High Speed Deep Packet Inspection with Hardware Support
Fang Yu
EECS Department, University of California, Berkeley
Technical Report No. UCB/EECS-2006-156
November 22, 2006
http://www2.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-156.pdf
In this dissertation, we developed high speed packet processing algorithms for new services such as network intrusion detection, high speed firewalls, Network Address Translation (NAT), Hypertext Transfer Protocol (HTTP) load balancing, Extensible Markup Language (XML) processing, and Transmission Control Protocol (TCP) offloading. These new services have stringent requirements for speed, extensibility, scalability, and cost-effectiveness. For example, some services require rapid scanning of packets against thousands of known patterns. Traditional packet handling techniques, such as next hop forwarding, focus on packet headers only and fail to support these demanding requirements. This thesis research aims to provide fast and efficient deep packet inspection techniques that can function on the entire packet content rather than just the header. To keep up with high speed packet processing in existing networks, we proposed deep packet inspection schemes that are optimized for new technologies such as Ternary Content Addressable Memory (TCAM) and multi-core processors. We propose algorithms that work both on packet headers and packet payload. Our techniques form a cohesive architecture that can perform Gigbit rate packet scanning against thousands of sophisticated patterns.
Advisors: Randy H. Katz
BibTeX citation:
@phdthesis{Yu:EECS-2006-156,
Author= {Yu, Fang},
Title= {High Speed Deep Packet Inspection with Hardware Support},
School= {EECS Department, University of California, Berkeley},
Year= {2006},
Month= {Nov},
Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-156.html},
Number= {UCB/EECS-2006-156},
Abstract= {In this dissertation, we developed high speed packet processing algorithms for new services such as network intrusion detection, high speed firewalls, Network Address Translation (NAT), Hypertext Transfer Protocol (HTTP) load balancing, Extensible Markup Language (XML) processing, and Transmission Control Protocol (TCP) offloading. These new services have stringent requirements for speed, extensibility, scalability, and cost-effectiveness. For example, some services require rapid scanning of packets against thousands of known patterns. Traditional packet handling techniques, such as next hop forwarding, focus on packet headers only and fail to support these demanding requirements. This thesis research aims to provide fast and efficient deep packet inspection techniques that can function on the entire packet content rather than just the header. To keep up with high speed packet processing in existing networks, we proposed deep packet inspection schemes that are optimized for new technologies such as Ternary Content Addressable Memory (TCAM) and multi-core processors. We propose algorithms that work both on packet headers and packet payload. Our techniques form a cohesive architecture that can perform Gigbit rate packet scanning against thousands of sophisticated patterns.},
}
EndNote citation:
%0 Thesis %A Yu, Fang %T High Speed Deep Packet Inspection with Hardware Support %I EECS Department, University of California, Berkeley %D 2006 %8 November 22 %@ UCB/EECS-2006-156 %U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-156.html %F Yu:EECS-2006-156