations and conclusions are generally applicable to any run-time environment for network processors.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114203419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 29
Pipelined two step iterative matching algorithms for CIOQ crossbar switches CIOQ交叉开关的流水线两步迭代匹配算法
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095897
Deng Pan, Yuanyuan Yang
{"title":"Pipelined two step iterative matching algorithms for CIOQ crossbar switches","authors":"Deng Pan, Yuanyuan Yang","doi":"10.1145/1095890.1095897","DOIUrl":"https://doi.org/10.1145/1095890.1095897","url":null,"abstract":"Traditional iterative matching algorithms for VOQ switches need three steps, i.e., request, grant and accept. By incorporating arbitration into the request step, two step iterative matching can be achieved. This enables simpler implementation and shorter scheduling time, while maintaining almost identical performance. As an example of the two step iterative matching algorithms, in this paper we present two step parallel iterative matching (PIM2), and theoretically prove that its average convergence iterations are less than In N + e/(e - 1) for an N X N switch. Furthermore, two step iterative matching algorithms can be efficiently pipelined on CIOQ switches so that two matchings can be obtained in each time slot. We propose a scheme called second of line (SOL) matching to provide two independent virtual switches, with which the pipelining can be achieved without additional scheduling time and arbitration hardware. More importantly, the pipelined algorithms are theoretically guaranteed to achieve 100% throughput for any admissible traffic. Extensive simulations are conducted to show that our analytical result on the average convergence iterations In N + e/(e - 1) is more accurate than the classical result log2 N + 4/3, and to test the performance of different pipelined algorithms on CIOQ switches.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123602463","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Addressing data compatibility on programmable network platforms 在可编程网络平台上寻址数据兼容性
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI: 10.1145/1095890.1095908
Ada Gavrilovska, K. Schwan
{"title":"Addressing data compatibility on programmable network platforms","authors":"Ada Gavrilovska, K. Schwan","doi":"10.1145/1095890.1095908","DOIUrl":"https://doi.org/10.1145/1095890.1095908","url":null,"abstract":"Large-scale applications require the efficient exchange of data across their distributed components, including data from heterogeneous sources and to widely varying clients. Inherent to such data exchanges are (1) discrepancies among the data representations used by sources, clients, or intermediate application components (e.g., due to natural mismatches or due to dynamic component evolution), and (2) requirements to route, combine, or otherwise manipulate data as it is being transferred. As a result, there is an ever growing need for data conversion services, handled by stubs in application servers, by middleware or messaging services, by the operating system, or by the network. This paper's goal is to demonstrate and evaluate the ability of modern network processors to efficiently address data compatibility issues, when data is 'in transit' between application-level services. Toward this end, we present the design and implementation of a network-level execution environment that permits systems to dynamically deploy and configure application- level data conversion services 'into' the network infrastructure. Experimental results obtained with a prototype implementation on Intel's IXP2400 network processors include measurements of XML-like data format conversions implemented with efficient binary data formats.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128349816","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
A scalable load balancer for forwarding internet traffic 用于转发互联网流量的可扩展负载均衡器
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-01 DOI: 10.1145/1095890.1095911
W. Shi, M. MacGregor, P. Gburzynski
{"title":"A scalable load balancer for forwarding internet traffic","authors":"W. Shi, M. MacGregor, P. Gburzynski","doi":"10.1145/1095890.1095911","DOIUrl":"https://doi.org/10.1145/1095890.1095911","url":null,"abstract":"Packet scheduling in parallel forwarding systems is a hard problem. Two major goals of a scheduler that distributes incoming packets to multiple forwarding engines are to achieve high system utilization (by balancing the load evenly among the multiple engines) and to maintain packet ordering within individual flows. Additionally, from the viewpoint of the overall performance, the system should exhibit a good cache behavior by preserving temporal locality in the workload of each forwarding engine. In this paper, we show how the burstiness in Internet flows can be exploited to improve the performance of the scheduler. Specifically, TCP flows, which contribute to over 90 percent of the Internet traffic, transmit in bursts with relatively large delays in between. We propose a load balancing scheme based on this insight to achieve the scheduling goals. Our design is verified by simulations driven by real-world traces.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133336939","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Segmented hash 分段哈希
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-01 DOI: 10.1145/1095890.1095904
S. Sushanth Kumar, P. Crowley
{"title":"Segmented hash","authors":"S. Sushanth Kumar, P. Crowley","doi":"10.1145/1095890.1095904","DOIUrl":"https://doi.org/10.1145/1095890.1095904","url":null,"abstract":"Hash tables provide efficient table implementations, achieving O(1), query, insert and delete operations at low loads. However, at moderate or high loads collisions are quite frequent, resulting in decreased performance. In this paper, we propose the segmented hash table architecture, which ensures constant time hash operations at high loads with high probability. To achieve this, the hash memory is divided into N logical segments so that each incoming key has N potential storage locations; the destination segment is chosen so as to minimize collisions. In this way, collisions, and the associated probe sequences, are dramatically reduced. In order to keep memory utilization minimized, probabilistic filters are kept on-chip to allow the N segments to be accessed without increasing the number of off-chip memory operations. These filters are kept small and accurate with the help of a novel algorithm, called selective filter insertion, which keeps the segments balanced while minimizing false positive rates (i.e., incorrect filter predictions). The performance of our scheme is quantified via analytical modeling and software simulations. Moreover, we discuss efficient implementations that are easily realizable in modern device technologies. The performance benefits are significant: average search cost is reduced by 40% or more, while the likelihood of requiring more than one memory operation per search is reduced by several orders of magnitude.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127747954","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
Overcoming the memory wall in packet processing 克服包处理中的内存墙
2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-01 DOI: 10.1145/1095890.1095892
Jayaram Mudigonda, H. Vin, R. Yavatkar
{"title":"Overcoming the memory wall in packet processing","authors":"Jayaram Mudigonda, H. Vin, R. Yavatkar","doi":"10.1145/1095890.1095892","DOIUrl":"https://doi.org/10.1145/1095890.1095892","url":null,"abstract":"Overhead of memory accesses limits the performance of packet processing applications. To overcome this bottleneck, today's network processors can utilize a wide-range of mechanisms - such as multi-level memory hierarchy, wide-word accesses, special-purpose result-caches, asynchronous memory, and hardware multi-threading. However, supporting all of these mechanisms complicates programmability and hardware design, and wastes system resources. In this paper, we address the following fundamental question: what minimal set of hardware mechanisms must a network processor support to achieve the twin goals of simplified programmability and high packet throughput? We show that no single mechanism sufficies; the minimal set must include data-caches and multi-threading. Data-caches and multi-threading are complementary; whereas data- caches exploit locality to reduce the number of context-switches and the off-chip memory bandwidth requirement, multi-threading exploits parallelism to hide long cache-miss latencies.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129425005","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 44
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信