Browse > Article

TCAM Partitioning for High-Performance Packet Classification  

Kim Kyu-Ho (충남대학교 컴퓨터공학과)
Kang Seok-Min (충남대학교 컴퓨터공학과)
Song Il-Seop (충남대학교 컴퓨터공학과)
Kwon Teack-Geun (충남대학교 컴퓨터공학과)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.31, no.2B, 2006 , pp. 91-97 More about this Journal
Abstract
As increasing the network bandwidth, the threat of a network also increases with emerging various new services. For a high-performance network security, It is generally used that high-speed packet classification methods which employ hardware like TCAM. There needs an method using these devices efficiently because they are expensive and their capacity is not sufficient. In this paper, we propose an efficient packet classification using a Ternary-CAM(TCAM) which is widely used device for high-speed packet classification in which we have applied Snort rule set for the well-known intrusion detection system. In order to save the size of an expensive TCAM, we have eliminated duplicated IP addresses and port numbers in the rule according to the partitioning of a table in the TCAM, and we have represented negation and range rules with reduced TCAM size. We also keep advantages of low TCAM capacity consumption and reduce the number of TCAM lookups by decreasing the TCAM partitioning using combining port numbers. According to simulation results on our TCAM partitioning, the size of a TCAM can be reduced by upto 98$\%$ and the performance does not degrade significantly for high-speed packet classification with a large amount of rules.
Keywords
Network Security; Intrusion Detection; Packet Classification; Internet;
Citations & Related Records
연도 인용수 순위
  • Reference
1 E. Spitznagel, D. Taylor, and J. Turner, 'Packet Classification Using Extended TCAMs,' ICNP, Nov. 2003
2 H. Liu, 'Routing Table Compaction in Ternary CAM,' IEEE Micro, 22(1), pp. 58- 64, Jan-Feb. 2002   DOI   ScienceOn
3 T. V. Lakshman and D. Stiliadis, 'HighSpeed Policy-Based Packet Forwarding Using Efficient Multi-Dimensional Range Matching,' ACM Sigcomm, pp. 203-214, 1998   DOI
4 IDT, Network Search Engine(NSE) with QDR™ Interface, http://www1.idt.com/pcms/ tempDocs/75K6213452134_DS_80635.pdf
5 P. Jungck, S. S. Y.Shim, 'Issue in High- Speed Internet Security,' IEEE Computer, May. 2004
6 P. Gupta, N. McKeown, 'Packet Classification on Multiple Fields,' ACM Sigcomm, Sept. 1999
7 V.C. Ravikumar, R. N. Mahapatra, 'TCAM Architecture for IP Lookup Using Prefix Properties,' IEEE Micro, 24(2), pp. 60-69, Mar-Apr. 2004   DOI   ScienceOn
8 F. Baboescu, G. Varghese, 'Scalable Packet Classification,' ACM Sigcomm, 2001
9 F. Baboescu, S. Singh, G. Varghese, 'Packet Classification for Core Routers: Is there an alternative to CAMs?,' IEEE Infocomm 2003
10 Jung-Sik Sung, Seok-Min Kang, Youngseok Lee, Taeck-Geun Kwon, and Bong-Tae Kim, 'A Multi-gigabit Rate Deep Packet Inspection Algorithm using TCAM,' Globecom, Nov. 2005
11 SNORT network intrusion detection system, www.snort.org
12 Seok-Min Kang, Yoshiaki Kasahara, Taeck- Geun Kwon, 'Packet Classification using Dual TCAM Tables,' Proceedings of ITCCSCC, 4, pp.1431-1432, Jun. 2005
13 Fang Yu, Randy H. Katz and T.V. Lakshman, 'Efficient Multi-Match Packet Classification with TCAM,' IEEE Micro, Feb. 2005
14 D. Shah and P. Gupta, Fast Incremental Updates on Ternary-CAMs for Routing Lookups and Packet Classification,' Proceedings of Hot Interconnects, 2000. http:// citeseer.csail.mit.edu/shah00fast.html
15 Z. J. Wang, H. Che, M. Kumar, and S. Das, 'CoPTUA: Consistent Policy Table Update Algorithm for TCAM without Table Lock,' IEEE Transactions on Computers, 53(12), pp. 1602-1628, Dec. 2004   DOI   ScienceOn