The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

TCAM Partitioning for High-Performance Packet Classification

고성능 패킷 분류를 위한 TCAM 분할

  • 김규호 (충남대학교 컴퓨터공학과) ;
  • 강석민 (충남대학교 컴퓨터공학과) ;
  • 송일섭 (충남대학교 컴퓨터공학과) ;
  • 권택근 (충남대학교 컴퓨터공학과)
  • Published : 2006.02.01
Download PDF
⟨ Previous Next ⟩

Abstract

As increasing the network bandwidth, the threat of a network also increases with emerging various new services. For a high-performance network security, It is generally used that high-speed packet classification methods which employ hardware like TCAM. There needs an method using these devices efficiently because they are expensive and their capacity is not sufficient. In this paper, we propose an efficient packet classification using a Ternary-CAM(TCAM) which is widely used device for high-speed packet classification in which we have applied Snort rule set for the well-known intrusion detection system. In order to save the size of an expensive TCAM, we have eliminated duplicated IP addresses and port numbers in the rule according to the partitioning of a table in the TCAM, and we have represented negation and range rules with reduced TCAM size. We also keep advantages of low TCAM capacity consumption and reduce the number of TCAM lookups by decreasing the TCAM partitioning using combining port numbers. According to simulation results on our TCAM partitioning, the size of a TCAM can be reduced by upto 98$\%$ and the performance does not degrade significantly for high-speed packet classification with a large amount of rules.

네트워크 대역폭 증가에 따라 다양한 서비스의 등장과 함께 네트워크 위협이 꾸준히 증가하고 있다. 고성능 네트워크 보안의 실현을 위해, TCAM 등의 하드웨어를 통한 고속 네트워크에서의 빠른 패킷 분류 방법이 일반적으로 사용된다. 이러한 디바이스는 상대적으로 가격이 비싸고 용량이 충분치 않기 때문에 효율적으로 사용하기 위한 방법이 필요하다. 본 논문에서는 대표적인 침입탐지시스템인 Snort의 규칙집합을 이용하여 고속의 패킷 분류에 적합한 디바이스인 TCAM을 통한 효율적인 패킷 분류방법을 제안하였다. 제안한 방법에서는 값비싼 TCAM의 효율적인 사용을 위하여, TCAM을 분할함으로써 규칙상의 IP 주소와 포트의 중복 필드를 없애고 부정(negation), 범위(range) 규칙을 최소의 엔트리로 표현하도록 한다. 또한 포트번호 조합으로 TCAM 분할을 줄여 용량상의 이점은 유지하고, TCAM 검색횟수를 줄인다. 시뮬레이션을 통해 TCAM용량을 최대 98$\%$까지 줄이면서 대용량의 규칙을 사용하는 고속 패킷 분류에도 성능저하를 줄일 수 있음을 보인다.

Keywords

References

  1. F. Baboescu, S. Singh, G. Varghese, 'Packet Classification for Core Routers: Is there an alternative to CAMs?,' IEEE Infocomm 2003
  2. P. Jungck, S. S. Y.Shim, 'Issue in High- Speed Internet Security,' IEEE Computer, May. 2004
  3. P. Gupta, N. McKeown, 'Packet Classification on Multiple Fields,' ACM Sigcomm, Sept. 1999
  4. F. Baboescu, G. Varghese, 'Scalable Packet Classification,' ACM Sigcomm, 2001
  5. E. Spitznagel, D. Taylor, and J. Turner, 'Packet Classification Using Extended TCAMs,' ICNP, Nov. 2003
  6. Seok-Min Kang, Yoshiaki Kasahara, Taeck- Geun Kwon, 'Packet Classification using Dual TCAM Tables,' Proceedings of ITCCSCC, 4, pp.1431-1432, Jun. 2005
  7. Z. J. Wang, H. Che, M. Kumar, and S. Das, 'CoPTUA: Consistent Policy Table Update Algorithm for TCAM without Table Lock,' IEEE Transactions on Computers, 53(12), pp. 1602-1628, Dec. 2004 https://doi.org/10.1109/TC.2004.108
  8. H. Liu, 'Routing Table Compaction in Ternary CAM,' IEEE Micro, 22(1), pp. 58- 64, Jan-Feb. 2002 https://doi.org/10.1109/40.988690
  9. V.C. Ravikumar, R. N. Mahapatra, 'TCAM Architecture for IP Lookup Using Prefix Properties,' IEEE Micro, 24(2), pp. 60-69, Mar-Apr. 2004 https://doi.org/10.1109/MM.2004.1289292
  10. T. V. Lakshman and D. Stiliadis, 'HighSpeed Policy-Based Packet Forwarding Using Efficient Multi-Dimensional Range Matching,' ACM Sigcomm, pp. 203-214, 1998 https://doi.org/10.1145/285243.285283
  11. Jung-Sik Sung, Seok-Min Kang, Youngseok Lee, Taeck-Geun Kwon, and Bong-Tae Kim, 'A Multi-gigabit Rate Deep Packet Inspection Algorithm using TCAM,' Globecom, Nov. 2005
  12. SNORT network intrusion detection system, www.snort.org
  13. Fang Yu, Randy H. Katz and T.V. Lakshman, 'Efficient Multi-Match Packet Classification with TCAM,' IEEE Micro, Feb. 2005
  14. D. Shah and P. Gupta, Fast Incremental Updates on Ternary-CAMs for Routing Lookups and Packet Classification,' Proceedings of Hot Interconnects, 2000. http:// citeseer.csail.mit.edu/shah00fast.html
  15. IDT, Network Search Engine(NSE) with QDR™ Interface, http://www1.idt.com/pcms/ tempDocs/75K6213452134_DS_80635.pdf