| Title | High-Performance and Range-Supported Packet Classification Algorithm for Network Security Systems in SDN |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Zheng, L., Jiang, J., Pan, W., Liu, H. |
| Conference Name | 2020 IEEE International Conference on Communications Workshops (ICC Workshops) |
| Date Published | jun |
| Keywords | 512-bit OpenFlow rule, Bit Vector-based packet classification methods, Clocks, Communication networks, composability, computer network security, content-addressable storage, encoding, high clock frequency, Internet, IP networks, key function, Metrics, multidimensional fields, multifield matching, network coding, network security systems, packet header bits, packet switching, pattern classification, pipeline processing, pubcrawl, range fields, range matching, Range Supported Bit Vector algorithm, Range-Supported packet classification algorithm, resilience, Resiliency, RSBV, rule sets, SDN, security, software defined networking, telecommunication network routing, Throughput, two-dimensional modular architecture |
| Abstract | Packet classification is a key function in network security systems in SDN, which detect potential threats by matching the packet header bits and a given rule set. It needs to support multi-dimensional fields, large rule sets, and high throughput. Bit Vector-based packet classification methods can support multi-field matching and achieve a very high throughput, However, the range matching is still challenging. To address issue, this paper proposes a Range Supported Bit Vector (RSBV) algorithm for processing the range fields. RSBV uses specially designed codes to store the pre-computed results in memory, and the result of range matching is derived through pipelined Boolean operations. Through a two-dimensional modular architecture, the RSBV can operate at a high clock frequency and line-rate processing can be guaranteed. Experimental results show that for a 1K and 512-bit OpenFlow rule set, the RSBV can sustain a throughput of 520 Million Packets Per Second. |
| DOI | 10.1109/ICCWorkshops49005.2020.9145461 |
| Citation Key | zheng_high-performance_2020 |
High-Performance and Range-Supported Packet Classification Algorithm for Network Security Systems in SDN