1

TCAM –BASED REGULAR EXPRESSION MATCHING SOLUTION IN NETWORK

Phase-I Review14-12-15

Supervised By, Presented By,

MRS. SHARMILA,M.E., M.ARULMOZHI,

AP/CSE. 812813405004.

2

ABSTRACT

Regular expression is a core component of deep packet

inspection in modern networking and security devices. Hardware based RE

matching approach that uses Ternary Content Addressable Memory(TCAM)

used for packet classification. TCAM is available as off-the-shelf chips is

deployed in modern networking devices. Three techniques are used to

reduce TCAM space and improve RE matching speed .RE matching

algorithm are based on the DFA set of regular expressions.

3

OBJECTIVE

To achieve potential RE matching throughput using TCAM

based on the Deterministic Finite State Automata(DFA).

4

EXISTING SYSTEM

•RE matching algorithms are either software based or FPGA based.

•Deep packet inspection used string matching, Whether a packet’s

payload matches any of a set of predefined strings.

5

DISADVANTAGE

•Deployment cost is high.

•Handling RE updates is slow.

•It is difficult to deploy.

6

1:An Efficient Regular Expressions Compression

Algorithm From A New Perspective(2011)

•To reduce the memory usage of DFAs of multi regular expressions.

•A new perspective, namely observing the characteristic of transition

distribution inside each state, which is different from schemes that

observe the characteristic among states.

•State minimization.

7

2:CompactDFA: Generic State Machine Compression for Scalable Pattern Matching(2010)

• To analyze the pattern matching problem to the IP-lookup problem.

• The usage of TCAM for pattern matching, a hardware device that is

commonly used for IP-lookup and packet classification and is

deployed in many core routers.

8

3:Bit weaving a non-prefix approach to compressing packet classifiers in

TCAM`S(2009)

•Supports fast incremental updates to classifiers, and it can be

deployed on existing classification hardware.

•Its speed and its ability to find different compression opportunities

than existing compromising schemes.

9

4:Extending Finite Automata to Efficiently Match Perl-Compatible Regular

Expressions(2008)

• Deterministic finite automata (DFAs) offer the advantage of a

limited memory bandwidth requirement.

• In particular, they require only a single state traversal for each input

character processed, independent of the number of regular

expressions in the data-set.

• Handle memory space and bandwidth requirements.

10

5:Modeling TCAM Power for Next Generation Network Devices(2006)

•In high-speed networking applications, TCAM has been used as one

of the principal components due to its ability to perform fully

associative ternary search.

•TCAM power model that can be directly compared against

comparable SRAM, cache, and logic models.

•High Performance Look up system which takes constant time.

11

PROPOSED SYSTEM

•TCAM based RE matching solutions.

• Two techniques that minimize the TCAM space for storing a DFA-

transition sharing and table consolidation.

•To improve RE matching speed use variable striding.

ADVANTAGES

•High-speed is achieved.

•Deployment cost is reduced.

• Large DFA’s are stored.

12

ADVANTAGES

•High-speed is achieved.

•Deployment cost is reduced.

• Large DFA’s are stored

13

SYSTEM ARCHITECTURE

Router

Router

Router

Peer

Peer

Router

FirewallPeer

Peer

Build StateTransition Table

TCAM

DFA

TCAM

Build StateTransition Table

Firewall

DFA

14

DATA FLOW DIAGRAMPeer

Send the packet

Firewall

Receive the packets

TCAM

Apply to DFA

Encoding

Character bundling

Shadow encoding

Simplified tables

Consolidate the tables

Sate transition table

RE matching

Variable striding

Allow the packet

Matching report

ifBlock the packet

Yes

No

Extract the expression

values

15

MODULES

1. Peer construction and process

2. Firewall process

3. Encoding for character bundling

4. Shadow encoding

5. Table consolidation

6. Variable striding

16

 1.PEER CONSTRUCTION AND PROCESS

Peer

InitializationProcess

Packet convertion

Build expression

Insert to packet

Forward to destination

Store to database

Get IP address Port

17

DESCRIPTION

To construct the peer process, it contains two phases named

process and initialization.

•Initialization phase To assign the IP address and port number for

this peer, and collected information’s are stored into database.

•Process phase received the peer from the process and enter into

packet conversion. The peer is converted into set of expressions.

Then insert a packet and forward to the destination.

18

2.FIREWALL PROCESS

Firewall

Initialize the TCAM

Select the initialization

process

If

TCAM Initialized

Receive the packet

Extract expression value

36 bit72 bit

19

DESCRIPTION

•The packets are enter into firewall. Firewall decides whether the

nodes are allowed or not. Then Initialize the TCAM entry. Selection

process is based on either 36 bit or 72 bit. Once decide the selection

process TCAM has been initialized and receive the packets then extract

the expression values into corresponding packets.

20

CONCLUSION

•TCAM space is minimized by Transition Sharing and Table

consolidation and RE matching speed is increased by Variable

Striding. Small TCAMs are capable of storing large DFAs.

21

REFERENCES• T. Liu, Y. Yang, Y. Liu, Y. Sun, and L. Guo, “An efficient regular expressions

compression algorithm from a new perspective,” in IEEEINFOCOM, 2011, pp. 2129–2137.

• A. Bremler-Barr, D. Hay, and Y. Koral, “CompactDFA: generic state machine compression for scalable pattern matching,” in IEEE INFOCOM,2010, pp. 659–667.

• C. R. Meiners, A. X. Liu, and E. Torng, “Bit weaving: A non-prefix approach to compressing packet classifiers in TCAMs,” in Proc. 17th IEEE Conf. on Network Protocols (ICNP), October 2009.

• S. Kong, R. Smith, and C. Estan, “Efficient signature matching with multiple alphabet compression tables,” in ACM SecureComm, 2008.

• M. Becchi and P. Crowley, “Extending finite automata to efficiently match perl-compatible regular expressions,” in Proc. CoNEXT, 2008.

• B. Agrawal and T. Sherwood, “Modeling TCAM power for next generation network devices,” in Proc. IEEE Int. Symposium on Performance Analysis of Systems and Software, 2006, pp. 120– 129.

• M. Becchi and P. Crowley, “A hybrid finite automaton for practical deep packet inspection,” in Proc. CoNext, 2007.