Download Deep Packet Inspection - Colorado State University

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
Document related concepts

Wake-on-LAN wikipedia , lookup

Airborne Networking wikipedia , lookup

Deep packet inspection wikipedia , lookup

Transcript 
Deep Packet Inspection
Which Implementation Platform?
Sarang Dharmapurikar
Cisco
Implementation Platform
• Several choices, each with some pros and cons
–
–
–
–
–
ASICs
FPGA
Network Processors
Graphics Processors (nVidia)
multiple-core, multi-threaded Commodity processors
• Needs evaluation with respect to
–
–
–
–
Cost
Speed
Overall system performance (DPI is just a small piece of the puzzle)
Ease of use and upgrading
• A hardware-software co-design approach
– Profile a DPI system and push some components in hardware if the
overall speed up is effective (Ahmdal’s law)
ASIC
• Examples: ClassiPi, NetLogic, Tarari, some Cisco ASICs
• Requires too much investment
– NRE close to a million dollars!
• A long design cycle
– Most of the time is consumed in verification
• Hard to upgrade
– Algorithms evolve
– It is hard to build a flexible enough ASIC
• Applications get locked to a platform
– To migrate to a new platform requires a lot of software rewriting
FPGA
•
Very flexible but expensive and power-consuming
– Virtex-5 offers 330,000 lookup tables units
– 4MB of SRAM
•
Latest Xilinx FPGA contain multiple PowerPC cores
•
Possible to design hybrid hw/sw systems
– The compoents that assist DPI such as TCP-reassembly, normalization, flow
classification done in hardware
•
Several FPGA platforms for networking acceleration available today
– NetFPGA
– FPX
•
Need to be careful in the DPI approach
– The raw signature matching techniques that use FPGA logic resources for each
signature won’t scale
Network Processors
• Intel IXP2850
– 16 micro-engines with
• 2KB D$ and 8KB I$ and 16 entry CAM
– An integrated XScale processor for control path
• 32KB I$ and 32kB D$
– 2 Crypto units
– 16KB shared scratch pad SRAM
• Cisco QuantumFlow processor
– 40 packet processing engines (PPE) each @ 1.2 GHz
– 4 threads per PPE
– Dedicated hardware for queuing, buffering, IP lookup and
classification
Commodity processors
• Really powerful server class processors coming up
– Intel’s Nehalem
• 8 cores
• 2 threads per core
• 32KB L1, 256 KB L2, 10+MB of shared L3 cache
– Sun’s Niagara2
•
•
•
•
8 cores
8 threads per core!
16KB I$ and 8KB D$ per core, 4MB shared L2 cache.
Integrated cryptographic coprocessors units
• Need to think multi-core, multi-threaded
– Think in terms of a complete system, not just pattern matching
– Which core should do what?
• Need to design cache-friendly data structures
Conclusion
• While hardware can assist DPI systems, building
proprietary hardware not a good idea
• Let’s understand the “actual” performance needs
– Let’s not be misguided by “marketing” needs
• Need to think of hardware-software co-design
– Requires careful profiling of DPI systems to identify the
components that can be pushed to hardware
• Need to design algorithms for multi-core multi-threaded
processors
Related documents
An Introduction to Infrastructure
An Introduction to Infrastructure
ex1.00
ex1.00
Scalable Numerical Algorithms and Methods on the ASCI Machines
Scalable Numerical Algorithms and Methods on the ASCI Machines
Lect37
Lect37
ICS 143 - Introduction to Operating Systems
ICS 143 - Introduction to Operating Systems
Parallel and Distributed Systems - FSU Computer Science Department
Parallel and Distributed Systems - FSU Computer Science Department
Introduction to Computers
Introduction to Computers
Common Core State Standard Initiative
Common Core State Standard Initiative
Systemic dissemination of MCMV HaNa1 via non
Systemic dissemination of MCMV HaNa1 via non
Operating Systems: Principles and Practice, Introduction
Operating Systems: Principles and Practice, Introduction
European Respiratory Society Annual Congress 2013
European Respiratory Society Annual Congress 2013
Unpacking The Essential Standards_PARTICIPANTS
Unpacking The Essential Standards_PARTICIPANTS
Process Guiding Questions​: The current Schoolnet (i.e., Pearson
Process Guiding Questions​: The current Schoolnet (i.e., Pearson
Raymond J. Weber, Justin A. Hogan, Brock J. LaMeres
Raymond J. Weber, Justin A. Hogan, Brock J. LaMeres
Enabling Stateful Networking Solutions with Mellanox Indigo (NPS)
Enabling Stateful Networking Solutions with Mellanox Indigo (NPS)
Credit Spending And Its Implications for Recent U.S. Economic Growth
Credit Spending And Its Implications for Recent U.S. Economic Growth
Comparison of the efficacy and safety of mometasone furoate dry
Comparison of the efficacy and safety of mometasone furoate dry
Deep Packet Inspection
Deep Packet Inspection
bizhub 750/600 bizhub 751/601
bizhub 750/600 bizhub 751/601
Making a Connection: Direct Binding between
Making a Connection: Direct Binding between