Title: 深度封包檢視之低功耗TCAM架構封包分類與萬用字元字串比對模組
TCAM-based Low Power Packet Classification Module and Wildcard Pattern Matching Module in DPI Systems
Authors: 曹雅涵
Tsao, Ya-Han
Chen, Tien-Fu
Keywords: 封包分類;字串比對;packet classification;Content Inspection
Issue Date: 2016
Abstract: 深層封包檢視(DPI)系統是一個運作在網路設備上的技術來提供多項服務,封包分類是DPI系統中的其中一個主要功能,用於將傳入的封包進行分類來達到QoS或是VPN等目的,而TCAM適用於實現封包分類最主流且實用的方法,但它有著高功耗的缺點。而另一個DPI系統上的主要功能是檢查封包的內容來達到入侵檢測的目的,它通常利用一個已經定義好的字串資料庫來進行檢查,字串資料庫通常以正規表示法來表示,然而,基於硬體架構的正規表示法比對模組無法正確的比對萬用字元字串。所以在這篇論文,我們提出一個包含兩種模組的DPI系統,一個是封包分類模組,另一個是封包內容檢測模組。在封包分類模組中,包含了一個預分類功能,可以將每個傳入的封包利用特定的標頭區塊作預分類,經過預分類後,在打開相對應的TCAM macro,因此,只會有少數的TCAM macro被打開,並且可以達到92%的功率降低。在封包內容檢測模組,我們提出了一個以分離有限自動機為架構的同時比對模組來解決萬用字元字串的比對問題,藉由我們所提出的架構,萬用字元字串所有可能的匹配都可以正確的運行。
Deep packet inspection (DPI) system is a technique employed by network devices, which can provide numerous services. Packet classification, which is one of key functionality of DPI system, is used to classify the incoming packets for the purpose of QoS, VPN, etc. TCAMs are most popular practical method for implementing packet classification but suffering high power consumption. And the other main functionality is payload inspection for the purpose of intrusion detection. Payload inspection uses pre-defined patterns to examine the payload, where the patterns are represented as regular expressions. However, in hardware-based matching engine, the wildcard patterns cannot correctly recognized. In this work, we proposed a DPI system with two modules, packet classification and payload inspection. The packet classification module contains a pre-classifier that can pre-classify each incoming packet and activate corresponding TCAM macros. Therefore, only a few TCAM macros are activated and achieve power reductions of 92%. We introduce a simultaneous pattern matching methodology with discrete finite automaton for wildcard pattern matching in payload inspection module. With propose architecture, all possible matching of wildcard patterns can be traversed correctly.
URI: http://etd.lib.nctu.edu.tw/cdrfb3/record/nctu/#GT070356079
Appears in Collections:Thesis