TCAM –BASED REGULAR EXPRESSION MATCHING SOLUTION IN NETWORK Phase-I Review 14-12-15 Supervised By,...
-
Upload
marshall-terry -
Category
Documents
-
view
215 -
download
0
Transcript of TCAM –BASED REGULAR EXPRESSION MATCHING SOLUTION IN NETWORK Phase-I Review 14-12-15 Supervised By,...
1
TCAM –BASED REGULAR EXPRESSION MATCHING SOLUTION IN NETWORK
Phase-I Review14-12-15
Supervised By, Presented By,
MRS. SHARMILA,M.E., M.ARULMOZHI,
AP/CSE. 812813405004.
2
ABSTRACT
Regular expression is a core component of deep packet
inspection in modern networking and security devices. Hardware based RE
matching approach that uses Ternary Content Addressable Memory(TCAM)
used for packet classification. TCAM is available as off-the-shelf chips is
deployed in modern networking devices. Three techniques are used to
reduce TCAM space and improve RE matching speed .RE matching
algorithm are based on the DFA set of regular expressions.
3
OBJECTIVE
To achieve potential RE matching throughput using TCAM
based on the Deterministic Finite State Automata(DFA).
4
EXISTING SYSTEM
•RE matching algorithms are either software based or FPGA based.
•Deep packet inspection used string matching, Whether a packet’s
payload matches any of a set of predefined strings.
5
DISADVANTAGE
•Deployment cost is high.
•Handling RE updates is slow.
•It is difficult to deploy.
6
1:An Efficient Regular Expressions Compression
Algorithm From A New Perspective(2011)
•To reduce the memory usage of DFAs of multi regular expressions.
•A new perspective, namely observing the characteristic of transition
distribution inside each state, which is different from schemes that
observe the characteristic among states.
•State minimization.
7
2:CompactDFA: Generic State Machine Compression for Scalable Pattern Matching(2010)
• To analyze the pattern matching problem to the IP-lookup problem.
• The usage of TCAM for pattern matching, a hardware device that is
commonly used for IP-lookup and packet classification and is
deployed in many core routers.
8
3:Bit weaving a non-prefix approach to compressing packet classifiers in
TCAM`S(2009)
•Supports fast incremental updates to classifiers, and it can be
deployed on existing classification hardware.
•Its speed and its ability to find different compression opportunities
than existing compromising schemes.
9
4:Extending Finite Automata to Efficiently Match Perl-Compatible Regular
Expressions(2008)
• Deterministic finite automata (DFAs) offer the advantage of a
limited memory bandwidth requirement.
• In particular, they require only a single state traversal for each input
character processed, independent of the number of regular
expressions in the data-set.
• Handle memory space and bandwidth requirements.
10
5:Modeling TCAM Power for Next Generation Network Devices(2006)
•In high-speed networking applications, TCAM has been used as one
of the principal components due to its ability to perform fully
associative ternary search.
•TCAM power model that can be directly compared against
comparable SRAM, cache, and logic models.
•High Performance Look up system which takes constant time.
11
PROPOSED SYSTEM
•TCAM based RE matching solutions.
• Two techniques that minimize the TCAM space for storing a DFA-
transition sharing and table consolidation.
•To improve RE matching speed use variable striding.
ADVANTAGES
•High-speed is achieved.
•Deployment cost is reduced.
• Large DFA’s are stored.
12
ADVANTAGES
•High-speed is achieved.
•Deployment cost is reduced.
• Large DFA’s are stored
13
SYSTEM ARCHITECTURE
Router
Router
Router
Peer
Peer
Router
FirewallPeer
Peer
Build StateTransition Table
TCAM
DFA
TCAM
Build StateTransition Table
Firewall
DFA
14
DATA FLOW DIAGRAMPeer
Send the packet
Firewall
Receive the packets
TCAM
Apply to DFA
Encoding
Character bundling
Shadow encoding
Simplified tables
Consolidate the tables
Sate transition table
RE matching
Variable striding
Allow the packet
Matching report
ifBlock the packet
Yes
No
Extract the expression
values
15
MODULES
1. Peer construction and process
2. Firewall process
3. Encoding for character bundling
4. Shadow encoding
5. Table consolidation
6. Variable striding
16
1.PEER CONSTRUCTION AND PROCESS
Peer
InitializationProcess
Packet convertion
Build expression
Insert to packet
Forward to destination
Store to database
Get IP address Port
17
DESCRIPTION
To construct the peer process, it contains two phases named
process and initialization.
•Initialization phase To assign the IP address and port number for
this peer, and collected information’s are stored into database.
•Process phase received the peer from the process and enter into
packet conversion. The peer is converted into set of expressions.
Then insert a packet and forward to the destination.
18
2.FIREWALL PROCESS
Firewall
Initialize the TCAM
Select the initialization
process
If
TCAM Initialized
Receive the packet
Extract expression value
36 bit72 bit
19
DESCRIPTION
•The packets are enter into firewall. Firewall decides whether the
nodes are allowed or not. Then Initialize the TCAM entry. Selection
process is based on either 36 bit or 72 bit. Once decide the selection
process TCAM has been initialized and receive the packets then extract
the expression values into corresponding packets.
20
CONCLUSION
•TCAM space is minimized by Transition Sharing and Table
consolidation and RE matching speed is increased by Variable
Striding. Small TCAMs are capable of storing large DFAs.
21
REFERENCES• T. Liu, Y. Yang, Y. Liu, Y. Sun, and L. Guo, “An efficient regular expressions
compression algorithm from a new perspective,” in IEEEINFOCOM, 2011, pp. 2129–2137.
• A. Bremler-Barr, D. Hay, and Y. Koral, “CompactDFA: generic state machine compression for scalable pattern matching,” in IEEE INFOCOM,2010, pp. 659–667.
• C. R. Meiners, A. X. Liu, and E. Torng, “Bit weaving: A non-prefix approach to compressing packet classifiers in TCAMs,” in Proc. 17th IEEE Conf. on Network Protocols (ICNP), October 2009.
• S. Kong, R. Smith, and C. Estan, “Efficient signature matching with multiple alphabet compression tables,” in ACM SecureComm, 2008.
• M. Becchi and P. Crowley, “Extending finite automata to efficiently match perl-compatible regular expressions,” in Proc. CoNEXT, 2008.
• B. Agrawal and T. Sherwood, “Modeling TCAM power for next generation network devices,” in Proc. IEEE Int. Symposium on Performance Analysis of Systems and Software, 2006, pp. 120– 129.
• M. Becchi and P. Crowley, “A hybrid finite automaton for practical deep packet inspection,” in Proc. CoNext, 2007.